Debian DSA-209-1 : wget - directory traversal

Two problems have been found in the wget package as distributed in Debian GNU/Linux : - Stefano Zacchiroli found a buffer overrun in the urlfilename function, which would make wget segfault on very long URLs - Steven M. Christey discovered that wget did not verify the FTP server response to a NLS...

MS Windows JPEG GDI+ Overflow Shellcoded Exploit

Exploit for unknown platform in category remote exploits ================================================ MS Windows JPEG GDI+ Overflow Shellcoded Exploit ================================================ // launch a local cmd.exe not bound to the net... // GDI+ buffer overrun exploit by FoToZ //...

MS Windows JPEG Processing Buffer Overrun Exploit (MS04-028)

Exploit for unknown platform in category dos / poc ============================================================ MS Windows JPEG Processing Buffer Overrun Exploit MS04-028 ============================================================ !/bin/sh The JPEG vuln is triggered by the 0 or 1 length field wi...

Microsoft Windows - JPEG Processing Buffer Overrun (MS04-028)

Microsoft Windows - JPEG Processing Buffer Overrun MS04-028 !/bin/sh The JPEG vuln is triggered by the 0 or 1 length field with an integer flaw The crafted JPEG header makes Windows crash a couple of different ways 1 First, it crashes when the image is opened. 2 Second, it crashes when hovering t...

Microsoft Windows - JPEG GDI+ Overflow Shellcode

Microsoft Windows - JPEG GDI+ Overflow Shellcode // launch a local cmd.exe not bound to the net... // GDI+ buffer overrun exploit by FoToZ // NB: the headers here are only sample headers taken from a .JPG file, // with the FF FE 00 01 inserted in header1. // Sample shellcode is provided // You ca...

Microsoft Windows - JPEG GDI+ Overflow Shellcode

// launch a local cmd.exe not bound to the net... // GDI+ buffer overrun exploit by FoToZ // NB: the headers here are only sample headers taken from a .JPG file, // with the FF FE 00 01 inserted in header1. // Sample shellcode is provided // You can put approx. 2500 bytes of shellcode...who needs...

Microsoft Windows - JPEG Processing Buffer Overrun (MS04-028)

!/bin/sh The JPEG vuln is triggered by the 0 or 1 length field with an integer flaw The crafted JPEG header makes Windows crash a couple of different ways 1 First, it crashes when the image is opened. 2 Second, it crashes when hovering the mouse over the image. The pointer overwrite is pretty...

Microsoft Security Bulletin MS04-028 Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

Microsoft Security Bulletin MS04-028 Buffer Overrun in JPEG Processing GDI+ Could Allow Code Execution 833987 Issued: September 14, 2004 Version: 1.0 Summary Who should read this document: Customers who use any of the affected operating systems, affected software programs, or affected components...

MS04-028: Buffer Overrun in JPEG Processing (833987)

The remote host is running a version of Windows that is vulnerable to a buffer overrun attack when viewing a JPEG file which could allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to send a malformed JPEG file to a user on the remote hos...

Mandrake Linux Security Advisory : libpng (MDKSA-2004:079)

Chris Evans discovered numerous vulnerabilities in the libpng graphics library, including a remotely exploitable stack-based buffer overrun in the pnghandletRNS function, dangerous code in pnghandlesBIT, a possible NULL pointer crash in pnghandleiCCP which is also duplicated in multiple other...

Cfengine AuthenticationDialogue() Function Remote Overflow

Cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue function. The issue exists due to a lack of sufficient boundary checks performed on challenge data that is received from a clien...

Internet Security Systems BlackICE PC Protection 3.6 - Firewall.INI Local Buffer Overrun

source: https://www.securityfocus.com/bid/10915/info It is reported that BlackICE PC Protection is prone to a local buffer overrun when handling excessive input in certain configuration directives parsed from the firewall.ini file included with the software. It is reported that when the system is...

Internet Security Systems BlackICE PC Protection 3.6 - Firewall.INI Local Buffer Overrun

Internet Security Systems BlackICE PC Protection 3.6 - Firewall.INI Local Buffer Overrun source: https://www.securityfocus.com/bid/10915/info It is reported that BlackICE PC Protection is prone to a local buffer overrun when handling excessive input in certain configuration directives parsed from...

GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (1)

source: https://www.securityfocus.com/bid/10899/info GNU cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue function. The issue exists due to a lack of sufficient boundary checks...

GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (2)

// source: https://www.securityfocus.com/bid/10899/info GNU cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue function. The issue exists due to a lack of sufficient boundary chec...

GNU CFEngine 2.0.x2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (1)

GNU CFEngine 2.0.x2.1 - AuthenticationDialogue Remote Heap Buffer Overrun 1 source: https://www.securityfocus.com/bid/10899/info GNU cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd...

GNU CFEngine 2.0.x2.1 - AuthenticationDialogue Remote Heap Buffer Overrun (2)

GNU CFEngine 2.0.x2.1 - AuthenticationDialogue Remote Heap Buffer Overrun 2 // source: https://www.securityfocus.com/bid/10899/info GNU cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd...

GNU Info 4.7 - Follow XRef Buffer Overrun

source: https://www.securityfocus.com/bid/10882/info GNU Info is reported prone to a buffer overrun vulnerability. The vulnerability is reported to present itself due to a lack of boundary checks performed on argument data for the f follow xref Info command. An attacker may exploit this...

GNU Info 4.7 - Follow XRef Buffer Overrun

GNU Info 4.7 - Follow XRef Buffer Overrun source: https://www.securityfocus.com/bid/10882/info GNU Info is reported prone to a buffer overrun vulnerability. The vulnerability is reported to present itself due to a lack of boundary checks performed on argument data for the f follow xref Info...

Mandrake Linux Security Advisory : gdm (MDKSA-2001:070)

A buffer overrun exists in the XDMCP handling code used in gdm. By sending a properly crafted XDMCP message, it is possible for a remote attacker to execute arbitrary commands as root on the susceptible machine. By default, XDMCP is disabled in gdm.conf on Mandrake Linux. %NASLMINLEVEL 70300 C...