Patching non-exported, non-system-service kernel functions

Patching non-exported, non-system-service kernel functions KAV's kernel patching is not limited to just system services, however. One of the most dangerous hooks that KAV installs is one in the middle of the nt!SwapContext function, which is neither exported nor a system service and thus has no...

Allowing User-mode Code to Access Kernel Memory

Allowing User-mode Code to Access Kernel Memory One of the most important principles of the kernel/user division that modern operating systems enforce is that user mode is not allowed to directly access kernel mode memory. This is necessary to enforce system stability, such as to prevent a buggy...

DSA-1073-1 mysql-dfsg-4.1 - several vulnerabilities

Bulletin has no description...

Oracle 10g Release 2 - 'DBMS_EXPORT_EXTENSION' SQL

/ 0day, description is wrong. /str0ke / / Fucking NON-0 day$ exploit for Oracle 10g 10.2.0.2.0 Patch your database now! by N1V1Hd $3c41r3 / CREATE OR REPLACE PACKAGE MYBADPACKAGE AUTHID CURRENTUSER IS FUNCTION ODCIIndexGetMetadata oindexinfo SYS.odciindexinfo,P3 VARCHAR2,p4 VARCHAR2,env SYS.odcie...

Multiple vulnerabilities in Linux based Cisco products

Assurance.com.au - Vulnerability Advisory ----------------------------------------------- Release Date: 19-Apr-2006 Software: Cisco Wireless Lan Solution Engine WLSE Cisco Hosting Solution Engine HSE Cisco Ethernet Subscriber Solution Engine ESSE Cisco User Registration Tool URT CiscoWorks2000...

FreeBSD-SA-06:14.fpu

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:14.fpu Security Advisory The FreeBSD Project Topic: FPU information disclosure Category: core Module: sys Announced: 2006-04-19 Credits: Jan Beulich Affects:...

PHPKIT >= 1.6.1r2 arbitrary local/remote inclusion (unproperly patched in previous versions)

---------- PHPKit = v.1.6.1 release 2 remote code execution ------------------- software: site: www.phpkit.de description: a Content Management / homepage / community building software written in PHP language --------------------------------------------------------------------------------...

EasyCMS vulnerable to XSS injection.

The Norwegian web-publishing system EasyCMS www.easycms.no contains multiple input flaws letting users conduct successful XSS attacks. Both in the admin section, and the webpage that uses the system is vulnerable to XSS. It does not filter script tags and simple scripting like...

FreeBSD-SA-06:01.texindex

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:01.texindex Security Advisory The FreeBSD Project Topic: Texindex temporary file privilege escalation Category: contrib Module: texinfo Announced: 2006-01-11...

2 0 0 3 terminal encounter weirdness-loophole warning-the black bar safety net

The day before yesterday a new installation of a single server, plan to install a 2 0 0 3 system is installed, patched, open a terminal, but the strange things, the landing terminal when a den is automatically logged off. Create a new account, and then login is the same. In desperation did a...

Not shelling directly crack Software-bug warning-the black bar safety net

| --- To achieve shell software direct patch, need some skill and luck, although this seems to be very not easy to achieve, in fact, not like everyone thought so difficult, the following listen to me slowly road to. To achieve this with shell patches of the object, of course, you need to make ful...

FreeBSD-SA-05:17.devfs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:17.devfs Security Advisory The FreeBSD Project Topic: devfs ruleset bypass Category: core Module: devfs Announced: 2005-07-20 Credits: Robert Watson Affects:...

sile002adv.txt

---- sile002 advisory + PoC PRODUCT: PHP-Nuke VERSION: 7.5 but others versions maybe either vulnerables VENDOR: http://www.phpnuke.org VULNERABILITY: Multiple vulnerability RISK: Hight Found by: Silentium of Anacron Group Italy date: 02/05/2005 e-mail: anacrongroupitalyatautisticidotorg myhome:...

zlib inflate() routine vulnerable to buffer overflow

Overview A buffer overflow in the zlib compression library may cause any application linked to zlib to improperly and immediately terminate. Description There is a buffer overflow in the zlib data-compression library caused by a lack of bounds checking in the inflate routine. If an attacker...

Problems with the Oracle Critical Patch Update for April 2005

Hey all, Whilst analyzing Oracle's Critical Patch Update for April 2005 I noticed some failures in it, that meant certain issues the patch was supposed to fix were actually left unfixed. One set of vulnerabilities "fixed" by the April CPU is a group of SQL injection bugs in DBMSSUBSCRIBE and...

FreeBSD-SA-05:16.zlib

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:16.zlib Security Advisory The FreeBSD Project Topic: Buffer overflow in zlib Category: core Module: libz Announced: 2005-07-06 Credits: Tavis Ormandy Affects:...

VERITAS Backup Exec Remote Agent fails to properly validate authentication requests

Overview Backup Exec Remote Agent for Windows Servers contains a buffer overflow vulnerability due to incorrect validation on authentication requests. Description VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup. The VERITAS Backup Exec Agent run...

IPSwitch IMAP Server - LOGON Remote Stack Overflow

IPSwitch IMAP Server - LOGON Remote Stack Overflow / IpSwitch IMAP Server LOGON stack overflow. Software Hole discovered by iDEFENSE POC written by nolimit and BuzzDee First, some information for the few of you that know how this stuff works. The reason you see no SP2 or 2003 offsets is because o...

IPSwitch IMAP Server - LOGON Remote Stack Overflow

/ IpSwitch IMAP Server LOGON stack overflow. Software Hole discovered by iDEFENSE POC written by nolimit and BuzzDee First, some information for the few of you that know how this stuff works. The reason you see no SP2 or 2003 offsets is because of Windows SEH checks. Thats right, in this one...

CVE-2004-2091

Microsoft Baseline Security Analyzer MBSA 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security...