Internet Bug Bounty: Heap overflow in H. Spencer’s regex library on 32 bit systems

The IBB's programs provide a great incentive for me to find vulnerabilities in open source software. With this one I set out to find a vulnerability in PHP and discovered that the vulnerability that I found exists in a wider constellation of applications, including BSD libc's. IBB's Alex Rice's...

Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Overview A regular expressions C library originally written by Henry Spencer is vulnerable to a heap overflow in some circumstances. Description CWE-122: Heap-based Buffer Overflow From the researcher, the variable len that holds the length of a regular expression string is "enlarged to such an...

winAUTOPWN v2.7 – Windows Autohacking Tool

winAUTOPWN v2.7 – Windows Autohacking Tool This version covers almost all remote exploits up-till mid-July 2011 and a few older ones as well. This version incorporates a few new commandline parameters: -perlrevshURL for a PERL Reverse Shell URL, – mailFROM smtpsender and -mailTO smtpreceiver. The...

Preemptive Protection against Multiple Vendors OPIE Off-by-one Stack Buffer Overflow Vulnerability

A stack buffer overflow vulnerability has been reported in OPIE. OPIE, "One time Passwords In Everything", is a login and password package installed on the server and the client, which makes untrusted networks safer against password-sniffing packet analysis software. OPIE is shipped with DragonFl...

ntpd autokey stack buffer overflow

Overview ntpd contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system or create a denial of service. Description NTP Network Time Protocol is a method by which client machines can synchronize the local date and time wit...