what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files

Avid Media Composer 5.5 Stack Buffer Overflow
Posted Nov 30, 2011
Authored by Nick Freeman | Site security-assessment.com

The AvidPhoneticIndexer.exe network daemon that ships with Avid Media Composer version 5.5 suffers from a remote stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory and a Metasploit module.

tags | exploit, remote, overflow
systems | linux
SHA-256 | a6100e77da08ab7504d889909384925c152f4a923056b91aef442070ec7d5eeb

Related Files

Debian Security Advisory 4907-1
Posted Apr 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4907-1 - It was discovered that composer, a dependency manager for PHP, did not properly sanitize Mercurial URLs, which could lead to arbitrary code execution.

tags | advisory, arbitrary, php, code execution
systems | linux, debian
advisories | CVE-2021-29472
SHA-256 | dddfc0d1a34bb295cdb7f0ce6dbeceacc8b317559a41eae4a91b2a1a41a4eddf
WordPress Hybrid Composer 1.4.6 Unauthenticated Access
Posted Jul 24, 2019
Authored by rootetsy, yasin

WordPress Hybrid Composer plugin version 1.4.6 suffers from an unauthenticated configuration access vulnerability.

tags | exploit, bypass
SHA-256 | 26db1d7c35ee5edb905075e3a14d1d9ddc5e8c47e9ee7f9411211033c28c5549
WordPress KingComposer 2.7.6 Cross Site Scripting
Posted Feb 6, 2019
Authored by Tim Coen

WordPress KingComposer plugin version 2.7.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9910
SHA-256 | 70463eecc91264546a0667f547952464557785a98fd5161513136df55b04811a
Ivanti Workspace Control Named Pipe Privilege Escalation
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

It was found that Ivanti Workspace Control allows a local (unprivileged) attacker to run arbitrary commands with Administrator privileges. This issue can be exploited by spawning a new Composer process, injecting a malicious thread in this process. This thread connects to a Named Pipe and sends an instruction to a service to launch an attacker-defined application with elevated privileges. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.

tags | advisory, arbitrary, local
SHA-256 | 8258dbf9be109afe0d7a02ca62f333c5c39f3e9e6c52f1ae3f17a46f22ef8eca
Samsung SecEmailUI Script Injection
Posted Feb 7, 2016
Authored by Google Security Research, forshaw

The default Samsung email client's email viewer and composer (implemented in SecEmailUI.apk) doesn't sanitize HTML email content for scripts before rendering the data inside a WebView. This allows an attacker to execute arbitrary JavaScript when a user views a HTML email which contains HTML script tags or other events.

tags | exploit, arbitrary, javascript
systems | linux
advisories | CVE-2015-7893
SHA-256 | cdd3dca1431b631c7893709d3f20baf0ee1737418b177b7b11da853c74127bd8
Samsung SecEmailComposer QUICK_REPLY_BACKGROUND Permission Weakness
Posted Oct 28, 2015
Authored by Google Security Research, forshaw

The SecEmailComposer/EmailComposer application used by the Samsung S6 Edge has an exported service action to do quick replies to emails. It was found that this action required no permissions to call, and could lead to an unprivileged application gaining access to email content.

tags | exploit
systems | linux
advisories | CVE-2015-7889
SHA-256 | 594870b3ae98a33494d0b1c1cfe743d48fcdc6e5eb9a57bb9891ab2068f4be75
Avid Media Composer 5.5 - Avid Phonetic Indexer Stack Overflow
Posted Nov 4, 2013
Authored by Nick Freeman | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660.

tags | exploit, overflow
SHA-256 | 1300424762c6a67dc6fa5b84891cd5d5326609e31ed49f16b15f85a4eadefc6f
Avid Media Composer 5.5 - Avid Phonetic Indexer Stack Overflow
Posted Nov 4, 2013
Authored by Nick Freeman | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660. This version of the exploit was deemed "old" by Metasploit.

tags | exploit, overflow
SHA-256 | 1300424762c6a67dc6fa5b84891cd5d5326609e31ed49f16b15f85a4eadefc6f
Secunia Security Advisory 51682
Posted Dec 24, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged multiple vulnerabilities in IBM Rational Method Composer, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS, and compromise a vulnerable system.

tags | advisory, denial of service, local, vulnerability
SHA-256 | f0a23127e6397ec081378cb939d565362e7df8e5de65fcfc384c3fa908d3f519
Secunia Security Advisory 51169
Posted Nov 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged a vulnerability in Rational Team Concert, Rational Quality Manager, and Rational Requirements Composer, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | fb2d6383700a5ce211fae026f9054e039c4b72dd3c8eec0a844761bed38ef692
Secunia Security Advisory 48924
Posted May 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in 3DVIA Composer, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | bea660ef1c11ddaadc4629a4f99666b5a7c49ef146ba237564b1370dcd3c7c3d
Avid Media Composer 5.5 - Avid Phonetic Indexer Stack Overflow
Posted Dec 3, 2011
Authored by Nick Freeman | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660.

tags | exploit, overflow
advisories | OSVDB-77376
SHA-256 | e325ea7c310110db0d0e34758f28771015fc9185c9f35054df350536e370ced2
Secunia Security Advisory 47047
Posted Nov 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Nick Freeman has discovered a vulnerability in Avid Media Composer, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 6720a9faa2b2f70e6d75b244f6c3f2199ed7ce4f802aaf5d9a2cef9c4882235e
Site Composer Essentials Database Disclosure
Posted Aug 7, 2010
Authored by indoushka

Site Composer Essentials suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 603319e809081643d08003baf3c1767ea2a601aaa3a22fea9fe4b1e108b124bc
SelfComposer CMS SQL Injection
Posted May 20, 2010
Authored by Locu

SelfComposer CMS suffers from remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 8e4b88bb897eebb2b9143146ca7f61dcbffff9dca7e54a247511534143e9a1f7
fc_sql.txt
Posted Aug 4, 2008
Authored by Tosser

The Facility Composer Website at http://ff.cecer.army.mil/fc/ suffered from a severe SQL injection vulnerability. This system has since gone offline.

tags | exploit, web, sql injection
SHA-256 | 00354a4c946f871316edd1c5c3d2941cbb7289494faafbeac408a3e682a6540f
Secunia Security Advisory 30762
Posted Jun 21, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - AmnPardaz Security Research Team have reported some vulnerabilities in eLineStudio Site Composer, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, or to manipulate certain data.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 4915d38344df03596449bcaf560cd1beec62a6218f00ac98e2f06320f1954b7e
elinestudio-sqlxss.txt
Posted Jun 19, 2008
Authored by AmnPardaz Security Research Team | Site bugreport.ir

eLineStudio Site Composer (ESC) versions 2.6 and below suffer from SQL injection, cross site scripting, and information leakage vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | 1a92e11ff7286dd9c1b83bede19c61fd5b42711d54d9dfff5639f1a51c8a97ec
pocketpc.txt
Posted Aug 27, 2006
Authored by Collin Mulliner, Prof. Giovanni Vigna

MMS composer versions 1.5.5.6 and 2.0.0.13 suffer from multiple buffer overflows in the MMS parsing code allowing for arbitrary code execution and denial of service conditions.

tags | advisory, denial of service, overflow, arbitrary, code execution
SHA-256 | 85797acd23078e7a0402ffbedbb3a17a3a05d8df947fd121802d1fb83dc94927
Secunia Security Advisory 21426
Posted Aug 17, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Collin Mulliner and Prof. Giovanni Vigna have reported some vulnerabilities in ArcSoft MMS Composer, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.

tags | advisory, denial of service, vulnerability
SHA-256 | a5529f13d059f1ea53007a076a7b58886338d3d532d08f66c074097d4e4e42dc
04072006_tweed.pdf
Posted Jul 26, 2006
Authored by Ryan Smith | Site hustlelabs.com

Tumbleweed's Email Firewall has three separate vulnerabilities within its LHA processing routines inside of its EMF Decomposer.

tags | advisory, vulnerability
SHA-256 | cf7a9b4501c04e92a6ed5abde20ee84edf7fef2e8eac2339fddcd0c475b3757b
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close