J-Integra 2.11 - ActiveX SetIdentity() Buffer Overflow

J-Integra 2.11 - ActiveX SetIdentity Buffer Overflow //payload is windows/exec cmd=calc.exe shellcode = unescape '%uc931%ue983%ud9de%ud9ee%u2474%u5bf4%u7381%u3d13%u5e46%u8395'+ '%ufceb%uf4e2%uaec1%u951a%u463d%ud0d5%ucd01%u9022%u4745%u1eb1'+...

CVE-2010-3858

The setupargpages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIGSTACKGROWSDOWN is used, does not properly restrict the stack memory consumption of the 1 arguments and 2 environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of...

CVE-2010-4248

Race condition in the exitsignal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader...

Race condition

Race condition in the exitsignal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader...

Sql injection

The setupargpages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIGSTACKGROWSDOWN is used, does not properly restrict the stack memory consumption of the 1 arguments and 2 environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of...

CVE-2010-4248

Race condition in the exitsignal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader...

CVE-2010-3858

The setupargpages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIGSTACKGROWSDOWN is used, does not properly restrict the stack memory consumption of the 1 arguments and 2 environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of...

CVE-2010-3858

CVE-2010-3858 is a Linux kernel vulnerability described in MiracleLinux advisories as affecting fs/exec.c with CONFIG_STACK_GROWSDOWN. On 64-bit platforms, for 32-bit applications, the setup_arg_pages function does not properly constrain stack usage of arguments and environment, enabling local us...

CVE-2010-3858

The setupargpages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIGSTACKGROWSDOWN is used, does not properly restrict the stack memory consumption of the 1 arguments and 2 environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of...

PT-2010-5122 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.36 Description: The issue is related to the setup arg pages function in fs/exec.c, which does not properly restrict stack memory consumption for 32-bit applications on 64-bit platforms when CONFIG STACK...

WU-FTPD - Site EXEC/INDEX Format String (Metasploit)

$Id: wuftpdsiteexecformat.rb 11166 2010-11-30 00:16:53Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Axis2 / SAP BusinessObjects dswsbobje Upload Exec

$Id: axis2deployer.rb 11046 2010-11-15 05:12:48Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

kernel: DoS on x86_64

The loadelfbinary function in fs/binfmtelf.c in the Linux kernel before 2.6.32.8 on the x8664 platform does not ensure that the ELF interpreter is available before a call to the SETPERSONALITY macro, which allows local users to cause a denial of service system crash via a 32-bit application that...

Audiotran 1.4.2.4 SEH Overflow Exploit

Exploit for windows platform in category local exploits ====================================== Audiotran 1.4.2.4 SEH Overflow Exploit ====================================== Audiotran 1.4.2.4 SEH Overflow Exploit 0 day Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Web -...

Fedora 13 : libHX-3.6-1.fc13 / pam_mount-2.5-1.fc13 (2010-13127)

Update to libHX 3.6 fixing a buffer overflow in HXsplit: http://libhx.gi t.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commitdiff;h=904a46f9 0d pammount v2.5 August 10 2010 =============================== Changes: - mount.crypt: fix incorrect processing of binary files in keyfile passthrough -...

Microsoft Word Record Parsing Buffer Overflow

MS Word Record Parsing Buffer OverflowMS-09-027 Vulnerble application MS office 2003 Tested on XP SP2 - MS Ofice 2003 v. 11.5604.5606 Bug Found By Wushi of team509 Greets Villy, Abhishek Lyall and ASL IT SECURITY TEAM Author Abhishek Sahni - abhi00703atgmaildotcom, infoataslitsecuritydotcom Web -...

Microsoft Word - Record Parsing Buffer Overflow (MS09-027)

Microsoft Word - Record Parsing Buffer Overflow MS09-027 MS Word Record Parsing Buffer OverflowMS-09-027 Vulnerble application MS office 2003 Tested on XP SP2 - MS Ofice 2003 v. 11.5604.5606 Bug Found By Wushi of team509 !/usr/bin/python import sys import zlib windows/exec - CMD=calc.exe shellcod...

Servlet Exec 5.0p06 File Retrieval

Minded Security Labs: Advisory MSA260209 Servlet Exec Multiple Security Issues Tested Versions: Servlet Exec 5.0p06 on Microsoft IIS 6.0 Minded Security ReferenceID: MSA260209 Credits: Discovery by Stefano Di Paola and Giorgio Fedon of Minded Security Stefano Di Paola stefano.dipaola at...

WM Downloader 3.1.2.2 Buffer Overflow

$Id: wmdownloaderm3u.rb 9968 2010-08-07 00:51:52Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Symantec Backup Exec System Recovery Manager Unauthorized File Upload (CVE-2008-0457)

Symantec Backup Exec System Recovery Manager is a complete, disk-based system recovery solution for Microsoft Windows based servers, desktops, and laptops that allows businesses to recover from system loss or disasters. A file upload vulnerability exists in the Symantec Backup Exec System Recover...