1984 matches found
[SECURITY] [DSA 1416-1] New tk8.3 packages fix arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1416-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 27, 2007 http://www.debian.org/security/faq -...
Mono System.Math BigInteger整数溢出漏洞
BUGTRAQ ID: 26279 CVECAN ID: CVE-2007-5197 Mono是基于.NET框架的开源开发平台,允许开发人员构建Linux和跨平台的应用。 Mono的Mono.Math.BigInteger类在实现BigInteger数据类型时存在整数溢出漏洞,允许本地攻击者执行任意指令。 Mono Mono 2.0 Mono Mono 1.x 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1397-1)以及相应补丁: DSA-1397-1:New mono packages fix integer overflow...
Moderate: Red Hat Security Advisory: pwlib security update
Updated pwlib packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PWLib is a library used to support cross-platform applications. In Red Hat Enterprise Linux 5, th...
A comprehensive analysis of the firewall and the firewall of penetration-vulnerability warning-the black bar safety net
A firewall description A firewall is a function, it makes the internal network and the external network or the Internet, isolated from each other, in order to protect the internal network or host. A simple firewall may consist of Router,3 Layer Switch ACL access control list to act as, you can al...
NetVault Process Manager Service Detection
The remote service is an instance of NetVault Process Manager, part of Dell NetVault, a cross-platform backup and restore application. Dell NetVault was formerly known as BakBone NetVault Backup. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid25800;...
Modify the PHP core Backdoor implementation-vulnerability warning-the black bar safety net
Developing A PHP Core Backdoor Author: wofeiwo/I non-I wofeiwoatgmaildotcom Directory 1Foreword 2The advantages and disadvantages of 3design 4functions to achieve 5reference to documents 6some description 1Foreword PHP is a very popular web server side script language. At present, many web...
vcdgear-local.txt
/ 0day Discovered by: C-W-M Auther: C-W-M Www.MeftunNet.Com & Www.HackerSecurity.Org Location : Turkey... Attack Vector: SEH overwrite Type: Local Tested on Win2k SP4 English Software: VCDGear v3.56 build 050213 Website: www.vcdgear.com Description: "VCDGear is a program designed to allow a user ...
VCDGear 3.56 Build 050213 - 'FILE' Local Code Execution
/ 0day Discovered by: InTeL Auther: InTeL Attack Vector: SEH overwrite Type: Local Tested on Win2k SP4 English Software: VCDGear v3.56 build 050213 Website: www.vcdgear.com Description: "VCDGear is a program designed to allow a user to extract MPEG streams from CD images, convert VCD files to MPE...
[x0n3-h4ck] sabros.us 1.7 XSS Exploit
-=--------------------ADVISORY-------------------=- sabros.us 1.7 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: sabros.us -=+ Version: 1.7 -=+ Vendor's URL: http://sourceforge.net/projects/sabrosus/ -=+ Platform: WindowsLinuxUnix -=+ Bug...
[Full-disclosure] REMLAB Web Mech Designer 2.0.5 Path Disclosure Vulnerability
Description: REMLAB http://remlab.sourceforge.net/ is a fully fuctional cross-platform web-based Battlemech designer for the tactical board game Battletech http://www.classicbattletech.com/ . REMLAB is built entirely on HTML, PHP, and JavaScript with AJAX functionality. The vulnerability exists i...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a redesign of the Mozilla Navigator component. The goal is to produce a cross-platform stand-alone browser application. Description The following vulnerabilities have been reported: Benjamin Smedberg discovered that chrome URL's could be made to reference remote file...
security flaw
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface...
Computer Associates BrightStor ARCserve Backup Discovery Service vulnerable to buffer overflow
Overview The Computer Associates BrightStor ARCserve Backup Discovery Service contains a buffer overflow, which may allow a remote attacker to execute arbitrary code. Description Computer Associates BrightStor ARCserve Backup is a cross-platform backup and recovery application. The ARCserve Backu...
firefoxSploit.txt
Firelinking 2 - Proof-of-Concept by mikx var pf = navigator.platform.toLowerCase; if pf.indexOf"win" != -1 var os = "win"; else if pf.indexOf"mac" != -1 var os = "mac"; else var os = "linux" function runDemo // this is an ugly caching workaround document.getElementById'outhtml'.innerHTML = "";...
Mozilla Firefox view-source:javascript url Code Execution Exploit
Exploit for multiple platform in category remote exploits ================================================================= Mozilla Firefox view-source:javascript url Code Execution Exploit ================================================================= Firelinking 2 - Proof-of-Concept by mikx...
Mozilla Firefox - view-source:JavaScript url Code Execution
Mozilla Firefox - view-source:JavaScript url Code Execution Firelinking 2 - Proof-of-Concept by mikx var pf = navigator.platform.toLowerCase; if pf.indexOf"win" != -1 var os = "win"; else if pf.indexOf"mac" != -1 var os = "mac"; else var os = "linux" function runDemo // this is an ugly caching...
Mozilla Firefox - view-source:JavaScript url Code Execution
Firelinking 2 - Proof-of-Concept by mikx var pf = navigator.platform.toLowerCase; if pf.indexOf"win" != -1 var os = "win"; else if pf.indexOf"mac" != -1 var os = "mac"; else var os = "linux" function runDemo // this is an ugly caching workaround document.getElementById'outhtml'.innerHTML = "";...
Mozilla Firefox executes JavaScript in the "IconURL" parameter of "InstallTrigger.install()" with chrome privileges
Overview Mozilla Firefox may execute JavaScript contained within the IconURL parameter of InstallTrigger.install with chrome privileges. This may allow an attacker to execute arbitrary commands on a vulnerable system. Description XPInstallXPInstall is a cross-platform software installation method...
[SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability
SIG^2 Vulnerability Research Advisory SurgeFTP LEAK Command Denial-Of-Service Vulnerability by Tan Chew Keong Release Date: 07 Apr 2005 ADVISORY URL http://www.security.org.sg/vuln/surgeftp22m1.html SUMMARY SurgeFTP http://netwinsite.com/surgeftp/ is an FTP server with SSL/TLS security, easy...
[Full-Disclosure] Sun Java Plugin arbitrary package access vulnerability
OVERVIEW ======== Sun Microsystem's Java Plugin connects the Java technology to web browsers and allows the use of Java Applets. Java Plugin technology is available for numerous platforms and supports major web browsers. A vulnerability in Java Plugin allows an attacker to create an Applet which...