Some examples and sample code to experiment with C++ exploitation and vptr overwriting.
3812cd1a468cea7f002d82cb54fd72d84f9275f492ebe8e187e4d4b2d50f828cThe C Code Analyzer (CCA) is a static analysis tool for detecting potential security problems in C source code. It's fully automatic; no code annotations or the like are required. It features an automatic user input tracer, potential buffer overflow detection, and more. An eclipse front-end plugin is included.
ea38609932b78433e929fee731bc065e252e36c55600ffdcc609d2be42a5fae4An active-x control used to set up e-mail, nntp, and ldap accounts in Outlook Express for the University of Phoenix allows for later account manipulation.
4bca6a33736e5903a701811c2b98fceeb18af1da5f873243b6df0556d9db116dTravesty is an interactive program for managing the hardware addresses of ethernet devices on your computer. It supports manually changing the MAC, generating random addresses, and applying different vendor prefixes to the current address. It also allows the user to import their own lists of hardware addresses and descriptions that can be navigated from within the Travesty interface. Travesty is written in Python, and is very simple to add functionality to, or modify.
ceaa2d9749025c8c0f32d7fac3044536812c4ea4b1d23cb7205c1afce0d119ddGentoo Linux Security Advisory GLSA 200501-46 - ClamAV contains two vulnerabilities that could lead to Denial of Service and evasion of virus scanning. Versions below 0.81 are affected.
c27b7807c952f6c3861c059035ef6ed33978ea406e0b2a8f22af7901bf5ba551Whitepaper discussing the best security practices for host naming and URL conventions.
e9a5dc480f6839ca756e12580e639976fae0181c72d56978a013e4263afab1cbThe 80/20 Rule for Web Application Security: Increase your security without touching the source code . This article discusses ways to make your website more difficult to exploit with little effort.
bba7f7e823c6583f2e30e376b8c5ab99b4d303a27d637867f9f30645116bb148Secunia Security Advisory - A vulnerability has been reported in fprobe, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
b8800e9c24b142f5e9d91642e25bb5d79904a19b3fec24b33015e78cd154a813Secunia Security Advisory - Soroush Dalili has discovered a vulnerability in SmarterMail, which can be exploited by malicious users to conduct script insertion attacks.
8efc37760a688943166d98b1db1db088cda82738b385689c6ea2d0925eae7f37Secunia Security Advisory - Vladimir Kraljevic has reported a security issue in Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
305c66d2b555ae7ff47f00dd30c6052417a63dd409b5ddf93e4f9987ed95d44bSecunia Security Advisory - Details have been released about several vulnerabilities in Firefox, Mozilla and Thunderbird. These can be exploited by malicious people to bypass certain security restrictions, conduct spoofing and script insertion attacks and disclose sensitive and system information.
a8915f9684acfb40baf7234fa34a3d935c81940168ecd3068d48c40f43175bb1HP Security Bulletin - A potential vulnerability has been identified that affects the Software Development Kit (SDK) and Run Time Environment (RTE) for the Tru64 UNIX Operating System for the Java(TM) Platform. Object deserialization may allow a remote attacker to cause the Java Virtual Machine to become unresponsive, resulting in Denial of Service (DoS) for the runtime environment and servers that run on the runtime environment. Affected versions: SDK and RTE v 1.4.2-3 and earlier 1.4.2 releases, and 1.4.1 releases.
fd7f837c394cd9ac4773864bc0a2c48a18d056f0ee0d39ef415c42e31429db1cSecunia Security Advisory - ShineShadow has reported two weaknesses in IceWarp Web Mail, which can be exploited by malicious users to gain knowledge of certain system information or sensitive information.
81646ae7c3f632e96dcc38278762aecc370d6a962c849c281bcd71c7ba6d8e1cSecunia Security Advisory - HP has acknowledged some vulnerabilities in Virtualvault and Webproxy, which can be exploited to gain escalated privileges, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
6fd74d9018d0902c129a75959137018c97478591aca8a2952fb226add696ff53Secunia Security Advisory - A vulnerability has been reported in HP Virtualvault, which can be exploited by malicious people to cause a DoS (Denial of Service).
aa6dc75d05f3114cde8805d370de2464018521b62738476804c80733b6d09b65Secunia Security Advisory - SmOk3 has reported a vulnerability in JShop Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
d6413caaaa4f5d52ef9cbfd9ae48135aebfc7709cd2dc95af789588e78893c1cSecunia Security Advisory - Larok has reported a vulnerability in the Incontent module for Xoops, which can be exploited by malicious people to disclose sensitive information.
fc8c4a5ca768654a937300a8b798a2bdec92c7058bd7730403ceaeb0e0b2adbaPafileDB 3.1 Final is susceptible to full path disclosure and php injection bugs.
a04346894a0b513e64fd8e1ed0af710d9e47c68804d433ac721b3e4f24714c11Remote denial of service exploit for Xpand Rally version 1.0.0.0 that makes use of a crash due to reading and writing on unallocated memory.
0c38c27fbb4d8ce1cd2746933da0239b82bbe9af968ded27e19f90870baa9c2bXpand Rally version 1.0.0.0 is susceptible to a denial of service attack during a crash due to reading and writing on unallocated memory.
7f0ccd99f6efaa1172d65d53b33076811fe80539cde5898e6adb0b04166d7d17Local exploit for ncpfs that gain access to /etc/shadow entries.
1c5ef83be0a27228da5f732d4d3448a7a252ce6eeaf13cac4d1406c5a0a28782Gentoo Linux Security Advisory GLSA 200501-44 - The ncpfs utilities contain multiple flaws, potentially resulting in the remote execution of arbitrary code or local file access with elevated privileges.
cdbf840399011b7a2266ab1e7ce35b8e382816ee8165f420f45f59d9331dc751Packet Storm new exploits for January, 2005.
b3cc672742ae6abc2421a5291f99236c6ac9529789725a2f01dfeceea21e9b3aGentoo Linux Security Advisory GLSA 200501-42 - VDR insecurely accesses files with elevated privileges, which may result in the overwriting of arbitrary files.
58c8381dad7330528213133aa399c575074abc76fb1a6fa12cddc943bc9c980dIDS Policy Manager was written to manage Snort IDS sensors in a distributed environment. This is done by having the ability to take the text configuration and rule files and allow you to modify them with an easy to use Graphical interface. With the added ability to merge new rule sets, manage pre processors, control output modules and scp rules to sensors, this tool makes managing snort easy for most security professionals.
fce92a285eaf9b9b22e83b109b315e21722dc3594d70a426b0c0e04983b48eef
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed