Stack Buffer Overflow Vulnerability in Legba Incorporated YateBTS

Legba Incorporated YateBTS is software for analog protocol stacks for GSM networks. A stack buffer overflow vulnerability exists in Legba Incorporated YateBTS. An attacker could exploit the vulnerability by sending an oversized UDP packet resulting in a memory buffer overflow, which in turn could...

PCRE Regular Expression Compilation Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PCRE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the compilation of regular...

Internet Bug Bounty: stack buffer overflows in the curses module

I found two stack buffer overflows in the curses module. These vulnerabilities have been reported to the PSRT and were fixed here: https://hg.python.org/cpython/rev/d5f6bc45b376 https://hg.python.org/cpython/rev/85b35300f200 Below are copies of the mails I sent to the PSRT. They describe the...

Multiple D-Link Routers Stack Buffer Overflow Vulnerability

The D-Link DIR-895L is a wireless router from AUO. A stack buffer overflow vulnerability exists in multiple D-Link Routers, which allows remote attackers to submit a special request to execute arbitrary code or conduct a denial of service attack...

Teamspeak 3 Use-After-Free / Information Disclosure / DoS

Teamspeak 3 RCE advisory by: ff214370685e536b9ee021c7ff6b7680bfbe6008bc29f87511b6b90256043536 August 10, 2016 While auditing the Teamspeak 3 server I've discovered several 0-day vulnerabilities which I'll describe in detail in this advisory. They exist in the newest version of the server, version...

openSUSE: Security Advisory for libarchive (openSUSE-SU-2016:2036-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Easy File Sharing Web Server GET HTTP request vulnerability

Added: 08/11/2016 Background Easy File Sharing Web Server is software that allows users to upload/download files to a server easily through a web browser, as well as providing a bulletin board system forum. Problem Easy File Sharing Web Server is vulnerable to a stack buffer overflow condition as...

Easy File Sharing Web Server GET HTTP request vulnerability

Added: 08/11/2016 Background Easy File Sharing Web Server is software that allows users to upload/download files to a server easily through a web browser, as well as providing a bulletin board system forum. Problem Easy File Sharing Web Server is vulnerable to a stack buffer overflow condition as...

Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3044-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3044-1 advisory. Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially...

VUPlayer 2.49 .pls Stack Buffer Overflow

!/usr/bin/python import os,sys Tested Windows 7 Home x86 & Windows 10 Home x86x64 badchars \x00\x0a\x1a\x20\x40 msfvenom -a x86 --platform windows -p windows/exec CMD=calc.exe -b "\x00\x0a\x1a\x20\x40" -f python buf = "" buf += "\xbf\x3b\x99\xdd\xa3\xdb\xc4\xd9\x74\x24\xf4\x58\x29" buf +=...

VUPlayer 2.49 - '.pls' Stack Buffer Overflow (DEP Bypass)

Exploit for windows platform in category local exploits !/usr/bin/python import os,sys Tested Windows 7 Home x86 & Windows 10 Home x86x64 badchars \x00\x0a\x1a\x20\x40 msfvenom -a x86 --platform windows -p windows/exec CMD=calc.exe -b "\x00\x0a\x1a\x20\x40" -f python buf = "" buf +=...

CVE-2016-6289

Integer overflow in the virtualfileex function in TSRM/tsrmvirtualcwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact via a crafted extract operation on a Z...

Debian DLA-552-1 : binutils security update

Some minor security issues have been identified and fixed in binutils in Debian LTS. These are : CVE-2016-2226 Exploitable buffer overflow. CVE-2016-4487 Invalid write due to a use-after-free to array btypevec. CVE-2016-4488 Invalid write due to a use-after-free to array ktypevec. CVE-2016-4489...

HP LoadRunner Controller Scenario File Stack Buffer Overflow (CVE-2015-5426)

A stack-based buffer overflow vulnerability exists in HP LoadRunner Controller. The vulnerability is due to insufficient boundary checks while parsing scenario files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted ".lrs" files with the...

Symantec Antivirus Decomposer Engine dec2lha Library Remote Stack Buffer Overflow (CVE-2016-2210)

A stack buffer overflow vulnerability exist in the Symantec Antivirus Decomposer Engine dec2lha Library. This vulnerability is due to incorrect decompression of the LZH and LHA archives...

Apache xerces-c stack buffer overflow vulnerability

Apache Xerces is an XML syntax parser from the Apache Software Foundation in the U.S. Apache Xerces-C is its language version. A stack buffer overflow vulnerability exists in xerces-c because the program fails to properly parse deeply nested DTDs, which can be exploited by a remote attacker to...

Symantec AntiVirus - Remote Stack Buffer Overflow in dec2lha Library

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=814 The dec2lha library is the library responsible for decompressing LZH and LHA archives. The CSymLHA::getheader routine has a trivial stack buffer overflow. .text:00023D91 31 C0...

Symantec AntiVirus - dec2lha Library Remote Stack Buffer Overflow (PoC)

Symantec AntiVirus - dec2lha Library Remote Stack Buffer Overflow PoC Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=814 The dec2lha library is the library responsible for decompressing LZH and LHA archives. The CSymLHA::getheader routine has a trivial stack buffer overflow...

Foxit Reader GoToR action Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...

Trane ComfortLink II Stack Buffer Overflow Vulnerability

Trane ComfortLink II is a set of connection control components for use in home intelligence systems from Trane UK. A stack buffer overflow vulnerability exists in the Trane ComfortLink II using firmware version 2.0.2. A remote attacker can exploit this vulnerability by sending a long REG request ...