CVE-2011-1824

CVE-2011-1824 affects Opera versions older than 10.61. The vulnerability arises in VEGAOpBitmap::AddLine when processing a SELECT element’s SIZE attribute, causing an uninitialized memory write that can crash the application or potentially allow arbitrary code execution. Exploitation involves lar...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

Updated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 1.3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

openSUSE Security Update : kernel (openSUSE-SU-2010:1047-1)

This security update of the openSUSE 11.1 kernel updates the kernel to 2.6.27.56 and fixes various security issues and other bugs. Following security issues were fixed by this update: CVE-2010-2963: A problem in the compat ioctl handling in video4linux allowed local attackers with a video device...

Buffer overflow

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data...

RealNetworks RealGames StubbyUtil.ProcessMgr.1 ActiveX Control (InstallerDlg.dll v2.6.0.445) Multiple Remote Commands Execution Vulnerabilities

RealNetworks RealGames StubbyUtil.ProcessMgr.1 ActiveX Control InstallerDlg.dll v2.6.0.445 Multiple Remote Commands Execution Vulnerabilities tested against Internet Explorer 9, Vista sp2 download url: http://www.gamehouse.com/ background: When choosing to play with theese online games ex. the ga...

RealNetworks RealPlayer CDDA URI Initialization Vulnerability

$Id: realplayercddauri.rb 12009 2011-03-17 15:42:28Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

RealNetworks RealPlayer CDDA URI Initialization Vulnerability

Exploit for windows platform in category remote exploits $Id: realplayercddauri.rb 12009 2011-03-17 15:42:28Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more informatio...

RealNetworks RealPlayer CDDA URI Initialization Vulnerability

This module exploits an initialization flaw within RealPlayer 11/11.1 and RealPlayer SP 1.0 - 1.1.4. An abnormally long CDDA URI causes an object initialization failure. However, this failure is improperly handled and uninitialized memory executed. This module requires Metasploit:...

RealNetworks RealPlayer - CDDA URI Initialization (Metasploit)

$Id: realplayercddauri.rb 12009 2011-03-17 15:42:28Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1086-1)

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. CVE-2010-4075 Dan Rosenberg discovered that the socket filters did not correctly...

Ubuntu Update for linux vulnerabilities USN-1080-1

Ubuntu Update for Linux kernel vulnerabilities USN-1080-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10801.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for linux vulnerabilities USN-1080-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...

bo-blog任意变量覆盖漏洞

// go.php $qurl=$SERVER"REQUESTURI"; @list$relativePath, $rawURL=@explode'/go.php/', $qurl; $rewritedURL=$rawURL; // 来自$SERVER"REQUESTURI",可以任意提交的: ... $RewriteRules="/component/^/+/?/"; // 这个正则限制的不够细致,可以很轻易的绕过: ... $RedirectTo="page.php?pagealias=\1"; $i=0; foreach $RewriteRules as $rule if...

CVE-2011-0532

The 1 backup and restore scripts, 2 main initialization script, and 3 ldap-agent script in 389 Directory Server 1.2.x aka Red Hat Directory Server 8.2.x place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the...

Directory traversal

The 1 backup and restore scripts, 2 main initialization script, and 3 ldap-agent script in 389 Directory Server 1.2.x aka Red Hat Directory Server 8.2.x place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the...

PT-2011-2033 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Internet Explorer affected versions not specified Description: A remote code execution issue exists due to incorrect initialization or deletion of an object when accessed by Internet Explorer. An attacker can exploit this by creating a...

PT-2011-2032 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Internet Explorer affected versions not specified Description: A remote code execution issue exists due to incorrect initialization or deletion of an object when accessed by Internet Explorer. An attacker can exploit this by creating a...

CVE-2011-0636

The 1 cudaHostAlloc and 2 cuMemHostAlloc functions in the NVIDIA CUDA Toolkit 3.2 developer drivers for Linux 260.19.26, and possibly other versions, do not initialize pinned memory, which allows local users to read potentially sensitive memory, such as file fragments during read or write...

CVE-2011-0636

The CVE-2011-0636 entry/issue affects NVIDIA CUDA Toolkit 3.2 developer drivers for Linux (260.19.26) and possibly other versions, where the functions cudaHostAlloc and cuMemHostAlloc do not initialize pinned memory. This can allow local users to read potentially sensitive memory (e.g., file frag...

Design/Logic Flaw

net/packet/afpacket.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAPNETRAW capability to read copies of the applicable structures...

HP Photo Creative v 2.x audio.Record.1 ActiveX Control (ContentMan.dll 1.0.0.4272) Remote Stack Based Buffer Overflow poc

!-- HP Photo Creative v 2.x audio.Record.1 ActiveX Control ContentMan.dll 1.0.0.4272 Remote Stack Based Buffer Overflow poc by rgod tested against Windows Vista / IE 7 download url: http://www.hp.com/global/us/en/consumer/digitalphotography/free/software/photo-creations.html activex settings:...