Debian Linux Security Advisory 2762-1 - Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code.
1f2d0e9338e4bcc954cee7d4e39d03c6db8cc45f37ce200d040a7c5838fbfaf0This is a brief whitepaper tutorial discussing stack-based buffer overflow exploitation.
11b14091592ce665a4052fa63c683bede3f54a2039f3e8ac022b17bc903078c5Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analyzing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
b26e5214de3d3875ccca59d6cfbffb8dfa87ab40288d159dc5713ec7d29109ebThis is a brief whitepaper tutorial that discusses format string exploitation.
1544465d9c53bc46b45f199277e5af8bfc93c0c6d2f40f5ff2478c2db9d3714bThis whitepaper is called Off-By-One Exploitation Tutorial. The off by one vulnerability in general means that if an attacker supplied input with certain length if the program has an incorrect length condition the program will write one byte outside the bounds of the space allocated to hold this input causing one of two scenarios depending on the input.
5f0e7988d1f9efa82633300226d7ad14a89ebbc4f3ad3eb4a3d67306232ea70cWhitepaper called Return-Oriented-Programming (ROP FTW).
0df3dba7ba4fbf596b77ccb6bcaf64bddf65e2fae569ec24d7481f4b6ce3f8b6SolarWinds Server and Application Monitor version 6.0 suffers from an active-x related buffer overflow vulnerability.
841395a87d46f8aba7dd14551684fe16b9e3de8cd2cb1433a295058e36790214AspxCommerce version 2.0 suffers from a remote shell upload vulnerability.
8713bab6a79f7b5d50c2b8edad2fb8f4da89c6c5cd1a55ab350684bd6f34a372This is multi-egghunter Linux/x86 shellcode.
ad3175fc562522e9a2e176427a9d832111ad0039ee8394ecc45a84b8c8007ebeApache Struts versions prior to 2.3.15.2 suffer from broken access control and dynamic method invocation disabled by default. 2.3.15.2 was released to address these issues.
461684279fc06b8115c5779042c29e7a6062120994f9ce9087c874c5a29ac245WordPress Lazy SEO plugin version 1.1.9 suffers from a remote shell upload vulnerability. Note that this advisory has site-specific information.
7e6392b31a7cf6905f01765ca48cb4eced37d1b642177cdae03946cf58c2ba14WordPress fGallery_Plus plugin suffers from multiple cross site scripting vulnerabilities. Note that this finding houses site-specific data.
c80371f254e0d3bfeab131b5f84077ce5fa288551f11fc15cd06775a35806a1cHP Security Bulletin HPSBST02919 - A potential security vulnerability has been identified with HP XP P9000 Command View Advanced Edition Suite Software. The vulnerability could be remotely exploited resulting in Cross Site Scripting (XSS). Revision 1 of this advisory.
0953bb4514a93447feb5a3d792cb8d9b63be5210a9a46e08a6b5a82afa25019eShare KM version 1.0.19 remote denial of service proof of concept exploit.
6e85084d4572fb736353c9fdeb36ef7ab48ef9213cf5e87654492ec8b0461ce1Joomla JVideoClip component suffers from a remote blind SQL injection vulnerability.
4781ffbb58c2f9b00a3104325ceee5ce0a84ef307ee9cccc745852c86fd96ec6Apple Security Advisory 2013-09-20-1 - Apple TV 6.0 is now available and addresses 57 different vulnerabilities.
1829e75185a589dc360c1424fc0d1fcbf1d9598859d451423d0cc59a18b7b1c9This Metasploit module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup r11.1 - r11.5. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.
9e93281c5a99b1786fc2fabf26e8375d1877b9b8ef741951fae3d0bad9d2039cThis Metasploit module exploits a buffer overflow vulnerability found in the STOR command of the PCMAN FTP version 2.07 server when the "/../" parameters are also sent to the server. Please note authentication is required in order to trigger the vulnerability. The overflowing string will also be seen on the FTP server log console.
aff42bc0d13d90c28ae3e11d84b0970e7da59f5d0794391bf2eda1629b411de3This Metasploit module exploits a use-after-free vulnerability found in Internet Explorer, specifically in how the browser handles the caret (text cursor) object. In IE's standards mode, the caret handling's vulnerable state can be triggered by first setting up an editable page with an input field, and then we can force the caret to update in an onbeforeeditfocus event by setting the body's innerHTML property. In this event handler, mshtml!CCaret::`vftable' can be freed using a document.write() function, however, mshtml!CCaret::UpdateScreenCaret remains unaware of this change, and still uses the same reference to the CCaret object. When the function tries to use this invalid reference to call a virtual function at offset 0x2c, it finally results a crash. Precise control of the freed object allows arbitrary code execution under the context of the user.
ee4538ddb8dd6f77e4bd70d5e7a430e46f6d5d7ff97a0c2c23d04883b7fb837eThis Metasploit module exploits a vulnerability mainly affecting Microsoft Windows XP and Windows 2003. The vulnerability exists in the handling of the Screen Saver path, in the [boot] section. An arbitrary path can be used as screen saver, including a remote SMB resource, which allows for remote code execution when a malicious .theme file is opened, and the "Screen Saver" tab is viewed.
29aaf07dcb5542222f7a271a446b80f5ab4686dc9025e8ce1f3c8d7045454193This Metasploit module exploits an arbitrary command execution vulnerability in the GLPI 'install.php' script. Users should use this exploit at his own risk, since it's going to overwrite database configuration.
79ddcfadea6c138a29a453a0dc3ff975e1ac590cc8150a6246c57abfb76852b1The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.
5fdabb65539c0e2248afcba9871e415908777fb0b2f288107530f6a551406d99Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
113450537f46ed47f010a179be333a0dcd79eac13f264dce26db7aac8d52b3b6WordPress NOSpamPTI plugin version 2.1 suffers from a remote blind SQL injection vulnerability.
58aa4142de2233611890f47f72f2972f2c389dd1fa2abe3fb8100667a4fc03feMental JS suffers from a sandbox bypass due to the ability to still execute javascript via document.inner.HTML.
d3c1668d510834211878dda3ef864e35ccdb1c64178a379e9c6c843e14ba7119
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed