Integer overflow

Integer overflow in img.exe in HP Intelligent Management Center IMC allows remote attackers to execute arbitrary code via a crafted length value in an a packet that triggers a heap-based buffer overflow, possibly related to an "recv" field...

(0Day) HP 3COM/H3C Intelligent Management Center img recv Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3COM/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the img.exe component which listens by default on TCP port 8800. When...

Rocket Software UniData 7.2.7.3806 - Denial of Service

Rocket Software UniData 7.2.7.3806 - Denial of Service Source: http://aluigi.org/adv/unirpcd1-adv.txt Luigi Auriemma Application: Rocket Software UniData http://www.rocketsoftware.com/u2/products/unidata/ Versions: = 7.2.7.3806 Platforms: Windows Bugs: various Denial of Service vulnerabilities in...

kernel: ipv6: skb is unexpectedly freed

Use-after-free vulnerability in net/ipv4/tcpinput.c in the Linux kernel 2.6 before 2.6.20, when IPV6RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service kernel panic via a SYN packet while the socket is in a listening TCPLISTEN state, which is not properl...

Oracle Database - Remote Listener Memory Corruption

Oracle Database - Remote Listener Memory Corruption source: https://www.securityfocus.com/bid/37728/info Oracle Database is prone to a remote memory-corruption vulnerability in Listener. The vulnerability can be exploited over the 'Oracle Net' protocol. An attacker does not require privileges to...

Oracle Network Authentication CVE-2009-1979 Remote Buffer Overflow Vulnerability

No description provided by source. include winsock2.h include stdio.h include string.h include windows.h include assert.h include string void ssend SOCKET s, char msg, DWORD size int sent; printf "ssend: begin: %d bytes\n", size; sent=send s, charmsg, size, 0; if sent==SOCKETERROR printf "send -...

OSX/PPC - Remote findsock by recv() Key Shellcode

OSX/PPC - Remote findsock by recv Key Shellcode. Shellcode exploit for OSXPPC platform ;;; ;;; PowerPC OSX remote findsock by recv key shellcode ;;; ;;; Dino Dai Zovi , 20040816 ;;; .globl shellcode .text .set KEY, 0x5858580a .set PTHREADEXIT, 0x90017021 ; OSX 10.3.X shellcode: Lfindsock: addis...

OSX/PPC - Stager Sock Find MSG_PEEK + Null-Free Shellcode

OSX/PPC - Stager Sock Find MSGPEEK + Null-Free Shellcode. Shellcode exploit for OSXPPC platform. Tags: Metasploit Framework MSF ;; ; ; Name: stagersockfindpeek ; Qualities: Null-Free ; Platforms: MacOS X / PPC ; Authors: H D Moore ; Version: $Revision: 1.1 $ ; License: ; ; This file is part of th...

OSX/PPC - Stager Sock Find Shellcode

OSX/PPC - Stager Sock Find Shellcode. Shellcode exploit for OSXPPC platform. Tags: Metasploit Framework MSF ;; ; ; Name: stagersockfind ; Qualities: Can Have Nulls ; Platforms: MacOS X / PPC ; Authors: H D Moore ; Version: $Revision: 1.1 $ ; License: ; ; This file is part of the Metasploit Exploi...

freebsd/x86 rev connect, recv, jmp, return results 90 bytes

No description provided by source. / ; sm4x - 2008 ; reverse connect dlshellcode and execute, exit ; - i've used this to feed pwnd progs huge messy shellcode ret'ing the results over nc ; ; - feed it with a $nc -vvl -p8000 shellcodeinfile ; setuid0; socket; connect; dups; recv; jmp; exit; ; 90...

freebsd/x86 rev connect recv jmp return results 90 bytes

No description provided by source. / ; sm4x - 2008 ; reverse connect dlshellcode and execute, exit ; - i've used this to feed pwnd progs huge messy shellcode ret'ing the results over nc ; ; - feed it with a $nc -vvl -p8000 shellcodeinfile ; setuid0; socket; connect; dups; recv; jmp; exit; ; 90...

freebsd/x86 rev connect, recv, jmp, return results 90 bytes

freebsd/x86 rev connect, recv, jmp, return results 90 bytes. Shellcode exploit for freebsdx86 platform / ; sm4x - 2008 ; reverse connect dlshellcode and execute, exit ; - i've used this to feed pwnd progs huge messy shellcode ret'ing the results over nc ; ; - feed it with a $nc -vvl -p8000 pls ex...

kernel security and bug fix update

2.6.18-92.1.10.0.1.el5 - NET Add entropy support to e1000 and bnx2 John Sobecki orabug 6045759 - splice Fix bad unlockpage in error case Jens Axboe orabug 6263574 - dio fix error-path crashes Linus Torvalds orabug 6242289 - NET fix netpoll race Tina Yang orabugz 5791 2.6.18-92.1.10.el5 - ia64...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

Buffer overflow

The RepliStor Server Service in EMC Replistor 6.1.3 allows remote attackers to execute arbitrary code via a size value that causes RepliStor to create a smaller buffer than expected, which triggers a buffer overflow when that buffer is used in a recv function call...

[Full-disclosure] TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability

TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-07-12.html July 12, 2007 -- CVE ID: CVE-2007-2417 -- Affected Vendor: Progress Software -- Affected Products: RSA Authentication Manager Progress Database -- TippingPointTM IPS...

eIQNetworks Enterprise Security Analyzer Monitoring.exe多个缓冲区溢出漏洞

eIQnetworks Enterprise Security Analyzer（ESA）是一款企业级的安全管理平台。 ESA的Monitoring.exe进程中存在两个缓冲区溢出漏洞，远程攻击者可能利用此漏洞在服务器上执行任意指令。 第一个漏洞存在于Monitoring.exe中负责处理TCP 9999端口上用户数据的例程中。如果连接到这个端口，用户就会立即被提示输入口令。这时可以发送HELP命令获得各种命令帮助： --------------------------------------------------------- Usage: QUERYMONITOR: to fetc...

Veritas Backup Exec Name Service Overflow

This module exploits a vulnerability in the Veritas Backup Exec Agent Browser service. This vulnerability occurs when a recv call has a length value too long for the destination stack buffer. By sending an agent name value of 63 bytes or more, we can overwrite the return address of the recv...

CVE-2002-2124

The recvn and sendn functions in nylon 0.2 do not check when the recv function call returns 0, which allows remote attackers to cause a denial of service infinite loop and CPU consumption by closing the connection while recv is executing...

nylon 0.2 (0.3?) DoS

Dear bugtraq@, I found this bug in nylon 0.2, but according to CVS logs it was already fixed in nylon project Tue Jun 25 00:27:07 2002 UTC 3 months, 2 weeks ago, http://mesh.eecs.umich.edu/cvsweb/nylon/ So, just update to newer version. Details: if definedSENDN || definedRECVN ssizet if...