175 matches found
Average Web App Attacked Every Three Days
Do not envy the life of a Web app. It’s a brutal, public existence filled with attacks from all sides. In fact, a new report by Imperva sheds some light on this sad life, showing that a typical Web app is attacked once every three days and some are targeted as many as 2,700 times in a given year...
VLC Media Player <=1.0.6 Malformed Media File Crash PoC
No description provided by source. !/usr/bin/python VLC Media Player =1.0.6 Malformed Media File Crash PoC Found By: DrIDE Tested: Windows 7, Ubuntu 9, OSX 10.6.X Download: http://www.videolan.org Notes: Register overwrites seem very unpredictable at best... Greets: Offsec and Corelan Teams...
VideoLAN VLC Media Player 1.0.6 - .avi Media File Crash (PoC)
VideoLAN VLC Media Player 1.0.6 - .avi Media File Crash PoC !/usr/bin/python VLC Media Player =1.0.6 Malformed Media File Crash PoC Found By: DrIDE Tested: Windows 7, Ubuntu 9, OSX 10.6.X Download: http://www.videolan.org Notes: Register overwrites seem very unpredictable at best... Greets: Offse...
Month of PHP Security - Summary - 1st May - 10th May
Hi everyone, 10 days ago the Month of PHP Security 2010 has started at http://www.php-security.org/ and meanwhile 20 vulnerabilities were posted and also 4 user submitted articles were published. Here is a short summary of what was released so far. You can follow the Month of PHP Security on...
Asterisk invalid ACL processing
/0 CIDR in ACL is processed in unpredictable way...
PT-2009-5845 · Php · Php
Name of the Vulnerable Software and Affected Versions: PHP versions 5.3.x before 5.3.1 Description: The issue in PHP does not recognize the safe mode include dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform...
Debian DSA-960-3 : libmail-audit-perl - insecure temporary file creation
The former update caused temporary files to be created in the current working directory due to a wrong function argument. This update will create temporary files in the users home directory if HOME is set or in the common temporary directory otherwise, usually /tmp. For completeness below is a co...
CVE-2006-1174
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the...
CVE-2006-1174
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the...
CVE-2006-1174
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the...
Check Point FW-1 Syslog Daemon - Unfiltered Escape Sequence
Check Point FW-1 Syslog Daemon - Unfiltered Escape Sequence source: https://www.securityfocus.com/bid/7161/info An issue has been discovered in Check Point FW-1 syslog daemon when attempting to process a malicious, remotely supplied, syslog message. Specifically, some messages containing escape...
Check Point FW-1 Syslog Daemon - Unfiltered Escape Sequence
source: https://www.securityfocus.com/bid/7161/info An issue has been discovered in Check Point FW-1 syslog daemon when attempting to process a malicious, remotely supplied, syslog message. Specifically, some messages containing escape sequences are not properly filtered out. This may result in...
Sun JDKSDK 1.31.4 IBM JDK 1.3.1 BEA Systems WebLogic 567 - java.util.zip Null Value Denial of Service (3)
Sun JDKSDK 1.31.4 IBM JDK 1.3.1 BEA Systems WebLogic 567 - java.util.zip Null Value Denial of Service 3 source: https://www.securityfocus.com/bid/7109/info Several implementations of the Java Virtual Machine have been reported to be prone to a denial of service condition. This vulnerability occur...
Sun JDK/SDK 1.3/1.4 / IBM JDK 1.3.1 / BEA Systems WebLogic 5/6/7 - java.util.zip Null Value Denial of Service (2)
source: https://www.securityfocus.com/bid/7109/info Several implementations of the Java Virtual Machine have been reported to be prone to a denial of service condition. This vulnerability occurs in several methods in the java.util.zip class. The methods can be called with certain types of...
CVE-2002-1395
Internet Message IM 141-18 and earlier uses predictable file and directory names, which allows local users to 1 obtain unauthorized directory permissions via a temporary directory used by impwagent, and 2 overwrite and create arbitrary files via immknmz...