NetGear wireless driver fails to properly process specially-crafted 802.11 management frames

Overview A buffer overflow vulnerability exists in the Netgear WG311ND5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The WG311ND5.SYS driver is a wireless 802.11g device driv...

NetGear wireless driver fails to properly process certain 802.11 management frames

Overview A buffer overflow vulnerability has been reported in the Netgear WG111v2.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The WG111v2.SYS driver is a wireless 802.11...

Apple Airport 802.11 Probe Response Kernel Memory Corruption PoC

No description provided by source. A proof-of-concept exploit has been added to the Metasploit Framework 3.0 source tree: msf use auxiliary/dos/wireless/daringphucball require 'msf/core' module Msf class Auxiliary::Dos::Wireless::DaringPhucball Msf::Auxiliary include Exploit::Lorcon def...

CVE-2006-3509

Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service crash or execute arbitrary code in third-party wireless software that uses the API via crafted frames...

CVE-2006-3509

Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service crash or execute arbitrary code in third-party wireless software that uses the API via crafted frames...

AirPort Update 2006-001 / Security Update 2006-005

The remote host is missing a security update regarding the drivers of the AirPort wireless card. An attacker in the proximity of the target host may exploit this flaw by sending malformed 802.11 frames to the remote host and cause a stack overflow resulting in a crash of arbitrary code execution...

Intel PRO/Wireless 2100 Network Connection Driver Local Privilege Escalation Vulnerability

The remote host is running a version of Intel Wireless/PRO 2100 driver that is fails to properly handle certain malformed frames. A local attacker may exploit this flaw to elevate his privileges SYSTEM on the remote host. To exploit this flaw, an attacker would need to send a specially crafted...

security flaw

Cross-site scripting XSS vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into 1 performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or 2 selecting "Show on...

: Asterisk PBX truncated video frame vulnerability

Advisory ID Internal CORE-2006-0330 Date Published : 2006-06-09 Last Update : 2006-06-09 Advisory ID : CORE-2006-0330 Bugtraq ID : 18295 CVE Name : CVE-2006-2898 Title : Asterisk PBX truncated video frame vulnerability Class : Input Validation Error Remotely Exploitable : Yes Locally Exploitable ...

IAXclient truncated frames vulnerabilities

Advisory ID Internal CORE-2006-0327 Date Published: 2006-06-09 Last Update: 2006-06-09 Advisory ID: CORE-2006-0327 Bugtraq ID: 18307 CVE Name: CVE-2006-2923 Title: IAXclient truncated frames vulnerabilities Class: Input Validation Error Remotely Exploitable: Yes Locally Exploitable: Yes Vendors...

DEBIAN-CVE-2006-2898

The IAX2 channel driver chaniax2 for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service crash and execute arbitrary code via truncated IAX 2 IAX2 video frames, which bypasses a length check and leads to a buffer overflow involving negative...

CVE-2006-2898

The IAX2 channel driver chaniax2 for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service crash and execute arbitrary code via truncated IAX 2 IAX2 video frames, which bypasses a length check and leads to a buffer overflow involving negative...

security flaw

Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets...

[Full-disclosure] Advisory 03/2006: KisMAC Cisco Vendor Tag Encapsulated SSID Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Happy PPC Hacking Project www.hardened-php.net -= Security Advisory =- Advisory: KisMAC Cisco Vendor Tag Encapsulated SSID Overflow Release Date: 2006/03/23 Last Modified: 2006/03/23 Author: Stefan Esser [email protected] Application: KisMAC dev...

FreeBSD IEEE 802.11 wireless network buffer overflow

Buffer overflow on parsing IEEE 802.11 control frames...

CVE-2006-0226

Integer overflow in IEEE 802.11 network subsystem ieee80211ioctl.c in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted 1 beacon or 2 probe response frames...

PT-2005-4562 · Smartppc · Smartppc Pro

Name of the Vulnerable Software and Affected Versions: SmartPPC Pro affected versions not specified Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via t...

namesXSS.txt

names.co.uk is an English registrar and web hosting company. Their frames-based hosting option has an XSS vulnerability allowing injection of arbitrary Javascript. For example: http://www.weddingbiz.co.uk/%22%3E%3Cframe%20src%3D%22javascript%3Aalert%281%29%22%20 According to webhosting.info,...

CVE-2005-3272

Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets...

CVE-2005-3272

Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets...