137 matches found
EMC AlphaStor Device Manager 0x41 Command Remote Code Execution Vulnerability
This vulnerability potentially allows remote attackers to execute arbitrary code on vulnerable installations of EMC AlphaStor for EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within Device Manager rrobotd.exe which listens by default on por...
Microsoft Internet Explorer CDispNode Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific issue is due to the way...
Mozilla Firefox XMLSerializer Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XML...
Microsoft Internet Explorer CButton Object Use-After-Free
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Microsoft Interne...
Immunity Canvas: ADOBE_FLASH_OTF_PARSING
Name| adobeflashotfparsing ---|--- CVE| CVE-2012-1535 Exploit Pack| CANVAS Description| adobeflashotfparsing Notes| CVE Name: CVE-2012-1535 VENDOR: Adobe Notes: This exploit takes advantage of a integer overflow that leads to a heap based buffer overflow. The kerntable contains an integer that wh...
SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6163 / 6164 / 6172)
The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.26, which fixes a lot of bugs and security issues. The following security issues have been fixed : - A locking problem in transparent hugepage support could be used by local attackers to potentially crash the host, or via kvm a...
CVE-2012-1146
The memcgroupusageunregisterevent function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have...
UBUNTU-CVE-2012-1146
The memcgroupusageunregisterevent function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have...
kernel: ipc/shm.c: reading uninitialized stack memory
The copyshmidtouser function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."...
Adobe Flash Player "Button" Remote Code Execution
This module exploits a vulnerability in the handling of certain SWF movies within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially...
QuickTime < 7.6.8 Multiple Vulnerabilities (Windows)
Binary data 801185.prm...
Adobe Flash Player newfunction Invalid Pointer Use
$Id: adobeflashplayernewfunction.rb 9477 2010-06-10 20:55:17Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Adobe Flash Player "newfunction" Invalid Pointer Use
This module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash...
iDefense Security Advisory 02.24.09: Adobe Flash Player Invalid Object Reference Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 02.24.09 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 24, 2009 I. BACKGROUND Adobe Flash Player is a very popular web browser plugin. It is available for multiple web browsers and platforms, including Windows,...
Debian disaster-vulnerability warning-the black bar safety net
by axis 2008-05-16 http://www.ph4nt0m.org The Debian OpenSSL package the algorithms have problems, random number generation is actually in the process pid in the selection, lead to the generation of key can be exhaustive The following extract from the metasploit blog The Bug On May 13th, 2 0 0 8...
CVE-2007-5656
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service EMS 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted requests that control loop operations related to memory...
Multiple Linux kernel security vulnerabilities
Arbitrary process memory control, race conditions, buffer overflow, DoS, IP filtering bypass...