what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change
Posted Apr 26, 2019
Authored by Cisco Talos, Carl Hurd | Site talosintelligence.com

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.

tags | exploit, web, cgi
advisories | CVE-2018-4064
SHA-256 | 03dc48edf642f79b31afeae22c3d7656aa0c1b7af7fa4437850772c1cd927437

Related Files

Asterisk Project Security Advisory - AST-2012-002
Posted Mar 16, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - Asterisk suffers from an exploitable stack buffer overflow with locally defined data.

tags | advisory, overflow
SHA-256 | afe6cdb34e7dea854787ea6f21b9eaf0bb2776d9c897bab9bde9b63eb1091487
Apache ap_pregsub Integer Overflow
Posted Nov 2, 2011
Authored by halfdog

An exploitable integer overflow in Apache allows a remote attacker to crash the process or perform execution of arbitrary code as the user running Apache. To exploit the vulnerability, a crafted .htaccess file has to be placed on the server.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2011-3607
SHA-256 | de93709165ae3da045b8b7cd8bcaa006e9c80ce8ed576e25755ced04b4c304ff
iDefense Security Advisory 08.09.11 - Flash Memory Corruption
Posted Aug 11, 2011
Authored by iDefense Labs, wushi | Site idefense.com

iDefense Security Advisory 08.09.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside an Adobe Flash file. The problem exists in a certain ActionScript function method of the built-in "flash.display" class. When malformed parameters are supplied to this function, a memory corruption will occur, leading to an exploitable condition.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2135
SHA-256 | 5692748af42e9e662e7a1d8d5215229cc7299a504565cac5bb0c4e3bafd8e0df
Zero Day Initiative Advisory 11-237
Posted Jul 20, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-237 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite r12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Icihttp.exe module (CA Gateway Security for HTTP), which responds to incoming HTTP requests on port 8080. Due to a flawed copy-loop algorithm in the URL parsing routine, it is possible for a remote unauthenticated user to cause an exploitable heap corruption condition. This could result in the execution of arbitrary code under the context of the Gateway Security service.

tags | advisory, remote, web, arbitrary
advisories | CVE-2011-2667
SHA-256 | 03a726e72a0ef746644c53f5d9af301545b02f72a2a1b6bee3e85609ce19f145
7T Interactive Graphical SCADA System Memory Corruption
Posted May 25, 2011
Authored by Sebastien Renaud, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in 7T Interactive Graphical SCADA System (IGSS). The vulnerability is caused by a memory corruption error in the Open Database Connectivity (ODBC) component when processing packets sent to port 20222/TCP, which could result in an invalid structure being used, leading to an exploitable condition. Versions prior to 9.0.0.11143 are affected.

tags | advisory, tcp
SHA-256 | 6e3832447425985a6f696ebb91be8820ba8801500741d4b2775eba9c6ee8f8c7
iDEFENSE Security Advisory 2011-02-08.5
Posted Feb 9, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 02.08.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside of an Adobe Flash file. The problem exists in a certain ActionScript method. When the method is called with particular parameters, the ActionScript engine gets confused and takes a user supplied value as an object pointer which leads to an exploitable condition. iDefense has confirmed the existence of this vulnerability in the Flash Plugin version 10.1.82.76 and 10.1.85.3. A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-02.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0559
SHA-256 | 685b513ec10df1aab8cf9099ac0c692b0194efef40546c518576a4c56b3acc4b
iDEFENSE Security Advisory 2011-02-08.4
Posted Feb 9, 2011
Authored by iDefense Labs, Vitaliy Toropov | Site idefense.com

iDefense Security Advisory 02.08.11 - Remote exploitation of an integer overflow vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside an Adobe Flash file. The problem exists in the ActionScript method of the built-in "Function" class, which accepts an array object as a second parameter and uses this array's length multiplied by four for a memory allocation without any overflow checks. Then it writes the array's content into the allocated memory, which corrupts memory and leads to an exploitable condition. iDefense has confirmed the existence of this vulnerability in the Flash Plugin version 10.1.82.76 and 10.1.85.3. A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-02.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2011-0558
SHA-256 | ebabde584383e97f6fef8ac29bc90485c63025e0e75518aef523118962a5863e
Zero Day Initiative Advisory 11-058
Posted Feb 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-058 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the SCO OpenServer IMAP daemon. Authentication is not required to exploit this vulnerability. The specific flaw exists within the imapd process responsible for handling remote IMAP requests. The process does not properly validate IMAP commands and arguments. Supplying an overly long command followed by an invalid argument can cause an exploitable overflow to occur. This vulnerability can be leveraged to execute arbitrary code.

tags | advisory, remote, overflow, arbitrary, imap
SHA-256 | 26e2bee5820b5b73597b730ef799df9eaa6187c8fb7135154033593117ab2880
Zero Day Initiative Advisory 11-050
Posted Feb 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-050 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Informix Database Server. SQL query execution privileges are required to exploit this vulnerability. The specific flaw exists within the oninit process bound to TCP port 9088 when processing the arguments to the USELASTCOMMITTED option in a SQL query. User-supplied data is copied into a stack-based buffer without proper bounds checking resulting in an exploitable overflow. Exploitation can result in arbitrary code execution under the context of the database server.

tags | advisory, remote, overflow, arbitrary, tcp, code execution
SHA-256 | c93b3cc1ed68f2c7b1e808552b38bf3283f34bd5ad7779fd7bbae003dc87e56e
Zero Day Initiative Advisory 10-292
Posted Dec 16, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-292 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Power Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of URL parameters when posting to the login form of the web based management web server. Proper bounds checking is not applied when parsing the Login variable which can result in an exploitable stack overflow. Successful exploitation can lead to complete system compromise under the SYSTEM credentials.

tags | advisory, remote, web, overflow, arbitrary
advisories | CVE-2010-4113
SHA-256 | 7603b259a27c7b72030c41173d6dcc10d07372d3faf4ab86bf2d90626588ffca
iDEFENSE Security Advisory 2010-12-10.2
Posted Dec 13, 2010
Authored by iDefense Labs, Omair | Site idefense.com

iDefense Security Advisory 12.10.10 - Remote exploitation of a memory corruption vulnerability in RealNetworks, Inc.'s RealPlayer media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in the way RealPlayer handles specially crafted RealMedia files using RealAudio codec. When decoding an audio stream in a specially crafted RealMedia file, RealPlayer uses a value from the file without properly validating it, which leads to heap memory corruption and an exploitable condition. Windows RealPlayer SP 1.1.4 and prior; Mac RealPlayer 12.0.0.1379 and prior; Linux RealPlayer 11.0.2.1744 and prior are vulnerable.

tags | advisory, remote, arbitrary
systems | linux, windows
advisories | CVE-2010-4387
SHA-256 | 3bf984d7fcb4905c07c4994599b83c41faf195b7ea7bcd93d290c1dabb9864fd
iDEFENSE Security Advisory 2010-12-10.1
Posted Dec 12, 2010
Authored by iDefense Labs, Omair | Site idefense.com

iDefense Security Advisory 12.10.10 - Remote exploitation of a memory corruption vulnerability in RealNetworks, Inc.'s RealPlayer media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in the way RealPlayer handles specially crafted RealMedia video files. When processing specially crafted RealMedia files, RealPlayer uses a value from the file to control a loop operation. Realplayer fails to validate the value before using it, which leads to heap memory corruption and an exploitable condition. Windows RealPlayer SP 1.1.4 and prior and Linux RealPlayer 11.0.2.1744 and prior are vulnerable.

tags | advisory, remote, arbitrary
systems | linux, windows
advisories | CVE-2010-4386
SHA-256 | 20860fab9f0b4fd748f1480da66279c60bc47283a6fe3a8512256b3a4f42c383
iDEFENSE Security Advisory 2010-12-07.1
Posted Dec 7, 2010
Authored by iDefense Labs, Hossein Lotfi | Site idefense.com

iDefense Security Advisory 12.07.10 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in the way specially crafted PICT image files are handled by the QuickTime PictureViewer. When processing specially crafted PICT image files, Quicktime PictureViewer uses a set value from the file to control the length of a byte swap operation. The byte swap operation is used to convert big endian data to little endian data. QuickTime fails to validate the length value properly before using it. When a length value is larger than the actual buffer size supplied, it will corrupt heap memory beyond the allocated buffer, which could lead to an exploitable condition. QuickTime Player versions prior to 7.6.9 are vulnerable.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2010-3800
SHA-256 | 4bb677daf3bb8a3483d603a95401b8fbc17090e4dfc5ab0ec2cab5cd33f94563
Zero Day Initiative Advisory 10-217
Posted Oct 19, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-217 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Informix Database Server. SQL query execution privileges are required to exploit this vulnerability. The specific flaw exists when processing the arguments to the DBINFO keyword in a SQL query. User-supplied data is copied into a stack-based buffer without proper bounds checking resulting in an exploitable overflow. Exploitation can result in arbitrary code execution under the context of the database server.

tags | advisory, remote, overflow, arbitrary, code execution
SHA-256 | 990caf2230cdcb212415de0117be5a3d713a2971be732bed1943d8a82cdd0872
Zero Day Initiative Advisory 10-215
Posted Oct 19, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-215 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Informix Dynamic Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RPC protocol parsing library, librpc.dll, utilized by the ISM Portmapper service (portmap.exe) bound by default to TCP port 36890. A lack of sanity checking on supplied parameter sizes can result in an integer overflow and subsequent heap buffer under allocation which can finally lead to an exploitable memory corruption.

tags | advisory, overflow, arbitrary, tcp, protocol
SHA-256 | e4f0185721fdcc0b952f3e54b4429d682a0fcbfb275e45b71a810cec8a80ff8b
Samba chain_reply Memory Corruption (Linux x86)
Posted Jul 17, 2010
Authored by jduck | Site metasploit.com

This exploits a memory corruption vulnerability present in Samba versions prior to 3.3.13. When handling chained response packets, Samba fails to validate the offset value used when building the next part. By setting this value to a number larger than the destination buffer size, an attacker can corrupt memory. Additionally, setting this value to a value smaller than 'smb_wct' (0x24) will cause the header of the input buffer chunk to be corrupted. After close inspection, it appears that 3.0.x versions of Samba are not exploitable. Since they use an "InputBuffer" size of 0x20441, an attacker cannot cause memory to be corrupted in an exploitable way. It is possible to corrupt the heap header of the "InputBuffer", but it didn't seem possible to get the chunk to be processed again prior to process exit. In order to gain code execution, this exploit attempts to overwrite a "talloc chunk" destructor function pointer. This particular module is capable of exploiting the flaw on x86 Linux systems that do not have the nx memory protection. NOTE: It is possible to make exploitation attempts indefinitely since Samba forks for user sessions in the default configuration.

tags | exploit, x86, code execution
systems | linux
advisories | CVE-2010-2063
SHA-256 | 62e4dbdef10ca045ef1ec88681d7b84288ebd9bf3ef44718fc8ad5724142a978
iDEFENSE Security Advisory 2010-04-09.1
Posted Apr 10, 2010
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 04.09.10 - Remote exploitation of a heap-based buffer overflow vulnerability in VMware Inc.'s movie decoder allows attackers to execute arbitrary code. This vulnerability exists due to a lack of input validation when processing certain specially crafted Audio-Video Interleave (AVI) files. During processing, a heap buffer will be allocated based on one part of the AVI file data. However, the amount of data copied into that buffer is calculated based on a different part of the file. This leads to an exploitable heap-based buffer overflow condition.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-1564
SHA-256 | ad96e1122e9fb8b93f4a08cadad62bc39f256d9bf122deba3f29e2cac37a654e
Zero Day Initiative Advisory 10-058
Posted Apr 6, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-058 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Apple ImageIO framework during the parsing of malformed JPEG2000 files. The function CGImageReadGetBytesAtOffset can utilize miscalculated values during a memmove operation that will result in an exploitable heap corruption allowing attackers to execute arbitrary code under the context of the current user.

tags | advisory, remote, arbitrary
systems | apple, osx
advisories | CVE-2010-0505
SHA-256 | 6fadd8230149c63039b890333f1631fb1dbee04c5cc9599843de14ad2c75b210
iDEFENSE Security Advisory 2010-03-04.1
Posted Mar 5, 2010
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 03.04.10 - Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView Filter SDK allows attackers to execute arbitrary code with the privileges of the targeted application. This vulnerability occurs when processing specially crafted documents. When processing such a document, the software reads an integer value from the file and uses this integer, without validation, in an arithmetic operation to calculate the amount of memory to allocate. If a sufficiently large number is supplied, the calculation overflows, resulting in a buffer of insufficient size being allocated. The software then proceeds to copy data into this under-sized buffer. This results in an exploitable heap buffer overflow condition.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2009-3032
SHA-256 | 9a38749723b857cb3e896aba20e2a23b58f974d6729609fcebae71db896a4859
iDEFENSE Security Advisory 2010-01-12.1
Posted Jan 14, 2010
Authored by iDefense Labs, Code Audit Labs | Site idefense.com

iDefense Security Advisory 01.12.10 - Remote exploitation of a memory corruption vulnerability in multiple versions of Adobe Systems Inc.'s Reader and Acrobat PDF reader and processor could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when processing the Jp2c stream of a JpxDecode encoded data stream within a PDF file. During the processing of a JPC_MS_RGN marker, an integer sign extension may cause a bounds check to be bypassed. This results in an exploitable memory corruption vulnerability. iDefense has confirmed the existence of this vulnerability in latest version of Adobe Reader, at the time of testing, version 9.1.0. Previous versions may also be affected. Adobe has stated that all 9.2 and below versions, as well as all 8.1.7 and below versions are vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2009-3955
SHA-256 | 139823d91661e5fccdd9d31846177997f1dc0fdf3d4259d9e33d6b309d80589c
Zero Day Initiative Advisory 09-090
Posted Dec 9, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-090 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Intel Indeo41 codec which is accessed by various applications through the Video Compression Manager. This codec is registered to handle IV41 streams within a container such as the AVI format. While decompressing a video stream malicious data can cause a loop to execute excessively and consequently corrupt the application's stack. By providing specific values this can lead to an exploitable condition which can be leveraged by attackers to execute arbitrary code under the context of the user accessing the file.

tags | advisory, arbitrary
systems | windows
SHA-256 | ecbc354dea6cfc3080099e33781d9d75220ba38fa20c08cb762d561f635cbfd6
iDEFENSE Security Advisory 2009-11-10.1
Posted Nov 17, 2009
Authored by iDefense Labs, Jun Mao | Site idefense.com

iDefense Security Advisory 11.10.09 - Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code with the privileges of the targeted user. This vulnerability occurs when Word parses the File Information Block (FIB) structure inside a Word document. When a malformed FIB structure is processed, a stack buffer overflow will occur which can lead to an exploitable condition. iDefense has confirmed fully patched Microsoft Word 2003 SP3, Microsoft Word XP SP3, Microsoft Word 2000 SP3 are vulnerable. Microsoft Word 2007 SP1 is not affected.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2009-3135
SHA-256 | fb02e8e8e484eae0536df20cc974d2730b906f2d936448bc99c5357711be4695
Zero Day Initiative Advisory 09-081
Posted Nov 6, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-081 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Power Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of URL parameters when posting to the login form of the web based management web server. Proper bounds checking is not applied when parsing the Login variable which can result in an exploitable stack overflow. Successful exploitation can lead to complete system compromise under the SYSTEM credentials.

tags | advisory, remote, web, overflow, arbitrary
advisories | CVE-2009-2685
SHA-256 | 4fe2c6ee8f4ae0da2ae82442b72be82eb4f7a98c1b56f5d96838548dde5e5b48
iDEFENSE Security Advisory 2009-10-28.1
Posted Oct 28, 2009
Authored by iDefense Labs, regenrecht | Site idefense.com

Remote exploitation of a buffer overflow in the Mozilla Foundation's libpr0n image processing library allows attackers to execute arbitrary code. The libpr0n GIF parser was designed using a state machine which is represented as a series of switch/case statements. One particularly interesting state, 'gif_image_header', is responsible for interpreting a single image/frame description record. A single GIF file may contain many images, each with a different color map associated. The problem lies in the handling of changes to the color map of subsequent images in a multiple-image GIF file. Memory reallocation is not managed correctly and can result in an exploitable heap overflow condition. iDefense confirmed the existence of this vulnerability using Mozilla Firefox versions 3.0.13 and 3.5.2 on 32-bit Windows XP SP3. Other versions, and potentially other applications using libpr0n, are suspected to be vulnerable.

tags | advisory, remote, overflow, arbitrary
systems | windows
advisories | CVE-2009-3373
SHA-256 | 2586d2a113c390f692bd4a3a7b5d2efa7e97552fe0c5a23297e4dd9eebfa000a
Zero Day Initiative Advisory 09-072
Posted Oct 14, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-072 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a user must open a malicious image file or browse to a malicious website. The specific flaws exist in the GDI+ subsystem when parsing maliciously crafted TIFF files. By supplying a malformed graphic control extension an attacker can trigger an exploitable memory corruption condition. Successful exploitation can result in arbitrary code execution under the credentials of the currently logged in user.

tags | advisory, remote, arbitrary, code execution
systems | windows
advisories | CVE-2009-2503
SHA-256 | cef542a7264618845484af621f80dc5063484429e3b09b1772f806f2b4927ea2
Page 1 of 4
Back1234Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close