Telnetd encrypt_keyid: Remote Root function pointer overwrite

Exploit for linux platform in category remote exploits / telnetd-encryptkeyid.c Mon Dec 26 20:37:05 CET 2011 Copyright 2011 Jaime Penalba Estebanez NighterMan email protected - email protected Credits to batchdrake as always / / // / / / // /\ \ / / / / / \ / / / / / / // / / / / // / / / //,///...

TelnetD encrypt_keyid - Function Pointer Overwrite

/ telnetd-encryptkeyid.c Mon Dec 26 20:37:05 CET 2011 Copyright 2011 Jaime Penalba Estebanez NighterMan Copyright 2011 Gonzalo J. Carracedo BatchDrake [email protected] - [email protected] [email protected] - [email protected] / / // / / / // /\ \ / / / / / \ / / / / / / // / / / /...

CVE-2011-1508

CVE-2011-1508 affects Microsoft Publisher 2003 SP3 and Microsoft Publisher 2007 SP2/SP3. Root cause: PubConv.dll mishandles memory for function pointers during parsing of Publisher files, enabling a remote attacker to execute arbitrary code via a crafted Publisher file. The issue is tied to MS11-...

CVE-2011-1508

Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."...

[SECURITY] [DSA 2357-1] evince security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2357-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez December 03, 2011 http://www.debian.org/security/faq -...

PcVue 10.0 Function Pointer Overwrite

$Id: pcvuefunc.rb 13889 2011-10-12 10:57:31Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Microsoft Publisher 2007 Pubconv.dll内存破坏漏洞

CVE ID: CVE-2011-1508 Microsoft Publisher是微软公司发行的桌面出版应用软件。 Publisher 2007中存在输入验证错误，可被远程攻击者利用通过诱使用户在文档中插入特制的.pub文件执行任意代码。 通过修改.pub文件，可使pubconv.dll库复制很多文件内容到栈中，从而覆盖稍后执行的函数指针。 Microsoft Publisher 2007 12.0.6546.5000 厂商补丁： Microsoft --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

PcVue 10.0 SV.UIGrdCtrl.1 'LoadObject()/SaveObject()' Trusted DWORD Vulnerability

This module exploits a function pointer control within SVUIGrd.ocx of PcVue 10.0. By setting a dword value for the SaveObject or LoadObject, an attacker can overwrite a function pointer and execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...

PcVue 10.0 SV.UIGrdCtrl.1 'LoadObject()/SaveObject()' Trusted DWORD

Exploit for windows platform in category remote exploits $Id: pcvuefunc.rb 13889 2011-10-12 10:57:31Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on...

Sybase Adaptive Server Backup and Monitor Server Translation Array Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase Adaptive Server Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Sybase Backup and Monitor servers handle certain data in the...

Design/Logic Flaw

tftpserver.exe in HP Intelligent Management Center IMC 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a 1 large or 2 invalid opcode field, related to a function pointer table...

Design/Logic Flaw

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."...

CVE-2011-0980

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."...

(0Day) Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw occurs when parsing a document...

CVE-2010-3269

Multiple stack-based buffer overflows in the Cisco WebEx Recording Format WRF and Advanced Recording Format ARF Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execute arbitrary code via a crafted 1 .wrf or 2 .arf file, related to use of a function pointer in a...

Stack overflow

Multiple stack-based buffer overflows in the Cisco WebEx Recording Format WRF and Advanced Recording Format ARF Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execute arbitrary code via a crafted 1 .wrf or 2 .arf file, related to use of a function pointer in a...

CVE-2010-2743

The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, a...

Hardcoded credentials

The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, a...

Sybase Advantage Data Architect Heap Overflow

Exploit Title: Sybase Advantage Data Architect ".SQL" Format Heap Oveflow RCE Date: 2010-10-16 Author: d0lc3 @rmallof - http://elotrolad0.blogspot.com/ Software Link: http://www.sybase.com/products/databasemanagement/advantagedatabaseserver/data-architect-utility Version: 10.0 Tested on: Windows ...

Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...