Use-after-free and buffer overflow issues found using Address Sanitizer — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote...

Rockwell Automation FactoryTalk and RSLinx Vulnerabilities

OVERVIEW --------- Begin Update A Part 1 of 4 -------- This updated advisory is a follow-up to the original advisory titled ICSA-13-095-02 Rockwell Automation FactoryTalk and RSLinx Vulnerabilities that was published April 5, 2013, on the ICS-CERT Web page. --------- End Update A Part 1 of 4...

Wind River VxWorks SSH and Web Server and General Electric D20MX

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Wind River, General Electric Equipment: VxWorks, D20MX --------- Begin Update A Part 1 of 4 --------- Vulnerabilities: Improper Input Validation --------- End Update A Part 1 of 4 --------- 2...

Rockwell Automation FactoryTalk RNADiagReceiver

Overview This Updated Advisory is a follow-up to the original Advisory titled “ICSA-12-088-01 – Rockwell Automation FactoryTalk RNADiagReceiver DOS Vulnerabilities” that was published March 28, 2012 on the ICS-CERT web page. This advisory is a follow-up to ICS-CERT Alert...

Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2783534)

This host is missing a critical security update according to Microsoft Bulletin MS12-078. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Nagios Core 3.4.3 Buffer Overflow Vulnerability

Nagios Core version 3.4.3 suffers from a stack-based buffer overflow vulnerability in the history.cgi web interface. history.cgi is vulnerable to a buffer overflow due to the use of sprintf with user supplied data that has not been restricted in size. This vulnerability does not appear to be...

VLC Media Player 'swf'文件栈缓冲区溢出漏洞

BUGTRAQ ID: 56861 VLC Media Player是多媒体播放器（最初命名为VideoLAN客户端）是VideoLAN计划的多媒体播放器。 VLC media player 2.0.4及其他版本在处理恶意文件时没有正确进行边界检查，通过诱使受害者打开特制的SWF文件，远程攻击者可利用此漏洞使缓冲区溢出，在系统中执行任意代码或造成应用崩溃。 0 VLC Media Player 2.0.4 厂商补丁： VideoLAN -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

Sumatra 2.1.1/MuPDF 1.0 Integer Overflow

Exploit for windows platform in category dos / poc Sumatra 2.1.1/MuPDF 1.0 Integer Overflow ======================================= There is an integer overflow on the MuPDF in the lexnumber function which can be triggered using a corrupt PDF file with ObjStm. I'm attaching a file that reproduces...

SumatraPDF 2.1.1/MuPDF 1.0 - Integer Overflow

Sumatra 2.1.1/MuPDF 1.0 Integer Overflow ======================================= There is an integer overflow on the MuPDF in the lexnumber function which can be triggered using a corrupt PDF file with ObjStm. I'm attaching a file that reproduces the problem with the original unmodified file. The...

SumatraPDF 2.1.1MuPDF 1.0 - Integer Overflow

SumatraPDF 2.1.1MuPDF 1.0 - Integer Overflow Sumatra 2.1.1/MuPDF 1.0 Integer Overflow ======================================= There is an integer overflow on the MuPDF in the lexnumber function which can be triggered using a corrupt PDF file with ObjStm. I'm attaching a file that reproduces the...

VideoLAN VLC Media Player 2.0.4 - '.swf' Crash (PoC)

Title : VLC media player 2.0.4 buffer overflow POC Version : 2.0.4 Twoflower Date : 2012-12-06 Vendor : www.videolan.org/vlc/ Impact : Med/High Contact : coolkaveh at rocketmail.com Twitter : @coolkaveh tested : windows XP SP3 Author : coolkaveh VLC media player also known as VLC is a highly...

MySQL (Linux) - Stack Buffer Overrun (PoC)

MySQL Linux - Stack Buffer Overrun PoC !/usr/bin/perl =for comment MySQL Server exploitable stack based overrun Ver 5.5.19-log for Linux and below tested with Ver 5.1.53-log for suse-linux-gnu too unprivileged user any account anonymous account?, post auth as illustrated below the instruction...

Nagios XI Network Monitor 2011R1.9 SQL Injection Vulnerability

Nagios XI Network Monitor version 2011R1.9 suffers from a remote blind SQL injection vulnerability. ======= Summary ======= Name: Nagios XI Network Monitor - Blind SQL Injection Release Date: 30 November 2012 Reference: NGS00194 Discoverer: Daniel Compton Vendor: Nagios Vendor Reference: 0000282...

WordPress Plg Novana SQL Injection

Exploit Title : Wordpress plgnovana plugin Sql Injection Exploit Author : Ashiyane Digital Security Team Discovered By : sil3nt Home : www.ashiyane.org Security Risk : High - SQL Injection Dork : inurl:/plugins/plgnovana/novanadetail.php Expl0iTs :...

Microsoft Office OneNote 2010 - Crash (PoC)

Microsoft Office OneNote 2010 - Crash PoC Title : Microsoft Office OneNote 2010 WriteAV Vulnerability Version : Microsoft Office professional Plus 2010 Date : 2012-11-19 Vendor : http://office.microsoft.com Impact : Med/High Contact : coolkaveh at rocketmail.com Twitter : @coolkaveh tested : XP S...

Crash when combining SVG text on path with CSS — Mozilla

Security researcher Jonathan Stephens discovered that combining SVG text on a path with the setting of CSS properties could lead to a potentially exploitable crash...

Zoner Photo Studio 15 B3 Buffer Overflow

Title: ====== Zoner Photo Studio v15 b3 - Buffer Overflow Vulnerabilities Date: ===== 2012-11-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=759 VL-ID: ===== 759 Common Vulnerability Scoring System: ==================================== 4.5 Introduction: ============...

Zoner Photo Studio v15 b3 - Buffer Overflow Vulnerabilities

Document Title: =============== Zoner Photo Studio v15 b3 - Buffer Overflow Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=759 Release Date: ============= 2012-11-13 Vulnerability Laboratory ID VL-ID: ====================================...

GE Intelligent Platforms Proficy Real-Time Information Portal Directory Traversal

Overview ICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative ZDI. If exploited, this vulnerability could allow an attacker to create or overwrite a file on the system running Real-Time Information Portal. concerning a directory traversal vulnerability in the GE...

RealPlayer 15.0.6.14(.3g2) WriteAV Vulnerability

context-dependent Successful exploits can allow attackers to execute arbitrary code Title : RealPlayer 15.0.6.14.3g2 WriteAV Vulnerability Version : 15.0.6.14 Date : 2012-10-29 Vendor : http://www.real.com/ Impact : High Contact : coolkaveh at rocketmail.com Twitter : @coolkaveh tested : windows ...