About shellcodes

In this post we have documented a beginners introduction to shellcode writing. We go from zero to a super simple shellcode using tools you may find already installed in any serious operating system. If you are looking for a digested and more mature way of generating shellcode you should check...

gdk-pixbuf: DoS (GLib error and application abort) due to an integer overflow in the XBM image file format loader

Multiple integer overflows in the readbitmapfiledata function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service application crash via a negative 1 height or 2 width in an XBM file, which triggers a heap-based buffer overflow...

Smoke Loader SQL Injection Vulnerability

The Smoke Loader HTTP-based exploit kit suffers from a remote SQL injection vulnerability. Like other http-based exploit kits, I've discovered that the smoke loader malware downloader has a sql injection in its C&C administration panel that can be used to revel the administrator's password. sqlma...

Smoke Loader SQL Injection

Like other http-based exploit kits, I've discovered that the smoke loader malware downloader has a sql injection in its C&C administration panel that can be used to revel the administrator's password. sqlmap can identify the vulnerable parameter with the string:...

Google Chrome Multiple Vulnerabilities-03 Dec2012 (Windows)

This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvuln03dec12win.nasl 5963 2017-04-18 09:02:14Z teissa $ Google Chrome Multiple Vulnerabilities-03 Dec2012 Windows Authors: Antu Sanadi Copyright: Copyright c 2012...

Google Chrome Multiple Vulnerabilities-03 (Dec 2012) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome < 23.0.1271.97 Multiple Vulnerabilities

Binary data 6643.pasl...

FreeBSD : chromium -- multiple vulnerabilities (51f84e28-444e-11e2-8306-00262d5ed8ee)

Google Chrome Releases reports : 158204 High CVE-2012-5139: Use-after-free with visibility events. Credit to Chamal de Silva. 159429 High CVE-2012-5140: Use-after-free in URL loader. Credit to Chamal de Silva. 160456 Medium CVE-2012-5141: Limit Chromoting client plug-in instantiation. Credit to...

CVE-2012-5140

Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader...

CVE-2012-5140

Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader...

Design/Logic Flaw

Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader...

CVE-2012-5140

Removed by vendor...

OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different...

JDK: java.lang.ClassLoder defineClass() code execution

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600,...

OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different...

gegl security update

0.1.2-4 - avoid buffer overflow in ppm loader CVE-2012-4433...

CVE-2012-2625

The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service memory consumption via a large 1 bzip2 or 2 lzma compressed kernel image...

CVE-2012-2625

The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service memory consumption via a large 1 bzip2 or 2 lzma compressed kernel image...

OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different...

OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different...