up.time 7.5.0 - Upload and Execute

up.time 7.5.0 Upload And Execute File Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software. Desc: up.time suffers from arbitrary command execution. Attackers can...

DEBIAN-CVE-2015-1270

The ucnviogetConverterName function in common/ucnvio.cpp in International Components for Unicode ICU, as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service read of uninitialized memory or...

CVE-2015-4156

GNU Parallel before 20150522 Nepal, when using 1 --cat or 2 --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file...

CVE-2015-2222

ClamAV before 0.98.7 allows remote attackers to cause a denial of service crash via a crafted petite packed file...

CVE-2014-9653

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service uninitialized memor...

Heap overflow

Multiple heap-based buffer overflows in Sound eXchange SoX 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the 1 startread or 2 AdpcmReadBlock function...

CVE-2014-9093

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service invalid write operation and crash and possibly execute arbitrary code via a crafted RTF file...

CVE-2014-8962

Stack-based buffer overflow in streamdecoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file...

DEBIAN-CVE-2014-6432

The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service application crash via a crafted file...

Globsy <= 1.0 - Remote File Rewriting Exploit

No description provided by source. !/usr/bin/php -q ?php / ---------------------------------------------------------------------- Globsy = 1.0 Remote File Rewriting Exploit Discovered By StAkeR aka athos - StAkeRathotmaildotit Discovered On 12/10/2008...

LokiCMS <= 0.3.4 (index.php page) Arbitrary Check File Exploit

官网链接: http://www.lokicms.com/ 影响版本：= 0.3.4 概述： LokiCMS 0.3.4及之前版本中的index.php存在目录遍历漏洞。当magicquotesgpc被中止时，远程攻击者可以借助页参数中的".."，来检查任意文件是否存在。 漏洞页面： vuln file: index.php 漏洞代码： if isset $GET && isset $GET'page' $pagename = stripslashes trim $GET'page' ; // load the page if $pagename == '' $name =...

RarmaRadio <= 2.53.1 (.m3u) Denial of Service vulnerability

No description provided by source. Title: RarmaRadio .m3u Denial of service vulnerability Author : anT!-Tr0J4n Greetz : Dev-PoinT.com inj3ct0r.com all DEV-PoinT t34m thanks : r0073r ; Sid3^effects ; L0rd CrusAd3r ; all Inj3ct0r 31337 Member Home : www.Dev-PoinT.com $ http://inj3ct0r.com Software ...

Book Library 1.4.162 - Local DoS (.bkd)

No description provided by source. Exploit Title: Book Library Local Dos .bkd file Date: April 14, 2010 Software Link: http://wensoftware.com/ Version: v1.4.162 Tested on: Windows XP SP3 Author: anonymous Site: www.setfreesecurity.com Click Open at top - Find your .bkd file No Response about 5 se...

Mini-stream Ripper 3.1.0.8 - Local stack overflow exploit

No description provided by source. Mini-stream Ripper 3.1.0.8 = Local stack overflow exploit Author: Hazem Mofeed Download: http://www.mini-stream.net/mini-stream-ripper/download/ Home: http://hakxer.wordpress.com BUFFER + RET + RET + SHELLCODE -- Exploited...

QQPlayer cue File Buffer Overflow Exploit

No description provided by source. !/usr/bin/env python Title: QQPlayer cue File Buffer Overflow Exploit Author: Lufeng Li of Neusoft Corporation Vendor: www.qq.com Platform: Windows XPSP3 Chinese Simplified Tested: QQPlayer 2.3.696.400 Vulnerable: QQPlayer=2.3.696.400p1 Code : head = '''FILE '''...

VUPlayer 2.49 - .ASX File (HREF) Local Buffer Overflow Exploit (2)

No description provided by source. !/usr/bin/perl -w author : Houssamix VUPlayer 2.49 .asx File local Stack Overflow Exploit print Author : HouSSamix Program : VUPlayer Version : 2.49 website : http://www.vuplayer.com/ Download : http://vuplayer.com/files/vuplayersetup.exe Type : .asx File local...

Jaws 0.8.8 - Multiple Local File Inclusion Vulnerabilities

No description provided by source. Jaws 0.8.8 Local File Inclusion POST /upgrade/index.php language=../../../../../../../../../../../../etc/passwd%00 POST /install/index.php language=../../../../../../../../../../../../etc/passwd%00 Also vulnerable: Introductioncomplete uselog Author notified: Ja...

Pico MP3 Player 1.0 (.mp3 /.pls File) Local Crash PoC

No description provided by source. !/usr/bin/perl Usage--file created--load file--b00m.mp3 BOOM print \n; print ! Pico MP3 Player 1.0 .mp3 Local Crash PoC\n; print \n; print ! Author: cr4wl3r\n; print ! Mail: cr4wl3r!linuxmail.org\n; print \n; my $boom = A x 1337; my $filename = b00m.mp3; open...

WarpSpeed 4nAlbum Module 0.92 nmimage.php z Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/9881/info It has been reported that 4nAlbum is prone to multiple vulnerabilities. These issues are primarily due to a failure of the module to validate user input. There is an information disclosure issue with the...

CVE-2014-2241

The 1 cf2initLocalRegionBuffer and 2 cf2initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service assertion failure, as demonstrated by a crafted ttf file...