Easy FTP Server 1.7.0.11 Buffer Overflow

Note: RNFR, DELE, RMD, STOR commands are have the same offset Exploit Title: Easy FTP Server v1.7.0.11 DELE Command Remote Buffer Overflow Exploit Post Auth Date: August 08, 2010 Author: Glafkos Charalambous Version: 1.7.0.11 Tested on: Windows XP SP3 En import socket import sys if lensys.argv !=...

Fedora Update for perl FEDORA-2010-11323

Check for the Version of perl OpenVAS Vulnerability Test Fedora Update for perl FEDORA-2010-11323 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Debian DSA-2087-1 : cabextract - programming error

It was discovered that a programming error in the archive test mode of cabextract, a program to extract Microsoft Cabinet files, could lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

Sun Java Runtime Environment JPEGImageReader Heap Overflow

Java Technology is a programing platform developed by Sun Microsystems which aims to provide a system for developing and deploying cross-platform applications. Java is used in a wide variety programs that are deployed on personal computers as well as embedded devices and cell phones. Java...

DSA-2087-1 cabextract - arbitrary code execution

Bulletin has no description...

[SECURITY] Fedora 13 Update: perl-5.10.1-116.fc13

Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

Debian DSA-2078-1 : kvirc - programming error

It was discovered that incorrect parsing of CTCP commands in kvirc, a KDE-based IRC client, could lead to the execution of arbitrary IRC commands against other users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

[SECURITY] [DSA 2078-1] New kvirc packages fix arbitrary IRC command execution

------------------------------------------------------------------------ Debian Security Advisory DSA-2078-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 31, 2010 http://www.debian.org/security/faq -...

Hackers Increasingly Look For Configuration Errors

Hackers appear to be increasingly counting on configuration problems and programming errors rather than software vulnerabilities in order to steal information from computer systems, according to a new study based on U.S. Secret Service investigations. Read the full article. IDG News Service...

DSite CMS 4.81 Cross Site Scripting

Vulnerability ID: HTB22465 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityindsitecms.html Product: DSite CMS Vendor: Media Programming Group http://www.dsite.ru Vulnerable Version: 4.81 and Probably Prior Versions Vendor Notification: 01 July 2010 Vulnerability Type: XSS Cross Site...

[SECURITY] Fedora 12 Update: python-2.6.2-8.fc12

Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as t...

linux/x86 bind [email protected] 97 bytes

Exploit for linux/x86 platform in category shellcode ================================ linux/x86 bind email protected 97 bytes ================================ include include / 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ ...

Perl Safe模块对象引用绕过安全限制漏洞

BUGTRAQ ID: 40302 CVECAN ID: CVE-2010-1168,CVE-2010-1974 Perl是一种免费且功能强大的编程语言。 Perl中所使用的Safe模块没有正确地对经过隐式bless处理的对象限制DESTROY和AUTOLOAD等方式的代码，在访问或释放这些对象时 Safe可能未加限制的执行这些方式。在Safe隔离中所执行的特制Perl脚本可以利用这个漏洞绕过预期的Safe模块限制。 Perl 5.12.1 厂商补丁： Larry Wall ---------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Moderate: Red Hat Security Advisory: perl security update

Updated perl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

FreeBSD Security Advisory (FreeBSD-SA-10:05.opie.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-10:05.opie.asc SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Oracle Java Web Start Launch Command-Line Injection (CVE-2010-0886; CVE-2010-0887; CVE-2010-1423)

The Oracle Java Web Start is a component of the Java 2 Runtime Environment JRE. It facilitates network deployment of applications developed with the Java programming language. This component enables stand-alone Java applications to be downloaded from a remote network location and run on a target...

(Gabriels FTP Server) Open Compact FTP Server 1.2 - PORT Remote Denial of Service

Gabriels FTP Server Open Compact FTP Server 1.2 - PORT Remote Denial of Service ============================================================================= Tilte: Open&Compact Ftp Server 1.2 "PORT" command Remote Denial of Service...

HTML 5 Comes With SQL Injection Risks

Internet Explorer 9 and Firefox 4 will support it, and Microsoft recently touted its advantages. But the upcoming version of HTML, which builds rich Internet application features into the Web programming language and shifts more Web functions to the client machine, also could open up new Web atta...

New Study Shows Nearly No Difference in Security of Web Frameworks

A new study by a Web security firm has found that despite the myriad differences in the common programming languages and frameworks deployed on the Web today, there is virtually no difference in their practical security and resistance to attack. The study, done by WhiteHat Security and based on...

Practical Return-Oriented Programming

In this video from the SOURCE conference in Boston, security researcher Dino Dai Zovi discusses the details of return-oriented programming and the ways in which it can be used to exploit vulnerabilities...