6776 matches found
MS Windows (.doc File) Malformed Pointers Denial of Service Exploit
No description provided by source. / Microsoft Windows .doc File Malformed Pointers DoS &...
Microsoft Windows - .doc Malformed Pointers Denial of Service
Microsoft Windows - .doc Malformed Pointers Denial of Service /\ Microsoft Windows .doc File Malformed Pointers DoS Just move your mouse on the file and explorer crashes. If it does not try to look at file properties. Bug comes from Ole32.dll: CMP DWORD PTR DS:EAX+EBX,3 and we can set EAX, EDX an...
CVE-2005-4831
viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting XSS and other attacks, as demonstrated using 1 "text/html", or 2 "image/jpeg" with an image that is rendered as HTML ...
DovX Web Player ActiveX DoS
Crash on large 'resize' method values...
DBImageGallery 1.2.2 (donsimg_base_path) RFI Vulnerabilities
Exploit for unknown platform in category web applications ============================================================ DBImageGallery 1.2.2 donsimgbasepath RFI Vulnerabilities ============================================================ DBImageGallery 1.2.2 Found by Denven ERROR:...
PT-2007-2285 · Microsoft · Visual C++ 8.0 Standard Library
Name of the Vulnerable Software and Affected Versions: Microsoft Visual C++ 8.0 standard library MSVCR80.DLL version 8.0 Description: The 64-bit versions of Microsoft Visual C++ 8.0 standard library time functions, including localtime, localtime s, gmtime, gmtime s, ctime, ctime s, wctime, wctime...
Microsoft Visual Studio 64-bit time functions DoS
Invalid use of assert-style macro causes application termination for timet values behind MAXTIME64T January, 1 3000...
Cross site scripting
Cross-site scripting XSS vulnerability in the IFrame module before 03.02.01 for DotNetNuke DNN allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values."...
security flaw
Multiple buffer overflows in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 7 and earlier, Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allow attackers to develop Java applets that read, write, or execute...
intel-race.txt
Title: Intel 2200BG 802.11 Beacon frame Kernel Memory Corruption Description: The intel wireless mini-pci driver provided with Intel 2200BG cards is vulnerable to a remote race condition memory corruption flaw. Malformed beacons frame can be used to corrupt internal kernel structures,leading to...
CVE-2006-6309
Multiple array index errors in IBM Tivoli Storage Manager TSM before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to read arbitrary memory locations and cause a denial of service crash via a large index value in unspecified messages, a different issue than CVE-2006-5855...
Apple Airport 802.11 Probe Response Kernel Memory Corruption PoC
No description provided by source. A proof-of-concept exploit has been added to the Metasploit Framework 3.0 source tree: msf use auxiliary/dos/wireless/daringphucball require 'msf/core' module Msf class Auxiliary::Dos::Wireless::DaringPhucball Msf::Auxiliary include Exploit::Lorcon def...
[Reversemode Advisory] Apple Quicktime FLIC File Heap Overflow
Hi, Apple Quicktime = 7.1 is prone to a heap overflow vulnerability. This flaw could lead to a remote code execution,if an attacker tricks the victim to visit a malicious webpage with a specially crafted .fli animation embedded. The flaw is located within the "COLOR64 chunk" Quicktime parser. Sin...
powerzip-exp.txt
/ PowerZip 7.06 Exploit by bratax http://www.bratax.be/ Just a quick one as I was able to reuse most of my zipcentral eploit code.. Greetz to everyone I like...special greetz to mobbie and DT as they were sad I didn't mention them the previous time :p Some technical info: - Original advisory +...
CVE-2006-4447
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit...
DEBIAN-CVE-2006-4144
Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code via large 1 bytesperpixel, 2 columns, and 3 rows values, which trigger a heap-based buffer overflow...
CVE-2006-3464
TIFF library libtiff before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic...
CVE-2006-3929
Cross-site scripting XSS vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40PT.0b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter...
security flaw
Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service crash via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values...
Buffer overflow
The iaxnetread function in the iaxclient open source library, as used in multiple products including a LoudHush 1.3.6, b IDE FISK 1.35 and earlier, c Kiax 0.8.5 and earlier, d DIAX, e Ziaxphone, f IAX Phone, g X-lite, h MediaX, i Extreme Networks ePhone, and j iaxComm before 1.2.0, allows remote...