3770 matches found
DasForum Local File Inclusion
'/ -.- --------------------oOO------OOo------------------- | DasForum layout Local File Inclusion Exploit | | works only with magicquotesgpc = off | ------------------------------------------------------ ! Discovered: cr4wl3r ! Download: http://mirror.vocabbuilder.net/savannah/dasforum/ ! Date:...
Mandriva Update for kdepim4 MDVA-2010:013 (kdepim4)
Check for the Version of kdepim4 OpenVAS Vulnerability Test Mandriva Update for kdepim4 MDVA-2010:013 kdepim4 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
Layout CMS 1.0 SQL-Injection and Cross-Site Scripting Vulnerabilities
Layout CMS 1.0 SQL-Injection and Cross-Site Scripting Vulnerabilities. Webapps exploit for php platform source: http://www.securityfocus.com/bid/40415/info Layout CMS is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize...
OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)
Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to 1 LayoutQueue, 2 Cursor.predefined, 3...
K-Meleon 1.5.3 Remote Array Overrun
No description provided by source. From Full Disclosure: http://seclists.org/fulldisclosure/2009/Nov/222 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 K-Meleon 1.5.3 Remote Array Overrun Arbitrary code execution Author: Maksymilian Arciemowicz and sp3x http://SecurityReason.com Date: - - Dis.:...
kernel: personality: fix PER_CLEAR_ON_SETID
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...
Mozilla Firefox Denial Of Service Vulnerability Nov-09 (Windows)
This host is installed with Mozilla Firefox and is pront to Denial of Service vulnerability. OpenVAS Vulnerability Test $Id: gbfirefoxdosvulnnov09win.nasl 4865 2016-12-28 16:16:43Z teissa $ Mozilla Firefox Denial Of Service Vulnerability Nov-09 Windows Authors: Sharath S Copyright: Copyright c 20...
Mozilla Firefox Denial Of Service Vulnerability Nov-09 (Linux)
This host is installed with Mozilla Firefox and is prone to Denial of Service vulnerability. OpenVAS Vulnerability Test $Id: gbfirefoxdosvulnnov09lin.nasl 4865 2016-12-28 16:16:43Z teissa $ Mozilla Firefox Denial Of Service Vulnerability Nov-09 Linux Authors: Sharath S Copyright: Copyright c 2009...
Mandriva Linux Security Advisory : kernel (MDVSA-2009:289)
Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easi...
USN-852-1: Linux kernel vulnerabilities
Solar Designer discovered that the z90crypt driver did not correctly check capabilities. A local attacker could exploit this to shut down the device, leading to a denial of service. Only affected Ubuntu 6.06. CVE-2009-1883 Michael Buesch discovered that the SGI GRU driver did not correctly check...
CDBurnerXP 4.2.4.1351
No description provided by source. !/usr/bin/env python CDBurnerXP v 4.2.4.1351 Local Crash PoC Found By: DrIDE Tested On: XPSP3, 7RC Usage: Create New Data Disc, Add a Folder, Paste to Rename Folder, Click Save Compilation as ISO Notes: Super lame and most likely not exploitable. ''' Error...
kernel: personality: fix PER_CLEAR_ON_SETID
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...
RedHat Security Advisory RHSA-2009:1438
The remote host is missing updates to the Linux kernel announced in advisory RHSA-2009:1438. This update fixes the following security issues: the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw t...
DSA-1885-1 xulrunner - several vulnerabilities
Bulletin has no description...
OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)
Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to 1 LayoutQueue, 2 Cursor.predefined, 3...
Google SketchUp Pro 7.0 (.skp file) Remote Stack Overflow PoC
No description provided by source. / Title: Google SketchUp Pro 7.0 Model File Handling Remote Stack Overflow PoC Vendor: Google Inc. http://www.google.com Product Web Page: http://www.sketchup.com http://sketchup.google.com Current Version: 7.0.10247 Summary: Google SketchUp Pro 7 is a suite of...
Null pointer dereference
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...
Linux Kernel PER_CLEAR_ON_SETID绕过安全限制漏洞
BUGTRAQ ID: 35647 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的PERCLEARONSETID mask没有包含有MMAPPAGEZERO和ADDRCOMPATLAYOUT,这可能允许本地用户绕过mmapminaddr保护,或禁用某些ASLR(地址空间布局随机化)功能。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Firefox 2 and 3 Layout engine crash
The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service application crash and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree...
CVE-2009-0202
Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow...