Novell Client 2 SP3 - 'nicm.sys 3.1.11.0' Local Privilege Escalation

Novell Client 2 SP3 Privilege escalation exploit Tested on Windows 7 and 8 x86 / nicm.sys 3.1.11.0 Thanks to Master Ryujin : The first public information I have seen about this bug was from Nikita Tarakanov @NTarakanov I am not sure weather there was anything else public Exploit for DEMO purposes...

Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2013-0752)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0752 advisory. 1.7.0.19-2.3.9.1.0.1.el59 - Add oracle-enterprise.patch - Fix DISTRONAME to Enterprise Linux 1.7.0.19-2.3.9.1.el5 - updated to updated IcedTea 2.3.9 wi...

Oracle Java CMMImageLayout Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CMMImageLayout...

Integer overflow

Integer underflow in the cliscanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read...

CVE-2013-2020

Integer underflow in the cliscanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read...

Light HTTPd 0.1 (Windows) - Remote Buffer Overflow

import urllib2 from time import sleep TitleWindows Light HTTPD v0.1 HTTP GET Buffer Overflow Discovered and Reported24th of April, 2013 Discovered/Exploited ByJacob Holcomb/Gimppy042 Software Vendorhttp://sourceforge.net/projects/lhttpd/?source=navbar Exploit/Advisoryhttp://infosec42.blogspot.com...

Fedora 17 : java-1.7.0-openjdk-1.7.0.19-2.3.9.1.fc17 (2013-5922)

updated to updated IcedTea 2.3.9 with fix to one of security fixes - fixed font glyph offset WARNING - this build have not yet updated not-hotspot arm...builds! - added client to ghosted classes.jsa - updated to IcedTea 2.3.9 with latest security patches - 920245 CVE-2013-0401 OpenJDK:...

Sami FTP Server - 'LIST' Buffer Overflow (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit4 'Sami FTP Server...

DEBIAN-CVE-2013-2488

The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service application crash via a large offset value that triggers write access to an...

UBUNTU-CVE-2013-2488

The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service application crash via a large offset value that triggers write access to an...

CVE-2013-1582

The dissectclnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service infinite loop or application crash via a malformed packet...

DEBIAN-CVE-2013-1582

The dissectclnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service infinite loop or application crash via a malformed packet...

DEBIAN-CVE-2013-1577

The dissectsippchargingfuncaddresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service infinite loop...

CVE-2013-1577

The dissectsippchargingfuncaddresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service infinite loop...

Ruby Command Shell, Bind TCP IPv6

Continually listen for a connection and spawn a command shell via Ruby This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 524 include Msf::Payload::Single include Msf::Payload::Ruby...

IDA Pro 6.3 - Crash (PoC)

IDA Pro 6.3 - Crash PoC / IDA Pro 6.3 crash due an internal error ELF anti-debugging/reversing patcher Published @ IOActive Labs Research blog: http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html - nitr0us http://twitter.com/nitr0usmx Tested under: IDA Pro Starter License...

DEBIAN-CVE-2012-6057

The dissecteigrpmetriccomm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service integer overflow and infinite loop via a malformed packet...

UBUNTU-CVE-2012-6057

The dissecteigrpmetriccomm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service integer overflow and infinite loop via a malformed packet...

CVE-2012-6053

epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause a denial of service infinite loop via a zero value for this field...

DEBIAN-CVE-2012-0698

tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service daemon crash via a crafted typeoffset value in a TCP packet to port 30003...