Alphanumeric Shellcode Encoder Decoder

Alphanumeric Shellcode Encoder Decoder. Shellcode exploit for generator platform / ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// Alphanumeric Shellcode Encoder Decoder Copyright © 1985-2008 Avri Schneider - Aladdin Knowledg...

CVE-2008-3134

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service crash, infinite loop, or memory consumption via a unspecified vectors in the 1 AVI, 2 AVS, 3 DCM, 4 EPT, 5 FITS, 6 MTV, 7 PALM, 8 RLA, and 9 TGA decoder readers; and b the...

OpenLDAP denial-of-service flaw in ASN.1 decoder

liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams that trigger an assertion error...

GraphicsMagick多个拒绝服务漏洞

BUGTRAQ ID: 30055 GraphicsMagick是一个简单的图像处理工具。 GraphicsMagick的AVI、AVS、DCM、EPT、FITS、MTV、PALM、RLA和TGA解码器中存在多个漏洞，可能触发崩溃、分配过多内存或执行死循环。 GraphicsMagick的magick/image.c文件中的GetImageCharacteristics函数中存在漏洞，如果用户受骗打开了特制的PNG、JPEG、BMP或TIFF文件的话，就会导致崩溃。 GraphicsMagick Group GraphicsMagick 1.2.3 GraphicsMagick Grou...

DUC NO-IP Local Password Information Disclosure Vulnerability

/ DUC NO-IP Local Password Information Disclosure Authors: Charalambous Glafkos George Nicolaou Date: March 11, 2008 Site: http://www.astalavista.com Mail: [email protected] [email protected] Synopsis: DUC NO-IP is prone to an information disclosure vulnerability due to a design error...

No-IP DUC Client for Windows - Local Information Disclosure

No-IP DUC Client for Windows - Local Information Disclosure source: https://www.securityfocus.com/bid/29758/info The DUC application for No-IP is prone to a local information-disclosure vulnerability when it is running on Microsoft Windows. Successfully exploiting this issue allows attackers to...

CVE-2008-0011

Microsoft DirectX contains two CVEs (CVE-2008-0011 and CVE-2008-1444) related to MJPEG and SAMI parsing, enabling remote code execution when a user opens specially crafted AVI/ASF/SAMI files. Affected products span DirectX components on Windows XP SP2/SP3, Server 2003, Windows Vista, and Windows ...

Linux Kernel BER解码缓冲区溢出漏洞

BUGTRAQ ID: 29589 CVECAN ID: CVE-2008-1673 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的cifs和ipnatsnmpbasic模块中的ASN.1 BER解码器没有正确地计算缓冲区大小，如果远程攻击者向有漏洞的系统发送了特制的BER编码数据的话，就可以触发缓冲区溢出，导致拒绝服务或执行任意指令。 Linux kernel 2.6.x Linux kernel 2.4.x Debian ------ Debian已经为此发布了一个安全公告（DSA-1592-2）以及相应补丁: DSA-1592-2：N...

VLC媒体播放器MP及Cinepak解码器缓冲区溢出漏洞

BUGTRAQ ID: 28904,28903 CVECAN ID: CVE-2008-1769,CVE-2008-1768 VLC Media Player是一款免费的媒体播放器。 VLC处理畸形格式的媒体文件时存在漏洞，如果用户受骗使用VLC播放器打开了特制的媒体文件或流媒体的话，就会在MP4和Cinepak解码器模块中触发缓冲区溢出，导致拒绝服务或执行任意指令。 VideoLAN VLC Media Player 0.8.6e Gentoo ------ Gentoo已经为此发布了一个安全公告（GLSA-200804-25）以及相应补丁: GLSA-200804-25：VLC:...

Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / current : xine-lib (SSA:2008-111-01)

New xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues. An overflow was found in the Speex decoder that could lead to a crash or possible execution of arbitrary code. Xine-lib = 1.1.12 was also found to be vulnerable to a stack-based...

USN-582-2: Thunderbird regression

USN-582-1 fixed several vulnerabilities in Thunderbird. The upstream fixes were incomplete, and after performing certain actions Thunderbird would crash due to memory errors. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that...

Android软件开发工具包BMP文件处理整数溢出漏洞

BUGTRAQ ID: 28006 CVECAN ID: CVE-2008-0986 Android是Google通过Open Handset Alliance发起的项目，用于为移动设备提供完整的软件集，包括操作系统、中间件等。 Android SDK的libsgl.so库中的BMP::readFromStreamStream , ImageDecoder::Mode方式在解析BMP图形文件头时存在整数溢出漏洞，远程攻击者可能利用此漏洞控制用户设备。 如果BMP文件头的offset字段值为负数且Bitmap Information部分（DIB头）指定了8...

Mozilla Foundation Security Advisory 2008-07

Mozilla Foundation Security Advisory 2008-07 Title: Possible information disclosure in BMP decoder Impact: Moderate Announced: February 19, 2008 Reporter: Gynvael Coldwind // Vexillium Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.12 Thunderbird 2.0.0.12 SeaMonkey 1.1.8...

Possible information disclosure in BMP decoder — Mozilla

Security researcher Gynvael Coldwind of Vexillium crediting help from udevd and porneL demonstrated that BMP images could be used to reveal small chunks of uninitialized memory that might contain sensitive data from other pages or other programs, and that this data could be extracted from the ima...

Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-576-1)

Various flaws were discovered in the browser and JavaScript engine. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. CVE-2008-0412, CVE-2008-0413 Flaws were discovered in the file upload form control. A malicious website...

Mozilla information disclosure flaw

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a craft...

USN-576-1: Firefox vulnerabilities

Various flaws were discovered in the browser and JavaScript engine. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. CVE-2008-0412, CVE-2008-0413 Flaws were discovered in the file upload form control. A malicious website...

Debian Security Advisory DSA 1260-1 (imagemagick)

The remote host is missing an update to imagemagick announced via advisory DSA 1260-1. Vladimir Nadvornik discovered that the fix for a vulnerability in the PALM decoder of Imagemagick, a collection of image manipulation programs, was ineffective. To avoid confusion a new CVE ID has been assigned...

Debian Security Advisory DSA 1171-1 (ethereal)

The remote host is missing an update to ethereal announced via advisory DSA 1171-1. Several remote vulnerabilities have been discovered in the Ethereal network scanner, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following...

Debian Security Advisory DSA 657-1 (xine-lib)

The remote host is missing an update to xine-lib announced via advisory DSA 657-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...