136 matches found
No-CMS 0.6.6 rev 1 - Admin Account Hijacking / RCE Exploit via Static Encryption Key
Exploit for php platform in category web applications ?php / Static encryptionkey of No-CMS lead to Session Array Injection in order to hijack administrator account then you will be able for upload php files to server via theme/module upload. This exploit generates cookie for administrator access...
Critical: php
Issue Overview: The asn1timetotimet function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse 1 notBefore and 2 notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of...
SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6777)
This update fixes CVE-2011-1398 / CVE-2011-4388 header injection via CR. This update also changes the default configuration to use FilesMatch with 'SetHandler' rather than 'AddHandler' to protect weakly written web applications from content confusion. Since this is a hardening measure, no CVE was...
mcrypt <= 2.6.8 stack-based buffer overflow poc
Exploit for linux platform in category dos / poc !/usr/bin/env python mcrypt = 2.6.8 stack-based buffer overflow poc http://mcrypt.sourceforge.net/ the command line tool, not the library date: 2012-09-04 exploit author: ishikawa tested on: ubuntu 12.04.1 tech: it overflows in checkfilehead when...
mcrypt 2.5.8 Stack Based Overflow
!/usr/bin/perl Title : mcrypt ', $filename; print F $file; close F; sub buildfile magic $file .= "\x00m\x03"; flags $file .= pack'C', 1 6; algorithm $file .= "H@Ck3d\x00"; keysize $file .= pack'S', 0xdead; mode $file .= "h@cK3d\x00"; keymode $file .= "H@CK3D\x00"; sflags $file .= "\xff"; payload...
mcrypt 2.6.8 - Stack Buffer Overflow (PoC)
mcrypt 2.6.8 - Stack Buffer Overflow PoC !/usr/bin/env python mcrypt = 2.6.8 stack-based buffer overflow poc http://mcrypt.sourceforge.net/ the command line tool, not the library date: 2012-09-04 exploit author: ishikawa tested on: ubuntu 12.04.1 tech: it overflows in checkfilehead when decryptin...
mcrypt 2.5.8 - Local Stack Overflow
mcrypt 2.5.8 - Local Stack Overflow !/usr/bin/perl Title : mcrypt ', $filename; print F $file; close F; sub buildfile magic $file .= "\x00m\x03"; flags $file .= pack'C', 1 6; algorithm $file .= "H@Ck3d\x00"; keysize $file .= pack'S', 0xdead; mode $file .= "h@cK3d\x00"; keymode $file .=...
mcrypt 2.6.8 - Stack Buffer Overflow (PoC)
!/usr/bin/env python mcrypt = 2.6.8 stack-based buffer overflow poc http://mcrypt.sourceforge.net/ the command line tool, not the library date: 2012-09-04 exploit author: ishikawa tested on: ubuntu 12.04.1 tech: it overflows in checkfilehead when decrypting .nc files with too long salt data...
mcrypt <= 2.5.8 STACK based overflow Vulnerability
Exploit for multiple platform in category local exploits !/usr/bin/perl Title : mcrypt ', $filename; print F $file; close F; sub buildfile magic $file .= "\x00m\x03"; flags $file .= pack'C', 1 6; algorithm $file .= "H@Ck3d\x00"; keysize $file .= pack'S', 0xdead; mode $file .= "h@cK3d\x00";...
CVE-2012-4527
Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long file name. NOTE: it is not clear whether this is a vulnerability...
CVE-2012-4426
Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier might allow user-assisted remote attackers to cause a denial of service crash or possibly execute arbitrary code via vectors involving 1 errors.c or 2 mcrypt.c...
CVE-2012-4409
Stack-based buffer overflow in the checkfilehead function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption...
CVE-2012-4426
Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier might allow user-assisted remote attackers to cause a denial of service crash or possibly execute arbitrary code via vectors involving 1 errors.c or 2 mcrypt.c...
CVE-2012-4409
Stack-based buffer overflow in the checkfilehead function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption...
DEBIAN-CVE-2012-4527
Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long file name. NOTE: it is not clear whether this is a vulnerability...
DEBIAN-CVE-2012-4409
Stack-based buffer overflow in the checkfilehead function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption...
CVE-2012-4527
Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long file name. NOTE: it is not clear whether this is a vulnerability...
DEBIAN-CVE-2012-4426
Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier might allow user-assisted remote attackers to cause a denial of service crash or possibly execute arbitrary code via vectors involving 1 errors.c or 2 mcrypt.c...
CVE-2012-4426
Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier might allow user-assisted remote attackers to cause a denial of service crash or possibly execute arbitrary code via vectors involving 1 errors.c or 2 mcrypt.c...
CVE-2012-4409
Stack-based buffer overflow in the checkfilehead function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption...