exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 38 RSS Feed

Files

libc/fnmatch(3) Denial Of Service
Posted May 13, 2011
Authored by Maksymilian Arciemowicz

Multiple vendors libc/fnmatch(3) suffer from a denial of service vulnerability. Affected software includes Apache 2.2.17, NetBSD 5.1, OpenBSD 4.8, FreeBSD, Mac OS X 10.6, and Sun Solaris 10. Apache proof of concept is included.

tags | exploit, denial of service, proof of concept
systems | linux, netbsd, solaris, freebsd, openbsd, apple, osx
advisories | CVE-2011-0419
SHA-256 | 2c1ae950fb3bfed82e98d5621bda7e64d189490f5059fd8d12ecb495733b1b59

Related Files

Zero Day Initiative Advisory 12-017
Posted Jan 21, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-017 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Outside In. Authentication is not required to exploit this vulnerability. The flaw exists within the sccfut.dll component which is used by multiple vendors, most notably the Novell Groupwise E-Mail Client. When opening the OOXML formatted mail attachment for preview the process copies the target of a Relationship tag to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.

tags | advisory, remote, arbitrary, local
SHA-256 | e80d123ed6250589b8b3eca15fa9b0da08e7c39a53637e169b2b5417d40f956e
Webkit Memory Corruption / Code Execution
Posted Jul 25, 2011
Authored by Nikita Tarakanov, Alex Bazhanyuk

Remote exploitation of a memory corruption vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. Scalable Vector Graphics (SVG) is an XML based file format used to describe two dimensional vector graphics. It defines both a markup language, and a JavaScript interface. When processing DOM queries to SVG tags, Safari fails to handle exceptional conditions. It is possible to trigger a use after free vulnerability by query some properties of SVG tags. This leaves a C++ object pointer in an inconsistent state, which can lead to the execution of arbitrary code. Safari versions prior to 5.1 and 5.0.6 are vulnerable.

tags | advisory, remote, arbitrary, javascript
advisories | CVE-2011-0222
SHA-256 | 620665bfdb86a30421dd34b615a797945553c63b075518ac3852faa9ab9219e1
iDefense Security Advisory 07.20.11 - Webkit Memory Corruption
Posted Jul 21, 2011
Authored by iDefense Labs, wushi | Site idefense.com

iDefense Security Advisory 07.20.11 - Remote exploitation of a memory corruption vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. Scalable Vector Graphics (SVG) is an XML based file format used to describe two dimensional vector graphics. It defines both a markup language, and a JavaScript interface. When parsing a series of SVG tags, and then manipulating them via JavaScript, Safari fails to handle exceptional conditions. It is possible to trigger a use after free vulnerability by manipulating the animVal property of various SVG tags. This leaves a C++ object pointer in an inconsistent state, which can lead to the execution of arbitrary code. Safari versions prior to 5.1 and 5.0.6 are vulnerable.

tags | advisory, remote, arbitrary, javascript
advisories | CVE-2011-0240
SHA-256 | 99c8cb11dcb256c511dc2217aaa40292d8c285040e8f55bc2b42756ce98c3948
iDefense Security Advisory 07.20.11 - MathML Use-After-Free
Posted Jul 21, 2011
Authored by iDefense Labs, wushi | Site idefense.com

iDefense Security Advisory 07.20.11 - Remote exploitation of a use-after-free vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. Safari versions prior to 5.1 and 5.0.6 are vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2011-1449
SHA-256 | 53730b1d8512f5363490f9170bba7812a1775127b9e9b802e2a0d79ffc794e42
Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT Memory Exhaustion
Posted May 3, 2011
Authored by Maksymilian Arciemowicz

Multiple vendors are affected by a memory exhaustion vulnerability in libc/glob(3) GLOB_BRACE|GLOB_LIMIT.

tags | exploit
advisories | CVE-2011-0418
SHA-256 | 1d1f0bb940366641cffd2edd81473a10c047934622b6fc4b18eefc826bbb182e
Zero Day Initiative Advisory 10-294
Posted Dec 25, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-294 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of multiple products from multiple vendors that utilize the Uni RPC protocol. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Uni RPC service (unirpcd.exe) which listens by default on TCP port 31438. The unirpc32.dll module implements an RPC protocol and is used by the Uni RPC service. While parsing a size value from an RPC packet header, an integer can overflow and consequently bypass a signed comparison. This controlled value is then used as the number of bytes to receive into a static heap buffer. By providing a specially crafted request, this heap buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary, tcp, code execution, protocol
SHA-256 | 0208958c1064611e6f5ae2711eeae42691474fea4bbf89a18187ab50583f03d9
iDEFENSE Security Advisory 2010-06-07.3
Posted Jun 12, 2010
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 06.07.10 - Remote exploitation of a memory corruption vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. Google Chrome browsers to parse and render web content. The vulnerability occurs when the a certain property of an HTML element with a caption is reset via JavaScript code. When this occurs, a C++ object is incorrectly accessed after it has been freed. This results in an attacker controlled value being used as a C++ VTABLE, which leads to the execution of arbitrary code.

tags | advisory, remote, web, arbitrary, javascript
advisories | CVE-2010-1400
SHA-256 | 7f0b35ab69f037cbb614d26e6d3fd5861195f53934838f0c776b12a6277459d6
iDEFENSE Security Advisory 2010-04-15.2
Posted Apr 17, 2010
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 04.15.10 - Remote exploitation of an integer overflow vulnerability within AgentX++, as distributed with multiple vendors' products, allows attackers to execute arbitrary code with the privileges of the AgentX master process. This vulnerability exists within the AgentX::receive_agentx function. If an attacker sends a request specifying the maximum 32-bit integer as the payload length, adding one will cause an integer overflow, resulting in the allocation of a "0" size buffer. Since an attacker can send as much, or as little, data as they wish, they can overflow the allocated heap buffer by an arbitrary amount.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-1319
SHA-256 | 176f4add59ab7e2454b1c942cc75564e4ab4b26ebd3fe4762e5e77e44a63a6b2
iDEFENSE Security Advisory 2010-04-15.1
Posted Apr 17, 2010
Authored by iDefense Labs, Manuel Santamarina Suarez | Site idefense.com

iDefense Security Advisory 04.15.10 - Remote exploitation of a stack-based buffer overflow vulnerability within AgentX++, as distributed with multiple vendors' products, allows attackers to execute arbitrary code with the privileges of the AgentX master process. This vulnerability exists within the AgentX::receive_agentx function. By sending multiple blocks of data to the vulnerable function, an attacker could overwrite the data following the stack buffer, including the saved return address.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-1318
SHA-256 | 499590eb81a0b27fc47fa45064c8da26ab84f710c5e3d28fa2e9796dfe3c0034
librpc.dll Signedness Error Remote Code Execution
Posted Apr 9, 2010
Authored by ZSploit.com | Site zsploit.com

Remote code execution signedness error exploit for librpc.dll as used by multiple vendors.

tags | exploit, remote, code execution
advisories | CVE-2009-2754
SHA-256 | c94ca9ab119c818f298d83db5f00592c187b0dfc71cd86d00639b38db1bf22ba
iDEFENSE Security Advisory 2010-03-11.1
Posted Mar 12, 2010
Authored by iDefense Labs, wushi | Site idefense.com

iDefense Security Advisory 03.11.10 - Remote exploitation of a memory corruption vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when a certain property of an HTML element is reset via JavaScript code. When this occurs, a C++ object is incorrectly accessed after it has been freed. This results in an attacker controlled value being used as a C++ VTABLE, which leads to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Google Chrome 3.0.195.38 and Safari 4.0.4. Previous versions are suspected to be vulnerable. A full list of affected Apple products can be found in Security Advisory APPLE-SA-2010-03-11-1 Safari 4.0.5.

tags | advisory, remote, arbitrary, javascript
systems | apple
advisories | CVE-2010-0040
SHA-256 | 1fc117df7706d0d6948b053056eb674537fc56cfce4e2641349a4d3e5274d8b4
libc:fts_*() Denial Of Service
Posted Oct 2, 2009
Authored by Maksymilian Arciemowicz | Site securityreason.com

libc:fts_*() suffers from multiple denial of service vulnerabilities. This affects multiple vendors.

tags | exploit, denial of service, vulnerability
SHA-256 | 60fdb0c5abb5e3ce9c4855e6377fd45eb308fb523b2c8e1b8e6eaf4ed9349437
iDEFENSE Security Advisory 2009-06-08.1
Posted Jun 11, 2009
Authored by iDefense Labs, wushi, ling | Site idefense.com

iDefense Security Advisory 06.08.09 - Remote exploitation of a memory corruption vulnerability in multiple vendors' WebKit browser engine could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when JavaScript code is used to set a certain property of an HTML tag within a web page. When JavaScript code sets this property, child elements of the tag are freed. However, when an error in the remaining HTML is encountered, these previously freed tag values are referenced. The freed memory is then treated as a C++ object, which can lead to attacker controlled values being used as function pointers. iDefense has confirmed the existence of this vulnerability in WebKit-r42162. Previous versions may also be affected.

tags | advisory, remote, web, arbitrary, javascript
advisories | CVE-2009-1690
SHA-256 | 2435fec72e75174b6080e9ba92c5e1f2ac6084a0c73ee3e6e95f87039ff1207f
libc:fts_*() Denial Of Service
Posted Mar 5, 2009
Authored by Maksymilian Arciemowicz | Site securityreason.com

libc:fts_*() suffers from a denial of service vulnerability. This affects multiple vendors.

tags | advisory, denial of service
advisories | CVE-2009-0537
SHA-256 | f1f7b02d628966dda851d771301cd67c0c164e16441e34b7ea9c6101aecb9818
iDEFENSE Security Advisory 2008-11-04.1
Posted Nov 5, 2008
Authored by iDefense Labs, Peter Vreugdenhil | Site idefense.com

iDefense Security Advisory 11.04.08 - Remote exploitation of a stack based buffer overflow vulnerability in NOS Microsystems Ltd.'s getPlus Download Manager, potentially used by multiple vendors, could allow an attacker to execute arbitrary code with the privileges of the current user. iDefense has confirmed the existence of this vulnerability in getPlus gp.ocx version 1.2.2.50, which is used in web based installations of Adobe Reader 8.1. Previous versions may also be affected.

tags | advisory, remote, web, overflow, arbitrary
advisories | CVE-2008-4817
SHA-256 | f82cd5bb85b3a959d2c8d724ce4105aa767646e05a45b9d840a37588554309e9
noisebridge.tgz
Posted Jul 10, 2008
Authored by Kristian Hermansen

Malicious SVG file denial of service proof of concept exploit that affects multiple vendors.

tags | exploit, denial of service, proof of concept
SHA-256 | ee89da8f9776050087de3fc3ee1f48a1493cfbde1d0d9d489fb79bc7d24d2f7a
iDEFENSE Security Advisory 2007-04-03.4
Posted Apr 5, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 04.03.07 - Local exploitation of an integer overflow vulnerability in multiple vendors' implementations of the X Window System font information file parsing component could allow execution of arbitrary commands with elevated privileges. The vulnerability specifically exists in the parsing of the "fonts.dir" font information file. When the element count on the first line of the file specifies it contains more than 1,073,741,824 (2 to the power of 30) elements, a potentially exploitable heap overflow condition occurs. iDefense has confirmed the existence of this vulnerability in X.Org X11R7.1. Older versions are suspected to be vulnerable.

tags | advisory, overflow, arbitrary, local
advisories | CVE-2007-1352
SHA-256 | d95f5eb5f4a2fafa2a559d05262d2b4aad07530980018d5f6c4989c5110b0426
iDEFENSE Security Advisory 2007-04-03.3
Posted Apr 5, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 04.03.07 - Local exploitation of an integer overflow vulnerability in multiple vendors' implementations of the X Window System server BDF font parsing component could allow execution of arbitrary commands with elevated privileges. The vulnerability specifically exists in the parsing of BDF fonts. When the X server encounters a specially crafted BDF font, an integer overflow occurs leading to a potentially exploitable heap overflow condition. iDefense has confirmed the existence of this vulnerability in X.Org X11R7.1. Older versions are suspected to be vulnerable. Additionally, it is reported that the freetype library is also vulnerable.

tags | advisory, overflow, arbitrary, local
advisories | CVE-2007-1351
SHA-256 | 5b3a3d520e2e2d171cccc8c7b16c74563a20141daff91279318106380bdda62d
iDEFENSE Security Advisory 2007-04-03.5
Posted Apr 5, 2007
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 04.03.07 - Local exploitation of a memory corruption vulnerability in the multiple vendor's X server implementations could allow an attacker to execute arbitrary code with elevated privileges. The XC-MISC extension is used by the X Server to manage resource IDs. It is built in to the X server by default. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. Inside this function, the ALLOCATE_LOCAL() macro is used. This macro allocates memory on the stack or heap depending on the availability of the alloca() function. If alloca() is available, the stack is used, other wise the heap is used. Due to insufficient input validation, it is possible to cause memory corruption by passing specially crafted values to the ProcXCMiscGetXIDList() handler function. iDefense has confirmed the existence of this vulnerability in the X.org server version 7.1-1.1.0. Previous versions may also be affected.

tags | advisory, arbitrary, local
advisories | CVE-2007-1003
SHA-256 | 92d6431bc2eac618696fe71be317a3e41abf731041247499cd91d9d0bc84454a
iDEFENSE Security Advisory 2007-02-23.2
Posted Feb 24, 2007
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 02.23.07 - Remote exploitation of an input validation error causing an integer underflow in version 3.10 of the Mozilla Foundation's Network Security Services (NSS) may allow an attacker to cause a stack-based buffer overflow and execute arbitrary code on the affected application. The vulnerability specifically exists in code responsible for handling the client master key. While negotiating an SSLv2 session, a client can specify invalid parameters which causes an integer underflow. The resulting value is used as the amount of memory to copy into a fixed size stack buffer. As a result, a potentially exploitable stack-based buffer overflow condition occurs. iDefense has confirmed this vulnerability exists in versions 3.10 and 3.11.3 of the Mozilla Network Security Services. These libraries are used in a variety of products from multiple vendors including Sun Microsystems, Red Hat and Mozilla. Previous versions are also likely to be affected. The names 'libnss3.so' on Linux based systems or 'nss3.dll' on Windows based systems may indicate the library is being used by an application.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat, windows
advisories | CVE-2007-0009
SHA-256 | dc4ab453dda77e026844208264a462cb957ca2492ea8e8a46e862bdaf9c7328f
iDEFENSE Security Advisory 2007-02-23.1
Posted Feb 24, 2007
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 02.23.07 - Remote exploitation of an input validation error causing an integer underflow in version 3.10 of the Mozilla Foundation's Network Security Services (NSS) may allow an attacker to execute arbitrary code in the context of the affected application. The vulnerability specifically exists due to a design error in the processing of malformed SSLv2 server messages. By sending a certificate with a public key too small to encrypt the "Master Secret", heap corruption can be triggered which may result in the execution of arbitrary code. iDefense has confirmed this vulnerability exists in versions 3.10 and 3.11.3 of Mozilla Network Security Services. These libraries are used in a variety of products from multiple vendors including Sun Microsystems, Red Hat and Mozilla. Previous versions are also likely to be affected. The names 'libnss3.so' on Linux based systems or 'nss3.dll' on Windows based systems may indicate the library is being used by an application.

tags | advisory, remote, arbitrary
systems | linux, redhat, windows
advisories | CVE-2007-0008
SHA-256 | 7fb16bcdf325338a79fb7ce3dd350a70780cc885fbc2e518170ea257c01eb652
iDEFENSE Security Advisory 2006-12-08.1
Posted Dec 11, 2006
Authored by iDefense Labs, Damian Put, Titon | Site idefense.com

iDefense Security Advisory 12.08.06 - Remote exploitation of a denial of service vulnerability in Multiple Vendors' Antivirus engines allows an attacker to cause the engines to consume excessive resources. The affected vendors' scan engines are vulnerable to a DoS attack when scanning specially malformed RAR archives. Specifically, the malformed archives will have the head_size and pack_size fields set to zero in Archive Header section. When such a file is encountered, the affected scan engines will enter an infinite loop. Confirmed systems affected: Sophos Small business edition (Windows/Linux) 4.06.1 with engine version 2.34.3. Trend Micro PC Cillin - Internet Security 2006. Trend Micro Office Scan 7.3. Trend Micro Server Protect 5.58.

tags | advisory, remote, denial of service
systems | linux, windows
advisories | CVE-2006-5645
SHA-256 | 67c4a280c65b80adddfea7555c151689fa0a7b7c4e14641e6726e9b11f3ce9f5
iDEFENSE Security Advisory 2006-10-26.1
Posted Oct 27, 2006
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 10.26.06 - Multiple Vendor wvWare LFO Count Integer Overflow Vulnerability

tags | advisory, overflow
SHA-256 | 8f68a8978984b0e3a5fe4be0692e8f18f211e7a2ad5bd97c2f7a27c96532b140
iDEFENSE Security Advisory 2006-10-26.2
Posted Oct 27, 2006
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 10.26.06: Multiple Vendor wvWare LVL Count Integer Overflow Vulnerability

tags | advisory, overflow
SHA-256 | a15abfbcbe15b9bba54b79957b5fd2e640440079be1d05e1b450a95b561ef26a
ToshibaBluetooth.txt
Posted Oct 17, 2006
Authored by SecureWorks | Site secureworks.com

A flaw exists in the Toshiba Bluetooth wireless device driver, used by multiple vendors, that allows a remote attacker within wireless range of a Bluetooth device to perform a denial-of-service (DoS) attack or execute arbitrary code at the highest privilege level.

tags | advisory, remote, arbitrary
SHA-256 | 8ea1d426af8d54ecb7d4f1fe38e94302151ac32daaf98c5085d8e362d4b23e32
Page 1 of 2
Back12Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close