Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1086-1)

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. CVE-2010-4075 Dan Rosenberg discovered that the socket filters did not correctly...

Ubuntu Update for linux vulnerabilities USN-1080-1

Ubuntu Update for Linux kernel vulnerabilities USN-1080-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10801.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for linux vulnerabilities USN-1080-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...

bo-blog任意变量覆盖漏洞

// go.php $qurl=$SERVER"REQUESTURI"; @list$relativePath, $rawURL=@explode'/go.php/', $qurl; $rewritedURL=$rawURL; // 来自$SERVER"REQUESTURI",可以任意提交的: ... $RewriteRules="/component/^/+/?/"; // 这个正则限制的不够细致,可以很轻易的绕过: ... $RedirectTo="page.php?pagealias=\1"; $i=0; foreach $RewriteRules as $rule if...

CVE-2011-0532

The 1 backup and restore scripts, 2 main initialization script, and 3 ldap-agent script in 389 Directory Server 1.2.x aka Red Hat Directory Server 8.2.x place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the...

Directory traversal

The 1 backup and restore scripts, 2 main initialization script, and 3 ldap-agent script in 389 Directory Server 1.2.x aka Red Hat Directory Server 8.2.x place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the...

PT-2011-2032 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Internet Explorer affected versions not specified Description: A remote code execution issue exists due to incorrect initialization or deletion of an object when accessed by Internet Explorer. An attacker can exploit this by creating a...

PT-2011-2033 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Internet Explorer affected versions not specified Description: A remote code execution issue exists due to incorrect initialization or deletion of an object when accessed by Internet Explorer. An attacker can exploit this by creating a...

CVE-2011-0636

The 1 cudaHostAlloc and 2 cuMemHostAlloc functions in the NVIDIA CUDA Toolkit 3.2 developer drivers for Linux 260.19.26, and possibly other versions, do not initialize pinned memory, which allows local users to read potentially sensitive memory, such as file fragments during read or write...

CVE-2011-0636

The CVE-2011-0636 entry/issue affects NVIDIA CUDA Toolkit 3.2 developer drivers for Linux (260.19.26) and possibly other versions, where the functions cudaHostAlloc and cuMemHostAlloc do not initialize pinned memory. This can allow local users to read potentially sensitive memory (e.g., file frag...

Design/Logic Flaw

net/packet/afpacket.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAPNETRAW capability to read copies of the applicable structures...

HP Photo Creative v 2.x audio.Record.1 ActiveX Control (ContentMan.dll 1.0.0.4272) Remote Stack Based Buffer Overflow poc

!-- HP Photo Creative v 2.x audio.Record.1 ActiveX Control ContentMan.dll 1.0.0.4272 Remote Stack Based Buffer Overflow poc by rgod tested against Windows Vista / IE 7 download url: http://www.hp.com/global/us/en/consumer/digitalphotography/free/software/photo-creations.html activex settings:...

HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Buffer Overflow

//add user one, user "sun" pass "tzu" shellcode = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u3749%u4949" + "%u4949%u4949%u4949%u4949%u4949%u4949%u5a51%u456a" + "%u5058%u4230%u4231%u6b41%u4141%u3255%u4241%u3241" + "%u4142%u4230%u5841%u3850%u4241%u6d75%u6b39%u494c" +...

HP Photo Creative 2.x Active-X Control Buffer Overflow

//add user one, user "sun" pass "tzu" shellcode = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u3749%u4949" + "%u4949%u4949%u4949%u4949%u4949%u4949%u5a51%u456a" + "%u5058%u4230%u4231%u6b41%u4141%u3255%u4241%u3241" + "%u4142%u4230%u5841%u3850%u4241%u6d75%u6b39%u494c" +...

Design/Logic Flaw

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device...

Ecava IntegraXor Remote ActiveX Buffer Overflow PoC

!/usr/bin/python intx.py Ecava IntegraXor Remote ActiveX Buffer Overflow PoC Jeremy Brown December 2010 There is a stack-based buffer overflow in IntegraXor that can be triggered by passing an overly large value to the "save" method of the IntegraXor.Project control located in igcomm.dll. This...

Ecava IntegraXor Remote - ActiveX Buffer Overflow (PoC)

!/usr/bin/python intx.py Ecava IntegraXor Remote ActiveX Buffer Overflow PoC Jeremy Brown December 2010 http://www.integraxor.com/ There is a stack-based buffer overflow in IntegraXor that can be triggered by passing an overly large value to the "save" method of the IntegraXor.Project control...

CVE-2010-0121

The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 does not properly perform initialization, which has unspecified impact and attack vectors...

Heap overflow

Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer...

CVE-2010-4389

Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer...

CVE-2010-0121

CVE-2010-0121 affects RealNetworks RealPlayer family (RealPlayer 11.x, RealPlayer SP 1.x, Mac RealPlayer 11.x–12.0.0.1444, Linux RealPlayer 11.0.2.1744). The vulnerability is in the RealAudio cook codec uninitialised memory during parsing, per NVD and Secunia Secunia Research advisory; impact is ...