awiki 20100125 - Multiple Local File Inclusions

source: https://www.securityfocus.com/bid/49187/info awiki is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts ...

(Pwn2Own) Microsoft Internet Explorer Protected Mode Bypass Vulnerability

This vulnerability allows remote attackers to escape Protected Mode on vulnerable installations of Internet Explorer. Internet Explorer Protected Mode consists of a Medium Integrity and a Low Integrity process. The Low Integrity process is only allowed to write to special Low Integrity locations...

MicroP 0.1.1.1600 (MPPL File) Stack Buffer Overflow

This module exploits a vulnerability found in MicroP 0.1.1.1600. A stack-based buffer overflow occurs when the content of a .mppl file gets copied onto the stack, which overwrites the lpFileName parameter of a CreateFileA function, and results arbitrary code execution under the context of the use...

Sitemagic CMS 'SMTpl' Parameter Directory Traversal Vulnerability

Sitemagic CMS is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DivX Player v7.0 (.ape) Buffer Overflow

Exploit for windows platform in category local exploits !/usr/bin/perl Title : DivX Player v7.0 .ape Buffer Overflow Author : KedAns-Dz E-mail : email protected Home : HMD/AM 30008/04300 - Algeria -00213555248701 Twitter page : twitter.com/kedans platform : Windows Impact : Overflow in 'DivX...

Microsoft Windows application restriction policy bypass

Attribute VBName = "XRun" 'made by +ec 'Модуль способный заменять память только что созданого и не только 'процесса помеченного как SUSPENDED приостановленый. 'Ver 1.0 Option Explicit Const SIZEOF80387REGISTERS = 80 Const CREATESUSPENDED = 4 Const MEMCOMMIT As Long = &H1000& Const MEMRESERVE As...

Joomla! Component com_frontenduseraccess - Local File Inclusion

source: https://www.securityfocus.com/bid/46081/info The 'comfrontenduseraccess' component for Joomla! is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information a...

Linux Kernel 2.6.37 (RedHat Ubuntu 10.04) - Full-Nelson.c Local Privilege Escalation

Linux Kernel 2.6.37 RedHat Ubuntu 10.04 - Full-Nelson.c Local Privilege Escalation / Linux Kernel = 2.6.37 local privilege escalation by Dan Rosenberg @djrbliss on twitter Usage: gcc full-nelson.c -o full-nelson ./full-nelson This exploit leverages three vulnerabilities to get root, all of which...

AWStats 6.x - Apache Tomcat Configuration File Arbitrary Command Execution

AWStats 6.x - Apache Tomcat Configuration File Arbitrary Command Execution source: https://www.securityfocus.com/bid/45123/info Awstats is prone to an arbitrary command-execution vulnerability. This issue occurs when Awstats is used along with Apache Tomcat in Microsoft Windows. An attacker can...

CVE-2010-3813

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS...

MODx manager - '/controllers/default/resource/tvs.php?class_key' Traversal Local File Inclusion

source: https://www.securityfocus.com/bid/43577/info MODx is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal strin...

CMScout IBrowser TinyMCE Plugin 2.3.4.3 - Local File Inclusion

CMScout IBrowser TinyMCE Plugin 2.3.4.3 - Local File Inclusion source: https://www.securityfocus.com/bid/43260/info CMScout is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversa...

FreeBSD : sudo -- Secure path vulnerability (d42e5b66-6ea0-11df-9c8d-00e0815b8da8)

Todd Miller reports : Most versions of the C library function getenv return the first instance of an environment variable to the caller. However, some programs, notably the GNU Bourne Again SHell bash, do their own environment parsing and may choose the last instance of a variable rather than the...

Botnet Herders Can Command Via Twitter

A security researcher has unearthed a tool that simplifies the process of building bot armies that take their marching orders from specially created Twitter accounts. Read the full article. The Register...

Cisco Security Advisory: Cisco IOS Software Multiprotocol Label Switching Packet Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Multiprotocol Label Switching Packet Vulnerability Advisory ID: cisco-sa-20100324-ldp Revision 1.0 For Public Release 2010 March 24 1600 UTC GMT...

Shellcode - Win32 MessageBox Metasploit module

Shellcode - Win32 MessageBox Metasploit module. Shellcode exploit for win32 platform $Id: messagebox.rb 4 2010-02-26 00:28:00:00Z corelanc0d3r & rick2600 $ Installation instructions : Drop file in framework3/modules/payloads/singles/windows folder Usage : ./msfpayload windows/messagebox...

Joomla! Component com_jresearch - 'Controller' Local File Inclusion

source: https://www.securityfocus.com/bid/38917/info The 'comjresearch' component for Joomla! is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execut...

SAP Kernel 'sapstartsrv'拒绝服务漏洞

Bugraq ID: 37286 在SAP实例中，sapstartsrv服务提供WEB SAP管理控制接口用于远程管理。由于不正确处理特殊构建的请求，远程攻击者可以利用漏洞使进程关闭。 成功利用漏洞允许远程攻击者对SAP管理控制台进行拒绝服务攻击，导致SAP管理控制台拒绝访问，进行任何管理操作。 SAP Kernel 7.20 SAP Kernel 7.11 SAP Kernel 7.01 SAP Kernel 7.00 SAP Kernel 6.40 SAP Note 1302231已经提供安全补丁，建议用户参考下载： http://www.sap.com/...

CVE-2009-1756

SLiM Simple Login Manager 1.3.0 places the X authority magic cookie mcookie on the command line when invoking xauth from 1 app.cpp and 2 switchuser.cpp, which allows local users to access the X session by listing the process and its arguments...

Oracle WebLogic IIS connector JSESSIONID - Remote Overflow

!/usr/bin/perl No point in keeping this private anymore! ksOSe - 02/16/2009 - CVE-2008-5457 Tested on w2k sp4 and w2k3 R2 sp2 no NX cohelet framework-3.2 ./msfcli multi/handler PAYLOAD=windows/reflectivemeterpreter/reversetcp LHOST=10.10.10.1 LPORT=80 E Please wait while we load the module tree...