Hacker Finds a Way to Exploit PDF Files, Without Vulnerability

SEE: Updated report with response from Adobe and FoxIt Software A security researcher has managed to create a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities. The PDF hack, when combined with clever social engineering techniques, coul...

JITed egg-hunter stage-0 shellcode

No description provided by source. // JITed egg-hunter stage-0 shellcode // Permanent DEP bypass // // By Alexey Sintsov // [email protected] // [email protected] // // DSecRG - Digital Security Research Group dsecrg.com// // // TAG=3135330731353307 // its mean 0x07333531 twice! // // // This versi...

Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability

CVE:CVE-2009-3376 Mozilla Firefox and SeaMonkey are prone to a spoofing vulnerability. Attackers can exploit this issue to spoof the filenames displayed in the download dialog box and trick a user into downloading executable files. NOTE: This issue was previously covered in BID 36843 Mozilla...

Bournal Version Detection

This script finds the Bournal installed version. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2006-1 : sudo - several vulnerabilities

Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0426 It was discovered that sudo when a pseudo-command is enabled,...

[SECURITY] [DSA 2006-1] New sudo packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-2006-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano March 02, 2010 http://www.debian.org/security/faq -...

DSA-2006-1 sudo - several vulnerabilities

Bulletin has no description...

Mandriva Update for sudo MDVSA-2010:049 (sudo)

Check for the Version of sudo OpenVAS Vulnerability Test Mandriva Update for sudo MDVSA-2010:049 sudo Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Portable Executable (PE) 16-bit File (CVE-2010-0232; CVE-2011-2003)

An elevation of privilege vulnerability exists in the Windows Kernel due to the way the kernel handles certain exceptions. The Windows Kernel is the core of the operating system. It provides system level services such as device management and memory management, allocates processor time to...

Mandriva Linux Security Advisory : sudo (MDVSA-2010:049)

A vulnerability has been found and corrected in sudo : sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain...

DEBIAN-CVE-2010-0426

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...

CVE-2010-0426

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...

CVE-2010-0426

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...

CVE-2010-0426

CVE-2010-0426 affects sudo 1.6.x < 1.6.9p21 and 1.7.x

CVE-2010-0426

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...

America Online ICQ ActiveX Control DownloadAgent Function Code Execution (CVE-2006-5650)

The AOL ICQ product is a messaging application widely used by home users and in small to medium size companies. The messenger application ships with various extra features in addition to its regular function of text message exchanges. One such feature introduced in the ICQ clients is the ability ...

CVE-2010-0366

Multiple unrestricted file upload vulnerabilities in 1 register.php and 2 addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a...

CVE-2010-0366

Multiple unrestricted file upload vulnerabilities in 1 register.php and 2 addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a...

Panda Global Protection / Panda Internet Security weak security permissions

Weak permissions for executable files...

Critical PowerDNS Recursor Security Vulnerabilities: please upgrade ASAP to 3.1.7.2

Dear PowerDNS Users, Two major vulnerabilities have recently been discovered in the PowerDNS Recursor all versions up to and including 3.1.7.1. Over the past two weeks, these vulnerabilities have been addressed, resulting in PowerDNS Recursor 3.1.7.2. Given the nature and magnitude of these...