Free WMA MP3 Converter 1.1 - .wav Local Buffer Overflow

Free WMA MP3 Converter 1.1 - .wav Local Buffer Overflow !/usr/bin/perl Free WMA MP3 Converter v1.1 .wav Local Buffer Overflow seh Vendor: http://www.eusing.com/ Discovered by: KriPpLer http://www.x-sploited.com/ Tested on: Windows XP Pro SP2. Description: FREE WMA MP3 converter v1.1 Local Buffer...

Code injection

Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors...

CVE-2009-3524

Avast! avast4.ini insecure permissions in the Avast4 Data folder allowed a local attacker to modify avast4.ini (ISAPIFilter1) to point to a malicious DLL, which could load with SYSTEM privileges after restart. The issue was addressed in Avast! Professional/Home editions up to 4.8.1356; another ve...

Sun Solaris Cluster本地特权提升漏洞

Bugraq ID: 36486 Sun Solaris是一款商业性质的操作系统。 Solaris Cluster 3.2配置工具clsetup存在一个未明错误，本地攻击者可以利用漏洞以root特权执行任意命令。 目前没有详细漏洞细节提供。 Sun Cluster 3.2 Sun Solaris 用户可参考如下安全公告获得补丁信息： http://sunsolve.sun.com/search/document.do?assetkey=1-66-267148-1...

Linux Kernel sg_build_indirect函数本地拒绝服务漏洞

CVE ID: CVE-2009-3288 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的drivers/scsi/sg.c文件中的sgbuildindirect函数在访问数组时使用了错误的变量，这允许本地攻击者通过使用xcdroast复制CD导致内核崩溃和空指针引用。仅有可打开光驱设备的用户才可以利用这个漏洞。 Linux kernel 2.6.28-rc1 - 2.6.31-rc8 厂商补丁： Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

IBM WebSphere Application Server本地信息泄漏漏洞

Bugraq ID: 36458 CVE ID：CVE-2009-2743 IBM WebSphere Application Server是一款商业性质的WEB应用服务程序。 IBM WebSphere Application Server允许本地攻击者获得敏感信息。 在使用wsadmin脚本和配置了JAAS-J2C验证数据后，当部分异常发生时存在一个错误，通过查看FFDC日志文件，攻击者可以获得敏感信息。 IBM Websphere Application Server 6.1 25 IBM Websphere Application Server 6.1 23 IBM...

Swift Ultralite 1.032 (.M3U) Local Buffer Overflow PoC

No description provided by source. !/usr/bin/perl Found By :: HACK4LOVE [email protected] Swift Ultralite 1.032 .M3U Local Buffer Overflow PoC EAX 00000000 ECX FFFFFFFF EDX 004976F0 SwiftUlt.004976F0 EBX 00000270 ESP 0013F1CC EBP 00000000 ESI 0013F31B...

[PT-2009-05] CA Internet Security Suite Denial of Service Vulnerability

---------------------------------------------------------------------- PT-2009-05 Positive Technologies Security Advisory CA Internet Security Suite Denial of Service Vulnerability ---------------------------------------------------------------------- --- Affected Software CA Internet Security...

Mandriva 'initscripts'本地信息泄漏漏洞

Bugraq ID: 35854 Mandriva是一款基于linux内核的发行版本。 Mandriva 'initscripts'存在安全问题，本地攻击者可以利用漏洞获得敏感信息。 在使用'initscripts'脚本启动服务时，如执行service network restart，会记录部分敏感信息，如部分无线密钥的部分数据。 MandrakeSoft Linux Mandrake 2009.1 x8664 MandrakeSoft Linux Mandrake 2009.1 MandrakeSoft Linux Mandrake 2009.0 x8664 MandrakeSoft...

Design/Logic Flaw

mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors...

CVE-2009-2461

mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors...

DEBIAN-CVE-2009-2461

mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors...

CVE-2009-2461

mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors...

CVE-2009-2461

mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors...

CVE-2009-2461

The CVE-2009-2461 entry concerns mathtex.cgi in mathTeX, where, for downloads prior to 20090713, temporary file creation is not done securely. Multiple connected sources (NVD, OSV, Veracode, OSV Debian, Ubuntu, CVE list) corroborate the issue as a local-attack–vector vulnerability with unspecifie...

CVE-2009-2461

mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors...

FreeBSD 7.0/7.1 vfs.usermount Local Privilege Escalation Exploit

Exploit for freebsd platform in category local exploits ================================================================ FreeBSD 7.0/7.1 vfs.usermount Local Privilege Escalation Exploit ================================================================ / cve-2008-3531.c -- Patroklos Argyroudis, arg...

Sun Solaris Event Port API多个本地拒绝服务漏洞

Bugraq ID: 35437 CNCAN ID：CNCAN-2009062203 Sun Solaris是一款商业性质的操作系统。 Solaris Event Port API存在竞争条件错误，本地攻击者可以利用漏洞使系统崩溃。 目前没有详细漏洞细节提供。 Sun Solaris 10.0x86 Sun Solaris 10.0 Sun OpenSolaris build snv99 Sun OpenSolaris build snv96 Sun OpenSolaris build snv95 Sun OpenSolaris build snv94 Sun OpenSolaris...

FreeBSD Direct Pipe Write本地信息泄漏漏洞

Bugraq ID: 35279 CNCAN ID：CNCAN-2009061101 FreeBSD是一款开放源代码的BSD操作系统。 FreeBSD "direct pipe writes"实现存在一个整数溢出错误，本地攻击者可以利用漏洞获得部分进程的内存信息，导致敏感信息泄漏。 "direct pipe writes"实现存在的缺陷可导致虚拟到物理地址查询被遗漏，可导致未授权读取其他进程的内存分页信息，使得敏感信息泄漏。 FreeBSD FreeBSD 7.2-STABLE FreeBSD FreeBSD 7.2-RELEASE-p1 FreeBSD FreeBSD...

FreeBSD IPv6 'SIOCSIFINFO_IN6'权限检查本地安全绕过漏洞

Bugraq ID: 35285 CNCAN ID：CNCAN-2009061102 FreeBSD是一款开放源代码的BSD操作系统。 FreeBSD针对"SIOCSIFINFOIN6" IOCTL缺少正确的权限检查，本地攻击者可以利用漏洞修改网络设置导致拒绝服务等攻击。 当修改IPv6网络栈属性时缺少正确的权限检查，发送特殊构建的"SIOCSIFINFOIN6" IOCTLs可导致更改部分IPv6接口设置如MTU或禁用IPv6接口。 FreeBSD FreeBSD 7.2-STABLE FreeBSD FreeBSD 7.1-RELEASE-p6 FreeBSD FreeBSD...