PHP 5.4/5.5/5.6 - SplDoublyLinkedList 'Unserialize()' Use-After-Free

Yet Another Use After Free Vulnerability in unserialize with SplDoublyLinkedList Taoguang Chen - Write Date: 2015.8.27 Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with SplDoublyLinkedList object's deserialization and crafted object's wakeup magic method tha...

Microsoft Internet Explorer CVE-2014-4133 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Mozilla Firefox 3.6.16 - OBJECT mChannel Remote Code Execution (DEP Bypass) (Metasploit)

require 'msf/core' class Metasploit3 HttpClients::FF, :uaminver = "3.6.16", :uamaxver = "3.6.16", :osname = OperatingSystems::WINDOWS, :javascript = true, :rank = NormalRanking, def initializeinfo = superupdateinfoinfo, 'Name' = 'Mozilla Firefox 3.6.16 mChannel use after free Exploit',...

Microsoft Internet Explorer (Windows XP SP2) - VML Remote Buffer Overflow

Microsoft Internet Explorer Windows XP SP2 - VML Remote Buffer Overflow v: behavior: urlVMLRender; var heapSprayToAddress = 0x05050505; var payLoadCode =...

X.org: libXpm vulnerability

Background libXpm is a pixmap manipulation library for the X Window System, included in X.org. Description Chris Gilbert has discovered potentially exploitable buffer overflow cases in libXpm that weren't fixed in previous libXpm versions. Impact A carefully-crafted XPM file could crash X.org,...

Microsoft Internet Explorer Install Engine contains a buffer overflow vulnerability

Overview The Active Setup Install Engine in Microsoft Internet Explorer contains a buffer overflow vulnerability. This may allow an attacker to take complete control of a vulnerable system. Description The Active Setup Install Engine inseng.dll permits cabinet files to be launched and executed...

eSignal 7.6 - STREAMQUOTE Remote Buffer Overflow

eSignal 7.6 - STREAMQUOTE Remote Buffer Overflow !/usr/bin/perl eSignal v7.6 remote exploit c VizibleSoft == http://viziblesoft.com/insect 25-mAR-2004 use IO::Socket; sub usage die"\nUsage: perl $0 host port\n"; print "\r\neSignal v7.6 remote exploit, c VizibleSoft.com\r\n"; my $ip = $ARGV0 ||...

Epic Games Unreal Tournament Server 436.0 - Engine Remote Format String

Epic Games Unreal Tournament Server 436.0 - Engine Remote Format String source: https://www.securityfocus.com/bid/9840/info A format string vulnerability has been reported to exists in the Unreal Tournament server engine. This issue is due to a failure of the server application to properly saniti...

CesarFTP 0.99 g - Remote Username Buffer Overrun

CesarFTP 0.99 g - Remote Username Buffer Overrun source: https://www.securityfocus.com/bid/7946/info A buffer overrun vulnerability has been reported for CesarFTP. The problem is said to occur when multiple 'USER' commands are processed within a single session. When the issue is triggered, it may...

[EXPL] RealServer 8 Remote Buffer Overflow Vulnerability (Exploit, SETUP, RTSP)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion Beyond Security would like to welcome Tiscali World Online to our service provider team. For more info on their service offering IP-Secure,...

safemode-adv-nn.txt

==================================================================== Safemode.org security advisory: nn ==================================================================== Package: nn Version: 6.6.3 or prior Date: 28/06/2002 Issue: Remote format string Risk: High Credits: zillionatsafemode.org...