PT-2012-1162 · Openjpeg +3 · Openjpeg +3

Name of the Vulnerable Software and Affected Versions: OpenJPEG versions 1.3 through 1.5 Description: The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image. This is due to the tcd free encode function...

Debian DSA-2445-1 : typo3-src - several vulnerabilities

Several remote vulnerabilities have been discovered in the TYPO3 web content management framework : - CVE-2012-1606 Failing to properly HTML-encode user input in several places, the TYPO3 backend is susceptible to Cross-Site Scripting. A valid backend user is required to exploit these...

Sysax Multi Server 5.50 Create Folder Buffer Overflow

Title: Sysax Multi Server 5.50 Create Folder Remote Code Exec BoF MSF Module Author: Craig Freyman @cd1zz Tested on: XP SP3 32bit and Server 2003 SP2 32bitNo DEP Notes: My original exploit = http://www.exploit-db.com/exploits/18382/ did not automate the SID gathering process, but this one does...

Mandriva Linux Security Advisory : perl (MDVSA-2012:008)

Multiple vulnerabilities has been found and corrected in perl : Off-by-one error in the decodexs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service memory corruption via a crafted...

Strawberry Perl Modules Multiple Vulnerabilities - Windows

Strawberry Perl is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2011-2939

Off-by-one error in the decodexs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service memory corruption via a crafted Unicode string, which triggers a heap-based buffer overflow...

CVE-2011-2939

CVE-2011-2939 refers to an off-by-one error in the Decode_xs function of the Encode module prior to 2.44, used with Perl before 5.15.6. The flaw can allow context-dependent attackers to trigger a heap-based buffer overflow in a crafted Unicode string, potentially enabling a denial of service due ...

CVE-2011-2939

Off-by-one error in the decodexs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service memory corruption via a crafted Unicode string, which triggers a heap-based buffer overflow...

CVE-2011-2939

Off-by-one error in the decodexs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service memory corruption via a crafted Unicode string, which triggers a heap-based buffer overflow...

UBUNTU-CVE-2011-4324

The encodeshareaccess function in fs/nfs/nfs4xdr.c in the Linux kernel before 2.6.29 allows local users to cause a denial of service BUG and system crash by using the mknod system call with a pathname on an NFSv4 filesystem...

PT-2012-1860 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.29 Description: The issue allows local users to cause a denial of service, resulting in a system crash, by utilizing the mknod system call with a pathname on an NFSv4 filesystem. This is due to a problem in...

TFTP Server 1.4 - ST 'RRQ' Remote Buffer Overflow

!/usr/bin/python --------------------------------------------------------------------------- Exploit: TFTP SERVER V1.4 ST RRQ Overflow OS: Windows XP PRO SP3 Author: b33f --------------------------------------------------------------------------- Smashing the stack for fun and practise... This tf...

linux/x86 shellcode - setuid(0)+setgid(0)+add user iph without password - 124 bytes

/ Exploit Title: Linux/x86 Polymorphic ShellCode - setuid0+setgid0+add user 'iph' without password to /etc/passwd setuid - setgid - open - write - close - exit Date: 30/12/2011 Author: pentesters.ir Tested on: Linux x86 - CentOS 6.0 - 2.6.32-71 Website: http://pentesters.ir/ Contact:...

Artmedic Web Design Php Source Read

Exploit for php platform in category web applications Exploit Title: Artmedic Web Design Php Source Read Date: 23/12/2011 - 08:30 Author: Nafsh Site: Cyberwh.org Mail: email protected Software Website: http://www.artmedic.de/ Tested On: BackTrack 5 - Win7 Ultimate - Xp Platform: Php $ Dorks: "lin...

Tencent RTX upload arbitrary files and fixes-vulnerability warning-the black bar safety net

Install the RTX after the open IP:8 0 1 2 site Tencent RTX exist UserPhoto/photoUpload. php arbitrary file upload vulnerability Detailed description: Simple as a post form to upload $useraccount = $POST'useraccount'; $filename = $POST"filename"; $filedata = $POST"filedata"; Without any filtering...

Dolibarr 3.1.0 RC Cross Site Scripting / SQL Injection

Vulnerability ID: HTB23056 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesindolibarr.html Product: Dolibarr Vendor: Dolibarr foundation http://www.dolibarr.org/ Vulnerable Version: 3.1.0 RC and probably prior Tested Version: 3.1.0 RC Vendor Notification: 02 November 2011...

Perl decode_xs heap-based buffer overflow

Off-by-one error in the decodexs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service memory corruption via a crafted Unicode string, which triggers a heap-based buffer overflow...

PT-2012-1219 · Perl +1 · Encode +2

Name of the Vulnerable Software and Affected Versions: Encode module versions prior to 2.44 Perl versions prior to 5.15.6 Description: The issue is related to an off-by-one error in the decode xs function, which can lead to a denial of service due to memory corruption. This is caused by a...

Perl "decode_xs()"和"File::Glob::bsd_glob()"远程代码执行漏洞

BUGTRAQ ID: 49858 CVE ID: CVE-2011-2728,CVE-2011-2939 Perl是一种高级、通用、直译式、动态的程序语言。 Perl的"decodexs"和"File::Glob::bsdglob"函数在实现上存在远程代码执行漏洞，远程攻击者可利用此漏洞执行任意代码。 1）在处理GLOBALTDIRFUNC旗标时，"File::Glob::bsdglob"函数中存在的错误可被利用造成非法访问和执行任意代码。 2）Encode中的"decodexs"函数中的错误可通过特制输入造成堆缓冲区溢出。 Perl 5.14.1 厂商补丁： Perl ----...

Implement salting of user passwords

Salting and Hashing of user passwords will require us to provide an upgrade path for users since all existing passwords will become invalid. This change should use the atlassian-security password encode library SEC-1...