A patch introduced a signedness bug causing any program compiled against the vulnerable version of eglibc and using optimized functions such as memcpy_ssse3 and memcpy-ssse3-back to be potentially vulnerable to unexpected code execution.
25b911fe8b4f2b91e78c752029493fa3f38d85cdc1a956089b72d784bc277137Adobe Photoshop Album Starter, Adobe After Effects CS3, and Adobe Photoshop CS3 all suffer from a local buffer overflow vulnerability. Included is an exploit for Album Starter version 3.2 on Microsoft Windows SP2 that launches calc.exe.
b9d39af85285018f275769b36f2ed7800d54726f4a9f858f9a4302a44dc409f9Apple iPhone version 1.1.2 remote denial of service exploit that makes use of Safari.
17140e6c36e864614e1b0e826b1502ce79daef78f7a984b8311fb4fa3f9b5010Kerberos version 1.5.1 kadmind remote root buffer overflow exploit.
e8db9a1943cc4ec249fdac17fbfedb8363cfeb66696583954fa18de60266c597open security advisory #16 - Xine Media Player Format String Bug - There are 2 format string bugs in the latest version of Xine that could be exploited by a malicious person to execute code on the system of a remote user running the media player against a malicious playlist file. By passing a format specifier in the path of a file that is embedded in a remote playlist, it is possible to trigger this bug.
d4f570c418c920fa2ace268f9e01803444655bf73c95bb1f9a806e7168cb8848There is a heap based buffer overflow in the rendering engine of .hlp files in winhlp32.exe which will allow some attacker the possibility of modifying the internal structure of the process with a means to execute arbitrary and malicious code.
261cc8c6cf2b5eda5136962d8d3719ae3cb6e8c675f3c02463a079710b8a439eThere is a heap based buffer overflow in the rendering engine of .hlp files in winhlp32.exe which will allow some attacker the possibility of modifying the internal structure of the process with a means to execute arbitrary and malicious code.
c4259db39f4aff91e94ff092f7458b43487c81c6812534536180b76496dff498Appfluent Database IDS version 2.0 suffers from an environment variable overflow that can be manipulated using sudo as an attack vector. Exploit provided.
27bbf57c930750edaa25ffa94bf598ee98a2503f8cb18f967e8422de7d3533a2Whitepaper regarding further advances in the exploitation in format string bugs.
1438a410763bf9a8d5234436f27914d00ca889bb639fc9bd97d90bdeb6882436RealPlayer and Helix Player remote format string exploit. This flaw makes use of the .rp and .rt file formats. Code tested on Debian 3.1 against RealPlayer 10 Gold's latest version.
6328db676f993820bc2666d3bb3ed814c0ad55dcc1af7e473c92f8ec2ae10ef623 byte linux/x86 /bin/sh sysenter opcode array payload.
c6fcfb33ec9f6fc7239338c5b769cff2c18bd07163945629fb794f7efd19c361This short paper discusses the method of overwriting a pointer used in a function for the sake of overwriting the associated entry in the Global Offset Table (GOT) which in turn allows for execution flow redirection.
033e7b997e6c0a12776532b8041054d9510d1006941fd5f1cd4d4aaf953be37cProof of concept exploit for Elm versions 2.5.8 and below that makes use of a buffer overflow during the parsing of the Expires field.
7d429b07d470bef21a26afbf52a3adc8652582d94c91f0bcd8762925ec57fc0145 Byte /bin/sh sysenter Opcode Array Payload.
f97806cb20a9213227e7d015f8eaebd94a89db8e8add8024473fade051245bfdMultiple Lantronix Secure Console Server local root exploits that make use of security issues allowing for unrestricted shell access.
c0a5ce471897d527b519e28394d96c4425c7cba31436744d12e76f3ba35bd3c2Cool whitepaper discussing the return into libc attacks used to bypass non-executable stacks.
1ba3c2707f91d623e72b2c5a1148eab35db801819661c3567ab2521765535e5feTrust's Siteminder version 5.5 is susceptible to a cross site scripting flaw.
aa2c033eff8646b9cfc3037a593681e860f61083de6e1dc818765ffc9dc70e6cDocumentum eRoom 6.x suffers from problematic cookie handling and code execution vulnerabilities.
0ecd59218425650299eb6433cd10686e0281e8c5eeacf121d26f18a5aeaec0ffThe McAfee Intrushield IPS Management Console has been found susceptible to html and javascript injection, privilege escalation, and unauthenticated report deletion.
e44cf0de8c358ef924cc85051e0b96755dce09ff74b6909f706270ab2278f337Solaris has a bug in the use of SO_REUSEADDR in that the kernel favors any socket binding operation that is more specific than the general *.* wildcard bind(). Due to this, a malicious socket can bind to an already bound interface if a specific IP address is used. Exploit included.
9a57bfc1f13e75c3b857db7f9fa66b1d8bc8b6525ba1d8a4eed4fea59f468b53Xine v0.99.2 remote stack overflow exploit. A overflow in all versions of xine-lib allow the vcd:// input source to execute arbitrary code, even if the file is .mp3, .mpeg, .mpg or .avi media. Fix available (currently only in the cvs xine-lib) here.
32955c3e74badabf60efcd97d31761b9fa8bfd32d260deb331486ed610d1a87dAll versions of MPlayer, the movie player for Linux, are vulnerable to a buffer overflow attack that allows for privilege escalation. Local exploit included. Tested against Redhat Linux with Gnome, FreeBSD and latest cvsup plus ports with Gnome.
6850af71802ee705a1be21d2e279558327d7f8c14f4363ad429d736e33bfa329lnx_reboot version 2 - 59 Byte reboot Opcode array.
e5dcf87114d61374126ac5f7b69c85049853adfc074046fc7cc91babdf726e56Local exploit for Oracle Release 2 Patch Set 3 Version 9.2.0.4.0 for Linux x86 that makes use of a buffer overflow to escalate user privileges via the oracle binary.
2c21dea3eb6b73fa7a98866ffe0291269326fe9469746e2067e9471a004ab542Hummingbird's Exceed X emulator mishandles fonts and is vulnerable to both remote and local denial of service attacks and may allow an attacker to remotely gain root privileges.
4229f6700178e0c3f5a09ba9b35ac021fc622a1b8acd2e2bc7bda54b9d98eea6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed