SudBox Boutique 1.2 login.PHP Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7651/info A vulnerability has been reported for SudBox Boutique. The problem occurs due to insufficient initialization of variables and may allow an unauthorized user to gain authenticate. Specifically, by making a...

Linux Kernel 2.6.x 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/33846/info The Linux Kernel is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using using it in a user-accessible operation. Successful exploits will allow...

GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability

No description provided by source. from: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Cześć, This advisory describes...

Linux Kernel 2.x - sock_sendpage() Local Ring0 Root Exploit

Linux...

RealNetworks RealPlayer CDDA URI Initialization Vulnerability

No description provided by source. $Id: realplayercddauri.rb 12009 2011-03-17 15:42:28Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and ter...

Irokez CMS <= 0.7.1 - Multiple Remote File Include Vulnerabilities

No description provided by source. +------------------------------------------------------------------------------------------- + Irokez CMS = 0.7.1 Multiple Remote File Include Vulnerabilities +------------------------------------------------------------------------------------------- + Vendor...

McKesson ActiveX File/Environmental Variable Enumeration

No description provided by source. html !-- McKesson ActiveX File/Environmental Variable Enumeration Vendor: McKesson Version: 11.0.10.38 Tested on: Windows XP SP3 / IE Download: N/A Author: Blake Additional Details: This activex control is packaged with the Horizon Rad Station software used by...

VLC 0.86 < 0.86d ActiveX Remote Bad Pointer Initialization PoC

No description provided by source. !-- Core Security Technologiess - CoreLabs Advisory http://www.coresecurity.com/corelabs VLC Activex Bad Pointer Initialization Vulnerability Advisory Information Title: VLC Activex Bad Pointer Initialization Vulnerability Advisory ID: CORE-2007-1004 Advisory UR...

openSUSE Security Update : ghostscript-devel (openSUSE-SU-2010:0451-1)

ghostscript by default read some initialization files from the current working directory. Local attackers could potentially exploit that to have other users execute arbitrary commands by placing such files e.g. in /tmp CVE-2010-2055. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

CVE-2013-0250

The initnsshash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service crash via a crafted packet...

Malx Media Player handle malformed m3u file stack overflow local arbitrary code execution-vulnerability warning-the black bar safety net

Malx Media Player 3.2.2 handle malformed m3u file will occur when the stack overflows, which can allow an attacker to successfully control EIP, and execute arbitrary code. （Win7 SP1 with MacType for ROP） Malx Media Player is using MAXPATH as initialization parameters on the stack variable, but th...

Microsoft Internet Explorer Memory Corruption (MS14-029; CVE-2014-0310)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk

A flaw was found in the way the Linux kernel processed an authenticated COOKIEECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on th...

Microsoft Internet Explorer Memory Corruption (MS14-018: CVE-2014-1753)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

CVE-2014-0146

The qcow2open function in the block/qcow2.c in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service NULL pointer dereference via a crafted image which causes an error, related to the initialization of the snapshotoffset and nbsnapshots fields...

UBUNTU-CVE-2014-0146

The qcow2open function in the block/qcow2.c in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service NULL pointer dereference via a crafted image which causes an error, related to the initialization of the snapshotoffset and nbsnapshots fields...

Patch Management: SCCM Computer Info Initialization

Binary data sccmgetcomputerinfo.nbin...

Microsoft Internet Explorer Memory Corruption (MS14-012; CVE-2014-0312)

A remote code execution vulnerability has been reported in Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open ...

Microsoft Internet Explorer Memory Corruption (MS14-012: CVE-2014-0313)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

UBUNTU-CVE-2014-0101

The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an...