iDefense Security Advisory 10.30.07: IBM AIX lquerypv Stack Buffer Overflow Vulnerability

IBM AIX lquerypv Stack Buffer Overflow Vulnerability iDefense Security Advisory 10.30.07 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 30, 2007 I. BACKGROUND The lquerypv utility is used to examine the properties of a physical volume in a volume group. It is installed set-uid root by...

iDefense Security Advisory 10.30.07: IBM AIX lqueryvg Stack Buffer Overflow Vulnerability

IBM AIX lqueryvg Stack Buffer Overflow Vulnerability iDefense Security Advisory 10.30.07 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 30, 2007 I. BACKGROUND The lqueryvg utility is used to examine the properties of disk volume groups. It is installed set-uid root by default on...

GlobalLink 2.7.0.8 - ConnectAndEnterRoom ActiveX Control Stack Buffer Overflow

GlobalLink 2.7.0.8 - ConnectAndEnterRoom ActiveX Control Stack Buffer Overflow source: https://www.securityfocus.com/bid/26244/info GlobalLink is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an...

sony-overflow.txt

!/usr/bin/python Secunia Advisory : SA27270 Release Date : 2007-10-29 Sony CONNECT Player M3U Playlist Processing Stack Buffer Overflow m3u File Local Exploit Bug discovered by Parvez Anwar Exploit Written by TaMBaRuS [email protected] Tested on: Sony CONNECT Player SonicStage 4.x installed on...

Firebird process_packet() Remote Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firebird SQL server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the database service fbserver.exe, which binds to TCP port 3050. When processing a...

Firebird Relational Database SVC_attach() Buffer Overflow

This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted service attach request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Firebird Relational...

Borland InterBase SVC_attach() Buffer Overflow

This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted service attach request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Borland InterBase...

Borland InterBase open_marker_file() Buffer Overflow

This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted attach request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Borland InterBase openmarkerfile...

Borland InterBase jrd8_create_database() Buffer Overflow

This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted create request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Borland InterBase...

Firebird Relational Database isc_create_database() Buffer Overflow

This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted create request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Firebird Relational Database...

Borland InterBase isc_attach_database() Buffer Overflow

This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted attach request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Borland InterBase...

Kazaa Altnet Download Manager ActiveX Control Buffer Overflow

This module exploits a stack buffer overflow in the Altnet Download Manager ActiveX Control amd4.dll bundled with Kazaa Media Desktop 3.2.7. By sending an overly long string to the "Install" method, an attacker may be able to execute arbitrary code. This module requires Metasploit:...

Savant 3.1 Web Server Overflow

This module exploits a stack buffer overflow in Savant 3.1 Web Server. The service supports a maximum of 10 threads for a default install. Each exploit attempt generally causes a thread to die whether successful or not. Therefore, in a default configuration, you only have 10 chances. Due to the...

nfs security update

CentOS Errata and Security Advisory CESA-2007:0951 An updated nfs-utils-lib package to correct two security flaws is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The nfs-utils-lib package contai...

Xitami 2.5c2 Web Server If-Modified-Since Overflow

This module exploits a stack buffer overflow in the iMatix Corporation Xitami Web Server. If a malicious user sends an If-Modified-Since header containing an overly long string, it may be possible to execute a payload remotely. Due to size constraints, this module uses the Egghunter technique. Th...

Ask.com Toolbar askBar.dll ActiveX Control Buffer Overflow

This module exploits a stack buffer overflow in Ask.com Toolbar 4.0.2.53. An attacker may be able to execute arbitrary code by sending an overly long string to the "ShortFormat" method in askbar.dll. This module requires Metasploit: https://metasploit.com/download Current source:...

Important: Red Hat Security Advisory: nfs-utils-lib security update

An updated nfs-utils-lib package to correct a security flaw is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The nfs-utils-lib package contains support libraries that are needed by the commands a...

Trend Micro ServerProtect TMregChange()函数栈缓冲区溢出漏洞

CVECAN ID: CVE-2007-4731 Trend ServerProtect是一款企业级反病毒程序。 ServerProtect在处理超长畸形数据时存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制服务器。 ServerProtect的TMReg.dll库所导出的TMregChange例程中存在栈溢出漏洞，绑定到5005端口的TCP套接字未经边界检查便将用户提供的数据拷贝到了栈缓冲区，如果用户提交了超长请求就可以触发这个溢出，导致执行任意指令。 Trend Micro ServerProtect 5.58 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Microsoft Agent - 'agentdpv.dll' ActiveX Control Malformed URL Stack Buffer Overflow

source: https://www.securityfocus.com/bid/25566/info Microsoft Agent agentsvr.exe is prone to a stack-based buffer-overflow vulnerability because the application fails to adequately bounds-check user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary co...

Trend Micro OfficeScan Remote Stack Buffer Overflow

This module exploits a stack buffer overflow in Trend Micro OfficeScan cgiChkMasterPwd.exe running with SYSTEM privileges. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasm' class MetasploitModule 'Trend...