kernel: setup_arg_pages: diagnose excessive argument size

The setupargpages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIGSTACKGROWSDOWN is used, does not properly restrict the stack memory consumption of the 1 arguments and 2 environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of...

Nmap NSE net: netbus-info

Opens a connection to a NetBus server and extracts information about the host and the NetBus service itself. The extracted host information includes a list of running applications, and the hosts sound volume settings. The extracted service information includes it's access control list acl, server...

PhpAlbum.net 0.4.1-14_fix06 - var3 Remote Command Execution

PhpAlbum.net 0.4.1-14fix06 - var3 Remote Command Execution source: https://www.securityfocus.com/bid/47369/info PhpAlbum.net is prone to a remote command-execution vulnerability because it fails to properly validate user-supplied input. An attacker can exploit this issue to execute arbitrary...

SuSE 10 Security Update : dhcpcd (ZYPP Patch Number 7452)

A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0996 Note: this is a...

Security Onion LiveDVD - Intrusion Detection for your Network !

Security Onion LiveDVD - Intrusion Detection for your Network ! The Security Onion LiveDVD is a bootable DVD that contains software used for installing, configuring, and testing Intrusion Detection Systems. Changelog: All Xubuntu 10.04 updates as of release date. Snort updated to 2.9.0.3. Suricat...

CVE-2011-0022

The setup scripts in 389 Directory Server 1.2.x aka Red Hat Directory Server 8.2.x, when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service daemon outage or arbitrary process termination by...

CVE-2011-0022

CVE-2011-0022 involves Red Hat Directory Server 1.2.x where setup scripts for multiple unprivileged instances create /var/run/dirsrv with 0777 permissions. This permits a local user to interfere with PID files in that directory, causing a denial of service by replacing PID files or preventing pro...

Phone Creeper v0.98 latest version download !

"Phone Creeper is a phone espionage suite It can be silently installed by just inserting an sd card with the files below on it. The program does not show up under installed programs or running programs and allows for a useful array or features. Phones running this software can be remotely control...

Chilkat Software FTP2 - ActiveX Component Remote Code Execution

Chilkat Software FTP2 - ActiveX Component Remote Code Execution obj.UnlockComponent"suntzu"; //needed for file transfer operations, type whatever here obj.Port=21; //configure ftp connection obj.Hostname="192.168.0.1"; //change here obj.ConnectTimeout=5; obj.Passive=1; var x; x=obj.Connect; if x=...

kernel: setup_arg_pages: diagnose excessive argument size

The setupargpages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIGSTACKGROWSDOWN is used, does not properly restrict the stack memory consumption of the 1 arguments and 2 environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of...

Professional Penetration Testing Guide

Here is the another good book in the field of penetration testing. Unlike other books which aims only at the technical aspects of Penetration testing, this one explains every step involved in the making of a Professional Pentester. Rather than just teaching how to use the existing tools, it does...

FoxPlayer 2.4.0 Denial Of Service

Exploit Title: FoxPlayer 2.4.0 .m3u Denial of Service Date: 30 / 11 / 2010 Author: Oh Yaw Theng Software Link: http://www.foxmediatools.com/installers/fox-player-setup.exe Version: v2.4.0 Tested on: Windows XP SP 2 CVE : N / A Description : This is the latest version of FoxPlayer from the officia...

Mihan shop (ir) Setup Basic Site Settings Vulnerability

Exploit for php platform in category web applications ======================================================= Mihan shop ir Setup Basic Site Settings Vulnerability ======================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 ...

Mihan shop (ir) Setup Basic Site Settings Vulnerability

Exploit for php platform in category web applications...

Joovili 3.1.8 Setup Basic Site Settings Vulnerability

Exploit for php platform in category web applications ===================================================== Joovili 3.1.8 Setup Basic Site Settings Vulnerability ===================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /'...

CVE-2010-3040

Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager ICM before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a 1 HandleUpgradeAll, 2 AgentUpgrade, 3 HandleQueryNodeInfoReq, or 4 HandleUpgradeTrace TCP packet, aka...

ZDI-10-232: Cisco ICM Setup Manager Agent.exe HandleUpgradeAll Remote Code Execution Vulnerability

ZDI-10-232: Cisco ICM Setup Manager Agent.exe HandleUpgradeAll Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-232 November 7, 2010 -- CVE ID: CVE-2010-3040 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Cisco -- Affected Products: Cisco Unifie...

Cisco ICM Setup Manager multiple security vulnerabilities

Multiple vulnerabilities in Agent.exe TCP/40078...

Cisco ICM Setup Manager Agent.exe HandleQueryNodeInfoReq Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco ICM. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When handling the...

Cisco ICM Setup Manager Agent.exe HandleUpgradeAll Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco ICM. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When processing the...