exploit the possibilities
Showing 26 - 50 of 100 RSS Feed

Files

GOM Media Player 2.1.37 Buffer Overflow
Posted Mar 12, 2012
Authored by longrifle0x

GOM Media Player version 2.1.37 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 383377a40420c2a409552743aa5b109f

Related Files

Western Digital TV (WD-TV) Live Remote Code Execution
Posted Jun 25, 2012
Authored by Wolf Bee

The WD TV Live Streaming Media Player suffers from two implementation flaws that together allow for remote command execution as root.

tags | exploit, remote, root
MD5 | 268a44dbddc2d9b6b4f15fc418eed118
Gentoo Linux Security Advisory 201206-21
Posted Jun 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-21 - Multiple vulnerabilities have been found in Adobe Flash Player could result in the execution of arbitrary code or Denial of Service. Versions less than 11.2.202.236 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-0779, CVE-2012-2034, CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2038, CVE-2012-2039, CVE-2012-2040
MD5 | b30b28b648b667691e53c8194c61518a
Adobe Flash Player Object Type Confusion
Posted Jun 23, 2012
Authored by sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Adobe Flash Player. By supplying a corrupt AMF0 "_error" response, it is possible to gain arbitrary remote code execution under the context of the user. This vulnerability has been exploited in the wild as part of the "World Uyghur Congress Invitation.doc" e-mail attack. According to the advisory, 10.3.183.19 and 11.x before 11.2.202.235 are affected.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2012-0779, OSVDB-81656
MD5 | 9cd671aa77da3f3cf74a6b14f286d9ce
Secunia Security Advisory 49615
Posted Jun 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Microsoft has reported a vulnerability in JW Player, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | a56938745530fee05c22497491b04d9e
Adobe Flash Player AVM Verification Logic Array Indexing Code Execution
Posted Jun 20, 2012
Authored by mr_me | Site metasploit.com

This Metasploit module exploits a vulnerability in Adobe Flash Player versions 10.3.181.23 and earlier. This issue is caused by a failure in the ActionScript3 AVM2 verification logic. This results in unsafe JIT(Just-In-Time) code being executed. This is the same vulnerability that was used for attacks against Korean based organizations. Specifically, this issue occurs when indexing an array using an arbitrary value, memory can be referenced and later executed. Taking advantage of this issue does not rely on heap spraying as the vulnerability can also be used for information leakage. Currently this exploit works for IE6, IE7, IE8, Firefox 10.2 and likely several other browsers under multiple Windows platforms. This exploit bypasses ASLR/DEP and is very reliable.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2011-2110, OSVDB-48268
MD5 | b46d9ba42fe0fc20dbe3a4cb42ab96fa
Total Video Player 1.31 Proof Of Concept
Posted Jun 18, 2012
Authored by 0dem

Total Video Player version 1.31 crash proof of concept denial of service exploit that creates malicious files.

tags | exploit, denial of service, proof of concept
MD5 | 3503b7e865c243e96bcb8c4d05dd8d6f
TFM MMPlayer (m3u/ppl File) Buffer Overflow
Posted Jun 16, 2012
Authored by RjRjh Hack3r | Site metasploit.com

This Metasploit module exploits a buffer overflow in MMPlayer 2.2 The vulnerability is triggered when opening a malformed M3U/PPL file that contains an overly long string, which results in overwriting a SEH record, thus allowing arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution
advisories | OSVDB-80532
MD5 | b698296fadf0422166b3deab775903c0
VMware Security Advisory 2012-0011
Posted Jun 14, 2012
Authored by VMware | Site vmware.com

VMware Security Advisory 2012-0011 - VMware Workstation, Player, Fusion, ESXi and ESX patches address security issues.

tags | advisory
advisories | CVE-2012-3288, CVE-2012-3289
MD5 | 1aecb9d3961c0213856105961504c66a
Secunia Security Advisory 49451
Posted Jun 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

tags | advisory, vulnerability
systems | linux, suse
MD5 | 36fff186fa2a0395d151db86c77a7fa5
Red Hat Security Advisory 2012-0722-01
Posted Jun 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0722-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB12-14, listed in the References section. Several security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2012-2034, CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2038, CVE-2012-2039
MD5 | 43309c5a9f85e481cb8b022b79d333e7
WordPress HD FLV Player 1.7 Shell Upload
Posted Jun 12, 2012
Authored by Sammy FORGIT

WordPress HD FLV Player plugin version 1.7 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | b1fa98239ed0ac4d983b8e4072812ef6
Secunia Security Advisory 49388
Posted Jun 11, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

tags | advisory, vulnerability
MD5 | e7d97e66559f841b0daf60af443e7a31
Zero Day Initiative Advisory 12-092
Posted Jun 9, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-092 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles audio encoded with the QCELP codec. The codec allows you to specify the 'block_size' that is used. This size is used to create an allocation to hold the data, but a hardcoded blocksize is later used to copy data into that allocation. This could lead to remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4247
MD5 | e33996508ffbd2fd1af025bd0eda6ba5
Zero Day Initiative Advisory 12-087
Posted Jun 7, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-087 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the raac.dll module. By editing the stsz atom in the mp4 file data, an attacker could change a sample size to force a loop in raac.dll to loop too many times, causing heap corruption. This vulnerability can be leveraged to execute code under the context of the user running the application.

tags | advisory, remote, arbitrary
advisories | CVE-2011-4260
MD5 | 448481c84ff5c72f2a0c1cf45c00e0c2
Zero Day Initiative Advisory 12-086
Posted Jun 7, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-086 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rvrender module. When parsing an IVR file, the code within this module does not account for a negative value for the "RMFF 1.0 Flags" element within the input data. By providing a specially crafted file an attacker is able to achieve a program state that results in a function pointer value being retrieved from file data and subsequently called. This vulnerability can be leveraged to execute code under the context of the user running the application.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0922
MD5 | 3c29caa1c5737939535706e79b91a351
Zero Day Initiative Advisory 12-085
Posted Jun 7, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-085 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dmp4 component. If the width value is altered inside the esds atom, arithmetic instructions within RealPlayer code can result in a loop counter wrapping to a large value. This can cause the loop to run too many times while operating on heap memory. By exploiting this condition, an attacker can corrupt memory and leverage that to execute code under the context of the user running the application.

tags | advisory, remote, arbitrary
advisories | CVE-2011-4261
MD5 | c9aa8e026696d95c59331d0fe1b2b993
JW Player 5.9 Cross Site Scripting / Content Spoofing
Posted Jun 7, 2012
Authored by MustLive

JW Player version 5.9.x suffers from cross site scripting and content spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss
MD5 | 5a32bb6f915b0cf334eaf4e2851aab53
Zero Day Initiative Advisory 12-084
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-084 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within the RV10 encoded data in the rv10.dll component. When encountering an invalid encoded height or width field the process miscalculates an offset while preparing to decode the data packets which constitute the stream. The process attempts to store data at this location. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0926
MD5 | a82362c40a2c4e4e22423d383f838394
Zero Day Initiative Advisory 12-080
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-080 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. A size value is read from MP4 files and used for size calculation without proper validation. The arithmetic performed on the size value can cause integer overflows, resulting in undersized allocations. This undersized memory allocation can be subsequently overpopulated with data supplied by the input file which can be used to gain remote code execution under the context of the current process.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2012-0754
MD5 | 23b62bc1467d097ae9488d03bc70c6ae
Zero Day Initiative Advisory 12-076
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-076 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application calculates the padding for an MPEG sample. When calculating the padding, the MPEG library will subtract this from another length without checking for underflow. This resulting length will then be used in a memcpy operation into a statically sized buffer allocated on the heap. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2012-0659
MD5 | abafea58d023c88a3dc309617ec7c42f
Zero Day Initiative Advisory 12-075
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-075 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application decodes video samples encoded with the RLE codec. When decompressing the sample, the application will fail to accommodate for the canvas the sample is rendered into. This can cause a buffer overflow and thus can be taken advantage of in order to gain code execution under the context of the application.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2012-0668
MD5 | e56d5ff2b2fdb50359810d4cc109ccd1
MPlayer SAMI Subtitle File Buffer Overflow
Posted May 29, 2012
Authored by juan vazquez, Jacques Louw | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow found in the handling of SAMI subtitles files in MPlayer SVN Versions before 33471. It currently targets SMPlayer 0.6.8, which is distributed with a vulnerable version of mplayer. The overflow is triggered when an unsuspecting victim opens a movie file first, followed by loading the malicious SAMI subtitles file from the GUI. Or, it can also be done from the console with the mplayer "-sub" option.

tags | exploit, overflow
advisories | OSVDB-74604
MD5 | f0b1098a17d77ade6837c0e5682add3f
Red Hat Security Advisory 2012-0688-01
Posted May 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0688-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-09, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially-crafted SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.19.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2012-0779
MD5 | 303bfd8a63a2f5011bc9e38379b9414c
Secunia Security Advisory 49250
Posted May 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for flash-player. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, redhat
MD5 | fd14200d890ae1c19f2733137d7a2967
Secunia Security Advisory 49193
Posted May 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | 31b1edf958cb1fdd3ecb267581b17155
Page 2 of 4
Back1234Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close