Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. Original exploit by Zhiniang Peng and Chen Wu.
dd14beacc3e87b7064dc160534d469a79690ec06c3cb5fdddd8acbce04733db8
This whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance.
334c947d960799417387ce8f1c27188fc7f859bd204b9dc50890663d07a20fba
Dominic Chell of NGS Secure has discovered a high risk vulnerability in LibAVCodec. Opening a malformed AMV file can result in an out of array write and potentially arbitrary code execution when using this library. Whilst the vulnerability may affect multiple applications that use this library, it was only tested on VLC media player. VLC media player versions 1.1.9 and below are affected.
185b2a8f4df8fd3182b6a8b7c17b80825f8ca66454647c947edaad4f084253e6
A heap overflow is caused by a signedness vulnerability within copyImageBlockSetTiff(). The crash occurs within any application using the framework, including Preview, QuickLook, Safari and Mail.
147af24c2d70bdedd1b38ad38463143eddc00aaf8190e135935aa9b337388a4a
Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.
215fdcdc27bc0af91ed31034d3dcfaac9d2c8dc0daf9e1f8e21a6270bff6a628
Dominic Chell of NGS Secure has discovered a high risk vulnerability in LibAVCodec. Opening a malformed AMV file can result in an out of array write and potentially arbitrary code execution when using this library. Whilst the vulnerability may affect multiple applications that use this library, it was only tested on VLC media player. VLC media player versions 1.1.9 and below are affected.
17c0e508710bb4f00f1f179e385b3d378527bd4b35827d30da710e418db26947
Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. An integer overflow issue exists in ImageIO's handling of JPEG-encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. Versions affected include Mac OS X 10.6 through 10.6.6, Mac OS X Server 10.6 through 10.6.6.
8a7f56c6bf5db4c24979da8deb5a498165e211b83b1662e863496e40d68182ac
Dominic Chell of NGS Secure has discovered a high risk memory corruption vulnerability affecting the ImageIO rendering framework. Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution. This issue can be remotely (client-side) exploited through any application using the framework including Mail, Safari and QuickLook.
8d1461e6e5256170797a0a396eaeab1b7e0fc4993c990a6ffe56e62e1457d8ae
Sun Java Web Server version 7.0 update 7 remote stack overflow exploit that is capable of bypassing DEP. In order to do this it uses ROP to invoke SetProcessDEPPolicy(). This is the second version of this exploit.
5ad70f7b7f2e69ccea95b224be4c72b4098e1aff0d6b032f6327e5d85239389e
Sun Java Web Server version 7.0 update 7 remote stack overflow exploit.
1d5f8ef617835a71a58262660e2ce215591ca0aad2cd8ed70a7c99368e4b3aec
Mozilla Firefox version 2.0.0.16 Windows XP SP3 UTF-8 URL buffer overflow exploit that has adduser shellcode.
e2739bd0c630b7c4e926b923f3c3c58cec9f87c0f93e6e8bbe38ae0ce616e363
MP3 Studio version 1.0 local buffer overflow exploit that creates a malicious .m3u file that produces a bind shell on port 4444.
c013bed4f41f1ab91decd5f7c7aff548c6e35c9a4a6a42c0676a578da99821be
IPSwitch IMAP Server version 9.20 and below remote buffer overflow exploit.
c6aa0faefb20ce7196a8c749c9dc1b089bd8b0fac46149e8070c03dbb5c15cae
Lotus Domino IMAP4 server version 6.5.4 / Windows 2000 Advanced Server x86 remote buffer overflow exploit.
b914a5a129df141a9e81efa513ca01b96c180ff72cea7dafc716b3203367e1a3