IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Overflow

Application: IrfanView 4.33 Format PlugIn TTF File Parsing Stack Based Overflow Plateform: Windows Exploitation: Remote code execution Secunia Number: SA49319 PRL: 2012-11 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1...

IrfanView 4.33 - Format PlugIn .TTF File Parsing Stack Overflow

IrfanView 4.33 - Format PlugIn .TTF File Parsing Stack Overflow Application: IrfanView 4.33 Format PlugIn TTF File Parsing Stack Based Overflow Plateform: Windows Exploitation: Remote code execution Secunia Number: SA49319 PRL: 2012-11 Author: Francis Provencher Protek Research Lab's Website:...

MPlayer SAMI Subtitle File Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'MPlayer SAMI Subtitle File Buffer...

RabidHamster R4 Log Entry sprintf() Buffer Overflow

This module exploits a vulnerability found in RabidHamster R4's web server. By supplying a malformed HTTP request, it is possible to trigger a stack-based buffer overflow when generating a log, which may result in arbitrary code execution under the context of the user. This module requires...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4186)

This kernel update fixes the following security problems : - The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers IPV6RTHDRTYPE0 that create network amplification between two routers. CVE-2007-2242 The default is that RH0 is disabled now. To...

Ricoh DC Software DL-10 FTP Server USER Remote Code Execution

Added: 05/09/2012 BID: 52235 OSVDB: 79691 Background Various cameras e.g. CX1-6, G700, G700SE provided by Ricoh support transfering images to a PC over FTP. Ricoh supplies a small FTP server called SR-10 / Capftpd which enables users to transfer images from camera to computer. Problem The flaw is...

Ricoh DC Software DL-10 FTP Server USER Remote Code Execution

Added: 05/09/2012 BID: 52235 OSVDB: 79691 Background Various cameras e.g. CX1-6, G700, G700SE provided by Ricoh support transfering images to a PC over FTP. Ricoh supplies a small FTP server called SR-10 / Capftpd which enables users to transfer images from camera to computer. Problem The flaw is...

Ricoh DC Software DL-10 FTP Server USER Remote Code Execution

Added: 05/09/2012 BID: 52235 OSVDB: 79691 Background Various cameras e.g. CX1-6, G700, G700SE provided by Ricoh support transfering images to a PC over FTP. Ricoh supplies a small FTP server called SR-10 / Capftpd which enables users to transfer images from camera to computer. Problem The flaw is...

KLA10030 ACE vulnerabilities in Adobe Photoshop

Multiple serious vulnerabilities have been found in Adobe Photoshop. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities 1. Use-after-free vulnerability can be exploited via specially designed TIFF image. 2. Buffer overflow...

BeyondCHM 1.1 - Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= ============================================================================= BeyondCHM 1.1 Buffer Overflow price 32.56 EUR Url: http://www.beyondchm.com/ Author: shinnai...

Mac OS X OSX/Sabpab Trojan Detection

Using the supplied credentials, Nessus has found evidence that the remote Mac OS X host has been compromised by a Trojan in the OSX/Sabpab alternatively known as OSX/Sabpub family of Trojans. OSX/Sabpab is typically installed by means of a malicious Word document that exploits a stack-based buffe...

GSM SIM Editor 5.15 - Local Buffer Overflow (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'GSM SIM Editor 5....

Snort 2 - DCE/RPC Preprocessor Buffer Overflow (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Snort 2 DCE/RPC preprocessor Buffer...

WellinTech KingView Multiple Vulnerabilities

Overview Independent researchers Carlos Mario Penagos Hollman and Dillon Beresford identified multiple vulnerabilities in WellinTech’s KingView and a single vulnerability in WellinTech’s KingHistorian application. These vulnerabilities are exploitable remotely. WellinTech has created a patch and...

NetOp Remote Control Client 9.5 - Remote Buffer Overflow (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'NetOp Remote...

NetOp Remote Control Client 9.5 Buffer Overflow

This module exploits a stack-based buffer overflow in NetOp Remote Control 9.5. When opening a .dws file containing a specially crafted string longer then 520 characters will allow an attacker to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current...

D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability

D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability tested against: Microsoft Windows Server 2003 r2 sp2 Internet Explorer 7/8 Live demo: http://203.125.227.70/eng/index.cgi username: dlink password: dlink product homepage:...

Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) - FTP USER Command Buffer Overflow (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Ricoh DC DL-10 SR...

Wonderware SuiteLink Unallocated Unicode String Vulnerability

Overview This Advisory is a follow-up to the original ICS-CERT Alert titled ICS-ALERT-12-136-01 Wonderware SuiteLink Unallocated Unicode String that was published May 15, 2012 on the ICS-CERT web page. Independent researcher Luigi Auriemma identified a maliciously crafted Unicode string...

VLC Media Player < 2.0.1 Multiple Vulnerabilities

The version of VLC media player installed on the remote host is earlier than 2.0.1. Such versions are affected by multiple vulnerabilities: - The function 'MMSOpen' in the MMS access plugin contains a boundary error that can allow a stack-based buffer overflow when maliciously crafted MMS streams...