-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit b0e16d9
Showing
43 changed files
with
1,487 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
name: pages | ||
|
||
on: | ||
push: | ||
branches: main | ||
|
||
workflow_dispatch: | ||
|
||
concurrency: | ||
group: pages | ||
cancel-in-progress: true | ||
|
||
jobs: | ||
build: | ||
name: Build | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
- name: Setup Python | ||
uses: actions/setup-python@v4 | ||
|
||
- name: Setup Pages | ||
uses: actions/configure-pages@v1 | ||
|
||
- name: Build | ||
run: | | ||
pip install mkdocs-callouts | ||
pip install mkdocs-ezlinks-plugin | ||
pip install mkdocs-glightbox | ||
pip install mkdocs-macros-plugin | ||
pip install mkdocs-material | ||
pip install mkdocs-redirects | ||
mkdocs build | ||
- name: Setup Tidy | ||
run: | | ||
sudo apt update -qq | ||
sudo apt install -qq tidy | ||
- name: Run Tidy | ||
run: find site/ -name "*.html" -type f -exec tidy -config config.txt -m '{}' \; | ||
|
||
- name: Upload artifact | ||
uses: actions/upload-pages-artifact@v1 | ||
with: | ||
path: site/ | ||
|
||
deploy: | ||
environment: | ||
name: github-pages | ||
url: ${{ steps.deployment.outputs.page_url }} | ||
|
||
name: Deploy | ||
needs: build | ||
|
||
permissions: | ||
id-token: write | ||
pages: write | ||
|
||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Deploy to GitHub Pages | ||
id: deployment | ||
uses: actions/deploy-pages@v1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
__pycache__ | ||
site |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
3.10 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
risesecurity.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
// Config file for HTML tidy | ||
drop-empty-elements: no | ||
indent: auto | ||
indent-spaces: 2 | ||
quiet: yes | ||
tidy-mark: no | ||
vertical-space: yes | ||
wrap: 120 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,142 @@ | ||
--- | ||
- description: Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c | ||
in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users | ||
to cause a denial of service (system crash) or possibly gain privileges via vectors | ||
involving a crafted eCryptfs file, related to a large encrypted key size in a | ||
Tag 3 packet. | ||
filename: RISE-2009003.txt | ||
name: "[RISE-2009003] Linux eCryptfs parse_tag_3_packet Encrypted Key Buffer Overflow | ||
Vulnerability" | ||
published: 2009-07-28 00:00:00.000000000 -07:00 | ||
resources: | ||
- name: View on LWN.net | ||
url: https://lwn.net/Articles/343906/ | ||
updated: | ||
url: https://github.com/risesecurity/advisories/raw/HEAD/RISE-2009003.txt | ||
vulnerabilities: | ||
- CVE-2009-2407 | ||
- description: Stack-based buffer overflow in the parse_tag_11_packet function in | ||
fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 | ||
allows local users to cause a denial of service (system crash) or possibly gain | ||
privileges via vectors involving a crafted eCryptfs file, related to not ensuring | ||
that the key signature length in a Tag 11 packet is compatible with the key signature | ||
buffer size. | ||
filename: RISE-2009002.txt | ||
name: "[RISE-2009002] Linux eCryptfs parse_tag_11_packet Literal Data Buffer Overflow | ||
Vulnerability" | ||
published: 2009-07-28 00:00:00.000000000 -07:00 | ||
resources: | ||
- name: View on LWN.net | ||
url: https://lwn.net/Articles/343906/ | ||
updated: | ||
url: https://github.com/risesecurity/advisories/raw/HEAD/RISE-2009002.txt | ||
vulnerabilities: | ||
- CVE-2009-2406 | ||
- description: Stack-based buffer overflow in the _tt_internal_realpath function in | ||
the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, | ||
and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, | ||
allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII | ||
string to remote procedure 15. | ||
filename: RISE-2009001.txt | ||
name: "[RISE-2009001] ToolTalk rpc.ttdbserverd _tt_internal_realpath Buffer Overflow | ||
Vulnerability" | ||
published: 2009-06-19 00:00:00.000000000 -07:00 | ||
updated: | ||
url: https://github.com/risesecurity/advisories/raw/HEAD/RISE-2009001.txt | ||
vulnerabilities: | ||
- CVE-2009-2727 | ||
- description: Stack-based buffer overflow in the adm_build_path function in sadmind | ||
in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute | ||
arbitrary code via a crafted request. | ||
filename: RISE-2008001.txt | ||
name: "[RISE-2008001] Sun Solstice AdminSuite sadmind adm_build_path() Buffer Overflow | ||
Vulnerability" | ||
published: 2008-10-14 00:00:00.000000000 -07:00 | ||
updated: 2008-11-16 00:00:00.000000000 -07:00 | ||
url: https://github.com/risesecurity/advisories/raw/HEAD/RISE-2008001.txt | ||
vulnerabilities: | ||
- CVE-2008-4556 | ||
- description: Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 | ||
allows local users to execute arbitrary code via a large num_sels argument to | ||
the i386_set_ldt system call. | ||
filename: RISE-2007004.txt | ||
name: "[RISE-2007004] Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow | ||
Vulnerability" | ||
published: 2007-11-16 00:00:00.000000000 -08:00 | ||
updated: | ||
url: https://github.com/risesecurity/advisories/raw/HEAD/RISE-2007004.txt | ||
vulnerabilities: | ||
- CVE-2007-4684 | ||
- description: Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and | ||
1.5.4.4910, and WI 1.5.3.4870 and 1.5.4.4910, allow remote attackers to execute | ||
arbitrary code via (1) a long service attach request on TCP port 3050 to the SVC_attach | ||
function or (2) unspecified vectors involving the INET_connect function. Multiple | ||
stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI | ||
2.0.0.12748 and 2.0.1.12855, allow remote attackers to execute arbitrary code | ||
via (1) a long attach request on TCP port 3050 to the isc_attach_database function | ||
or (2) a long create request on TCP port 3050 to the isc_create_database function. | ||
filename: RISE-2007003.txt | ||
name: "[RISE-2007003] Firebird Relational Database Multiple Buffer Overflow Vulnerabilities" | ||
published: 2007-10-03 00:00:00.000000000 -07:00 | ||
updated: | ||
url: https://github.com/risesecurity/advisories/raw/HEAD/RISE-2007003.txt | ||
vulnerabilities: | ||
- CVE-2007-5245 | ||
- CVE-2007-5246 | ||
- description: Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 | ||
through 8.1.0.253, and WI 5.1.1.680 through 8.1.0.257, allow remote attackers | ||
to execute arbitrary code via (1) a long service attach request on TCP port 3050 | ||
to the (a) SVC_attach or (b) INET_connect function, (2) a long create request | ||
on TCP port 3050 to the (c) isc_create_database or (d) jrd8_create_database function, | ||
(3) a long attach request on TCP port 3050 to the (e) isc_attach_database or (f) | ||
PWD_db_aliased function, or unspecified vectors involving the (4) jrd8_attach_database | ||
or (5) expand_filename2 function. Stack-based buffer overflow in Borland InterBase | ||
LI 8.0.0.53 through 8.1.0.253 on Linux, and possibly unspecified versions on Solaris, | ||
allows remote attackers to execute arbitrary code via a long attach request on | ||
TCP port 3050 to the open_marker_file function. | ||
filename: RISE-2007002.txt | ||
name: "[RISE-2007002] Borland InterBase Multiple Buffer Overflow Vulnerabilities" | ||
published: 2007-10-03 00:00:00.000000000 -07:00 | ||
updated: | ||
url: https://github.com/risesecurity/advisories/raw/HEAD/RISE-2007002.txt | ||
vulnerabilities: | ||
- CVE-2007-5243 | ||
- CVE-2007-5244 | ||
- description: The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and | ||
earlier kernel allows local users to cause a denial of service (memory corruption) | ||
via a large mappingCount value. | ||
filename: RISE-2007001.txt | ||
name: "[RISE-2007001] Apple Mac OS X 10.4.x Kernel shared_region_map_file_np() Memory | ||
Corruption" | ||
published: 2007-01-19 00:00:00.000000000 -08:00 | ||
updated: | ||
url: https://github.com/risesecurity/advisories/raw/HEAD/RISE-2007001.txt | ||
vulnerabilities: | ||
- CVE-2007-0430 | ||
- description: Integer overflow vulnerability in the i386_set_ldt call in FreeBSD | ||
5.5, and possibly earlier versions down to 5.2, allows local users to cause a | ||
denial of service (crash) and possibly execute arbitrary code via unspecified | ||
vectors, a different vulnerability than CVE-2006-4178. Integer signedness error | ||
in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to | ||
5.2, allows local users to cause a denial of service (crash) via unspecified arguments | ||
that use negative signed integers to cause the bzero function to be called with | ||
a large length parameter, a different vulnerability than CVE-2006-4172. | ||
filename: RISE-2006002.txt | ||
name: "[RISE-2006002] FreeBSD 5.x Kernel i386_set_ldt() Integer Overflow Vulnerability" | ||
published: 2006-09-23 00:00:00.000000000 -07:00 | ||
updated: | ||
url: https://github.com/risesecurity/advisories/raw/HEAD/RISE-2006002.txt | ||
vulnerabilities: | ||
- CVE-2006-4172 | ||
- CVE-2006-4178 | ||
- description: Buffer overflow in the Strcmp function in the XKEYBOARD extension in | ||
X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris | ||
8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment | ||
variable value. | ||
filename: RISE-2006001.txt | ||
name: "[RISE-2006001] X11R6 XKEYBOARD Extension Strcmp() Buffer Overflow Vulnerability" | ||
published: 2006-09-07 00:00:00.000000000 -07:00 | ||
updated: | ||
url: https://github.com/risesecurity/advisories/raw/HEAD/RISE-2006001.txt | ||
vulnerabilities: | ||
- CVE-2006-4655 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
--- | ||
- description: This article discusses the use of backward taint analysis to determine | ||
the exploitability of vulnerabilities. All examples presented on this article | ||
were developed and executed on an x86-64 processor-based computer running Microsoft | ||
Windows 7. Previous knowledge of vulnerability analysis and exploitation is required. | ||
filename: p67_0x0a.txt | ||
name: Dynamic Program Analysis and Software Exploitation | ||
published: 2010-11-17 00:00:00.000000000 Z | ||
resources: | ||
- name: View on Phrack | ||
url: http://phrack.org/issues/67/10.html | ||
updated: | ||
url: https://github.com/risesecurity/articles/raw/HEAD/p67_0x0a.txt | ||
- description: This article discusses software development and vulnerability exploitation | ||
in Power/Cell Broadband Engine Architecture's Synergistic Processor Element (SPE). | ||
All examples presented on this article were developed and executed using the IBM | ||
Full-System Simulator 3.0 for the Cell Broadband Engine Processor for Intel (64-bit), | ||
on an x86-64 processor-based computer running on Fedora 7 with the IBM SDK for | ||
Multicore Acceleration 3.0. Previous knowledge of vulnerability analysis and exploitation | ||
is required. | ||
filename: p66_0x0d.txt | ||
name: Hacking the Cell Broadband Engine Architecture | ||
published: 2009-11-06 00:00:00.000000000 Z | ||
resources: | ||
- name: View on Phrack | ||
url: http://phrack.org/issues/66/13.html | ||
updated: | ||
url: https://github.com/risesecurity/articles/raw/HEAD/p66_0x0d.txt | ||
- description: This article discusses buffer overflow vulnerabilities in Linux running | ||
on Power/Cell Broadband Engine Architecture processor-based servers. All examples | ||
presented on this article were developed and executed on an IBM BladeCenter JS22 | ||
Express server, a IBM BladeCenter QS21 server, and a Sony Playstation 3, running | ||
Red Hat Enterprise Linux 4 Update 7. Previous knowledge of buffer overflows is | ||
required. | ||
filename: lopbuffer.pdf | ||
name: Linux on Power/Cell BE Architecture Buffer Overflow Vulnerabilities | ||
published: 2009-01-14 00:00:00.000000000 Z | ||
resources: | ||
- name: View on IBM developerWorks (Part 1) | ||
url: http://web.archive.org/web/20160329141039/http://www.ibm.com/developerworks/linux/library/l-lopbuf1/ | ||
- name: View on IBM developerWorks (Part 2) | ||
url: http://web.archive.org/web/20160329144519/http://www.ibm.com/developerworks/linux/library/l-lopbuf2/ | ||
updated: | ||
url: https://github.com/risesecurity/articles/raw/HEAD/lopbuffer.pdf | ||
- description: This article discusses buffer overflow vulnerabilities in Linux kernel's | ||
Slab Allocator. All examples presented on this article were developed and executed | ||
on a x86 processor-based computer running Slackware Linux 10.2. Previous knowledge | ||
of buffer overflows is required. | ||
filename: linuxslab.pdf | ||
name: Linux Slab Allocator Buffer Overflow Vulnerabilities | ||
published: 2008-12-12 00:00:00.000000000 Z | ||
resources: | ||
- name: View on IBM developerWorks Brazil | ||
url: http://web.archive.org/web/20090519005305/http://www.ibm.com:80/developerworks/br/library/Linux_Slab_Allocator_BR.html | ||
updated: | ||
url: https://github.com/risesecurity/articles/raw/HEAD/linuxslab.pdf | ||
- description: This article discusses the use of Intel System Management Mode (SMM) | ||
for malicious purposes. All examples presented on this article were developed | ||
and executed on an x86 processor-based computer running Debian 4.0r3 (Etch). Previous | ||
knowledge of x86 architecture is required. | ||
filename: p65_0x07.txt | ||
name: System Management Mode Hacks | ||
published: 2008-11-04 00:00:00.000000000 Z | ||
resources: | ||
- name: View on Phrack | ||
url: http://phrack.org/issues/65/7.html | ||
updated: | ||
url: https://github.com/risesecurity/articles/raw/HEAD/p65_0x07.txt |
Oops, something went wrong.