Rising AntiVirus 2008/2009/2010 Local Privilege Escalation Exploit

RsNtGdi.sys not verify the Irp-UserBuffer address. Exploit code will restore all of the kernel SSDT hook Rising AntiVirus 2008 / 2009 / 2010 none include "stdafx.h" include "windows.h" enum SystemModuleInformation = 11 ; typedef struct ULONG Unknown1; ULONG Unknown2; PVOID Base; ULONG Size; ULONG...

squid proxy DoS

Crash on request or response headers parsing...

Yaws Denial Of Service

!usr/bin/perl -w Yaws before 1.80 allows remote attackers to cause a denial of service memory consumption and crash via a request with a large number of headers. Refer: http://yaws.hyber.org/ http://www.securityfocus.com/bid/33834/discuss...

Fedora Update for spamassassin FEDORA-2007-0390

Check for the Version of spamassassin OpenVAS Vulnerability Test Fedora Update for spamassassin FEDORA-2007-0390 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

BEA Weblogic Transfer-Encoding Buffer Overflow

This module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. This vulnerability exists in the error reporting for unknown Transfer-Encoding headers. You may have to run this twice due to timing issues with handlers. This module requires Metasploit:...

fetchmail -- potential crash in -v -v verbose mode

Matthias Andree reports: Gunter Nau reported fetchmail crashing on some messages; further debugging by Petr Uzel and Petr Cerny at Novell/SUSE Czech Republic dug up that this happened when fetchmail was trying to print, in -v -v verbose level, headers exceeding 2048 bytes. In this situation,...

Drake CMS <= 0.4.11 Remote Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ====================================================== Drake CMS gid 17. if '' === $gbname = in'gbname', SQL | NOHTML, $POST, '', 50 18. || '' === $gbemail = in'gbemail', SQL | NOHTML, $POST, '', 50 19. || !isemail$gbemail 20. 21...

CVE-2008-1648

Sympa before 5.4 allows remote attackers to cause a denial of service daemon crash via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. NOTE: some of these details are obtained from third party information...

Debian Security Advisory DSA 1007-1 (drupal)

The remote host is missing an update to drupal announced via advisory DSA 1007-1. The Drupal Security Team discovered several vulnerabilities in Drupal, a fully-featured content management and discussion engine. The Common Vulnerabilities and Exposures project identifies the following problems:...

Buffer overflow

Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier allow remote attackers to execute arbitrary code via 1 a reply that begins with a long version string, which triggers an overflow in handlertsppkt in rtsphandlers.c; long headers that trigger overflows in 2 sendpauserequest, 3...

SquirrelMail G/PGP Plugin deletekey() Command Injection Exploit

No description provided by source. !/usr/local/bin/ruby puts"http://backdoored.net\n" puts "SquirrelMail G/PG deletekey command injection exploit\n" puts "http://backdoored.net Visit Us\n" puts "Coded by Backdoored member. \n" puts "--------------------------------------------------\n" if ARGV0 =...

Opera use-after-free vulnerability

Memory is used after free on BitTorrent headers parsing...

Apple WebCore XMLHttpRequest fails to properly serialize headers into an HTTP request

Overview Apple WebCore fails to properly serialize headers into an HTTP request, which can cause a cross-domain security violation. Description Apple WebCore is one of the components of the WebKit web browser engine that is used by Safari, Dashboard, Mail, and other applications. WebCore provides...

Crlf injection

CRLF injection vulnerability in the FILTERVALIDATEEMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address...

Fedora Core 6 : tcpdump-3.9.4-10.fc6 (2007-347)

Thu Mar 15 2007 Miroslav Lichvar - 14:3.9.4-10.fc6 - fix buffer overflow in 802.11 printer 232349, CVE-2007-1218 - require /usr/sbin/sendmail 232363 - Fri Nov 17 2006 Miroslav Lichvar - 14:3.9.4-9 - fix processing of Prism and AVS headers 206686 - fix arp2ethers script - update ethercodes.dat -...

CVE-2006-6697

CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter...

CVE-2006-5864

Stack-based buffer overflow in the psgettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript PS file with certain headers that contain long comments, as demonstrated using the 1 DocumentMedia, 2...

CVE-2006-5453

Multiple cross-site scripting XSS vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via 1 page headers using the H1, H2, and H3 HTML tags in...

CVE-2006-2941

Removed by vendor...

FreeBSD : mailman -- Multiple Vulnerabilities (fffa9257-3c17-11db-86ab-00123ffe8333)

Secunia reports : Mailman can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS Denial of Service. 1 An error in the logging functionality can be exploited to inject a spoofed log message into the error log via a specially crafted URL. Successf...