exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

Oracle Java Runtime Environment TTF Font Heap Out-Of-Bounds Read
Posted Feb 18, 2019
Authored by Google Security Research, mjurczyk

A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 while fuzz-testing the processing of TrueType fonts rendering in OpenTypeLayoutEngine::adjustGlyphPositions.

tags | exploit, java
MD5 | 44b1d7a8a3d751b214b9f70aab2957fd

Related Files

Zero Day Initiative Advisory 12-143
Posted Aug 17, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-143 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DWGDP.DLL, which is responsible for parsing DXF files. When processing MTEXT strings in the ENTITIES section of the DXF file, certain characters are sought after to end the string copy function. If these characters are not found, the copy function will continue to copy data outside of the stack buffer, causing memory corruption. An attacker can utilize this vulnerability to execute code under the context of the program.

tags | advisory, remote, arbitrary
advisories | CVE-2012-1888
MD5 | 572d0b4809509c43b25284eaac3f86e2
Mandriva Linux Security Advisory 2012-134
Posted Aug 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-134 - The DCP ETSI dissector could trigger a zero division. The MongoDB dissector could go into a large loop. The XTP dissector could go into an infinite loop. The AFP dissector could go into a large loop. The RTPS2 dissector could overflow a buffer. The GSM RLC MAC dissector could overflow a buffer. The CIP dissector could exhaust system memory. The STUN dissector could crash. The EtherCAT Mailbox dissector could abort. The CTDB dissector could go into a large loop. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4296, CVE-2012-4297, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4290
MD5 | 6388d822972ce7cda4c05f83a081efee
Slackware Security Advisory - t1lib Updates
Posted Aug 17, 2012
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New t1lib packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. These fixes include overflows, crashes, and pointer bugs.

tags | advisory, overflow
systems | linux, slackware
advisories | CVE-2010-2642, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554
MD5 | 7f9796f5590340055afdef66d7edacd4
Ubuntu Security Notice USN-1537-1
Posted Aug 14, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1537-1 - It was discovered that OpenOffice.org incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-2665
MD5 | 20a1e2761eaa7337d6261331ab88756a
Ubuntu Security Notice USN-1536-1
Posted Aug 14, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1536-1 - It was discovered that LibreOffice incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-2665
MD5 | 90a3523f63ba4706c6c08d666ece6bc9
Nasa Cross Site Scripting
Posted Aug 13, 2012
Authored by Ryuzaki Lawlet

The heasarc.gsfc.nasa.gov site suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4cad41640ae6cad0928df7259ce1f3d1
Blogspot Cross Site Scripting
Posted Aug 13, 2012
Authored by Ryuzaki Lawlet

Blogspot suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a5d48831a640465e569db74458a66c11
Red Hat Security Advisory 2012-1151-01
Posted Aug 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1151-01 - OpenLDAP is an open source suite of LDAP applications and development tools. It was found that the OpenLDAP server daemon ignored olcTLSCipherSuite settings. This resulted in the default cipher suite always being used, which could lead to weaker than expected ciphers being accepted during Transport Layer Security negotiation with OpenLDAP clients.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2668
MD5 | 5dbfb3d1c36d35bcadf0a4dde97a96d0
Red Hat Security Advisory 2012-1149-01
Posted Aug 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1149-01 - The sudo utility allows system administrators to give certain users the ability to run commands as root. An insecure temporary file use flaw was found in the sudo package's post-uninstall script. A local attacker could possibly use this flaw to overwrite an arbitrary file via a symbolic link attack, or modify the contents of the "/etc/nsswitch.conf" file during the upgrade or removal of the sudo package. This update also fixes the following bugs:

tags | advisory, arbitrary, local, root
systems | linux, redhat
advisories | CVE-2012-3440
MD5 | a91ebe98e1d1be7a637e8f0b5e333130
Zero Day Initiative Advisory 12-129
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-129 - This vulnerability allows remote attackers to execute arbitrary code from the contact of kernelspace on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the kernel's support for TrueType font parsing of compound glyphs. A sign extension error exists in win32k.sys when processing compound glyphs having a total number of contours above 0x7FFF. This can be exploited to corrupt kernel heap memory placed below the space allocated for the "flags" buffer and potentially execute arbitrary code in kernel space.

tags | advisory, remote, arbitrary, kernel
systems | windows
advisories | CVE-2012-0159
MD5 | 6638cda1f10a49e2ab4453a0387c340a
Mandriva Linux Security Advisory 2012-122
Posted Aug 3, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-122 - Multiple vulnerabilities has been discovered and corrected in icedtea-web. An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code. It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface. When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution. The updated packages have been upgraded to the 1.1.6 version which is not affected by these issues.

tags | advisory, web, arbitrary, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2012-3422, CVE-2012-3423
MD5 | 3cc27f97068a6b9857d9f6b7e626b6c0
Zenoss 3 showDaemonXMLConfig Command Execution
Posted Aug 3, 2012
Site metasploit.com

This Metasploit module exploits a command execution vulnerability in Zenoss 3.x which could be abused to allow authenticated users to execute arbitrary code under the context of the 'zenoss' user. The show_daemon_xml_configs() function in the 'ZenossInfo.py' script calls Popen() with user controlled data from the 'daemon' parameter.

tags | exploit, arbitrary
MD5 | 18a8996e6624e3d43734b0f35bf0562f
Ubuntu Security Notice USN-1521-1
Posted Jul 31, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1521-1 - Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. Steven Bergom and others discovered that the IcedTea-Web Java web browser plugin assumed that all strings provided by browsers are NULL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). A remote attacker could use this to craft a malicious Java applet that could cause a denial of service by crashing the web browser, expose sensitive information or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, java, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-3422, CVE-2012-3423, CVE-2012-3422, CVE-2012-3423
MD5 | 14c3623fa76ed21327ac5ea71b7ed2d5
Red Hat Security Advisory 2012-1132-01
Posted Jul 31, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1132-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. An uninitialized pointer use flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could possibly cause a web browser using the IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute arbitrary code. It was discovered that the IcedTea-Web plug-in incorrectly assumed all strings received from the browser were NUL terminated. When using the plug-in with a web browser that does not NUL terminate strings, visiting a web page containing a Java applet could possibly cause the browser to crash, disclose a portion of its memory, or execute arbitrary code.

tags | advisory, java, web, arbitrary
systems | linux, redhat
advisories | CVE-2012-3422, CVE-2012-3423
MD5 | 50bef58daea95da735fd6ff2b279dfb6
Mandriva Linux Security Advisory 2012-110-1
Posted Jul 30, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-110 - Security issues were identified and fixed in mozilla firefox and thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Mario Gomes and research firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the address bar by canceling the page load. Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues. Various other security issues have also been addressed.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-1949, CVE-2012-1948, CVE-2012-1950, CVE-2012-1951, CVE-2012-1954, CVE-2012-1953, CVE-2012-1952, CVE-2012-1955, CVE-2012-1966, CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1960, CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1964, CVE-2012-1965, CVE-2012-1967
MD5 | fe7347ff232f759e1925b05ce60f0f75
Mandriva Linux Security Advisory 2012-110
Posted Jul 24, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-110 - Security issues were identified and fixed in mozilla firefox and thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Mario Gomes and research firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the address bar by canceling the page load. This causes the address of the previously site entered to be displayed in the address bar instead of the currently loaded page. This could lead to potential phishing attacks on users. Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues: two use-after-free problems, one out of bounds read bug, and a bad cast. Various other issues were also addressed.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-1949, CVE-2012-1948, CVE-2012-1950, CVE-2012-1951, CVE-2012-1954, CVE-2012-1953, CVE-2012-1952, CVE-2012-1955, CVE-2012-1966, CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1960, CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1964, CVE-2012-1965, CVE-2012-1967
MD5 | 55764070a921d33158fa9d50c7e12581
Ubuntu Security Notice USN-1513-1
Posted Jul 23, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1513-1 - Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly obtain sensitive information. Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841
MD5 | 408293813aa9b5dfa3221f9f3d846678
Setuid Nmap Exploit
Posted Jul 19, 2012
Authored by egypt | Site metasploit.com

Nmap's man page mentions that "Nmap should never be installed with special privileges (e.g. suid root) for security reasons.." and specifically avoids making any of its binaries setuid during installation. Nevertheless, administrators sometimes feel the need to do insecure things. This Metasploit module abuses a setuid nmap binary by writing out a lua nse script containing a call to os.execute(). Note that modern interpreters will refuse to run scripts on the command line when EUID != UID, so the cmd/unix/reverse_{perl,ruby} payloads will most likely not work.

tags | exploit, root, perl, ruby
systems | unix
MD5 | 451cc1f390a0ee0ae43183a67ef08439
Zero Day Initiative Advisory 12-127
Posted Jul 19, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-127 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HsmCfgSvc.exe service which listens by default on TCP port 9111. When processing FTP archives the process does not properly validate the size of the root path specified and proceeds to copy the string into a fixed-length buffer on the stack. This can be exploited to execute arbitrary remote code under the context of the running service.

tags | advisory, remote, arbitrary, root, tcp
MD5 | 3bd1527f37b4a47ba8810e2a866dc506
Zero Day Initiative Advisory 12-126
Posted Jul 19, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-126 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HsmCfgSvc.exe service which listens by default on TCP port 9111. When processing CIFS archives the process does not properly validate the size of the archive name and proceeds to copy the string into a fixed-length buffer on the stack. This can be exploited to execute arbitrary remote code under the context of the running service.

tags | advisory, remote, arbitrary, tcp
MD5 | 6b23e0e0159a0e12252edeebeeb34100
URLCrazy Domain Name Typo Tool 0.5
Posted Jul 19, 2012
Authored by Andrew Horton (urbanadventurer) | Site morningstarsecurity.com

URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

Changes: Now supports Ruby1.9.1, CSV output, homoglyphs, shows the country for IPs.
tags | tool, web
systems | unix
MD5 | bfe2e0c71cc5160530b773f15d242964
Joomla Web Scanner 1.4
Posted Jul 16, 2012
Authored by Pepelux | Site enye-sec.org

Joomla web scanning perl script that gets the version, components and shows possible bugs.

Changes: Version 1.4 of JoomlaScan recognizes Joomla! versions 1.x, 1.5.x, 1.7.x, and 2.5.x and shows possible bugs in core and components.
tags | tool, web, scanner, perl
systems | unix
MD5 | c6cde9954f1120b9695532553128ba47
Cura 1.5
Posted Jul 16, 2012
Site github.com

Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).

Changes: The modules screen is now Tabular, providing a much better user experience in which all of Cura's modules are provided as tabs on the top of the screen.
tags | exploit, remote
MD5 | 199eea14b1da9508876ff2a0c72ff8c5
Secunia Security Advisory 49896
Posted Jul 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Resume Submissions & Job Postings plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | f442c38d6d136b82f826f5179d3504ab
Mandriva Linux Security Advisory 2012-106
Posted Jul 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-106 - A heap-based out-of-bounds array read in the exif_entry_get_value function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags. A heap-based out-of-bounds array read in the exif_convert_utf16_to_utf8 function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags. Various other issues have also been addressed.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841
MD5 | 7e875bbc3f8b2b6d276ee7c343c9a53d
Page 1 of 4
Back1234Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    6 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close