2028 matches found
Microsoft Windows Media Player 6.4 - '.MP4' File Stack Overflow
!/bin/perl Windows media player 6.4 MP4 Stack Overflow 0-day discovered and exploited by SYS 49152 Tested on win XP SP2 ENG Shell on port 49152 usage: - download this codec in order to manage MP4 content: http://www.3ivx.com/coral/3ivxd4451win.exe - open the MP4 file with mplayer2.exe SYS 49152...
Nullsoft Winamp 5.32 MP4 tags Stack Overflow Exploit
Exploit for unknown platform in category local exploits ==================================================== Nullsoft Winamp 5.32 MP4 tags Stack Overflow Exploit ==================================================== !/bin/perl Nullsoft Winamp MP4 tags Stack Overflow 0-day discovered and exploited ...
nullsoft-overflow.txt
!/bin/perl Nullsoft Winamp MP4 tags Stack Overflow 0-day discovered and exploited by SYS 49152 Tested on win XP SP2 ENG Tuned for Nullsoft Winamp 5.32 d.i. Shell on port 49152 usage: well, not much fun for you kids here .. to get the shell you have to use ALT+3 and press UPDATE. Instead this one ...
nss_ldap: Information disclosure
Background nssldap is a Name Service Switch module which allows 'passwd', 'group' and 'host' database information to be pulled from LDAP. Description Josh Burley reported that nssldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded...
Oracle 11g/10g Installation Vulnerability
Oracle Database Server是一款商业性质的数据库服务程序。 Oracle Database Server安装过程存在设计问题,远程攻击者可以利用漏洞绕过安全在一定过程中访问数据库。 Oracle 11g和10g在安装过程中包含了SYS和SYSTEM帐户,其包含默认密码并最安装最后密码才更改,这就提供了攻击者在安装过程中登录数据库服务器的机会。导致未授权访问系统。 Oracle Oracle11g Standard Edition One 11.1 6 Oracle Oracle11g Standard Edition 11.1 6 Oracle Oracle11g...
PT-2007-6732 · Riverbed +1 · Npf.Sys +2
Name of the Vulnerable Software and Affected Versions: WinPcap versions prior to 4.0.2 Description: The issue is related to multiple array index errors in the bpf filter init function in NPF.SYS, which occurs when WinPcap is run in monitor mode. This can be exploited by local users via crafted...
Oracle Workspace Manager LT软件包SQL注入漏洞
BUGTRAQ ID: 26098 Oracle Database是一款商业性质大型数据库系统。 Oracle中捆绑的Workspace Manager包含有名为LT的软件包,LT软件包的实现上存在SQL注入漏洞,远程攻击者可能利用此漏洞获取非授权访问。 LT软件包属于SYS用户,可被PUBLIC执行,LT中的FINDRICSET过程调用了LTRIC软件包中的FINDRICSET ,而这个调用过程中存在SQL注入漏洞,允许远程攻击者通过提交恶意的SQL查询请求获得SYS权限。 Oracle Oracle9i Oracle Oracle10g Release 2 Oracle...
SQL Injection Flaw in Oracle Workspace Manager
resend with title... NGSSoftware Insight Security Research Advisory Name: SQL Injection Flaw in Oracle Workspace Manager Systems Affected: Oracle 10g release 1 and 2, Oracle 9i Severity: High Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Reported: 22nd August...
Design/Logic Flaw
Unspecified vulnerability in 1 SYS$EI1000.EXE and 2 SYS$EI1000MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service machine crash via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffe...
Unfixed XSS vulnerability at www2.sys-con.com
Security researcher MaXWeL, has submitted on 09/03/2007 a cross-site-scripting XSS vulnerability affecting www2.sys-con.com, which at the time of submission ranked 9635 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/03/2007. It is currently...
Norman Virus Control nvcoaft51.sys ioctl BF672028 Exploit
No description provided by source. / Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstract nvcoaft51.sys driver receive as parameter in some ioctl's a pointer to a KEVENT struct, calling KeSetEvent without any prior check. The device created by the driver NvcOa can be opened by any...
Norman Virus Control nvcoaft51.sys ioctl BF672028 Exploit
Exploit for unknown platform in category local exploits ========================================================= Norman Virus Control nvcoaft51.sys ioctl BF672028 Exploit ========================================================= / Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstrac...
Norman Virus Control - nvcoaft51.sys ioctl BF672028
Norman Virus Control - nvcoaft51.sys ioctl BF672028 / Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstract nvcoaft51.sys driver receive as parameter in some ioctl's a pointer to a KEVENT struct, calling KeSetEvent without any prior check. The device created by the driver NvcOa can b...
Sql injection
Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service host operating system crash via unspecified vectors, as demonstrated by the DC2 test suite, possibly a related issue to CVE-2007-4591. NOTE: the provenance of this information is...
Design/Logic Flaw
vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service host operating system crash and possibly gain privileges by sending a small file buffer size value to the FsSetVolumeInformation IOCTL handler with an FsSetFileInformation subcode...
CVE-2007-4591
CVE-2007-4591 concerns a local denial of service (host OS crash) and potential privilege escalation in VMware Workstation 6.0. The issue is tied to the driver vstor-ws60.sys; by sending a small file buffer size value to the FsSetVolumeInformation IOCTL handler with an FsSetFileInformation subcode...
file: Integer underflow
Background file is a utility that guesses a file format by scanning binary data for patterns. Description Jean-Sebastien Guay-Leroux reported an integer underflow in fileprintf function. Impact A remote attacker could entice a user to run the "file" program on a specially crafted file that would...
CVE-2007-1495
The CVEs concern Symantec Norton Personal Firewall 2006 (9.1.1.7) and related Norton products using symevent.sys 12.0.0.20/SYMTDI.SYS. Affected component: \Device\SymEvent and driver interface; root cause is sending crafted data to the driver (e.g., via DeviceIoControl) that leads to invalid memo...
Linux Omnikey Cardman 4040 driver Local Buffer Overflow Exploit PoC
No description provided by source. / Linux Omnikey Cardman 4040 driver buffer overflow CVE-2007-0005 Copyright C Daniel Roethlisberger [email protected] Compass Security Network Computing AG, Rapperswil, Switzerland. All rights reserved. http://www.csnc.ch/ / includesys/stat.h...
Oracle 10g Database - SUBSCRIPTION_NAME SQL Injection (2)
Oracle 10g Database - SUBSCRIPTIONNAME SQL Injection 2 source: https://www.securityfocus.com/bid/13236/info Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data. The 'SUBSCRIPTIONNAME' parameter is vulnerable. Packages that...