kernel: 64-bit Compatibility Mode Stack Pointer Underflow

The compatallocuserspace functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the...

Null pointer dereference

The compatallocuserspace functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the...

kernel: 64-bit Compatibility Mode Stack Pointer Underflow

The compatallocuserspace functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the...

CVE-2010-3081

The compatallocuserspace functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the...

UFO - Alien Invasion 2.2.1 IRC Client Remote Code Execution

!/usr/bin/python UFO: Alien Invasion v2.2.1 IRC Client Remote Code Execution - MacOSX OS X Snow Leopard: d1dn0t OS X Leopard: dookie Windows PoC: Jason Geffner http://www.exploit-db.com/exploits/14013 import sys, socket, struct WRITEABLE = 0x8fe66448 STRCPY=0x8fe2db10 shellcode =...

Integer overflow

Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that 1 bypasses a validation check in vorbisdec.c and triggers a wraparound of the stack pointer, or 2 access a pointer from out-of-bounds memory in...

CVE-2009-4634

Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that 1 bypasses a validation check in vorbisdec.c and triggers a wraparound of the stack pointer, or 2 access a pointer from out-of-bounds memory in...

CVE-2009-4634

The CVE-2009-4634 issue is a vulnerability in FFmpeg 0.5 involving multiple integer underflows that allow a remote attacker to cause a denial of service and potentially execute arbitrary code via crafted files. Specifically, one vector bypasses a validation in vorbis_dec.c causing a stack pointer...

CVE-2009-4634

Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that 1 bypasses a validation check in vorbisdec.c and triggers a wraparound of the stack pointer, or 2 access a pointer from out-of-bounds memory in...

CVE-2009-4634

Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that 1 bypasses a validation check in vorbisdec.c and triggers a wraparound of the stack pointer, or 2 access a pointer from out-of-bounds memory in...

Mandriva Update for xorg-x11 MDKSA-2007:079 (xorg-x11)

Check for the Version of xorg-x11 OpenVAS Vulnerability Test Mandriva Update for xorg-x11 MDKSA-2007:079 xorg-x11 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

VMware多个拒绝服务漏洞

VMWare是一款虚拟PC软件，允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。 VMWare中存在多个拒绝服务漏洞，具体如下： 1 虚拟机进程（VMX）的ACPI实现在收集有关虚拟机运行状态信息时存在错误，可能导致进程读取无效的内存位置。 2 VMX储存某些畸形配置数据时的错误可能导致guest操作系统拒绝服务。 3 在Windows guest操作系统中处理通用保护错误（GPF）中的漏洞可能导致Windows虚拟机崩溃。 4 在64位主机系统上调试64位Windows guest操作系统中的应用程序时可能导致被破坏的栈指针或内核bugcheck。 VMWar...

QNX RTOS 6.3.0 (phgrafx) Local Buffer Overflow Exploit (x86)

No description provided by source. / [email protected] c 2005, all rights reserved. sample exploit for phgrafx on QNX 6.3.0 x86 tested on: QNX qnx 6.3.0 2004/04/29-21:23:19UTC x86pc x86 / include sys/types.h include stdio.h include stdlib.h include dlfcn.h include unistd.h include err.h...

Xmame 0.102 (-lang) Local Buffer Overflow Exploit (c code)

Exploit for linux platform in category local exploits ========================================================== Xmame 0.102 -lang Local Buffer Overflow Exploit c code ========================================================== / Xmame 0.102 -lang Local Buffer Overflow Exploit Coded BY Qnix...

linux/x86 /bin/sh Standard Opcode Array Payload 21 Bytes

No description provided by source. / lnxbinsh4.c - v1 - 21 Byte /bin/sh Opcode Array Payload Copyrightc 2004 c0ntex [email protected] This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software...

linux/x86 /bin/sh sysenter Opcode Array Payload 45 bytes

Exploit for linux/x86 platform in category shellcode ======================================================== linux/x86 /bin/sh sysenter Opcode Array Payload 45 bytes ======================================================== / lnxbinsh2.c - v1 - 45 Byte /bin/sh sysenter Opcode Array Payload...

Aspell (word-list-compress) - Command Line Stack Overflow

Aspell word-list-compress - Command Line Stack Overflow / Fuck private exploits . Fuck iranian hacking and security !! teams who are just some fucking kiddies. Fuck all "Security money makers" word-list-compress local exploit - SECU Coded by : c0d3r / root . razavi1366atyahoodotcom...

mnGoSearch buffer overflow in UdmDocToTextBuf()

Jedi/Sector One reported the following on the full-disclosure list: Every document is stored in multiple parts according to its sections description, body, etc in databases. And when the content has to be sent to the client, UdmDocToTextBuf concatenates those parts together and skips metadata...

Solaris 2.52.5.12.67.0 - sadmind Remote Buffer Overflow (2)

Solaris 2.52.5.12.67.0 - sadmind Remote Buffer Overflow 2 // source: https://www.securityfocus.com/bid/866/info Certain versions of Solaris ship with a version of sadmind which is vulnerable to a remotely exploitable buffer overflow attack. sadmind is the daemon used by Solstice AdminSuite...