796 matches found
Sandbox Escape: Linux 3.4+: arbitrary write with CONFIG_X86_X32
asmlinkage long compatsysrecvmmsgint fd, struct compatmmsghdr user mmsg, unsigned int vlen, unsigned int flags, struct compattimespec user timeout int datagrams; struct timespec ktspec; if flags & MSGCMSGCOMPAT return -EINVAL; if COMPATUSE64BITTIME return sysrecvmmsgfd, struct mmsghdr user mmsg,...
MW6 Technologies MaxiCode - ActiveX 'Data' Buffer Overflow (PoC)
!-- =========================================================================== Problem: The Data parameter is subject to a buffer overflow DEFINITELY leading to arbitrary code execution. COM Object - 2355C601-37D1-42B4-BEB1-03C773298DC8 MW6MaxiCode Class File Description : MaxiCode ActiveX File...
win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase
Exploit for windows platform in category dos / poc I'm quite proud of this list cycle trick, here's how to turn it into an arbitrary write. First, we create a watchdog thread that will patch the list atomically when we're ready. This is needed because we can't exploit the bug while HeavyAllocPool...
Microsoft Windows - Win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase
Microsoft Windows - Win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase I'm quite proud of this list cycle trick, here's how to turn it into an arbitrary write. First, we create a watchdog thread that will patch the list atomically when we're ready. This is needed because we can't...
HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution
Added: 01/26/2012 CVE: CVE-2011-4786 BID: 51396 OSVDB: 78306 Background HP Easy Printer Care Software is a tool to control and monitor up to 20 HP printers. Problem HP Easy Printer Care Software 2.5 and prior versions are vulnerable to remote code execution. The CacheDocumentXMLWithId method from...
HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution
Added: 01/26/2012 CVE: CVE-2011-4786 BID: 51396 OSVDB: 78306 Background HP Easy Printer Care Software is a tool to control and monitor up to 20 HP printers. Problem HP Easy Printer Care Software 2.5 and prior versions are vulnerable to remote code execution. The CacheDocumentXMLWithId method from...
HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution
Added: 01/26/2012 CVE: CVE-2011-4786 BID: 51396 OSVDB: 78306 Background HP Easy Printer Care Software is a tool to control and monitor up to 20 HP printers. Problem HP Easy Printer Care Software 2.5 and prior versions are vulnerable to remote code execution. The CacheDocumentXMLWithId method from...
HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution
Added: 01/26/2012 CVE: CVE-2011-4786 BID: 51396 OSVDB: 78306 Background HP Easy Printer Care Software is a tool to control and monitor up to 20 HP printers. Problem HP Easy Printer Care Software 2.5 and prior versions are vulnerable to remote code execution. The CacheDocumentXMLWithId method from...
HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Pandora FMS <= 3.1 Mullti Vulnerability
Exploit for php platform in category web applications ======================================= Pandora FMS = 3.1 Mullti Vulnerability ======================================= Path Traversal: PHP File Inclusion or RFI/LFI: Remote/Local file inclusion - CVE-2010-4281 -CVE-2010-4282 - CVSS 8.5/10...
Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite
Exploit for linux platform in category dos / poc ========================================================== Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite ========================================================== / CVE-2010-2963 Arbitrary write memory write via v4l1 compat ioctl. Kee...
Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability
No description provided by source. Source: http://www.securityfocus.com/bid/44242/info / CVE-2010-2963 Arbitrary write memory write via v4l1 compat ioctl. Kees Cook [email protected] greets to drosenberg, spender, taviso / define GNUSOURCE include stdio.h include unistd.h include stdlib.h include...
CORE-2009-0727: Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Libpurple msnslplinkprocessmsg Arbitrary Write Vulnerability 1. Advisory Information Title: Libpurple msnslplinkprocessmsg Arbitrary Write Vulnerability Advisory ID:...
Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability
Advisory ID Internal CORE-2009-0727 1. Advisory Information Title: Libpurple msnslplinkprocessmsg Arbitrary Write Vulnerability Advisory ID: CORE-2009-0727 Date published: 2009-08-18 Date of last update: 2009-08-18 Vendors contacted: Pidgin team Release mode: Coordinated release 2. Vulnerability...
MS04-045 Microsoft WINS Service Memory Overwrite
This module exploits an arbitrary memory write flaw in the WINS service. This exploit has been tested against Windows 2000 only. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS04-045 Microso...
maxthon_arbitrary_read-write.html.txt
var iVuln=null; function checkVuln try if external.readFilemaxsecurityid,"m2bookmark","plugin.ini"!=null pls.innerText='Done!'; alert"Vulnerable!"; showFileContent; window.clearIntervaliVuln; else window.status=''; // Refresh the "max.src" script by setting the source file as the same file...