what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

1 Click Extract Audio 2.3.6 Buffer Overflow
Posted Jun 5, 2015
Authored by metacom

1 Click Extract Audio version 2.3.6 suffers from an active-x buffer overflow vulnerability.

tags | exploit, overflow, activex
SHA-256 | 8b01dc114225b25899010fb32a767a37a36147e0bb4170433e6f8f3deeaa00f2

Related Files

Zero Day Initiative Advisory 12-136
Posted Aug 17, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-136 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within how the application handles a malformed atom type when playing a movie encoded with uncompressed audio. When decoding the audio sample the application will use a 16-bit length for allocating a buffer, and a different one for initializing it. This can cause memory corruption which can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3220
SHA-256 | 279769476bb55b52fb4a1cfea0a3fa4d6c15f5a797a70b8f549cd186ec7efd2d
Mc Full Audio Converter 1.3.0 Denial Of Service
Posted Jul 14, 2012
Authored by Kalashinkov3

Mc Full Audio Converter 1.3.0 denial of service exploit that creates a malicious .ogg file.

tags | exploit, denial of service
SHA-256 | 3857f0a48ce2d3fa17ec113156b87a87ad36311188b97b1b48a40ce6efafea26
Zero Day Initiative Advisory 12-092
Posted Jun 9, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-092 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles audio encoded with the QCELP codec. The codec allows you to specify the 'block_size' that is used. This size is used to create an allocation to hold the data, but a hardcoded blocksize is later used to copy data into that allocation. This could lead to remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4247
SHA-256 | 380a02510159c9cdf960797da6f1c88b06cb8a4e5eafa4f9a55b560e374118c2
Secunia Security Advisory 49422
Posted Jun 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Audio Editor Master, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 166184546641d35f54b018dc4af673f13166413c2251678187b2728f812a49f8
Audio Editor Master 5.4.1.217 Denial Of Service
Posted Jun 6, 2012
Authored by Onying

Audio Editor Master version 5.4.1.217 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | b6930c08d1b40f2adf2de7921d89da8214fff73ac57df097378d448e1c3d2690
Xion Audio Player 1.0.127 Denial Of Service
Posted Apr 5, 2012
Authored by condis

Xion Audio Player version 1.0.127 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | db8cef3667f3d1b365a696b8e7a48b9cc868b4d1f642d18265a7c22ffd7d3d4b
Zinf Audio Player 2.2.1 Buffer Overflow
Posted Mar 19, 2012
Authored by mAniNdArK

Zinf Audio Player version 2.2.1 buffer overflow exploit that creates a malicious .m3u file. Written in Python.

tags | exploit, overflow, python
SHA-256 | 11b1158d362d3ed7220cb1f2adddb884b77cb7432f1a548de83db67295c50025
Debian Security Advisory 2412-1
Posted Feb 21, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2412-1 - It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2012-0444
SHA-256 | cce5a79648e5316a1c38d7be1c1477b0b4494c2b17ee75a2f131b6758b053a72
Debian Security Advisory 2412-1
Posted Feb 21, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2412-1 - It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2012-0444
SHA-256 | cce5a79648e5316a1c38d7be1c1477b0b4494c2b17ee75a2f131b6758b053a72
Red Hat Security Advisory 2012-0136-01
Posted Feb 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0136-01 - The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis media files. If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of libvorbis should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-0444
SHA-256 | a7c0d3490864f1b414b91819fc65ca0f07506a135da1b6cae025b0ee2e2d093c
Apple Security Advisory 2012-02-01-1
Posted Feb 3, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-02-01-1 - Apple has addressed 48 security vulnerabilities. These issues existed in packages such as Address Book, Apache, CFNetwork, ColorSync, CoreAudio, CoreMedia, CoreText, curl and much more.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2010-1637, CVE-2010-2813, CVE-2010-4554, CVE-2010-4555, CVE-2011-0200, CVE-2011-0241, CVE-2011-1148, CVE-2011-1167, CVE-2011-1657, CVE-2011-1752, CVE-2011-1783, CVE-2011-1921, CVE-2011-1938, CVE-2011-2023, CVE-2011-2192, CVE-2011-2202, CVE-2011-2204, CVE-2011-2483, CVE-2011-2895, CVE-2011-2937, CVE-2011-3182, CVE-2011-3189, CVE-2011-3246, CVE-2011-3248, CVE-2011-3249, CVE-2011-3250, CVE-2011-3252, CVE-2011-3256
SHA-256 | cf25033e1c0f7c890c4bb4bf4deec5fe01b2162ac354bd512e0fcd1426499d94
Zero Day Initiative Advisory 11-343
Posted Dec 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-343 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mp4arender.dll module. If the channel count is altered inside the esds atom, the allocated buffer will be too small to support the decoded audio data, causing a heap overflow. This vulnerability can be leveraged to execute code under the context of the user running the application.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2011-4260
SHA-256 | 1de47a5d32b9c4dcf8ee7ada8fb59ba281f7d617834a3920d1d09016015f5407
Zero Day Initiative Advisory 11-334
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-334 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes the audio specific data within a RealMedia audio file. When decoding sample data, the application will explicitly trust a length read from the sample data when populating a buffer that is allocated based on the codec information. Due to this, a memory corruption can be made to occur which can result in code execution within the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4251
SHA-256 | a7a0e1f5a510767a203883c22ca987a3d6527f55342b4946f60fee31cb02af82
Zero Day Initiative Advisory 11-304
Posted Oct 26, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-304 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. Authentication is not required to exploit this vulnerability. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses an audio stream encoded with the advanced audio codec. A field will be read from the file in order to calculate a length that is later used in a memory copy operation into a statically sized buffer. Successful exploitation can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3252
SHA-256 | a04b546a6d8a8d8ee735e3331d119ed96ffa58ea22d293e200782060f0133779
Apple Security Advisory 2011-10-11-1
Posted Oct 12, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-11-1 - iTunes 10.5 has been released and addresses CoreFoundation, ColorSync, CoreAudio, CoreMedia, ImageIO, WebKit, and various other vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2010-1823, CVE-2011-0164, CVE-2011-0200, CVE-2011-0204, CVE-2011-0215, CVE-2011-0218, CVE-2011-0221, CVE-2011-0222, CVE-2011-0223, CVE-2011-0225, CVE-2011-0232, CVE-2011-0233, CVE-2011-0234, CVE-2011-0235, CVE-2011-0237, CVE-2011-0238, CVE-2011-0240, CVE-2011-0253, CVE-2011-0254, CVE-2011-0255, CVE-2011-0259, CVE-2011-0981, CVE-2011-0983, CVE-2011-1109, CVE-2011-1114, CVE-2011-1115, CVE-2011-1117, CVE-2011-1121
SHA-256 | d0a286d451ab2c0a3000ad357ce8ad5ae2a9909ab9c359f0f3163cd19b82dcb8
WordPress WP Audio Gallery Playlist 0.12 SQL Injection
Posted Aug 31, 2011
Authored by Miroslav Stampar

WordPress WP Audio Gallery Playlist plugin versions 0.12 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f737fdcf931d57fd784df8401c35281040ea039782c029b5b4a61582bd0be3c6
Secunia Security Advisory 45617
Posted Aug 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Allomani Audio & Video Library, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | afa62c2f4ad506f9a92a9312db5de01897c333cca6aefd48b14f4b01bd64b7a4
Zero Day Initiative Advisory 11-258
Posted Aug 16, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-258 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles the Sample-to-Chunks table in media files with 'twos' audio codec. If a value for 'samples per chunk' is bigger than 8 times the sample rate from the 'Sample Description Atom' it will cause a buffer overflow during the parsing of the atom sample table. This can result in remote code execution under the context of the current user.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2011-0249
SHA-256 | 750e0fd65e0457f33544cbda420a5aff5e0d6dcfe999be68d9fd684d7a74ea65
D.R. Software Audio Converter 8.1 Buffer Overflow
Posted Aug 15, 2011
Authored by C4SS!0 G0M3S

D.R. Software Audio Converter version 8.1 buffer overflow exploit with DEP bypass.

tags | exploit, overflow
SHA-256 | aab8c6095791d1ed7f981ce09ffcc17fd83ada7855c6603c7419aa618e817339
MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow
Posted Aug 13, 2011
Authored by Javier G. Sanchez, Shahin, juan vazquez, Yamata Li | Site metasploit.com

This Metasploit module exploits a buffer overflow in l3codecx.ax while processing a AVI files with MPEG Layer-3 audio contents. The overflow only allows to overwrite with 0's so the three least significant bytes of EIP saved on stack are overwritten and shellcode is mapped using the .NET DLL memory technique pioneered by Alexander Sotirov and Mark Dowd. Please note on IE 8 targets, your malicious URL must be a trusted site in order to load the .Net control.

tags | exploit, overflow, shellcode
advisories | CVE-2010-0480, OSVDB-63749
SHA-256 | bf8b665e00a66d83f342244fe6468d8bae22e7105c7353d9ceb3aa7194057854
ABBS Audio Media Player 3.0 (LST File) Stack Buffer Overflow
Posted Aug 4, 2011
Authored by James Fitts, h1ch4m | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in ABBS Audio Media Player 3.0. The overflow occurs when an overly long string is passed in the lst file.

tags | exploit, overflow
SHA-256 | d9fb150c2b6446ec8d7abefc95849ea999085081199ed402a25c9a6ce1c1d893
Zinf Audio Player 2.2.1 Buffer Overflow
Posted Aug 3, 2011
Authored by C4SS!0 G0M3S, h1ch4m

Zinf Audio Player version 2.2.1 buffer overflow with DEP bypass exploit that creates a malicious .pls file.

tags | exploit, overflow
SHA-256 | 948faf9bd2a77d69c944a06053b7ecf595b7ddc4b87af7868c70f0cb8f58aa54
Debian Security Advisory 2288-1
Posted Jul 29, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2288-1 - Hossein Lotfi discovered an integer overflow in libsndfile's code to parse Paris Audio files, which could potentially lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2011-2696
SHA-256 | 0942125455ecdca6e7d9c6ac052199e949491719d018fa17cc47170a2500f8b9
Ubuntu Security Notice USN-1174-1
Posted Jul 26, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1174-1 - Hossein Lotfi discovered that libsndfile did not properly verify the header length and number of channels for PARIS Audio Format (PAF) audio files. An attacker could exploit this to cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-2696
SHA-256 | d8a07393d327e356dc08baa0166d3b4019830cc109f2da3cd5f11f3a7cf88c95
Mandriva Linux Security Advisory 2011-119
Posted Jul 25, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-119 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the libsndfile library processed certain Ensoniq PARIS Audio Format audio files. An attacker could create a specially-crafted PAF file that, when opened, could cause an application using libsndfile to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2011-2696
SHA-256 | f4d92c8716e0f50d58737fbae451fe31de12be5ea09eaecb84a3ce88e907f530
Page 1 of 4
Back1234Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close