19 matches found
Debian DSA-3985-1 : chromium-browser - security update
Several vulnerabilities have been discovered in the chromium web browser. - CVE-2017-5111 Luat Nguyen discovered a use-after-free issue in the pdfium library. - CVE-2017-5112 Tobias Klein discovered a buffer overflow issue in the webgl library. - CVE-2017-5113 A buffer overflow issue was discover...
Linux Kernel (Solaris 10 / < 5.10 138888-01) - Local Privilege Escalation
/ hoagiesolarissiocgtunparam.c LOCAL SOLARIS KERNEL ROOT EXPLOIT ipifill is used for mutex enter so we have to set the offet for an illt structure. Later putnext will be called with a queue see illt. We can use this queue to add a custom callback function that is used by putnext. ipif.c /...
Linux Kernel (Solaris 10 5.10 138888-01) - Local Privilege Escalation
Linux Kernel Solaris 10 5.10 138888-01 - Local Privilege Escalation / hoagiesolarissiocgtunparam.c LOCAL SOLARIS KERNEL ROOT EXPLOIT ipifill is used for mutex enter so we have to set the offet for an illt structure. Later putnext will be called with a queue see illt. We can use this queue to add ...
iDefense Security Advisory 11.11.10: Apple Mobile OfficeImport Framework Excel Parsing Memory Corruption Vulnerability
iDefense Security Advisory 11.11.10 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 11, 2010 I. BACKGROUND The OfficeImport framework is an API used by Apple's mobile devices, including the iPod Touch, iPhone, and iPad. The framework is used to parse and display Microsoft Office file...
Solaris/Open Solaris UCODE_GET_VERSION IOCTL Denial of Service
No description provided by source. / cve-2010-0453.c -- Patroklos Argyroudis, argp at domain census-labs.com Denial of service kernel panic PoC exploit for the UCODEGETVERSION ioctl NULL pointer dereference vulnerability on Solaris/OpenSolaris: http://www.trapkit.de/advisories/TKADV2010-001.txt...
Solaris/Open Solaris UCODE_GET_VERSION IOCTL - Denial of Service
/ cve-2010-0453.c -- Patroklos Argyroudis, argp at domain census-labs.com Denial of service kernel panic PoC exploit for the UCODEGETVERSION ioctl NULL pointer dereference vulnerability on Solaris/OpenSolaris: http://www.trapkit.de/advisories/TKADV2010-001.txt...
SolarisOpen Solaris UCODE_GET_VERSION IOCTL - Denial of Service
SolarisOpen Solaris UCODEGETVERSION IOCTL - Denial of Service / cve-2010-0453.c -- Patroklos Argyroudis, argp at domain census-labs.com Denial of service kernel panic PoC exploit for the UCODEGETVERSION ioctl NULL pointer dereference vulnerability on Solaris/OpenSolaris:...
[TKADV2009-007] Apple iPhone OS AudioCodecs Heap Buffer Overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Apple iPhone OS AudioCodecs Heap Buffer Overflow Advisory ID: TKADV2009-007 Revision: 1.0 Release Date: 2009/09/09 Last Modified: 2009/09/09 Date Reported: 2009/04/05 Author: Tobias Klein tk at trapkit.de Affected Software: iPhone OS 1.0...
Debian DSA-1814-1 : libsndfile - heap-based buffer overflow
Two vulnerabilities have been found in libsndfile, a library to read and write sampled audio data. The Common Vulnerabilities and Exposures project identified the following problems : - CVE-2009-1788 Tobias Klein discovered that the VOC parsing routines suffer of a heap-based buffer overflow whic...
FreeBSD : amarok -- multiple vulnerabilities (6bb6188c-17b2-11de-ae4d-0030843d3802)
Secunia reports : Tobias Klein has reported some vulnerabilities in Amarok, which potentially can be exploited by malicious people to compromise a user's system. Two integer overflow errors exist within the 'Audible::Tag::readTag' function in src/metadata/audible/audibletag.cpp. These can be...
FreeBSD : ffmpeg -- 4xm processing memory corruption vulnerability (6733e1bf-125f-11de-a964-0030843d3802)
Secunia reports : Tobias Klein has reported a vulnerability in FFmpeg, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a signedness error within the 'fourxmreadheader' function in libavformat/4xm.c. This can...
MPlayer 1.0rc2 - TwinVQ Stack Buffer Overflow (PoC)
MPlayer 1.0rc2 - TwinVQ Stack Buffer Overflow PoC !/usr/bin/perl MPlayer 1.0rc2 TwinVQ Stack Buffer Overflow PoC PoC by Amirreza Aminsalehi "sCORPINo" Proud To be an Abay scorpino x40 gmail x2e com Snoop Security Researching Committee www.snoop-security.com Originaly this bug discovered by Tobias...
Debian DSA-1706-1 : amarok - integer overflows
Tobias Klein discovered that integer overflows in the code the Amarok media player uses to parse Audible files may lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Securi...
MPlayer 1.0rc2 - TwinVQ Stack Buffer Overflow (PoC)
!/usr/bin/perl MPlayer 1.0rc2 TwinVQ Stack Buffer Overflow PoC PoC by Amirreza Aminsalehi "sCORPINo" Proud To be an Abay scorpino x40 gmail x2e com Snoop Security Researching Committee www.snoop-security.com Originaly this bug discovered by Tobias Klein advisory @...
VideoLAN VLC Media Player < 0.9.6 - '.rt' Local Stack Buffer Overflow
!/usr/bin/perl VLC Media Player This should work on a fully up-to-date Windows XP SP3. If you want it to work on your OS version, just find a "jmp esp" address in one of the dlls loaded with VLC :. Have fun. Remember that VLC will open the file .rt automatically with a video of the same name...
[TKADV2008-010] VLC media player TiVo ty Processing Stack Overflow Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: VLC media player TiVo ty Processing Stack Overflow Vulnerability Advisory ID: TKADV2008-010 Revision: 1.0 Release Date: 2008/10/20 Last Modified: 2008/10/20 Date Reported: 2008/10/18 Author: Tobias Klein tk at trapkit.de Affected Software: V...
iDefense Security Advisory 06.04.08: Kaspersky Internet Security IOCTL Stack Based Buffer Overflow Vulnerability
iDefense Security Advisory 06.04.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 04, 2008 I. BACKGROUND aspersky Internet Security Suite is a combination of Kaspersky anti-virus, anti-spam, and personal firewall in one product. For more information see the vendor's website at the...
GLSA-200510-21 : phpMyAdmin: Local file inclusion and XSS vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200510-21 phpMyAdmin: Local file inclusion and XSS vulnerabilities Stefan Esser discovered that by calling certain PHP files directly, it was possible to workaround the grabglobals.lib.php security model and overwrite the $cfg...
phpMyAdmin: Local file inclusion and XSS vulnerabilities
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Stefan Esser discovered that by calling certain PHP files directly, it was possible to workaround the grabglobals.lib.php security model and overwrite the $cfg configuration...