Fedora 16 : boost-1.47.0-7.fc16 (2012-9029)

This update fixes a bug in Boost.Pool, which could under certain circumstances overflow allocated chunk size. This could have security implications for applications that use Boost pool without sanitizing pool parameters. - Add a sub-package boost-math with math-related bits from Boost.TR1. This...

Dan Guido on Attacker Math and Exploit Intelligence

Dennis Fisher talks with Dan Guido, security researcher and CEO of Trail of Bits, about the new company’s plan to help enterprises defend against targeted attacks, the way that attackers think and the value of exploits versus vulnerabilities. They also discuss a new initiative to help share...

MS 2647518: Update Rollup for ActiveX Kill Bits (2647518)

The remote Windows host is missing a list of kill bits for ActiveX controls that are known to contain vulnerabilities. If these ActiveX controls are ever installed on the remote host, either now or in the future, they would expose it to various security issues. Note that the affected controls are...

Small SSH RSA Key

The remote SSH daemon has a small key size, which is insecure. Given current technology, it should be 1024 bits at a minimum. TRUSTED...

Extreme GPU Bruteforcer

Extreme GPU Bruteforcer is a professional solution for the recovery of passwords from hashes using GPU. The software supports hashes of the following types: MySQL, MySQL5, DESUnix, MD4, MD5, MD5Unix, MD5APR, MD5phpBB3, MD5WordPress, LM, NTLM, SHA-1 and many others. On modern graphics cards from...

kernel: xen: off-by-one shift in x86_64 __addr_ok()

Off-by-one error in the addrok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service host crash via unspecified hypercalls that ignore virtual-address bits...

MS11-090: Cumulative Security Update of ActiveX Kill Bits (2618451)

The remote Windows host has one or more ActiveX controls installed that could be abused to execute arbitrary code remotely if a user can be tricked into viewing a malicious web page using Internet Explorer. Three of these controls are from Microsoft itself while the others are from third-party...

MS 2562937: Update Rollup for ActiveX Kill Bits (2562937)

The remote Windows host is missing a list of kill bits for ActiveX controls that are known to contain vulnerabilities. If these ActiveX controls are ever installed on the remote host, either now or in the future, they would expose it to various security issues. Note that the affected controls are...

DEC Alpha Linux <= 3.0 Local Root Exploit

Exploit for linux platform in category local exploits / DEC Alpha Linux include include include include include include include include include include define SYSosfwait4 7 define SOCKOFFSET 552 / Offset of skdestruct fptr in sock struct, change for your kernel / define PAGESIZE 8192 / DEC alpha...

backorifice-brute NSE Script

Performs brute force password auditing against the BackOrifice service. The backorifice-brute.ports script argument is mandatory it specifies ports to run the script against. Script Arguments backorifice-brute.ports mandatory List of UDP ports to run the script against separated with "," ex...

Microsoft Excel - Axis Properties Record Parsing Buffer Overflow (PoC) (MS11-02)

""" This is a PoC for MS11-021/CVE-2011-0978 Microsoft Office Excel Axis Properties Record Parsing Buffer Overflow w3bd3vilatgmaildot.com twitter.com/w3bd3vil Modify bits at file location 0x39E7 0:000:x86 r eax=04dd6380 ebx=ffff5554 ecx=04ab5108 edx=00000000 esi=04ab4800 edi=ffff5554 eip=2f36a2fd...

DEBIAN-CVE-2011-1167

Heap-based buffer overflow in the thunder aka ThunderScan decoder in tifthunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value...

CentOS Update for samba CESA-2011:0305 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

libsmbclient, samba security update

CentOS Errata and Security Advisory CESA-2011:0305 Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVS...

IBM OmniFind Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits =============================================== IBM OmniFind Privilege Escalation Vulnerability =============================================== Privilege escalation in two applications CVE-2010-3895 Root SUID bits are set for the application...

IBM OmniFind - Local Privilege Escalation

Privilege escalation in two applications CVE-2010-3895 Root SUID bits are set for the applications »esRunCommand« and »estaskwrapper«. ------------------------------------------------------------------------- -rwsr-xr-x 1 root users ... /opt/IBM/es/bin/esRunCommand -rwsr-xr-x 1 root users...

IBM OmniFind - Local Privilege Escalation

IBM OmniFind - Local Privilege Escalation Privilege escalation in two applications CVE-2010-3895 Root SUID bits are set for the applications »esRunCommand« and »estaskwrapper«. ------------------------------------------------------------------------- -rwsr-xr-x 1 root users...

Quick N Easy FTP Server 3.2 Denial Of Service

DCA-0007 Software - Quick 'n Easy FTP Server Vendor Product Description - Quick 'n Easy FTP Server Professional is a multi threaded FTP server for Windows 98/NT/XP and Vista32 bits that can be easily setup even by inexperienced users. New users can be easily created by a wizard which is guiding y...

libpng: Interlaced Images Information Disclosure Vulnerability

libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in t...

win32/xp sp3 (SPA) URLDownloadToFileA + CreateProcessA + ExitProcess

Exploit for win32 platform in category shellcode ==================================================================== win32/xp sp3 SPA URLDownloadToFileA + CreateProcessA + ExitProcess ==================================================================== !/usr/bin/perl c0d3d by r0i aka d0lc3 Explo...