what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 54 RSS Feed

Files from Alin Rad Pop

First Active2007-10-31
Last Active2011-10-20
HP Power Manager 'formExportDataLogs' Buffer Overflow
Posted Oct 20, 2011
Authored by Alin Rad Pop, sinn3r, ipax | Site metasploit.com

This Metasploit module exploits a buffer overflow in HP Power Manager's 'formExportDataLogs'. By creating a malformed request specifically for the fileName parameter, a stack-based buffer overflow occurs due to a long error message (which contains the fileName), which may result in arbitrary remote code execution under the context of 'SYSTEM'.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | CVE-2009-3999
SHA-256 | 0e4c84f448f90124f9f12c53d533fe71d62881437ab85d0ea37f8f9dff741fe0
Microsoft Word LFO Parsing Double-Free
Posted Dec 24, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Word, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a double-free error when processing LFO (List Format Override) records and can be exploited to corrupt memory via a specially crafted Word document. Successful exploitation may allow execution of arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2010-3217
SHA-256 | 09199796312d54b98c05e03a55568621a9059426818c08614687c60d34bcd71a
Microsoft Office PICT Filter Integer Truncation
Posted Dec 20, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer truncation error in the PICT import filter (PICTIM32.FLT). This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into importing a specially crafted PICT file. Successful exploitation may allow execution of arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-3946
SHA-256 | 3d48dcf13f13e7c0894cc02b34b824a7414ad66514cf0dc9789b003d837a5be5
RealPlayer "cook" Arbitrary Free
Posted Dec 20, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in the handling of errors encountered while decoding "cook" encoded audio content. This can be exploited to trigger the use of uninitialised memory and potentially free an arbitrary address. Successful exploitation may allow execution of arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2010-2579
SHA-256 | 8ce3f987a47149f84b0f20dda276ecafb1deb4f3712048d4fa372fdc4fe9f31c
RealPlayer "cook" Uninitialised Memory
Posted Dec 20, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error when parsing RealAudio content encoded using the "cook" codec. This can be exploited to trigger the use of uninitialised memory and potentially corrupt memory via e.g. a specially crafted RealMedia file.

tags | advisory
advisories | CVE-2010-0121
SHA-256 | 2434eaef6b000eb04efc5bf512381ecffb8c1a973ccfb2c8544b94986d6df588
Microsoft PowerPoint PP7X32.DLL Record Parsing
Posted Nov 10, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Office PowerPoint, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a logic error in PP7X32.DLL when processing certain records in PowerPoint 95 files and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-2572
SHA-256 | 7ecd37648537fbfa01db86e653e3bda1f9f95fe6fda438246fd9bb3b1fcb0f61
Microsoft Excel Extra Out of Boundary Record Vulnerability
Posted Oct 14, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error when processing Extra Out of Boundary records having an insufficient size and can be exploited to corrupt memory at an arbitrary memory address. Successful exploitation may allow execution of arbitrary code. Microsoft Excel version 2002 SP3 is affected.

tags | advisory, arbitrary
advisories | CVE-2010-3239
SHA-256 | 8ea759d06afa37e09ab49ee1dafb03c92928931d90be995c5efb168e981771e7
Microsoft Excel Record Parsing Integer Overflow Vulnerability
Posted Oct 14, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a sign-extension error and integer overflow when processing a certain record type and can be exploited to cause a heap-based buffer overflow via a specially crafted Excel file. Successful exploitation may allow execution of arbitrary code. Microsoft Excel version 2002 SP3 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-3230
SHA-256 | 2df1b52e63dddaf3a80b801b02ae3b8ce56242dea57ed013b15298219990a6e1
Adobe Reader JPEG Uninitialised Memory Vulnerability
Posted Jul 1, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an uninitialized memory error in AcroForm.api when processing JPEG image data. This can be exploited to dereference out-of-bounds memory when a specially crafted PDF file is opened. Successful exploitation may allow execution of arbitrary code. Version 9.3.2 is affected.

tags | advisory, arbitrary
advisories | CVE-2010-2005
SHA-256 | 1fa888e94466db10ecc4cd45faac1367ad8a73ac5c7003062c97e83fa77763bc
Adobe Shockwave Player Font Processing Buffer Overflow
Posted May 12, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error when parsing embedded fonts. This can be exploited to cause a heap-based buffer overflow via a specially crafted Shockwave file. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-0987
SHA-256 | c0df90ba22d702d5895e0e567d8b513727f5c0fb8f18fea09ecb1d9b6df3de7b
Adobe Shockwave Player Asset Entry Parsing Vulnerability
Posted May 12, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error when processing asset entries and can be exploited to corrupt memory via a specially crafted Shockwave file. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.

tags | advisory, arbitrary
advisories | CVE-2010-0986
SHA-256 | fd7ee053649f29172199e1a95030011594179adc1655c800f9830c93e76ae257
Adobe Shockwave Player Integer Overflow Vulnerability
Posted May 12, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error when processing Shockwave files. This can be exploited to corrupt memory when a specially crafted Shockwave file (e.g. ".dir") is opened. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-0130
SHA-256 | b5ce1892a860a21e337e443c62011c129dda014f2c804f59309422383732a762
Adobe Shockwave Player Array Indexing Vulnerability
Posted May 12, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an array indexing error when processing Shockwave files. This can be exploited to corrupt memory when a specially crafted Shockwave file (e.g. ".dir") is opened. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.

tags | advisory, arbitrary
advisories | CVE-2010-0129
SHA-256 | aaccf5333966fa257d1abf65746a2b24762c1eea4ffaf39c72989322d81409fd
Adobe Shockwave Player Signedness Error Vulnerability
Posted May 12, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a signedness error when processing Shockwave files. This can be exploited to corrupt memory when a specially crafted Shockwave file (e.g. ".dir") is opened. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.

tags | advisory, arbitrary
advisories | CVE-2010-0128
SHA-256 | 0de19e3ef14663cc00a96c258b363f1f0f8271752f2f8f61678d437370f2d5b8
Adobe Shockwave Player 3D Parsing Memory Corruption
Posted May 12, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when processing FFFFFF45h Shockwave 3D blocks. This can be exploited to corrupt memory via a specially crafted Shockwave file. Successful exploitation allows execution of arbitrary code. Version 11.5.6.606 is affected.

tags | advisory, arbitrary
advisories | CVE-2010-0127
SHA-256 | 15a8dfe7974507aed2ca880478d7e11000be879f68bd99e4424659fe3687ca8a
VMWare VMnc Codec HexTile Encoding Integer Truncation
Posted Apr 10, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered two vulnerabilities in multiple VMWare products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by two integer truncation errors in vmnc.dll when processing HexTile encoded video chunks and can be exploited to cause heap-based buffer overflows. Successful exploitation may allow execution of arbitrary code by tricking a user into opening a specially crafted AVI file.

tags | advisory, overflow, arbitrary, vulnerability
advisories | CVE-2009-1565
SHA-256 | 2dfce36a8cb16e4454aed3c8b3138b1e05a792d019a2fc275906b4da34add4a7
VMWare VMnc Codec HexTile Encoding Buffer Overflow
Posted Apr 10, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in multiple VMWare products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in vmnc.dll when processing HexTile encoded video chunks and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code by tricking a user into opening a specially crafted AVI file.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-1564
SHA-256 | 51f3c7fde9ec1243f3e24e712b834af517fb1633907eceaade5df15ac236b860
Mozilla Firefox Memory Corruption
Posted Feb 19, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error when handling out-of-memory conditions. This can be exploited to corrupt memory and execute arbitrary code via a specially crafted web page. Versions prior to 3.0.18 and 3.5.8 are susceptible.

tags | advisory, web, arbitrary
advisories | CVE-2009-1571
SHA-256 | a0dde42c067bab2639a7964ba57a0b6a1f2fb79a300e90d0ba7960cf79218090
HP Power Manager "formExportDataLogs" Directory Traversal
Posted Jan 21, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in HP Power Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an input sanitation error when handling "fileName" parameters passed to /goform/formExportDataLogs. This can be exploited to overwrite arbitrary files with almost arbitrary data via directory traversal attacks. Successful exploitation allows execution of arbitrary code. Version 4.2.9 is affected.

tags | advisory, arbitrary, file inclusion
advisories | CVE-2009-4000
SHA-256 | be4b9c605f1e45334909465187ee5e897a6299693f76211f87cc8076ab39e313
HP Power Manager "formExportDataLogs" Buffer Overflow
Posted Jan 21, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in HP Power Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing parameters sent to the /goform/formExportDataLogs URL. This can be exploited to cause a stack-based buffer overflow via an overly long "fileName" parameter. Successful exploitation allows execution of arbitrary code. Version 4.2.9 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-3999
SHA-256 | fbf4697d7b193b303eab401b5d9ec51a535b6334f69e22214ec5cb25d1d89dd6
Adobe Shockwave Player Four Integer Overflows
Posted Jan 21, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered four vulnerabilities in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by four integer overflow errors when processing a certain block type. These can be exploited to cause heap-based buffer overflows via specially crafted Shockwave files. Successful exploitation allows execution of arbitrary code. Version 11.5.2.602 is affected.

tags | advisory, overflow, arbitrary, vulnerability
advisories | CVE-2009-4003
SHA-256 | 2b675879c41d33b1cef80c5262c5a1ef851e8b47dff731fcab135b0972822b31
Adobe Shockwave Player 3D Model Two Integer Overflows
Posted Jan 20, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered two vulnerabilities in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by two integer overflow errors when processing Shockwave 3D models. These can be exploited to corrupt heap memory via specially crafted Shockwave files. Successful exploitation may allow execution of arbitrary code. Version 11.5.2.602 is affected.

tags | advisory, overflow, arbitrary, vulnerability
advisories | CVE-2009-4003
SHA-256 | 17d57c1485e5cf9ef58b9f14925858958264e555b5c7bbdb27ea51453dfade52
Adobe Shockwave Player 3D Model Buffer Overflow
Posted Jan 20, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when processing Shockwave 3D models. This can be exploited to cause a heap-based buffer overflow via a specially crafted Shockwave file. Successful exploitation allows execution of arbitrary code. Version 11.5.2.602 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-4002
SHA-256 | 505af33a6b87fd4467a4f73d2dc13b84c179cbf7f2e43dbcb79b688f70793e2f
Adobe Shockwave Player Integer Overflow
Posted Jan 20, 2010
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer overflow error when processing a certain Shockwave 3D block. This can be exploited to corrupt memory via a specially crafted Shockwave file. Successful exploitation may allow execution of arbitrary code. Version 11.5.2.602 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-4003
SHA-256 | ee5b1897f238ae118309546dbdae38bb523fb26b557924829cf8636189565ea0
Mozilla Firefox Floating Point Memory Allocation
Posted Oct 28, 2009
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an array indexing error while allocating space for floating point numbers. This can be exploited to trigger a memory corruption when a specially crafted floating point number is processed. Successful exploitation allows execution of arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2009-1563
SHA-256 | 05b17d26fc240e5536f74dc59738ad403661d05c0d57cc1e692e5b1e21dc161c
Page 1 of 3
Back123Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close