exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

scip-dreambox.txt
Posted Aug 29, 2008
Authored by Marc Ruef | Site scip.ch

An input validation error within the web interface of Dreambox model DM500C allows for a denial of service condition.

tags | advisory, web, denial of service
MD5 | 249afecfcb2122f8d5df9de75eb67421

Related Files

Red Hat Security Advisory 2012-1102-01
Posted Jul 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1102-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN message. An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN notification message.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2012-1178, CVE-2012-2318, CVE-2012-3374
MD5 | 96b92134be208d88462c88df963d598e
Mandriva Linux Security Advisory 2012-104
Posted Jul 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-104 - OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG , would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-5030, CVE-2012-3358
MD5 | 5fa63a53e0b8b16aaf111231a34eba1e
Red Hat Security Advisory 2012-1068-01
Posted Jul 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1068-01 - OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2009-5030, CVE-2012-3358
MD5 | 624170bfac2e8a6be9fb4c39bdac53bc
Adobe Flash Player ActionScript Launch Command Execution
Posted Apr 20, 2012
Authored by 0a29406d9794e4f9b30b3c5d6702c708 | Site metasploit.com

This Metasploit module exploits a vulnerability in Adobe Flash Player for Linux, version 10.0.12.36 and 9.0.151.0 and prior. An input validation vulnerability allows command execution when the browser loads a SWF file which contains shell metacharacters in the arguments to the ActionScript launch method. The victim must have Adobe AIR installed for the exploit to work. This Metasploit module was tested against version 10.0.12.36 (10r12_36).

tags | exploit, shell
systems | linux
advisories | CVE-2008-5499, OSVDB-50796
MD5 | afc250118d90645e4b69c0558747b599
Drupal Fivestar 6.x Input Validation
Posted Apr 12, 2012
Authored by Ezra Barnett Gildesgame | Site drupal.org

The Drupal Fivestar module version 6.x suffers from an input validation vulnerability that allows a malicious user to improperly modify voting averages.

tags | advisory
MD5 | 5f4b7e2e1b30de0ebd209fbe0c410dbb
Microsoft Bing Flash Editor Cross Site Scripting
Posted Mar 16, 2012
Authored by Aditya Gupta, Subho Halder, Dev Kar | Site vulnerability-lab.com

Microsoft Bing's Flash editor suffers from an input validation vulnerability that can lead to cross site scripting attacks.

tags | exploit, xss
MD5 | 128448de9e68d372f712c96b1ba49213
Red Hat Security Advisory 2012-0332-01
Posted Feb 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0332-01 - Samba is a suite of programs used by machines to share files, printers, and other information. An input validation flaw was found in the way Samba handled Any Batched requests. A remote, unauthenticated attacker could send a specially-crafted SMB packet to the Samba server, possibly resulting in arbitrary code execution with the privileges of the Samba server.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2012-0870
MD5 | d395b0d53f2ed497e60fc4c1bb5b6cb2
Red Hat Security Advisory 2011-1791-01
Posted Dec 7, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1791-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this flaw to cause Squid to crash. Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2011-4096
MD5 | 1b7810b7506fcf127a4759f857f8284c
Barracuda Archiver 650 Cross Site Scripting
Posted Nov 4, 2011
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Barracuda Archiver 650 suffers from an input validation vulnerability that allows for cross site scripting.

tags | exploit, xss
MD5 | 60ac94dc35a82ff45b58bb4b87392b89
Barack Obama Website Service Mail Spoof
Posted Sep 13, 2011
Site vulnerability-lab.com

Barack Obama Website Service suffers from an input validation vulnerability that allows for manipulation of mails from info@barackobama.com.

tags | advisory
MD5 | 503654a5a8b9894d8fca44f25aab9bd8
VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow
Posted May 9, 2011
Authored by jduck | Site metasploit.com

This Metasploit module exploits an input validation error in libmod_plugin as included with VideoLAN VLC 1.1.8. All versions prior to version 1.1.9 are affected. By creating a malicious S3M file, a remote attacker could execute arbitrary code. Although other products that bundle libmodplug may be vulnerable, this module was only tested against VLC. NOTE: As of July 1st, 2010, VLC now calls SetProcessDEPPoly to permanently enable NX support on machines that support it. As such, this module is capable of bypassing DEP, but not ASLR.

tags | exploit, remote, arbitrary
advisories | CVE-2011-1574, OSVDB-72143
MD5 | 2221aacf8b9c531daa490a3a18bd236b
Adaptive Authentication (On-Premise) Cross Site Scripting
Posted Apr 18, 2011
Site emc.com

A potential cross site scripting vulnerability has been identified in RSA? Adaptive Authentication (On-Premise) that could be exploited in certain circumstances. This is due to an input validation error in a Flash Shockwave file provided by the Adaptive Authentication system.

tags | advisory, xss
advisories | CVE-2011-1422
MD5 | 21f436fb56576bd2134b7de33752e5c4
Accellion File Transfer Appliance MPIPE2 Command Execution
Posted Mar 14, 2011
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a chain of vulnerabilities in the Accellion File Transfer appliance. This appliance exposes a UDP service on port 8812 that acts as a gateway to the internal communication bus. This service uses Blowfish encryption for authentication, but the appliance ships with two easy to guess default authentication keys. This Metasploit module abuses the known default encryption keys to inject a message into the communication bus. In order to execute arbitrary commands on the remote appliance, a message is injected into the bus destined for the 'matchrep' service. This service exposes a function named 'insert_plugin_meta_info' which is vulnerable to an input validation flaw in a call to system(). This provides access to the 'soggycat' user account, which has sudo privileges to run the primary admin tool as root. These two flaws are fixed in update version FTA_8_0_562.

tags | exploit, remote, arbitrary, root, udp, vulnerability
MD5 | 68bf251bee705d5b41c489b1b7ae0520
VideoLAN VLC MKV Memory Corruption
Posted Feb 3, 2011
Authored by Dan Rosenberg | Site metasploit.com

This Metasploit module exploits an input validation error in VideoLAN VLC < 1.1.7. By creating a malicious MKV or WebM file, a remote attacker could execute arbitrary code.

tags | exploit, remote, arbitrary
advisories | CVE-2011-0531, OSVDB-70698
MD5 | 4d6a2b2f0573ea87e21563982f295654
Microsoft Office TIFF Image Converter Two Buffer Overflows
Posted Dec 20, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered two vulnerabilities in Microsoft Office, which can be exploited by malicious people to compromise a user's system. An input validation error in the TIFF Import/Export Graphic Filter when copying certain data can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Another input validation error in the TIFF Import/Export Graphic Filter when copying certain data after having encountered a specific error can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Successful exploitation of the vulnerabilities may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).

tags | advisory, overflow, arbitrary, vulnerability
advisories | CVE-2010-3947
MD5 | c936a3c75f287646d175d3e6d8984e12
VUPEN Security Advisory
Posted Oct 15, 2010
Authored by Chaouki Bekrar, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by an input validation error when processing certain elements in a Ghost record, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.

tags | advisory, remote, arbitrary
advisories | CVE-2010-3242
MD5 | ff9e950b66a01cd53272eaf008d34b8c
Miyabi CGI Tools Input Validation
Posted Jun 30, 2010
Authored by Marshall Whittaker

Miyabi CGI Tools suffers from an input validation vulnerability that allows for command execution.

tags | exploit, cgi
MD5 | ee9151c8647b7387472af60f455a7332
Perl Pipe Exploitation Testing Tool
Posted Jun 23, 2010
Authored by Marshall Whittaker

This is a simple script that attempts to check if a CGI script suffers from an input validation command execution vulnerability.

tags | tool, cgi, scanner
systems | unix
MD5 | 4565cae26f669dd9f83e682845410bf1
Apache ActiveMQ Persistent Cross-Site Scripting
Posted Apr 1, 2010
Authored by Rajat Swarup | Site activemq.apache.org

Remote unauthenticated exploitation of an input validation vulnerability in Apache Software Foundation's ActiveMQ server could allow an attacker to perform a stored or persistent cross-site scripting (XSS) attack.

tags | advisory, remote, xss
advisories | CVE-2010-0684
MD5 | 120a93a37c3ceb14995b35370a832550
iDEFENSE Security Advisory 2010-02-23.1
Posted Feb 25, 2010
Authored by iDefense Labs, Yorick Koster | Site idefense.com

iDefense Security Advisory 02.23.10 - Remote exploitation of an input validation vulnerability in NOS Microsystems Ltd.'s getPlus Download Manager, as used by Adobe and potentially other vendors, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists due to improper validation of the domain used to download and execute applications from. The vulnerable code always assumes that the domain being validated is a subdomain, which can lead to a logic error when comparing the valid domain and the requested domain. iDefense has confirmed the existence of this vulnerability in getPlus version 1.5.2.35 as distributed by Adobe. The Adobe Download Manager on Windows (prior to February 23, 2010) has been confirmed vulnerable by Adobe.

tags | advisory, remote, arbitrary
systems | windows
MD5 | 3858dd8f56afc2be89616b19a3311e24
PDF-XChange Viewer Content Parsing Memory Corruption
Posted Jan 5, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in PDF-XChange Viewer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error in PDFXCview.exe when parsing certain content and can be exploited to corrupt memory via a specially crafted PDF file. Successful exploitation allows execution of arbitrary code when a user views a malicious PDF document. Version 2.0.42.9 is affected.

tags | advisory, arbitrary
MD5 | 4819385acc9d90de5006e257416121dc
IBM Tivoli Storage Manager CAD Service Buffer Overflow
Posted Nov 5, 2009
Authored by Dyon Balding | Site secunia.com

Secunia Research has discovered a vulnerability in IBM Tivoli Storage Manager Client, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by an input validation error in the CAD service. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet via TCP. Successful exploitation allows execution of arbitrary code. IBM Tivoli Storage Manager Express Client version 5.3.6.2 is affected.

tags | advisory, overflow, arbitrary, tcp
advisories | CVE-2008-4826
MD5 | 3b99fb05d8904c338f83de0e19bd4835
Gentoo Linux Security Advisory 200909-6
Posted Sep 10, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200909-06 - An input validation error in aMule enables remote attackers to pass arbitrary parameters to a victim's media player. Sam Hocevar discovered that the aMule preview function does not properly sanitize file names. Versions less than 2.2.5 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2009-1440
MD5 | 90c9363245aa47adc1585f76922b1f56
VMware Security Advisory 2009-0008
Posted Jul 1, 2009
Authored by VMware | Site vmware.com

VMware Security Advisory - An input validation flaw in the asn1_decode_generaltime function in MIT Kerberos 5 before 1.6.4 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

tags | advisory, remote, denial of service, arbitrary
advisories | CVE-2009-0846
MD5 | 4f0734141a168fd7c0c58057eb4527e3
iDEFENSE Security Advisory 2009-05-14.1
Posted May 15, 2009
Authored by iDefense Labs, mu-b | Site idefense.com

iDefense Security Advisory 05.14.09 -Local exploitation of an index validation vulnerability in Apple Inc.'s Mac OS X xnu kernel could allow an attacker to execute arbitrary code in the security context of the kernel. The Mac OS X xnu (Mach) kernel implements workqueues. This allows the kernel to schedule events to take place in a task. An input validation error exists within this implementation, which can lead to execution of arbitrary code in the kernel. Apple Inc.'s Mac OS X 10.5.2 and earlier is considered vulnerable to this issue.

tags | advisory, arbitrary, kernel, local
systems | apple, osx
advisories | CVE-2008-1517
MD5 | 897b30a020a855a7a6ad6d4b57afe9ad
Page 1 of 4
Back1234Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close