nginx v0.6.38 Heap Corruption Exploit

No description provided by source. !/usr/bin/env python Exploit Title: nginx heap corruption Date: 08/26/2010 Author: aaron conole [email protected] Software Link: http://nginx.org/download/nginx-0.6.38.tar.gz Version: = 0.6.38, = 0.7.61 Tested on: BT4R1 running nginx 0.6.38 locally CVE: 2009-26...

Nginx 0.6.38 - Heap Corruption

Nginx 0.6.38 - Heap Corruption !/usr/bin/env python Exploit Title: nginx heap corruption Date: 08/26/2010 Author: aaron conole Software Link: http://nginx.org/download/nginx-0.6.38.tar.gz Version: offset At that point, merely dump the r; capture the value for the data pointer it'll be the one wit...

CVE-2010-2867

DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service heap memory corruption or execute arbitrary code via a crafted movie, related to a...

Null pointer dereference

DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service heap memory corruption or execute arbitrary code via a crafted movie, related to a...

Shockwave Player < 11.5.8.612

The remote Windows host contains a version of Adobe's Shockwave Player that is earlier than 11.5.8.612. Such versions are potentially affected by the following issues : - Multiple memory corruption issues exist that could lead to arbitrary code execution. CVE-2010-2863, CVE-2010-2864,...

Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

WM Downloader 3.1.2.2 Buffer Overflow

$Id: wmdownloaderm3u.rb 9968 2010-08-07 00:51:52Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Design/Logic Flaw

Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers...

Heap Offset Overflow in Citrix ICA Clients

===============================ADVISORY=============================== Systems Affected: Citrix ICA Client Severity: High Category: Heap Offset Overflow Author: Context Information Security Ltd Reported to vendor: 20th February 2008 Advisory Issued: 4th August 2010...

Microsoft IIS - ISAPI &#039;nsiislog.dll&#039; ISAPI POST Overflow (MS03-022) (Metasploit)

$Id: ms03022nsiislogpost.rb 9929 2010-07-25 21:37:54Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Kaspersky Antivirus <= 6.0.1.411 UPX DoS Vulnerability

Kaspersky AntiVirus Engine 6.0.1.411 for Windows allows remote attackers to cause a denial of service CPU consumption via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression. SPDX-FileCopyrightText: 2010 LSS Some text descriptions might be...

DoubleTake/HP StorageWorks Storage Mirroring Service - Authentication Overflow (Metasploit)

$Id: doubletake.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

flash-plugin: multiple security flaws (APSB10-14)

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, relat...

PHP str_getcsv()函数中断处理地址信息泄露漏洞

CVE ID: CVE-2010-2100 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的strgetcsv函数中存在信息泄露漏洞： PHPFUNCTIONstrgetcsv char str, delim = ',', enc = '"', esc = ''; char delimstr = NULL, encstr = NULL, escstr = NULL; int strlen = 0, delimlen = 0, enclen = 0, esclen = 0; if zendparseparametersZENDNUMARGS...

Mozilla Firefox Top-level Script Object Offset Calculation Memory Corruption (CVE-2009-3073)

Mozilla Firefox is a web browser developed by Mozilla Foundation. The browser is capable of interpreting and rendering many types of content published on the Internet, including various versions of HTML, CSS, XML, XUL, JavaScript, various graphics formats, and so on. The browser runs on the...

CA BrightStor Discovery Service - TCP Overflow (Metasploit)

$Id: discoverytcp.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

PHP 4.x < 4.4.5, 5.x < 5.2.1 Heap Information Leak Vulnerability

PHP SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.100603";...

Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference

This module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates not RTM, and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw. This...

MS09-067 Microsoft Excel Malformed FEATHEADER Record Vulnerability

This module exploits a vulnerability in the handling of the FEATHEADER record by Microsoft Excel. Revisions of Office XP and later prior to the release of the MS09-067 bulletin are vulnerable. When processing a FEATHEADER Shared Feature record, Microsoft used a data structure from the file to...

Deepburner pro 1.9.0.228 dbr file Buffer Overflow Exploit (Universal)

Exploit for unknown platform in category local exploits ===================================================================== Deepburner pro 1.9.0.228 dbr file Buffer Overflow Exploit Universal ===================================================================== / Deepburner pro 1.9.0.228 dbr fi...