99 matches found
Microsoft Windows - Kernel ATMFD.dll NamedEscape 0x250C Pool Corruption (MS16-074)
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=785 The Adobe Type Manager Font Driver ATMFD.DLL responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of communication with user-mode...
ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Exploit
This Metasploit module exploits a vulnerability found in ManageEngine Desktop Central 9. When uploading a 7z file, the FileUploadServlet class does not check the user-controlled ConnectionId parameter in the FileUploadServlet class. This allows a remote attacker to inject a null bye at the end of...
ManageEngine Desktop Central 9 - FileUploadServlet ConnectionId (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'nokogiri' class Metasploit3 "ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Vulnerability", 'Description' = %q This module...
libunwind: off-by-one in dwarf_to_unw_regnum()
An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usa...
CGIScript.net csPassword.CGI 1.0 Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4887/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net that discloses...
Notepad++ 5.4.5 - Local .C/CPP Stack Buffer Overflow PoC (0day)
No description provided by source. / 0dayNotepad++ 5.4.5 Local .C/CPP Stack Buffer Overflow POC by fl0 fl0w / / LATEST FIXES Notepad++ v5.4.5 fixed bugs from v5.4.4 : 1. Fix plugins shortcuts not working bug. 2. Fix the tooltip on toolbar display bug for the plugins icons. 3. Fix a crash that was...
CVE-2011-4083
The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes 1 Certificate-based Red Hat Network private entitlement keys and the 2 private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive...
PotPlayer 1.5.40688 - '.avi' File Handling Memory Corruption
!/usr/bin/python Exploit Title: PotPlayer Version 1.5.40688 .avi File Handling Memory Corruption Vulnerability Date: 2013/12/20 Exploit Author: ariarat Software Link: http://www.videohelp.com/download/PotPlayer1.5.40688.EXE Version: 1.5.40688 Probably old version of PotPlayer too Vendor Homepage:...
CVE-2 0 1 3-3 8 9 7 sample analysis study notes-vulnerability warning-the black bar safety net
Before, see FireEye on the CVE-2 0 1 3-3 8 9 3 analysis, see Use way relatively similar, the thought is the same, the analysis of learning, discovery led to the question of object is inconsistent, it does not use the ms-help load the office of hxdl structure of the ROP, and later in the BinVul on...
Scientific Linux Security Update : sos on SL5.x (noarch) (20130730)
The sosreport utility collected the Kickstart configuration file '/root /anaconda-ks.cfg', but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain th...
Scientific Linux Security Update : systemtap on SL5.x, SL6.x i386/x86_64 (20120308)
SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When...
Scientific Linux Security Update : brltty on SL5.x i386/x86_64
It was discovered that a brltty library had an insecure relative RPATH runtime library search path set in the ELF Executable and Linking Format header. A local user able to convince another user to run an application using brltty in an attacker-controlled directory, could run arbitrary code with...
sos security update
CentOS Errata and Security Advisory CESA-2012:0958 An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common...
Default credentials
The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...
CVE-2012-2664
CVE-2012-2664 affects the sosreport utility in the Red Hat sos package prior to 2.2-29. The root user password information found in the Kickstart configuration file (/root/anaconda-ks.cfg) is not removed when creating an archive of debugging information, potentially allowing an attacker to obtain...
Medium: systemtap
Issue Overview: An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system or, potentially, read arbitrary kern...
Moderate: Red Hat Security Advisory: systemtap security update
Updated systemtap packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
RedHat Update for sos RHSA-2012:0153-03
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Low: Red Hat Security Advisory: sos security, bug fix, and enhancement update
An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which...
fetchmail resources exhaustion
Memory exhaustion on debugging information printing...