McAfee LiveSafe 14.0 - Relocations Processing Memory Corruption

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=817 Fuzzing packed executables with McAfee's LiveSafe 14.0 on Windows found a signedness error parsing sections and relocations. The attached fuzzed testcase demonstrates this and...

McAfee LiveSafe 14.0 - Relocations Processing Memory Corruption

McAfee LiveSafe 14.0 - Relocations Processing Memory Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=817 Fuzzing packed executables with McAfee's LiveSafe 14.0 on Windows found a signedness error parsing sections and relocations. The attached fuzzed testcase...

Joyent Node.js validator security bypass vulnerability (CNVD-2016-02548)

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js validator allows remote attackers to bypass filters by submitting special input...

USN-2925-1 bind9 vulnerabilities

It was discovered that Bind incorrectly handled input received by the rndc control channel. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. CVE-2016-1285 It was discovered that Bind incorrectly parsed resource record signatures for DNAME...

CVE-2006-1014

Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additionalparameters argument to the mbsendmail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X...

CVE-2006-1015

Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additionalparameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE...

Sensio Labs Twig Templates Remote Code Execution Vulnerability

Sensio Labs Twig is a PHP template engine that allows developers to customize tags and filters and create DSLs. A remote input validation vulnerability exists in Sensio Labs Twig, which allows remote attackers to exploit the vulnerability to submit a special request to execute arbitrary code...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

CVE-2 0 1 4-4 4 2 3 analysis process and findings-vulnerability warning-the black bar safety net

Primer Some time ago the“steamed rice”on his blog published the article“on a non-jailbroken iPhone 6 iOS 8.1.3 on phishing attacks stealing App Store passwords”, see the article later to try to reproduce the whole process. Since the“steamed rice”the entire process is described more clearly, combi...

chromium-browser: Out-of-bounds write in skia filters

The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation...

GetSolutions GetIntranet 2.2 - Multiple Remote Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11149/info Reportedly getSolutions getIntranet is affected by multiple remote input validation vulnerabilities. These issues are caused by a failure of the application to properly sanitize user-supplied input. These issue...

TUTOS file_overview.php link_id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/11221/info Tutos is reported prone to multiple remote input-validation vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting...

PunBB 3.0/3.1 - Multiple Remote Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12652/info Multiple remote input validation vulnerabilities affect PunBB. These issues are due to a failure of the application to sanitize user-supplied input prior to using it to carry out critical functions. The first...

TUTOS app_new.php t Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/11221/info Tutos is reported prone to multiple remote input-validation vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting...

CoolPHP 1.0 - Multiple Remote Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11437/info Reportedly CoolPHP is affected by multiple remote input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input prior to using it to make critic...

Floosietek FTGate Mail Server 1.2 index.fts folder Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10058/info It has been reported that FTGate is prone to multiple remote input validation vulnerabilities; a cross-site scripting issue and an HTML injection vulnerability. These issues are due to a failure of the...

Claroline 1.5/1.6 userInfo.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry...

cURL/libcURL Remote Input Validation Vulnerability

Binary data 801396.prm...

Flightgear 2.0 / 2.4 Format String Vulnerability

Flightgear versions 2.0 and 2.4 suffer from a remote format string vulnerability. / Exploit Title: Flightgear remote format string Date: 21/04/2013 Exploit Author: Kurono email: email protected Vendor Homepage: http://www.flightgear.org/ Software Link: http://www.flightgear.org/download/ Version:...

Flightgear 2.02.4 - Remote Format String

Flightgear 2.02.4 - Remote Format String / Exploit Title: Flightgear remote format string Date: 21/04/2013 Exploit Author: Kurono email: [email protected] Vendor Homepage: http://www.flightgear.org/ Software Link: http://www.flightgear.org/download/ Version: Tested on versions 2.0, 2.4...