Debian Linux Security Advisory 2762-1 - Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code.
1f2d0e9338e4bcc954cee7d4e39d03c6db8cc45f37ce200d040a7c5838fbfaf0
This is a brief whitepaper tutorial discussing stack-based buffer overflow exploitation.
11b14091592ce665a4052fa63c683bede3f54a2039f3e8ac022b17bc903078c5
Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analyzing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
b26e5214de3d3875ccca59d6cfbffb8dfa87ab40288d159dc5713ec7d29109eb
This is a brief whitepaper tutorial that discusses format string exploitation.
1544465d9c53bc46b45f199277e5af8bfc93c0c6d2f40f5ff2478c2db9d3714b
This whitepaper is called Off-By-One Exploitation Tutorial. The off by one vulnerability in general means that if an attacker supplied input with certain length if the program has an incorrect length condition the program will write one byte outside the bounds of the space allocated to hold this input causing one of two scenarios depending on the input.
5f0e7988d1f9efa82633300226d7ad14a89ebbc4f3ad3eb4a3d67306232ea70c
Whitepaper called Return-Oriented-Programming (ROP FTW).
0df3dba7ba4fbf596b77ccb6bcaf64bddf65e2fae569ec24d7481f4b6ce3f8b6
SolarWinds Server and Application Monitor version 6.0 suffers from an active-x related buffer overflow vulnerability.
841395a87d46f8aba7dd14551684fe16b9e3de8cd2cb1433a295058e36790214
AspxCommerce version 2.0 suffers from a remote shell upload vulnerability.
8713bab6a79f7b5d50c2b8edad2fb8f4da89c6c5cd1a55ab350684bd6f34a372
This is multi-egghunter Linux/x86 shellcode.
ad3175fc562522e9a2e176427a9d832111ad0039ee8394ecc45a84b8c8007ebe
Apache Struts versions prior to 2.3.15.2 suffer from broken access control and dynamic method invocation disabled by default. 2.3.15.2 was released to address these issues.
461684279fc06b8115c5779042c29e7a6062120994f9ce9087c874c5a29ac245
WordPress Lazy SEO plugin version 1.1.9 suffers from a remote shell upload vulnerability. Note that this advisory has site-specific information.
7e6392b31a7cf6905f01765ca48cb4eced37d1b642177cdae03946cf58c2ba14
WordPress fGallery_Plus plugin suffers from multiple cross site scripting vulnerabilities. Note that this finding houses site-specific data.
c80371f254e0d3bfeab131b5f84077ce5fa288551f11fc15cd06775a35806a1c
HP Security Bulletin HPSBST02919 - A potential security vulnerability has been identified with HP XP P9000 Command View Advanced Edition Suite Software. The vulnerability could be remotely exploited resulting in Cross Site Scripting (XSS). Revision 1 of this advisory.
0953bb4514a93447feb5a3d792cb8d9b63be5210a9a46e08a6b5a82afa25019e
Share KM version 1.0.19 remote denial of service proof of concept exploit.
6e85084d4572fb736353c9fdeb36ef7ab48ef9213cf5e87654492ec8b0461ce1
Joomla JVideoClip component suffers from a remote blind SQL injection vulnerability.
4781ffbb58c2f9b00a3104325ceee5ce0a84ef307ee9cccc745852c86fd96ec6
Apple Security Advisory 2013-09-20-1 - Apple TV 6.0 is now available and addresses 57 different vulnerabilities.
1829e75185a589dc360c1424fc0d1fcbf1d9598859d451423d0cc59a18b7b1c9
This Metasploit module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup r11.1 - r11.5. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.
9e93281c5a99b1786fc2fabf26e8375d1877b9b8ef741951fae3d0bad9d2039c
This Metasploit module exploits a buffer overflow vulnerability found in the STOR command of the PCMAN FTP version 2.07 server when the "/../" parameters are also sent to the server. Please note authentication is required in order to trigger the vulnerability. The overflowing string will also be seen on the FTP server log console.
aff42bc0d13d90c28ae3e11d84b0970e7da59f5d0794391bf2eda1629b411de3
This Metasploit module exploits a use-after-free vulnerability found in Internet Explorer, specifically in how the browser handles the caret (text cursor) object. In IE's standards mode, the caret handling's vulnerable state can be triggered by first setting up an editable page with an input field, and then we can force the caret to update in an onbeforeeditfocus event by setting the body's innerHTML property. In this event handler, mshtml!CCaret::`vftable' can be freed using a document.write() function, however, mshtml!CCaret::UpdateScreenCaret remains unaware of this change, and still uses the same reference to the CCaret object. When the function tries to use this invalid reference to call a virtual function at offset 0x2c, it finally results a crash. Precise control of the freed object allows arbitrary code execution under the context of the user.
ee4538ddb8dd6f77e4bd70d5e7a430e46f6d5d7ff97a0c2c23d04883b7fb837e
This Metasploit module exploits a vulnerability mainly affecting Microsoft Windows XP and Windows 2003. The vulnerability exists in the handling of the Screen Saver path, in the [boot] section. An arbitrary path can be used as screen saver, including a remote SMB resource, which allows for remote code execution when a malicious .theme file is opened, and the "Screen Saver" tab is viewed.
29aaf07dcb5542222f7a271a446b80f5ab4686dc9025e8ce1f3c8d7045454193
This Metasploit module exploits an arbitrary command execution vulnerability in the GLPI 'install.php' script. Users should use this exploit at his own risk, since it's going to overwrite database configuration.
79ddcfadea6c138a29a453a0dc3ff975e1ac590cc8150a6246c57abfb76852b1
The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.
5fdabb65539c0e2248afcba9871e415908777fb0b2f288107530f6a551406d99
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
113450537f46ed47f010a179be333a0dcd79eac13f264dce26db7aac8d52b3b6
WordPress NOSpamPTI plugin version 2.1 suffers from a remote blind SQL injection vulnerability.
58aa4142de2233611890f47f72f2972f2c389dd1fa2abe3fb8100667a4fc03fe
Mental JS suffers from a sandbox bypass due to the ability to still execute javascript via document.inner.HTML.
d3c1668d510834211878dda3ef864e35ccdb1c64178a379e9c6c843e14ba7119