Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability

Description The Microsoft Windows Media Player plugin for non-Microsoft browsers is prone to a buffer-overflow vulnerability. The application fails to do proper boundary checks on user-supplied data before using it in a finite-sized buffer. An attacker can exploit this issue to execute arbitrary...

SUSE-SA:2005:044: kernel

The remote host is missing the patch for the advisory SUSE-SA:2005:044 kernel. The Linux kernel is the core component of the Linux system. This update fixes various security as well as non-security problems discovered since the last round of kernel updates. Not all kernels are affected by all the...

PT-2005-2067 · Phpbb · Phpbb

Name of the Vulnerable Software and Affected Versions: phpBB versions 2.0.x Description: The issue concerns a file upload script, specifically the mod for phpBB, which fails to properly restrict the types of files that can be uploaded. This allows remote authenticated users to execute arbitrary...

PaX non-executable memory protection privilege escalation

Bug in vma mirroring feature allows to execute code with privilege of the different application...

Solaris 2.6/7/8/9 (SPARC) - 'ld.so.1' Local Privilege Escalation

/ $Id: raptorldpreload.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorldpreload.c - ld.so.1 local, Solaris/SPARC 2.6/7/8/9 Copyright c 2003-2004 Marco Ivaldi Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long...

Solaris 789 CDE LibDTHelp - Local Buffer Overflow (2)

Solaris 789 CDE LibDTHelp - Local Buffer Overflow 2 / $Id: raptorlibdthelp2.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorlibdthelp2.c - libDtHelp.so local, Solaris/SPARC 7/8/9 Copyright c 2003-2004 Marco Ivaldi Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary cod...

Solaris 2.6/7/8/9 (ld.so.1) Local Root Exploit (sparc)

Exploit for solaris platform in category local exploits ====================================================== Solaris 2.6/7/8/9 ld.so.1 Local Root Exploit sparc ====================================================== / $Id: raptorldpreload.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorldpreload....

Solaris 2.5.12.678 rlogin (SPARC) - binlogin Remote Buffer Overflow

Solaris 2.5.12.678 rlogin SPARC - binlogin Remote Buffer Overflow / $Id: raptorrlogin.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorrlogin.c - rlogin, Solaris/SPARC 2.5.1/2.6/7/8 Copyright c 2004 Marco Ivaldi Buffer overflow in login in various System V based operating systems allows remote...

Solaris 8/9 passwd(1) - 'circ()' Stack-Based Buffer Overflow Privilege Escalation

Solaris 8/9 passwd1 - 'circ' Stack-Based Buffer Overflow Privilege Escalation. CVE-2004-0360. Local exploit for Solaris platform / $Id: raptorpasswd.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorpasswd.c - passwd circ local, Solaris/SPARC 8/9 Copyright c 2004 Marco Ivaldi Unknown vulnerability i...

Solaris 7/8/9 CDE libDtHelp - Buffer Overflow Non-Exec Stack Privilege Escalation

Solaris 7/8/9 CDE libDtHelp - Buffer Overflow Non-Exec Stack Privilege Escalation. CVE-2003-0834. Local exploit for Solaris platform / $Id: raptorlibdthelp2.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorlibdthelp2.c - libDtHelp.so local, Solaris/SPARC 7/8/9 Copyright c 2003-2004 Marco Ivaldi...

Microsoft Windows XP/2000 - RPC Remote Non Exec Memory

/ have you recently bought one of those expensive new windows security products on the market? do you think you now have strong protection? Look again: rpc!exec by ins1der trixterjack yahoo com windows remote return into libc exploit! remote rpc exploit breaking non exec memory protection schemes...

locale_sol.txt

----/ Exploiting the Libc Locale Subsystem Format String Vulnerability on Solaris/SPARC ---/ 10/10/2000 -/ Solar Eclipse ---/ I. Introduction This paper describes in detail the exploitation of the libc locale format strin g vulnerability on Solaris/SPARC. The full source code for the exploit is...

defeat.solaris.nonexec.stack.txt

Hi, I've recently been playing around with bypassing the non-executable stack protection that Solaris 2.6 provides. I'm referring to the mechanism that you control with the noexecuserstack option in /etc/system. I've found it's quite possible to bypass this protection, using methods described...