Oracle Solaris su NULL Pointer

From http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/su/su.c 521 for j = 0; initenvj != 0; j++ 1 522 if initvar = getenvinitenvj 2 ... 535 else 536 var = char 537 mallocstrleninitenvj 3 538 + strleninitvar 539 + 2; 540 void strcpyvar, initenvj; 4 'su' when creating new environme...

MySQL Community Server 5.1 < 5.1.51 Multiple Denial of Service Vulnerabilities

Binary data 5677.prm...

MySQL Community Server 5.1 < 5.1.51 Multiple Denial of Service Vulnerabilities

Binary data 801142.prm...

Microsoft Office Excel String Variable Code Execution (MS10-038; CVE-2010-1252)

Microsoft Excel is a popular spreadsheet application that is usually released as part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulae, and various data sources. The common extension used for Microsoft Excel documents is .xls or .xlw...

PHP multiple security vulnerabilities

phar extension information leaks, SPLObjectStorage information leaks, error messages information leaks, variables spoofing...

Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit)

Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow Metasploit $Id: novelliprintcallbackurl.rb 10429 2010-09-21 18:46:29Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework we...

Debian DSA-2109-1 : samba - buffer overflow

A vulnerability has been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The sidparse function does not correctly check its input lengths when reading a binary representation of a Windows SID Security ID. This allows a malicious client to send a sid that can overflow the...

RarCrack 0.2 - &#039;Filename init() .bss&#039; (PoC)

The software can be downloaded here: http://rarcrack.sourceforge.net/ Author: stoke Date: 2010-09-20 Download: http://rarcrack.sourceforge.net/ Tested on: Backtrack 4 Site: http://devilcode.it | http://hack2web.altervista.org Special greetz to: nex, for reassure me when i sayed "WHY EIP IT'S NOT...

RarCrack 0.2 - Filename init() .bss (PoC)

RarCrack 0.2 - Filename init .bss PoC The software can be downloaded here: http://rarcrack.sourceforge.net/ Author: stoke Date: 2010-09-20 Download: http://rarcrack.sourceforge.net/ Tested on: Backtrack 4 Site: http://devilcode.it | http://hack2web.altervista.org Special greetz to: nex, for...

Joomla Restaurant Guide Cross Site Scripting / Local File Inclusion / SQL Injection

Exploit Title: Joomla Component comrestaurantguide Multiple Vulnerabilities Date: 18.09.2010 Author: Valentin Category: webapps/0day Version: 1.0.0 Tested on: Debian lenny, Apache2, MySQL 5, Joomla 1.5.x CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::...

[SECURITY] [DSA-2109-1] New samba packages fix buffer overflow

------------------------------------------------------------------------ Debian Security Advisory DSA-2109-1 [email protected] http://www.debian.org/security/ Stefan Fritsch September 16, 2010 http://www.debian.org/security/faq -...

[SECURITY] [DSA-2109-1] New samba packages fix buffer overflow

------------------------------------------------------------------------ Debian Security Advisory DSA-2109-1 [email protected] http://www.debian.org/security/ Stefan Fritsch September 16, 2010 http://www.debian.org/security/faq -...

DSA-2109-1 samba - buffer overflow

Bulletin has no description...

Oracle Secure Backup Administration selector Variable Command Injection (CVE-2010-0906)

Oracle Secure Backup is a backup solution allowing for single point of management of data present on network attached storage NAS devices and distributed hosts. A command execution vulnerability exists in Oracle Secure Backup server. The vulnerability is due to an insufficient sanitizing when...

SQL injection vulnerability in CompuCMS

Vulnerability ID: HTB22580 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityincompucms1.html Product: CompuCMS Vendor: CompuSoft A/S http://www.compusoft.dk/ Vulnerable Version: Current at 06.08.2010 and Probably Prior Versions Vendor Notification: 09 August 2010 Vulnerability...

Fedora 12 : maniadrive-1.2-22.fc12 / php-5.3.3-1.fc12 / php-eaccelerator-0.9.6.1-2.fc12 (2010-11428)

Update to PHP 5.3.3 Security Enhancements and Fixes in PHP 5.3.3: Rewrote varexport to use smartstr rather than output buffering, prevents data disclosure if a fatal error occurs CVE-2010-2531. Fixed a possible resource destruction issues in shmputvar. Fixed a possible information leak because of...

AneCMS SQL Injection

Exploit Title: anecms SQli Date: 23/08/2010 Author: Sweet Contact : [email protected] Software Link: anecms.com Download: anecms.com/anecms.zip Version: All Tested on: WinXp sp3 Description : anecms is an open source blog manager Sqli: The POST variable username has been set to sweet'" on...

AneCMS - &#039;/registre/next&#039; SQL Injection

Exploit Title: anecms SQli Date: 23/08/2010 Author: Sweet Contact : [email protected] Software Link: anecms.com Download: anecms.com/anecms.zip Version: All Tested on: WinXp sp3 Description : anecms is an open source blog manager...

CVE-2010-3065

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name...

Default configuration

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name...