Code injection

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service memory consumption and application crash via a crafted 1 message header or 2 POP3 UIDL list...

CVE-2010-1167

fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service memory consumption and application crash via a crafted 1 message header or 2 POP3 UIDL list...

CA iTechnology iGateway - Debug Mode Buffer Overflow (Metasploit)

$Id: caigatewaydebug.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

Splunk Inadvertently Exposes User Passwords

The passwords of customers on Splunk.com were revealed after some debug information leaked on to its production servers. The debug code exposed users passwords to Splunk.com as clear text, the company said. Read the full article. The Register...

WebEssence 1.0.2 Cross Site Scripting / SQL Injection

WebEssence 1.0.2 Multiple Vulnerabilities Bugs found by whitesheep, R00TATI and epicfail for Debug|Track session @ Backtrack|italia community conference www.backtrack.it XSS PoC: http://localhost/webessence/webessence/oembed.php?url=http://google.com&id=alert'Backtrack|it'; In "url" variable is...

webessence 1.0.2 - Multiple Vulnerabilities

WebEssence 1.0.2 Multiple Vulnerabilities Bugs found by whitesheep, r00t and epicfail for Debug|Track session @ Backtrack|italia community conference www.backtrack.it XSS PoC: http://localhost/webessence/webessence/oembed.php?url=http://google.com&id=alert'Backtrack|it'; In "url" variable is...

Samba 3.0.10 (OSX) - 'lsa_io_trans_names' Heap Overflow (Metasploit)

$Id: lsatransnamesheap.rb 9021 2010-04-05 23:34:10Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

Mandriva Update for dbus MDVA-2010:110 (dbus)

Check for the Version of dbus OpenVAS Vulnerability Test Mandriva Update for dbus MDVA-2010:110 dbus Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

KVM: Check cpl before emulating debug register access

The handledr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level CPL before accessing a debug register, which allows guest OS users to cause a denial of service trap on the host OS via a crafted application...

jdwp-version NSE Script

Detects the Java Debug Wire Protocol. This protocol is used by Java programs to be debugged via the network. It should not be open to the public Internet, as it does not provide any security against malicious attackers who can inject their own bytecode into the debugged process. Documentation for...

VariCAD 2010-2.05 EN - Local Buffer Overflow

/ Exploit Title: VariCAD 2010-2.05 EN Local buffer overflow : Date: 15 March 2010 Author: n00b Realname: carl cope Software Link: http://www.varicad.com/en/home/ Version: All versions are affected. Tested on: Windows xp sp3,Vista sp2,Linux unbuntu CVE : if exists...

VariCAD 2010-2.05 EN Local Buffer Overflow Vulnerability

Exploit for multiple platform in category local exploits ======================================================== VariCAD 2010-2.05 EN Local Buffer Overflow Vulnerability ======================================================== / Exploit Title: VariCAD 2010-2.05 EN Local buffer overflow : Date: 1...

KVM: Check cpl before emulating debug register access

The handledr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level CPL before accessing a debug register, which allows guest OS users to cause a denial of service trap on the host OS via a crafted application...

iPhone CSS::Selector Crash Exploit

!/usr/bin/python , dM MMr 4MMML . MMMMM. xf . "M6MMM .MM- Mh.. +MM5MMM .MMMM .MMM. .MMMMML. MMMMMh MMMh. MM5MMM MMMMMMM 3MMMMx. 'MMM3MMf xnMMMMMM" 'MMMMM MMMMMM. nMMMMMMP" MMMMMx "MMM5M\ .MMMMMMM= MMMMMh "MMMMM" JMMMMMMP MMMMMM GMMMM. dMMMMMM . MMMMMM "MMMM .MMMMM .nnMP" .. MMMMx MMM" dMMMM"...

iPhone WebCore::CSSSelector() Remote Crash Vulnerability

No description provided by source. !/usr/bin/python , dM MMr 4MMML . MMMMM. xf . "M6MMM .MM- Mh.. +MM5MMM .MMMM .MMM. .MMMMML. MMMMMh MMMh. MM5MMM MMMMMMM 3MMMMx. 'MMM3MMf xnMMMMMM" 'MMMMM MMMMMM. nMMMMMMP" MMMMMx "MMM5M\ .MMMMMMM= MMMMMh "MMMMM" JMMMMMMP MMMMMM GMMMM. dMMMMMM . MMMMMM "MMMM .MMM...

iPhone - 'WebCore::CSSSelector()' Remote Crash

!/usr/bin/python , dM MMr 4MMML . MMMMM. xf . "M6MMM .MM- Mh.. +MM5MMM .MMMM .MMM. .MMMMML. MMMMMh MMMh. MM5MMM MMMMMMM 3MMMMx. 'MMM3MMf xnMMMMMM" 'MMMMM MMMMMM. nMMMMMMP" MMMMMx "MMM5M\ .MMMMMMM= MMMMMh "MMMMM" JMMMMMMP MMMMMM GMMMM. dMMMMMM . MMMMMM "MMMM .MMMMM .nnMP" .. MMMMx MMM" dMMMM"...

iPhone WebCore::CSSSelector() Remote Crash Vulnerability

Exploit for unknown platform in category dos / poc ======================================================== iPhone WebCore::CSSSelector Remote Crash Vulnerability ======================================================== !/usr/bin/python , dM MMr 4MMML . MMMMM. xf . "M6MMM .MM- Mh.. +MM5MMM .MMMM...

Joomla! Component user_id com_sqlreport - Blind SQL Injection

============================================================================== »Joomla Component userid comsqlreport Blind SQL Injection Vulnerability ============================================================================== » Script: Joomla » Language: PHP » Founder: Snakespc...

kernel: megaraid_sas permissions in sysfs

The dbglvl file for the megaraidsas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the 1 behavior and 2 logging level of the driver by modifying this file...

Winamp v5.572 whatsnew.txt Local Buffer Overflow Exploit

No description provided by source. Tested on: WinXP SP3 De !/usr/bin/perl Still learning, having some fun... Greetz to -Sid- Roadkill Jess Dawn Linki Special greetz do Debug, even i dont know you. Nice find man. Exploit has something around 70% chance of success. print "\n\n"; print " Winamp 5.57...