Showing 26 - 30 of 30

Files Date: 2012-03-22 to 2012-03-23

MS10-002 Internet Explorer Object Memory Use-After-Free: Posted Mar 22, 2012; Authored by Peter Vreugdenhil, sinn3r, juan vazquez | Site metasploit.com; This Metasploit module exploits a vulnerability found in Internet Explorer's mshtml component. Due to the way IE handles objects in memory, it is possible to cause a pointer in CTableRowCellsCollectionCacheItem::GetNext to be used even after it gets freed, therefore allowing remote code execution under the context of the user. This particular vulnerability was also one of 2012's Pwn2Own challenges, and was later explained by Peter Vreugdenhil with exploitation details. Instead of Peter's method, this module uses heap spraying like the 99% to store a specially crafted memory layout before re-using the freed memory.; tags | exploit, remote, code execution; advisories | CVE-2010-0248, OSVDB-61914; SHA-256 | 80aa8fe12f19503ea93e85f9cbe5047a17dec97794103ad2756b25cd88a949ee; Download | Favorite | View

Open Journal Systems 2.3.6 XSS / File Manipulation / Shell Upload: Posted Mar 22, 2012; Authored by High-Tech Bridge SA | Site htbridge.com; Open Journal Systems version 2.3.6 suffers from file manipulation, cross site scripting, and shell upload vulnerabilities.; tags | exploit, shell, vulnerability, xss; advisories | CVE-2012-1467, CVE-2012-1468, CVE-2012-1469; SHA-256 | 81bdaf7da25d1a403fe8d33e0db440a1dba968642a8af4e43f80678a574c7ac6; Download | Favorite | View

Using UPX As A Security Packer: Posted Mar 22, 2012; Authored by Dr Petri; Whitepaper called Using UPX as a Security Packer. It goes into detail on how to use this tool and how to bring obfuscation into it.; tags | paper; SHA-256 | fb92011966919c8736a7d2cdb3031ca76789896634cbf940310ad240e43e48b2; Download | Favorite | View

Ubuntu Security Notice USN-1400-3: Posted Mar 22, 2012; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1400-3 - USN-1400-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered an out of bounds read vulnerability in Firefox's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Various other issues have also been addressed.; tags | advisory, remote, arbitrary, javascript, vulnerability, xss; systems | linux, ubuntu; advisories | CVE-2012-0455, CVE-2012-0457, CVE-2012-0456, CVE-2012-0451, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0462, CVE-2012-0464, CVE-2012-0451, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0464; SHA-256 | 553d78be7f7ed2853eaa6177ea136db38c2d1a480fb986ca79ad0876030a8c06; Download | Favorite | View

Debian Security Advisory 2437-1: Posted Mar 22, 2012; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2437-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2012-0455, CVE-2012-0456, CVE-2012-0458, CVE-2012-0461; SHA-256 | 8dcbd2a37f80834fa0912dd479a18e7cb232422b36d92902756a7af2700a51ff; Download | Favorite | View

Page 2 of 2 Back 1 2 Next

Top Authors In Last 30 Days