Gear Software CD DVD Filter driver privilege escalation vulnerability

Overview The Gear Software CD DVD Filter driver contains a privilege escalation vulnerability, which can allow an attacker to gain SYSTEM privileges. Description Gear Software provides a driver called CD DVD Filter, which is provided by GEARAspiWDM.sys. This driver is used by multiple CD/DVD...

mIRC 6.34 - Remote Buffer Overflow

mIRC 6.34 - Remote Buffer Overflow !/usr/bin/perl mIRC 6.34 Remote Buffer Overflow Exploit Exploit by SkD skdrat hotmail com ---------------------------------------- A day's work of debugging and looking at mIRC. Tested on Windows XP SP3 English and Windows Vista SP0. Credits to securfrog for...

GdPicture Pro - ActiveX gdpicture4s.ocx File Overwrite Exec

GdPicture Pro - ActiveX gdpicture4s.ocx File Overwrite Exec var cmd = "cmd /c net user test test /add & net localgroup Administrators test /add"; var outFile = "c:\windows\pchealth\helpctr\system\errors\badurl.htm"; var BMP = "\x42\x4d\x4...

Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability

Description Microsoft GDI+ is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files. Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the...

Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly parses GIF image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may...

Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability

Description Microsoft GDI+ is prone to a heap-based buffer-overflow vulnerability because the vector graphics link library improperly processes gradient sizes. Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute arbitrary code in the context of the...

Microsoft Organization Chart 2 - Remote Code Execution

Microsoft Organization Chart 2 - Remote Code Execution source: https://www.securityfocus.com/bid/31059/info Microsoft Organization Chart is prone to a remote code-execution vulnerability because of a memory-access violation. Remote attackers can exploit this issue by enticing victims into opening...

FlashGet 1.9.0.1012 (FTP PWD Response) BOF Exploit (safeseh)

No description provided by source. !/usr/bin/perl ksOSe 08/17/2008 bypass safeseh using flash9f.ocx. use warnings; use strict; use IO::Socket; win32exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com my $shellcode =...

Veritas Backup Exec Remote File Access Exploit (windows)

No description provided by source. This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artisti...

Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit

Exploit for unknown platform in category remote exploits =================================================================== Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit =================================================================== // Bea Weblogic -- Apache Connector...

Solaris Runtime Linker (ld.so.1) Buffer Overflow Exploit (SPARC version)

No description provided by source. / ld.so.1 exploit SPARC coded by: osker178 bjr213 psu.edu Alright, so this exploits a fairly standard buffer overflow in the default Solaris runtime linker ld.so.1 discovery by Jouko Pynnonen Only real deviation here from the standard overflow and return into li...

Thelia 1.3.5 - Multiple Vulnerabilities

!/usr/bin/php | | URL: http://blackh.free.fr - http://blackh.eu | ======================================================================== | $system $argv0 -url -a -n -f | | Notes: -url ex: http://victim.com/site/ | | -a 1 : Validate Command without Payment | | -n Commmand number ex: CDE5627JOC |...

NASM 2.0 - 'ppscan()' Off-by-One Buffer Overflow

source: https://www.securityfocus.com/bid/29656/info NASM is prone to an off-by-one buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue will allow attackers to execute arbitrary code within the...

[SECURITY] [DSA 1597-1] New mt-daapd packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1597-1 [email protected] http://www.debian.org/security/ Devin Carraway June 12, 2008 http://www.debian.org/security/faq -...

Directory traversal

Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2008-2512

Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2008-2512

Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2008-2512

CVE-2008-2512 is a directory-traversal vulnerability in Symantec Backup Exec System Recovery Manager (BESR) (7.x before 7.0.4 and 8.x before 8.0.2). A remote, unauthenticated attacker can exploit an inadequate sanitization in the Tomcat-based servlet (reportsfile) to read arbitrary files on the a...

Symantec Backup Exec系统还原管理器目录遍历漏洞

BUGTRAQ ID: 29350 CVECAN ID: CVE-2008-0457 Symantec Backup Exec是一款全面的数据备份解决方案。 Symantec Backup Exec处理用户请求存在输入验证漏洞，网络攻击者可以利用此漏洞遍历目录读取特权文件或非授权访问目标系统。 Symantec Backup Exec System Recovery Manager 8.x Symantec Backup Exec System Recovery Manager 7.x Symantec -------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Symantec Backup Exec System Recovery Manager Traversal Arbitrary File Access

The remote host appears to be running Symantec Backup Exec System Recovery Manager, a backup manager solution. The Tomcat servlet 'reportsfile' included in the version of Backup Exec System Recovery Manager installed on the remote host fails to properly sanitize user input to the 'filename'...