CAS Modbus RTU Parser Buffer Overflow SEH (PoC)

Exploit for windows platform in category dos / poc Title : CAS Modbus RTU Parser Buffer Overflow SEH PoC Author : Senator of Pirates Founder : Marshal Webb Link Software : http://www.chipkin.com/technical-resources/cas-modbus-rtu-parser/ FaceBook : /SenatorofPiratesInfo Marshal's FaceBook :...

[SECURITY] Fedora 17 Update: ocaml-xml-light-2.3-0.1.svn234.fc17

Xml-Light is a minimal XML parser & printer for OCaml. It provides functions to parse an XML document into an OCaml data structure, work with it, and print it back to an XML document. It support also DTD parsing and checking, and is entirely written in OCaml, hence it does not require additional ...

[SECURITY] Fedora 16 Update: raptor-1.4.21-12.fc16

Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples...

[SECURITY] Fedora 17 Update: raptor-1.4.21-12.fc17

Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples...

USN-1480-1: Raptor vulnerability

Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user's system or potentially...

Debian Security Advisory DSA 2438-1 (raptor)

The remote host is missing an update to raptor announced via advisory DSA 2438-1. OpenVAS Vulnerability Test $Id: deb24381.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2438-1 raptor Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

[SECURITY] Fedora 16 Update: raptor2-2.0.7-1.fc16

Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples...

[SECURITY] Fedora 17 Update: raptor2-2.0.7-1.fc17

Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples...

XML Vulnerability in JIRA

We have identified and fixed a vulnerability in JIRA that results from the way third-party XML parsers are used in JIRA. This vulnerability allows an attacker who is an authenticated JIRA user to execute denial of service attacks against the JIRA server. All versions of JIRA up to and including...

Bamboo XML Vulnerability

We have identified and fixed a vulnerability in Bamboo that results from the way third-party XML parsers are used in Bamboo. This vulnerability allows an attacker to: Execute denial of service attacks against the Bamboo server, and Read all local files readable to the system user under which Bamb...

CVE-2012-1445

The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified abi field. NOTE: this may later be SPLIT into multiple CVEs if additional information...

Design/Logic Flaw

The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the...

CVE-2012-1441

The CVE-2012-1441 entry concerns the Microsoft EXE file parser in eSafe 7.0.17.0 and Prevx 3.0, where an EXE file with modified values in several e_ fields can bypass malware detection. Affected component: EXE parser within eSafe/Prevx. Root cause: input in the EXE parser’s e_ fields leads to det...

CVE-2012-1442

The CVE-2012-1442 entry concerns an ELF file parser flaw that affects multiple antivirus products (e.g., Quick Heal/Cat QuickHeal 11.00, McAfee AV/Engine 5.400.0.1158, McAfee Gateway 2010.1C, eSafe 7.0.17.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, Sophos 4.61.0, AVL SDK 2.0.3.7, Rising 22.83.0...

CVE-2012-1451

The CVE-2012-1451 entry concerns the CAB file parser in Emsisoft Anti-Malware 5.1.0.1 and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 . The vulnerability allows remote attackers to bypass malware detection by processing a CAB file with a modified reserved2 field, indicating a parsing ...

libxml2: User-assisted execution of arbitrary code

Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description The "xmlStringLenDecodeEntities" function in parser.c contains a boundary error which could possibly cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially...

vBSEO 3.6.0 - 'proc_deutf()' Remote PHP Code Injection (Metasploit)

require 'msf/core' class Metasploit3 'vBSEO %q This module exploits a vulnerability in the 'procdeutf' function defined in /includes/functionsvbseocpabstract.php. User input passed through 'charrepl' POST parameter isn't properly sanitized before being used in a call to pregreplace function which...

Fedora 15 : phpMyAdmin-3.4.8-1.fc15 (2011-16786)

Changes for 3.4.8.0 2011-12-01 : - interface enum data split at space char more space to edit - interface ENUM/SET editor can't handle commas in values - interface no links to browse/empty views and tables - interface Deleted search results remain visible - import ODS import ignores memory limits...

UDP Service Prober

Detect common UDP services using sequential probes This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'UDP Service Prober', 'Description' = 'Detect common UDP services using...

CVE-2011-2713

oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service crash via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser...