266 matches found
Return-into-libc attack and Defense-bug warning-the black bar safety net
This article first analyzes the return-into-libc attack principle, were introduced in different platforms for the traditional return-into-libc attack of the experimental process and results. Then, this paper further introduces and explains the return-oriented programming attacks, this attack can...
Mac OS X <= 10.4.7 fetchmail Privilege Escalation Exploit (x86)
No description provided by source. !/usr/bin/perl getpwnedmail.pl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom This is a canibalized version of Kansas City POP Daemon Version 0.0 - Copyright c 1999 David Nicol [email protected] kevin-finisterres-mac-mini:...
LHA 1.x Multiple extract_one Buffer Overflow Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/10354/info LHA has been reported prone to multiple vulnerabilities that may allow a malicious archive to execute arbitrary code or corrupt arbitrary files when the archive is operated on. These issues are triggered in the...
Oracle Java 6 OBJECT tag "launchjnlp"/"docbase" Param Buffer Overflow Exploit
No description provided by source. Source: http://code.google.com/p/skylined/issues/detail?id=23 SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS ,dSSSSSSSSSSSS SSSS ,dSSY' SSSS SSSS SSSS SSSS SSSSb, SSSS ,dSSSSSSSSSSSS SSSSSSSSSSSSb,...
MySQL 3.23.x mysqld Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7052/info A vulnerability has been discovered for MySQL that may allow the mysqld service to start with elevated privileges. An attacker can exploit this vulnerability by creating a DATADIR/my.cnf that includes the line...
UBUNTU-CVE-2014-1720
Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes...
Srun3000计费系统 注入漏洞2
简要描述: Srun3000计费系统 注入漏洞2 详细说明: /srun3/srun/web/douser.php case "checkip": $user-userip=$POST"userip";//注入变量 $user-userloginname=$POST"userloginname"; if$user-checkUserIp//直接注入 echo "ok"; exit; break; function checkUserIp $sql = "SELECT COUNT FROM user WHERE userip='".$this-userip."' OR...
CVE-2013-4349
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4540. Reason: This candidate was MERGED into CVE-2012-4540, since it was later discovered that it affected an additional version, but it does not constitute a regression error. Notes: All CVE users should reference...
CVE-2013-4257
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4256. Reason: This issue was MERGED into CVE-2013-4256 because it is the same type of vulnerability. Notes: All CVE users should reference CVE-2013-4256 instead of this candidate. All references and descriptions in this...
php: xml_parse_into_struct buffer overflow when parsing deeply nested XML
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the xmlparseintostruct function...
Fedora Update for pl FEDORA-2013-0211
Check for the Version of pl OpenVAS Vulnerability Test Fedora Update for pl FEDORA-2013-0211 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of the...
vBulletin vBay 11.9 SQL Injection
!/usr/bin/env python -W ignore::DeprecationWarning """ VBay input variable "type" being assigned with the datatype NOHTML. Using this data type allows malicious attacks to still be executed. At line 448, it is used within the insert into statement, without any sanitization. POC - You will need to...
Sony PlayStation 3 hacked with custom firmware
The PlayStation 3 has been hacked before, originally with the PSJailbreak dongle and fail0verflow, but Sony managed to fight back with Firmware 3.60 which managed to ingeniously re-secure the console. But Hackers have released a custom firmware which allows compromised consoles to log into PSN,...
CVE-2012-2800
Unspecified vulnerability in the ffiviprocessemptytile function in libavcodec/ivicommon.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small...
CVE-2012-2800
Unspecified vulnerability in the ffiviprocessemptytile function in libavcodec/ivicommon.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small...
myBloggie 2.1.6 SQL Injection
myBloggie 2.1.6 SQL-Injection, Advanced INSERT INTO Injection technique Software: myBloggie 2.1.6 Severity: High Author: Robin Verton Date: Jun. 12 2011 Vendor: http://mybloggie.mywebland.com/ Software Description: "myBloggie is considered one of the most simple, user-friendliest yet packed with...
DEBIAN-CVE-2009-5056
Open Ticket Request System OTRS before 2.4.0-beta2 does not properly enforce the moveinto permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-ticket...
CVE-2009-5056
Open Ticket Request System OTRS before 2.4.0-beta2 does not properly enforce the moveinto permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-ticket...
Fedora Update for chm2pdf FEDORA-2011-0454
Check for the Version of chm2pdf OpenVAS Vulnerability Test Fedora Update for chm2pdf FEDORA-2011-0454 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
ProFTPD IAC Remote Root Exploit
Exploit Title: ProFTPD IAC Remote Root Exploit Date: 7 November 2010 Author: Kingcope use IO::Socket; $numtargets = 13; @targets = Plain Stack Smashing Confirmed to work "FreeBSD 8.1 i386, ProFTPD 1.3.3a Server binary", PLATFORM SPEC "FreeBSD", OPERATING SYSTEM 0, EXPLOIT STYLE 0xbfbfe000, OFFSET...