PT-2010-5429 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.37-rc6 Description: The issue is related to the install special mapping function in mm/mmap.c, which fails to make an expected security file mmap function call. This allows local users to bypass intended mma...

OTSTurnTables 1.00.028 Buffer Overflow

Exploit Title: OTSTurntables 1.00.028 m3u/ofl Local BOF Exploit SEH Date: 11/24/2010 Author: 0v3r Software Link: http://www.otsturntables.com/download-otsturntables-free/ Version: 1.00.048 Tested on: Windows XP SP3 EN CVE: N/A !/usr/bin/python import sys win32bind - EXITFUNC=seh LPORT=4444 Size=6...

CVE-2010-3999

CVE-2010-3999 affects GnuCash 2.3.15 and earlier, where gnc-test-env places a zero-length directory name in LD_LIBRARY_PATH, enabling a local attacker to gain privileges via a Trojan horse shared library in the current working directory. Public advisories (Fedora openVAS entries, Mandriva MDVSA-2...

GSPlayer 1.83a Win32 Release - Local Buffer Overflow

Exploit Title: GSPlayer 1.83a Win32 Release Buffer Overflow Vulnerability Date: 2010/11/04 Author: moigai e-mail: [email protected] Software Link: http://www.vector.co.jp/download/file/win95/art/fh296344.html Version: 1.83a Win32 Release Tested on: Windows XP SP3 En VM my $file = "GSPlayer.m3u"...

Trend Micro Titanium Maximum Security 2011 Local Exploit

1.Description: The tmtdi.sys kernel driver distributed with Trend Micro Titanium Maximum Security 2011 contains a pointer overwrite vulnerability in the handling of IOCTL 0x220404. Exploitation of this issue allows an attacker to execute arbitrary code within the kernel. An attacker would need...

LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical

Exploit for linux platform in category dos / poc ===================================================================== LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical ===================================================================== LibSMI smiGetNode Buffer Overflow When...

CVE-2010-3357

CVE-2010-3357 affects gnome-subtitles 1.0 , where a zero-length directory name in the LD_LIBRARY_PATH allows local users to gain privileges via a Trojan horse shared library in the current working directory. Root cause: manipulation of LD_LIBRARY_PATH. Impact: local privilege escalation (as descr...

CVE-2010-3369

The CVE-2010-3369 issue affects mono-debugger:2.4.3 and earlier than 2.8.1, where a zero-length directory name placed in LD_LIBRARY_PATH by the mdb and mdb-symbolreader scripts can let a local user load a Trojan horse shared library from the current working directory and gain privileges. Affected...

Design/Logic Flaw

Untrusted search path vulnerability in Lhasa 0.19 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory...

MS OpenType CFF Parsing Vulnerability

Core Security - CoreLabsMS OpenType CFF Parsing Vulnerability 1. Advisory Information Title: MS OpenType CFF Parsing Vulnerability Advisory Id: CORE-2010-0624 Advisory URL: http://www.coresecurity.com/content/ms-opentype-cff-parsing-vulnerability Date published: 2010-10-12 Date of last update:...

cPassMan 1.07 Multiple Vulnerabilities

Exploit for php platform in category web applications ====================================== cPassMan 1.07 Multiple Vulnerabilities ====================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/...

μTorrent (uTorrent) 2.0.3 - DLL Hijacking

μTorrent uTorrent 2.0.3 - DLL Hijacking Title: uTorrent =2.0.3 Dll Hijacking Local Exploits By: DrIDE Tested: Windows 7RC Note: These are additional DLL's with unsafe Load Paths Reference: http://www.exploit-db.com/exploits/14726/ If the payload .DLL file is renamed to any of these files and plac...

CVE-2010-2384: Solaris wbem unsafe use of temporary files

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Below is the full disclosure information for CVE-2010-2384. It was reported to [email protected] on 3 January, 2010 and assigned Sun bug 6913886. This vulnerability was addressed by Sun/Oracle in the July 2010 Critical Patch Update...

Ruby 'ARGF.inplace_mode' Buffer Overflow Vulnerability

Ruby is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ruby-lang:ruby"; ifdescription...

GSM SIM Utility Local Exploit Direct Ret ver

Exploit for windows platform in category local exploits ============================================ GSM SIM Utility Local Exploit Direct Ret ver ============================================ Exploit Title : GSM SIM Utility Local Exploit Direct Ret ver. Date : July 07, 2010 Author : chap0...

Linux Kernel 2.2.x<= 25 – 2.4.x<21 ptrace/kmod Local Root Exploit

No description provided by source. / Linux kernel ptrace/kmod local root exploit This code exploits a race condition in kernel/kmod.c, which creates kernel thread in insecure manner. This bug allows to ptrace cloned process, allowing to take control over privileged modprobe binary. Should work...

Mp3 Digitalbox 2.7.2.0 - '.mp3' Local Stack Overflow (PoC)

!/usr/bin/perl Mp3 Digitalbox 2.7.2.0 .mp3 Local Stack Overflow POC Author : v3n0m Site : http://yogyacarderlink.web.id/ Group : YOGYACARDERLINK Date : July, 02-2010 INDONESIA Software : Mp3 Digitalbox Version : 2.7.2.0 Other versions may also be affected Download : http://www.tsoft.aplus.pl/...

Scite Text Editor Buffer Overflow

Exploit Title: 0 Days Scite text editor :Local Buffer Overflow PoC Date: 28/06/2010 Author: kmkz Version: Scite 1.76 lastest version Tested on: Linux 2.6.31-22 Code : Proof of Concept !/usr/bin/perl -wU 0-Days PoC Local BoF Scite 1.76 use strict; use diagnostics; use English '-nomatchvars'; use...

UltraISO 9.3.6.2750 Buffer Overflow

/ DISCLAIMER THIS PROGRAM IS NOT INTENDED TO BE USED ON OTHER COMPUTERS AND IT IS DESTINED FOR PERSONAL RESEARCH ONLY!!!! The programs are provided as is without any guarantees or warranty. The author is not responsible for any damage or losses of any kind caused by the use or misuse of the...

TitanFTP Server COMB directory traversal

Accensus Security Advisory L-01 TitanFtp Server Arbitrary File Download/Delete Details ============= Product: TitanFTPd Security-Risk: high Remote-Exploit: maybe, assuming anonymous ftp access Local-Exploit: yes Vendor URL: http://www.southrivertech.com/ Found By: Bill Finlayson...