A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing a DEMX RIFF chunk within Director files. The logic within the TextXtra.x32 module fails to account for a specific condition and can be made to misallocate a buffer on the heap. By crafting specific values within DEMX substructures an attacker can corrupt memory leading to arbitrary code execution under the context of the user running the browser.
72b93df895984ddb9279642bcd065e01
rdesktop version 1.6.0 memory corruption proof of concept exploit.
b7f9356982aaa44eb3ae577bddd16c48
PHPXref version 0.7 suffers from a cross site scripting vulnerability.
6ca6a22df0252bdf6e9aa6c5856ccde6
yInjector is a MySQL injection penetration tool. It has multiple features, proxy support, and multiple exploitation methods.
3c8129cb7775c78d98f97678430ea265
SourceBans version 1.4.7 suffers from a cross site scripting vulnerability.
740d362e9b4e96e44abffcf534ec4275
HITB Magazine Volume 1 Issue 5 - Topics include Investigating Kernel Return Codes with the Linux Audit System, Secure Shell Attack Measurement and Mitigation, Windows CSRSS Tips and Tricks, and more.
08132c9b005bebc84b7999ac4e081d57
The OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
2eb155d8667a7cd24eced9c9b3b5282e
MihanTools Script version 1.3.3 suffers from a remote SQL injection vulnerability.
5ae657e88df08958a8c83a261875b2d7
LIGATT Security's LocatePC software version 1.05 suffers from a remote SQL injection vulnerability.
0a69ca517db708217c2b7a4228f72113
Mandriva Linux Security Advisory 2011-024 - The MIT krb5 Key Distribution Center daemon is vulnerable to denial of service attacks from unauthenticated remote attackers.
86dc2d6a425edb122b1c29c972f65a62
Web 2.0 Social Network Freunde Community suffers from a remote SQL injection vulnerability.
2d7da903329e0f4a6a9f7c266f20bfe9
Coppermine Photo Gallery version 1.5.x suffers from a remote command execution vulnerability.
2f898cb33b61427694c52cf4f0687534
xRadio version 0.95b local buffer overflow exploit that creates a malicious .xrl file.
fba698c2e3f37400c306ec368d016eb9
tudou.com suffers from a UTF7-BOM cross site scripting vulnerability.
b620f03e4f8f92a911ca3fe21ca6a492
Enable Media Replace WordPress plugin version 2.3 suffers from remote shell upload and SQL injection vulnerabilities.
d8ab9ca1efb8f8ac7e144a6c46d35973
iDefense Security Advisory 02.08.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside of an Adobe Flash file. The problem exists in a certain ActionScript method. When the method is called with particular parameters, the ActionScript engine gets confused and takes a user supplied value as an object pointer which leads to an exploitable condition. iDefense has confirmed the existence of this vulnerability in the Flash Plugin version 10.1.82.76 and 10.1.85.3. A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-02.
e0491241831974bdea1d80572206a87d
iDefense Security Advisory 02.08.11 - Remote exploitation of an integer overflow vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside an Adobe Flash file. The problem exists in the ActionScript method of the built-in "Function" class, which accepts an array object as a second parameter and uses this array's length multiplied by four for a memory allocation without any overflow checks. Then it writes the array's content into the allocated memory, which corrupts memory and leads to an exploitable condition. iDefense has confirmed the existence of this vulnerability in the Flash Plugin version 10.1.82.76 and 10.1.85.3. A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-02.
4983ad3404755868726af5999e57a87e
CGI:IRC is a Perl/CGI program that allows you to use IRC from a Web browser without having to have access to an IRC port. It does not use Java, but it does need a browser capable of rendering frames. It can be used on a Web page to allow users to chat, or it can be used to access chat from behind a firewall.
bfc7b7fb9f53748600f39aae310a0265
Unreal Tournament remote buffer overflow exploit using SEH and written for Windows.
4827cf4e9ec0738971d257801a2be0e6
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DIRAPI.dll module distributed with the player. While parsing a director movie (.dir or .dcr) the code trusts the specified size of the IFWV chunk and uses it within a calculation to determine another offset within the file. By setting it to 0, the code jumps to the wrong location within the file. While parsing data at the new location, the code uses a value as a loop counter. Within the loop, the code copies data to a heap buffer. By crafting a file with a large enough size, this loop can be forced to corrupt memory. A remote attacker can abuse this logic to execute arbitrary code under the context of the user running the application.
170eb9e1def3f0b0a08815c7e0ecec71
iDefense Security Advisory 02.08.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Shockwave Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability takes place during the processing of a malicious Adobe Director file. A malicious user could cause a memory corruption by including malformed data in a chunk. This condition may lead to arbitrary code execution. iDefense has confirmed the existence of this vulnerability in Shockwave Player version 11.5.8.612 and version 11.5.9.615 (the latest version at the time of testing). A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-01.
9aaa729952ef328b8fa5f6f0f6eeda4b
iDefense Security Advisory 02.08.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Reader could allow an attacker to execute arbitrary code with the privileges of the current user. JPEG2000 (JP2K) is an image file format similar to JPEG. In addition to JPEG markers, JP2K files also provide "boxes" that define different image properties. JP2K is one of the image formats supported by Adobe Reader and Acrobat. The vulnerability occurs when parsing a JPEG2000 file embedded inside of a PDF file. Several different JP2K record types are involved in the vulnerability. It is possible to increment a buffer index beyond the allocated data, and store pointers to file data at that location. This can result in the corruption of heap structures and application data, which leads to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Adobe Reader and Acrobat versions 9.4 and 8.2.5. A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-03.
2633e3547d52fc57f50de1fe6fdedf70
EMC Replication Manager contains a potential vulnerability that may allow remote unauthenticated user to execute arbitrary code on vulnerable installations of the EMC Replication Manager. Affected products include EMC Replication Manager versions earlier than 5.3, EMC NetWorker Module for Microsoft Applications versions 2.1.x and 2.2.x.
cacf34540e855fa82945df98a20c5146
Secunia Security Advisory - A vulnerability has been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system.
46e1edeb7c0ab76fa49f0ede6d3dcfcf
Secunia Security Advisory - A vulnerability has been discovered in Auto Database System module for PHP-Fusion, which can be exploited by malicious people to conduct SQL injection attacks.
5052155717b5d5e8d1cf2d6de44c5d03