[Full-Disclosure] SoX buffer overflows when handling .WAV files

SoX buffer overflows when handling .WAV files I have found two buffer overflows in SoX. They occur when the sox or play commands handle malicious .WAV files. The overflows have the identifier CAN-2004-0557. Versions 12.17.4, 12.17.3 and 12.17.2 are vulnerable to these overflows. Vulnerable versio...

Subversion 1.0.2 Date Overflow

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

Subversion 1.0.2 - Date Overflow (Metasploit)

Subversion 1.0.2 - Date Overflow Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ requir...

Multiple BSD ipfw / ip6fw ECE Bit Filtering Evasion

The remote host seems vulnerable to a bug wherein a remote attacker can circumvent the firewall by setting the ECE bit within the TCP flags field. At least one firewall ipfw is known to exhibit this sort of behavior. Known vulnerable systems include all FreeBSD 3.x ,4.x, 3.5-STABLE, and 4.2-STABL...

BSD - SHMAT System Call Privilege Escalation

BSD - SHMAT System Call Privilege Escalation source: https://www.securityfocus.com/bid/9586/info A vulnerability has been reported to reside in the 'shmat' system call used in the BSD kernel. Exploiting this issue may allow a local attacker to inject instructions into the memory of a privileged...

BSD - SHMAT System Call Privilege Escalation

source: https://www.securityfocus.com/bid/9586/info A vulnerability has been reported to reside in the 'shmat' system call used in the BSD kernel. Exploiting this issue may allow a local attacker to inject instructions into the memory of a privileged process...

Apache 1.3.*-2.0.48 mod_userdir Remote Users Disclosure Exploit

Exploit for linux platform in category remote exploits =============================================================== Apache 1.3.-2.0.48 moduserdir Remote Users Disclosure Exploit =============================================================== / m00-apache-w00t.c Apache 1.3.-2.0.48 remote users...

Apache 1.3.x 2.0.48 mod_userdir - Remote Users Disclosure

Apache 1.3.x 2.0.48 moduserdir - Remote Users Disclosure / m00-apache-w00t.c Apache 1.3.-2.0.48 remote users disclosure exploit by m00 Security. Proof-of-Concept edition This tool scans remote hosts with httpd apache and disclosure information about existens users accounts via wrong default...

Apache 1.3.x < 2.0.48 mod_userdir - Remote Users Disclosure

/ m00-apache-w00t.c Apache 1.3.-2.0.48 remote users disclosure exploit by m00 Security. Proof-of-Concept edition This tool scans remote hosts with httpd apache and disclosure information about existens users accounts via wrong default configuration of moduserdir default apache module. Then attemp...

Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit

No description provided by source. / \ exploit code for modgzip with debugmode = 1.2.26.1a / \ Created by xCrZx crazyeinstein yahoo com /05.06.03/ / \ Tested on RedHat 8.0 Psyche here is target for it, / also tested on FreeBSD 4.7 1.3.19.2a here is no target for it : / \ / / \ / Single mode: \ /...

Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote Overflow

/ \ exploit code for modgzip with debugmode include include netd...

*BSD ibcs2 information leak

statfs call with large argument length allows to read kernel memory content...

CVE-2003-0767

Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value...

CVE-2003-0767

The CVE-2003-0767 entry describes a buffer overflow in RogerWilco components: the RogerWilco graphical server (1.4.1.6 and earlier), Windows dedicated server (0.32a and earlier), and Linux/BSD versions (0.27 and earlier). The flaw allows remote attackers to trigger a denial of service and potenti...

realpath(3) function contains off-by-one buffer overflow

Overview A function originally derived from 4.4BSD, realpath3, contains a vulnerability that may permit a malicious user to gain root access to the server. This function was derived from the FreeBSD 3.x tree. Other applications and operating systems that use or were derived from this code base ma...

CLIVITT-2003-5.txt

Security Vulnerability Advisory Product: modmylo Apache 1.3.x module Versions:...

Abuse-SDL 0.7 - Command Line Argument Buffer Overflow

Abuse-SDL 0.7 - Command Line Argument Buffer Overflow // source: https://www.securityfocus.com/bid/7982/info A buffer overflow vulnerability has been reported for Abuse-SDL that may result in the execution of attacker-supplied code. The vulnerability exists due to insufficient bounds checking...

Apache Httpd < 1.3.32 : mod_proxy buffer overflow

A buffer overflow was found in the Apache proxy module, modproxy, which can be triggered by receiving an invalid Content-Length header. In order to exploit this issue an attacker would need to get an Apache installation that was configured as a proxy to connect to a malicious site. This would cau...

OpenSSH/PAM &lt;= 3.6.1p1 Remote Users Ident (gossh.sh)

No description provided by source. !/bin/sh OpenSSH = 3.6.p1 - User Identification. Nicolas Couture - [email protected] Description: -Tells you wether or not a user exist on a distant server running OpenSSH. Usage: -You NEED to have the host's public key before executing this script...

OpenSSHPAM 3.6.1p1 - gossh.sh Remote Users Ident

OpenSSHPAM 3.6.1p1 - gossh.sh Remote Users Ident !/bin/sh OpenSSH " exit 1 Verify the arguments. $ != 2 && usage Variables. USER="$1" HOST="$2" =-=-=-=-=-=-=-=-=-=-=-=-= Expect script functions =-=-=-=-=-=-=-=-=-=-=-=-= Expect script for password. expasswd cat expasswd spawn $SSHCMD expect...