Oracle Java Runtime HeadspaceSoundbank.nGetName BANK Record Size Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Avast! Internet Security 5.0 aswFW.sys kernel driver IOCTL Memory Pool Corruption

No description provided by source. +-------------------------------------------------------------------------------------+ | Avast! Internet Security 5.0 'aswFW.sys' kernel driver IOCTL Memory Pool Corruption | +-------------------------------------------------------------------------------------...

Avast! 5.0 aswFW.sys kernel driver IOCTL Memory Pool Corruption

Exploit for windows platform in category dos / poc ================================================================================= Avast! Internet Security 5.0 aswFW.sys kernel driver IOCTL Memory Pool Corruption =================================================================================...

VariCAD 2010-2.05 EN Local Buffer Overflow Vulnerability

Exploit for multiple platform in category local exploits ======================================================== VariCAD 2010-2.05 EN Local Buffer Overflow Vulnerability ======================================================== / Exploit Title: VariCAD 2010-2.05 EN Local buffer overflow : Date: 1...

Microsoft Office PowerPoint Viewer TextBytesAtom Record Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint Viewer. User interaction is required to exploit this vulnerability in that the target must open a malicious presentation. The specific flaw exists in the handling of...

Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow

This exploit takes advantage of a stack based overflow. Once the stack corruption has occurred it is possible to overwrite a pointer which is later used for a memcpy. This gives us a write anything anywhere condition similar to a format string vulnerability. NOTE: The popsubfolders option is a...

Linux Kernel HFS子系统栈溢出漏洞

CVE ID: CVE-2009-4020 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的fs/hfs/dir.c文件中的hfsreaddir函数存在栈溢出漏洞，特制的多级文件系统（HFS）可以在 hfsbnoderead函数的memcpy调用过程中触发这个溢出。攻击者可以提供源缓冲区和长度，目标缓冲区是固定长度的本地变量，这个变量存储在了hfsbnoderead调用程序的栈帧中（hfsreaddir）。由于在试图读取文件系统上目录时都会执行 hfsreaddir函数，因此用户试图检查任何文件系统内容时都会调用这个函数。 Linux...

FreeBSD : apache -- apr_uri_parse IPv6 address handling vulnerability (762d1c6d-0722-11d9-b45d-000c41e2cdad)

The Apache Software Foundation Security Team discovered a programming error in the apr-util library function apruriparse. When parsing IPv6 literal addresses, it is possible that a length is incorrectly calculated to be negative, and this value is passed to memcpy. This may result in an exploitab...

Oracle RDBms 10.2.0.311.1.0.6 - TNS Listener (PoC)

Oracle RDBms 10.2.0.311.1.0.6 - TNS Listener PoC TNS Listener Oracle RDBMS exploit, cause trap in Listener process more precisely: in function memcpy called from ncrfintn function which is located in oranro11.dll Successfully working with Oracle RDBMS Win32 11.1.0.6.0 and Oracle RDBMS Win32...

Mandriva Update for xine-lib MDKSA-2007:057 (xine-lib)

Check for the Version of xine-lib OpenVAS Vulnerability Test Mandriva Update for xine-lib MDKSA-2007:057 xine-lib Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

wireshark: DoS (app crash or abort) in Bluetooth ACL dissector via a packet with an invalid length

The dissectbtacl function in packet-bthciacl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service application crash or abort via a packet with an invalid length, related to an erroneous tvbmemcpy call...

MPlayer Stack Buffer Overflow

!/usr/bin/perl MPlayer 1.0rc2 TwinVQ Stack Buffer Overflow PoC PoC by Amirreza Aminsalehi "sCORPINo" Proud To be an Abay scorpino x40 gmail x2e com Snoop Security Researching Committee www.snoop-security.com Originaly this bug discovered by Tobias Klein advisory @...

MPlayer 1.0rc2 - TwinVQ Stack Buffer Overflow (PoC)

!/usr/bin/perl MPlayer 1.0rc2 TwinVQ Stack Buffer Overflow PoC PoC by Amirreza Aminsalehi "sCORPINo" Proud To be an Abay scorpino x40 gmail x2e com Snoop Security Researching Committee www.snoop-security.com Originaly this bug discovered by Tobias Klein advisory @...

PSI Integer Overflow Denial Of Service

============================================= INTERNET SECURITY AUDITORS ALERT 2008-004 - Original release date: 12th December, 2008 - Last revised: 22nd December, 2008 - Discovered by: Jesus Olmos Gonzalez - Severity: 4/5 ============================================= I. VULNERABILITY...

IBM OS/400 BrSmRcvAndCheck()远程溢出漏洞

BUGTRAQ ID: 29660 IBM OS/400是IBM网络服务器上所运行的操作系统。 IBM OS/400在modem端口上执行诊断时，IBM OS/400中由BrSmIntWrap所调用的BrSmRcvAndCheck函数未经长度检查便执行了memcpy操作。如果远程攻击者提交了超长参数的话，就可能触发缓冲区溢出，导致初始程序加载（IPL）bootstrap进程终止。 IBM OS/400 V6R1M0 IBM OS/400 V5R4M5 IBM OS/400 V5R4M0 IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2008-2106

Call of Duty 4 CoD4 1.5 and earlier allows remote authenticated users to cause a denial of service crash via a type 7 stats packet, which triggers a memcpy with a negative value...

CVE-2008-2106

Summary: CVE-2008-2106 affects Call of Duty 4 (CoD4) v1.5 and earlier. The issue allows remote authenticated users to cause a denial of service (crash) by sending a type 7 stats packet that triggers a memcpy with a negative value. This is the concrete vulnerability described in the connected docu...

CVE-2008-2106

Call of Duty 4 CoD4 1.5 and earlier allows remote authenticated users to cause a denial of service crash via a type 7 stats packet, which triggers a memcpy with a negative value...

Kernel doesn't clear DF for signal handlers

gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag DF from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signa...

游戏使命召唤畸形stats命令拒绝服务漏洞

BUGTRAQ ID: 29026 使命召唤（Call of Duty）是Infinity Ward开发的非常流行的第一人称扮演游戏。 使命召唤在处理畸形格式的请求数据时存在漏洞，远程攻击者可能利用此漏洞导致服务器不可用。 使命召唤4引入了一类被称为stats的无连接命令，玩家加入远程游戏后就会顺序发送0到6类型的上述命令。服务器还接收额外的7类型stats命令，如果客户端使用了这个7类型命令的话，远程服务器就会由于负数大小值的memcpy而崩溃。 成功利用这个漏洞要求攻击者知道受保护服务器的口令，此外如果服务器要求的话还需要拥有有效的cdkey。 Activision Call of...