Moderate: kernel security and bugfix update

2.6.9-55.0.6.0.1 - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix for nfs open call taking longer issue Chuck Lever orabug 5580407 bz 219412 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon with rds Zach...

Mercury/32 Mail Server 3.32 < 4.51 - SMTP EIP Overwrite

/ Dreatica-FXP crew ---------------------------------------- Target : Mercury/32 SMTP Server Found by : [email protected], http://www.offensive-security.com ---------------------------------------- Exploit : Mercury/32 v3.32-v4.51 SMTP Pre-Auth EIP overwrite exploit Exploit date :...

lfs-overflow.txt

/ 0day Live for speed patch x s2 /s1 and demo local .mpr buffer over flow Credit's to n00b for finding bug and writing the exploit Lfs is a racing simulator with a huge player data-base with 100,000+ user's. I found a local buffer over flow where im able to execute shell code on the user's...

Code injection

Vikingboard 0.1.2 allows remote attackers to obtain sensitive information via the debug parameter to 1 forum.php, 2 cp.php, and possibly other unspecified components...

CVE-2007-4089

Vikingboard 0.1.2 allows remote attackers to obtain sensitive information via the debug parameter to 1 forum.php, 2 cp.php, and possibly other unspecified components...

[Full-disclosure] heise Security: Password exposure in Lotus Notes

Excerpt from: http://www.heise-security.co.uk/news/92958 ------ Password exposure in Lotus Notes A debug function in version 5 and up of Lotus Notes can be used to write a file containing the new password in plain text when a user password is changed. This function has been designed to bring more...

CVE-2007-3494

Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to 1 read the entire database by accessing the database backup plugin via a devtools/templates/newdumpbackend.html argument in the templa...

CVE-2007-3494

CVE-2007-3494 affects Papoo CMS 3.6 and possibly earlier. The vulnerability stems from a missing privilege check in backend administration plugin access (via interna/plugin.php and a devtools/templates/newdump_backend.html argument), enabling remote authenticated users to perform actions beyond t...

Stack overflow

Stack-based buffer overflow in peviewer.spl in Altap Servant Salamander 2.5 with Portable Executable Viewer 2.02 English Trial, and 2.0 with Portable Executable Viewer 1.00 English Trial, allows remote attackers to execute arbitrary code via a long PDB debug filename in a PE file...

CVE-2007-3314

Stack-based buffer overflow in peviewer.spl in Altap Servant Salamander 2.5 with Portable Executable Viewer 2.02 English Trial, and 2.0 with Portable Executable Viewer 1.00 English Trial, allows remote attackers to execute arbitrary code via a long PDB debug filename in a PE file...

Ace-FTP Client 1.24a Remote Buffer Overflow PoC

No description provided by source. !/usr/bin/python Credit to n00b for finding the bug. Ace-Ftp client buffer over flow p0c. This is possible to exploit as we Smash the seh handlers and there are Plenty of registers that had our buffer Im still new to seh over writes I haven't Had much experience...

Ace-FTP Client 1.24a Remote Buffer Overflow PoC

Exploit for unknown platform in category dos / poc =============================================== Ace-FTP Client 1.24a Remote Buffer Overflow PoC =============================================== !/usr/bin/python Credit to n00b for finding the bug. Ace-Ftp client buffer over flow p0c. This is...

MoviePlay 4.76 - '.lst' Local Buffer Overflow

!/usr/bin/env ruby MoviePlay 4.76 .lst file Local buffer over-flow. Credit to n00b for writing poc code..Pmsl Tested on :Win xp sp2 eng. Vendor web site: Netfarer.com MoviePlay 4.76 Buffer-over flow reported : Jan 02 2007 12:00AM Credit goes to Parvez Anwar for finding the bug. MoviePlay is prone...

RealPlayer 1 0 (. ra file) Remote Denial of Service Exploit-vulnerability warning-the black bar safety net

!/ usr/bin/python Real player 1 0 Gold . Ra file remote Dos. Credits to n00b for finding this bug This bug is a nasty memory leak with in Real player 1 0 gold please remember if your guna test it out save all your info you need first..Coz your probly guna have to reboot also remember all other...

Heap practice overflow point location of the 2 methods-vulnerability warning-the black bar safety net

Vulnerability software: War-Ftpd version 1.65 Debugging software: Ollydbg Program write: perl Vulnerability is described: the configuration of the USER, resulting in stack overflow. On some debugging of the issue please refer to: the Win32 buffer overflow combat of...

Microsoft Visual Basic 6.0 Project (Company Name) Stack overflow PoC

No description provided by source. !/usr/local/bin/perl Discovered By UmZ Umair Manzoor comments are welcome at umz32.dllatgmail.com Dated 23-02-2007 Time : 02:00 AM PST Visual Basic Project Company Name Stack Overflow Affected Version : Tested on Visual basic 6...

Microsoft Visual Basic 6.0 Project (Company Name) Stack overflow PoC

Exploit for unknown platform in category dos / poc ==================================================================== Microsoft Visual Basic 6.0 Project Company Name Stack overflow PoC ==================================================================== !/usr/local/bin/perl Discovered By UmZ...

Microsoft Visual Basic 6.0 Project - Company Name Stack Overflow (PoC)

!/usr/local/bin/perl Discovered By UmZ Umair Manzoor comments are welcome at umz32.dllatgmail.com Dated 23-02-2007 Time : 02:00 AM PST Visual Basic Project Company Name Stack Overflow Affected Version : Tested on Visual basic 6 Threats : DoS, Previlidges Escilation System become unstable for more...

MagicISO <= 5.4(build239) .cue File Heap Overflow PoC

Exploit for linux platform in category dos / poc ===================================================== MagicISO = 5.4build239 .cue File Heap Overflow PoC ===================================================== !/usr/bin/env ruby Credits to n00b for finding this bug. Magic iso has a stacked based...

Moderate: gcc security and bug fix update

3.4.6-8.0.1 - add gcc34-pr23591-tls-model-fix.patch - this patch fixes a bug with exception handlers and threads 3.4.6-8 - add gnu.java.util.ZoneInfo class, use tzdata files for libgcj timezone stuff instead of builtin simple and outdated rules 227884 - add missing @GCC4.0.0 and @GCC4.2.0 libgcc...