«
Expand/Collapse
765 items tagged "stack buffer"
Related tags:
studio [+],
novell netware [+],
netware authentication [+],
local [+],
hollywood [+],
gom [+],
code execution [+],
buffer overflow exploit [+],
suhosin [+],
php [+],
media [+],
cyberlink [+],
ultraplayer [+],
tv player [+],
socket [+],
gom player [+],
function [+],
extension [+],
digital [+],
aviosoft [+],
avid media composer [+],
avid [+],
zero day [+],
security [+],
provisioning services [+],
project [+],
code [+],
asterisk [+],
buffer [+],
buffer overflow vulnerability [+],
zip [+],
wireshark [+],
studio 9 [+],
multiple [+],
lotus [+],
license server [+],
ibm [+],
cytel [+],
zipgenius [+],
transparent [+],
tracker [+],
storyboard quick [+],
sopcast [+],
safer use [+],
power [+],
poc [+],
office [+],
manager [+],
draft 8 [+],
dj studio [+],
composer [+],
buffer overflow vulnerabilities [+],
apple quicktime [+],
adobe [+],
Software [+],
Final [+],
overflow [+],
yale [+],
windows [+],
vulnerability exploitation [+],
vlc media player [+],
vlc [+],
valid credentials [+],
uri [+],
unrar [+],
u ftp [+],
trent micro [+],
sysax [+],
storyboard [+],
stor [+],
src parameter [+],
sid [+],
server authentication [+],
serv u ftp [+],
rop [+],
realplayer user [+],
radio interference [+],
quicktime media [+],
quick [+],
project security [+],
proficy [+],
port 1234 [+],
port [+],
plugins [+],
pdfsaver [+],
parameter [+],
opera version [+],
opera [+],
openview [+],
novell groupwise [+],
njstar [+],
network node manager [+],
netb [+],
multiple file [+],
monitor [+],
mms [+],
minismtp [+],
micro control [+],
manager. the [+],
manager. authentication [+],
manager interface [+],
mail attachment [+],
m3u file [+],
luigi auriemma [+],
lmgrd [+],
license [+],
kernel stack [+],
kernel [+],
insufficient checks [+],
input size [+],
import command [+],
image [+],
harir [+],
google yahoo [+],
ftp [+],
freeamp [+],
free [+],
folder [+],
float [+],
flexnet [+],
exe component [+],
exception handler [+],
econet [+],
draft [+],
daqfactory [+],
csound [+],
cookie [+],
control [+],
communicator [+],
chaos communication congress [+],
ccmplayer [+],
buffer overflow condition [+],
blade [+],
asx file [+],
asx [+],
arbitrary code [+],
api [+],
ability [+],
zero [+],
xpm [+],
travis goodspeed [+],
stream [+],
rtf file [+],
rtf [+],
ripper [+],
radio [+],
pip [+],
packet [+],
ntp [+],
netpbm [+],
mscomctl [+],
mod [+],
microsoft [+],
magentservice [+],
injection [+],
free mp3 cd [+],
fcd [+],
fat [+],
exe [+],
electronic flash [+],
castripper [+],
abbs [+],
day [+],
exploits [+],
based buffer overflow [+],
wonderware [+],
web player [+],
web [+],
url [+],
uri handling [+],
tv ip [+],
trendnet [+],
tracker software [+],
talk [+],
switch [+],
sop [+],
server response [+],
securview [+],
scada [+],
ruxcon [+],
remote [+],
realnetworks [+],
pointdev [+],
plus [+],
player v2 [+],
pict [+],
parse [+],
oracle [+],
odbc drivers [+],
ntpq [+],
ntpd [+],
nsfcomputeevaluateext [+],
novell groupwise internet agent [+],
novell [+],
njstar communicator [+],
multiple products [+],
migration [+],
memory corruption [+],
lotus domino [+],
keyview [+],
ipswcom [+],
internet camera [+],
internet [+],
ideal [+],
hunter [+],
http [+],
helix [+],
hacking [+],
groupwise [+],
groovy [+],
gretech [+],
ftpd [+],
freetype [+],
freefloat [+],
flash [+],
final draft [+],
fcgid [+],
domino [+],
document attachment [+],
dna [+],
divx [+],
descriptors [+],
datadirect odbc [+],
datadirect [+],
cyberlink power2go [+],
crushftp [+],
configurationaccesscomponent [+],
codesys [+],
bugtraq [+],
bip [+],
autonomy corp [+],
autonomy [+],
autokey [+],
asus [+],
archive [+],
archiv [+],
archestra [+],
apache [+],
advisory [+],
adobe flash player [+],
player [+],
vulnerability [+],
file [+],
stack overflow [+],
initiative [+],
arbitrary code execution [+],
stack [+],
server [+],
buffer overflow [+],
zippho,
zipper,
zip file,
zgtips,
zero byte,
zenworks,
yassl,
xion player,
xion,
xilisoft video converter,
xilisoft,
xcftools,
x coregraphics,
x buffer,
wordtrainer,
word record,
word builder,
word,
winlog,
windows sockets,
windows media unicast service,
windows media services,
windisc,
winamp versions,
winamp,
webster http,
webster,
website builder,
website,
webhmi,
wav to mp3 converter,
wav to mp3,
wav,
vuplayer,
visual,
virtual dj,
virtual,
viewer,
videolan,
video converter,
video,
version,
vendor,
vbproj,
validation error,
utilconfighome,
unzip,
universal,
udp ports,
u file,
txt,
tweakfs,
tivoli management framework,
tivoli endpoint,
tivoli,
timestamp,
tiff image,
tif,
thumbnail view,
textbytesatom,
text,
target,
system privileges,
system,
sun jvm,
stripbytecounts,
streaming,
stream software,
statsreader,
stack frame,
ssl certificate,
ssl,
sploit,
source buffer,
soritong,
sorinara,
snmpviewer,
smtp rcpt,
smb,
size,
shellzip,
sesskey,
service daemon,
service,
seh,
scpc,
schema,
sapgui,
sap,
s3m,
rxssetdatagrowthscheduleandfilter,
rslinx,
rpc,
rm to mp3 converter,
rm to mp3,
rm mp,
rich text messages,
retired,
request,
remote control server,
refresh,
record,
realwin,
reader,
quicktimestreaming,
quicktime,
quickplayer,
quagga,
qtx,
provisioning,
proof of concept,
process,
principal 2,
powerzip,
powerpoint,
postscript,
portable,
plugin,
pls file,
pls,
plf,
pkernel,
phantom title,
phantom,
pgn,
personal ftp server,
pers ftp sploit,
pedantic mode,
pdf,
pasv command,
pasv,
pass,
pa,
ovalarm,
oracle java,
opie,
open implementation,
open,
opc,
novell zenworks,
nos,
node,
nlst,
nlm,
network,
netware servers,
netware 6,
netware,
netbsd,
netbiterconfig,
mysql,
myinfo,
musik maker,
musik,
mupdf,
multiple buffer overflow,
ms visual studio,
mppl,
mpf,
mpeg player,
mpeg,
mp3 stack,
mp3 cd ripper,
moreamp,
module,
modem string,
mjm,
mit,
ministreamrmmp,
mini stream ripper,
mini stream,
millennium mp3 studio,
millennium,
millenium,
midi,
microsystems,
microsoft windows,
microsoft visual basic,
microsoft systems journal,
microsoft powerpoint viewer,
microsoft data access components,
microsoft data access,
microp,
mic,
metasploit,
message transfer,
message,
mediacoder,
max,
manager toolbar,
management,
malformed,
maker,
mail messages,
magix,
maf,
mackeitone,
mac,
m stack,
lwp,
lst file,
linux kernel,
linux,
libtiff,
librpc,
libreoffice,
libc,
lib,
lgserver,
length,
language,
kpl,
kolibri,
kmplayer,
kerberos 5,
kerberos,
kenward,
kadmind,
jetaudio,
java,
iscsi,
isc dhcp,
isc,
ipj,
intersystems cache,
intersystems,
intellicom,
install,
input,
initialize,
imanager,
identifier,
idefense security advisory,
idefense,
icp,
iconics,
icc,
icarus,
hp openview network node manager,
hp network,
hitachi,
help,
helix server,
handling,
goldenftp,
gd extension,
ftpgetter,
ftp service,
fsx,
freebsd security,
freebsd sa,
foxit,
format specifiers,
flvplayer,
flaw,
firefox plugin,
firefox,
factorylink,
ezip,
exploit,
enterprise,
elecard,
eftp,
edraw,
editor,
edition,
edisplay,
easyzip 2000,
easyzip,
easy,
eai,
driver ast,
downloader 2,
downloader,
download,
domino icalendar,
dll module,
dll,
dirread,
dhcp,
dhclient,
destiny media player,
destiny,
dc hub,
datac,
data protector,
csproj,
csp,
crimson editor,
crimson,
createsizeddibsection,
cpio,
corelanc,
corelan,
core,
coolplayer,
converter,
control stack,
content ,
configuration,
component version,
component,
common,
command,
collaboration,
code path,
coat,
class stack,
citrix,
cid,
cgi,
cfg,
call,
calendar daemon,
c stack,
bywifi,
byte,
business,
builder,
build,
bof,
bmc patrol,
bluevoda,
blue,
blazedvd,
bindshell,
bgpd,
beta 3,
beta,
bcaaa,
avi,
automation,
authentication proxy,
authentication,
auth,
auriemma,
audio converter,
audio,
attacker,
argument,
arcane software,
apple mac os,
ape file,
ape,
apdfwavmp,
alert management,
aix,
aimp,
agentx,
adobe reader,
activex control,
activex,
actfax,
accessible network,
a pdf
-
-
18:40
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in the FlexNet License Server Manager. The vulnerability is due to the insecure usage of memcpy in the lmgrd service when handling network packets, which results in a stack buffer overflow. In order to improve reliability, this module will make lots of connections to lmgrd during each attempt to maximize its success.
-
18:40
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in the FlexNet License Server Manager. The vulnerability is due to the insecure usage of memcpy in the lmgrd service when handling network packets, which results in a stack buffer overflow. In order to improve reliability, this module will make lots of connections to lmgrd during each attempt to maximize its success.
-
18:40
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in the FlexNet License Server Manager. The vulnerability is due to the insecure usage of memcpy in the lmgrd service when handling network packets, which results in a stack buffer overflow. In order to improve reliability, this module will make lots of connections to lmgrd during each attempt to maximize its success.
-
-
15:45
»
Packet Storm Security Exploits
This Metasploit module exploits a buffer overflow in VLC media player VLC media player prior to 2.0.0. The vulnerability is due to a dangerous use of sprintf which can result in a stack buffer overflow when handling a malicious MMS URI. This Metasploit module uses the browser as attack vector. A specially crafted MMS URI is used to trigger the overflow and get flow control through SEH overwrite. Control is transferred to code located in the heap through a standard heap spray. The module only targets IE6 and IE7 because no DEP/ASLR bypass has been provided.
-
15:45
»
Packet Storm Security Recent Files
This Metasploit module exploits a buffer overflow in VLC media player VLC media player prior to 2.0.0. The vulnerability is due to a dangerous use of sprintf which can result in a stack buffer overflow when handling a malicious MMS URI. This Metasploit module uses the browser as attack vector. A specially crafted MMS URI is used to trigger the overflow and get flow control through SEH overwrite. Control is transferred to code located in the heap through a standard heap spray. The module only targets IE6 and IE7 because no DEP/ASLR bypass has been provided.
-
15:45
»
Packet Storm Security Misc. Files
This Metasploit module exploits a buffer overflow in VLC media player VLC media player prior to 2.0.0. The vulnerability is due to a dangerous use of sprintf which can result in a stack buffer overflow when handling a malicious MMS URI. This Metasploit module uses the browser as attack vector. A specially crafted MMS URI is used to trigger the overflow and get flow control through SEH overwrite. Control is transferred to code located in the heap through a standard heap spray. The module only targets IE6 and IE7 because no DEP/ASLR bypass has been provided.
-
-
11:57
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. This Metasploit module targets Office 2007 and Office 2010 targets. The DEP/ASLR bypass on Office 2010 is done with the Ikazuchi ROP chain proposed by Abysssec. This chain uses "msgr3en.dll", which will load after office got load, so the malicious file must be loaded through "File / Open" to achieve exploitation.
-
11:57
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. This Metasploit module targets Office 2007 and Office 2010 targets. The DEP/ASLR bypass on Office 2010 is done with the Ikazuchi ROP chain proposed by Abysssec. This chain uses "msgr3en.dll", which will load after office got load, so the malicious file must be loaded through "File / Open" to achieve exploitation.
-
11:57
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. This Metasploit module targets Office 2007 and Office 2010 targets. The DEP/ASLR bypass on Office 2010 is done with the Ikazuchi ROP chain proposed by Abysssec. This chain uses "msgr3en.dll", which will load after office got load, so the malicious file must be loaded through "File / Open" to achieve exploitation.
-
12:39
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow in CyberLink Power2Go version 8.x. The vulnerability is triggered when opening a malformed p2g file containing an overly long string in the 'name' attribute of the file element. This results in overwriting a structured exception handler record.
-
12:39
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow in CyberLink Power2Go version 8.x. The vulnerability is triggered when opening a malformed p2g file containing an overly long string in the 'name' attribute of the file element. This results in overwriting a structured exception handler record.
-
12:39
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow in CyberLink Power2Go version 8.x. The vulnerability is triggered when opening a malformed p2g file containing an overly long string in the 'name' attribute of the file element. This results in overwriting a structured exception handler record.
-
-
18:02
»
Packet Storm Security Exploits
This Metasploit module exploits a buffer overflow in Csound before 5.16.6. The overflow occurs when trying to import a malicious hetro file from tabular format. In order to achieve exploitation the user should import the malicious file through csound with a command like "csound -U het_import msf.csd file.het". This exploit doesn't work if the "het_import" command is used directly to convert the file.
-
18:02
»
Packet Storm Security Recent Files
This Metasploit module exploits a buffer overflow in Csound before 5.16.6. The overflow occurs when trying to import a malicious hetro file from tabular format. In order to achieve exploitation the user should import the malicious file through csound with a command like "csound -U het_import msf.csd file.het". This exploit doesn't work if the "het_import" command is used directly to convert the file.
-
18:02
»
Packet Storm Security Misc. Files
This Metasploit module exploits a buffer overflow in Csound before 5.16.6. The overflow occurs when trying to import a malicious hetro file from tabular format. In order to achieve exploitation the user should import the malicious file through csound with a command like "csound -U het_import msf.csd file.het". This exploit doesn't work if the "het_import" command is used directly to convert the file.
-
-
20:07
»
Packet Storm Security Advisories
Asterisk Project Security Advisory - An attacker attempting to connect to an HTTP session of the Asterisk Manager Interface can send an arbitrarily long string value for HTTP Digest Authentication. This causes a stack buffer overflow, with the possibility of remote code injection.
-
20:07
»
Packet Storm Security Recent Files
Asterisk Project Security Advisory - An attacker attempting to connect to an HTTP session of the Asterisk Manager Interface can send an arbitrarily long string value for HTTP Digest Authentication. This causes a stack buffer overflow, with the possibility of remote code injection.
-
20:07
»
Packet Storm Security Misc. Files
Asterisk Project Security Advisory - An attacker attempting to connect to an HTTP session of the Asterisk Manager Interface can send an arbitrarily long string value for HTTP Digest Authentication. This causes a stack buffer overflow, with the possibility of remote code injection.
-
-
21:55
»
SecDocs
Authors:
Travis Goodspeed Tags:
wireless WiFi Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: New to 2011, Packet-in-Packet exploits allow for injection of raw radio frames into remote wireless networks. In these exploits, an attacker crafts a string that when transmitted over the air creates the symbols of a complete and valid radio packet. When radio interference damages the beginning of the outer packet, the receiver is tricked into seeing only the inner packet, allowing a frame to be remotely injected. The attacker requires no radio, and injection occurs without a software or hardware bug. This lecture presents the first implementation of Packet-in-Packet injection for 802.11B, allowing malicious PHY-Layer frames to be remotely injected. The attack is standards-compliant and compatible with all vendors and drivers. Unlike the simpler implementations for 802.15.4 and 2FSK, 802.11B presents a number of unique challenges to the PIP implementer. A single packet can use up to three symbol sets and three data-rates, switching rates once within the header and a second time for the beginning of the body. Additionally, a 7-bit scrambler randomizes the encoding of each packet, so the same string of text can be represented 128 different ways at the exact same rate and encoding. This lecture presents the first implementation of Packet-in-Packet injection for 802.11B, allowing malicious PHY-Layer frames to be remotely injected. The attack is standards-compliant and compatible with all vendors and drivers. As a demo, we intend to present a malicious string which can be embedded in any file with lots of slack space, such as an ISO image. When this image is downloaded over HTTP on 802.11B, beacon frames will be injected. For the demo, we will be injecting the SSID stack buffer overflow frames from Uninformed Volume 6.
-
21:55
»
SecDocs
Authors:
Travis Goodspeed Tags:
wireless WiFi Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: New to 2011, Packet-in-Packet exploits allow for injection of raw radio frames into remote wireless networks. In these exploits, an attacker crafts a string that when transmitted over the air creates the symbols of a complete and valid radio packet. When radio interference damages the beginning of the outer packet, the receiver is tricked into seeing only the inner packet, allowing a frame to be remotely injected. The attacker requires no radio, and injection occurs without a software or hardware bug. This lecture presents the first implementation of Packet-in-Packet injection for 802.11B, allowing malicious PHY-Layer frames to be remotely injected. The attack is standards-compliant and compatible with all vendors and drivers. Unlike the simpler implementations for 802.15.4 and 2FSK, 802.11B presents a number of unique challenges to the PIP implementer. A single packet can use up to three symbol sets and three data-rates, switching rates once within the header and a second time for the beginning of the body. Additionally, a 7-bit scrambler randomizes the encoding of each packet, so the same string of text can be represented 128 different ways at the exact same rate and encoding. This lecture presents the first implementation of Packet-in-Packet injection for 802.11B, allowing malicious PHY-Layer frames to be remotely injected. The attack is standards-compliant and compatible with all vendors and drivers. As a demo, we intend to present a malicious string which can be embedded in any file with lots of slack space, such as an ISO image. When this image is downloaded over HTTP on 802.11B, beacon frames will be injected. For the demo, we will be injecting the SSID stack buffer overflow frames from Uninformed Volume 6.
-
-
21:27
»
SecDocs
Authors:
Travis Goodspeed Tags:
wireless WiFi Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: New to 2011, Packet-in-Packet exploits allow for injection of raw radio frames into remote wireless networks. In these exploits, an attacker crafts a string that when transmitted over the air creates the symbols of a complete and valid radio packet. When radio interference damages the beginning of the outer packet, the receiver is tricked into seeing only the inner packet, allowing a frame to be remotely injected. The attacker requires no radio, and injection occurs without a software or hardware bug. This lecture presents the first implementation of Packet-in-Packet injection for 802.11B, allowing malicious PHY-Layer frames to be remotely injected. The attack is standards-compliant and compatible with all vendors and drivers. Unlike the simpler implementations for 802.15.4 and 2FSK, 802.11B presents a number of unique challenges to the PIP implementer. A single packet can use up to three symbol sets and three data-rates, switching rates once within the header and a second time for the beginning of the body. Additionally, a 7-bit scrambler randomizes the encoding of each packet, so the same string of text can be represented 128 different ways at the exact same rate and encoding. This lecture presents the first implementation of Packet-in-Packet injection for 802.11B, allowing malicious PHY-Layer frames to be remotely injected. The attack is standards-compliant and compatible with all vendors and drivers. As a demo, we intend to present a malicious string which can be embedded in any file with lots of slack space, such as an ISO image. When this image is downloaded over HTTP on 802.11B, beacon frames will be injected. For the demo, we will be injecting the SSID stack buffer overflow frames from Uninformed Volume 6.
-
-
20:32
»
Packet Storm Security Exploits
This Metasploit module exploits a stack-based buffer overflow in DJ Studio Pro 5.1.6.5.2. When handling a .pls file, DJ Studio will copy the user-supplied data on the stack without any proper bounds checking done beforehand, therefore allowing code execution under the context of the user.
-
20:32
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack-based buffer overflow in DJ Studio Pro 5.1.6.5.2. When handling a .pls file, DJ Studio will copy the user-supplied data on the stack without any proper bounds checking done beforehand, therefore allowing code execution under the context of the user.
-
20:32
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack-based buffer overflow in DJ Studio Pro 5.1.6.5.2. When handling a .pls file, DJ Studio will copy the user-supplied data on the stack without any proper bounds checking done beforehand, therefore allowing code execution under the context of the user.
-
8:30
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in ASUS Net4Switch's ipswcom.dll ActiveX control. A buffer overflow condition is possible in multiple places all because of the poor use of the CxDbgPrint() function, which allows remote attackers to gain arbitrary code execution under the context of the user.
-
8:30
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in ASUS Net4Switch's ipswcom.dll ActiveX control. A buffer overflow condition is possible in multiple places all because of the poor use of the CxDbgPrint() function, which allows remote attackers to gain arbitrary code execution under the context of the user.
-
8:30
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in ASUS Net4Switch's ipswcom.dll ActiveX control. A buffer overflow condition is possible in multiple places all because of the poor use of the CxDbgPrint() function, which allows remote attackers to gain arbitrary code execution under the context of the user.
-
-
22:12
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in the CmdProcessor.exe component of Trend Micro Control Manager up to version 5.5. The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet, controlled data is copied into a 256-byte stack buffer. This can be exploited to execute remote code under the context of the user.
-
22:12
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in the CmdProcessor.exe component of Trend Micro Control Manager up to version 5.5. The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet, controlled data is copied into a 256-byte stack buffer. This can be exploited to execute remote code under the context of the user.
-
22:12
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in the CmdProcessor.exe component of Trend Micro Control Manager up to version 5.5. The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet, controlled data is copied into a 256-byte stack buffer. This can be exploited to execute remote code under the context of the user.
-
-
13:37
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the indexd.exe handles rpc calls with opcode 0x1 for program 0x0005F3D9. While processing this message a user supplied string is copied into a fixed size stack buffer. This can result in a buffer overflow which can lead to remote code execution under the context of the current process.
-
13:37
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the indexd.exe handles rpc calls with opcode 0x1 for program 0x0005F3D9. While processing this message a user supplied string is copied into a fixed size stack buffer. This can result in a buffer overflow which can lead to remote code execution under the context of the current process.
-
13:37
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the indexd.exe handles rpc calls with opcode 0x1 for program 0x0005F3D9. While processing this message a user supplied string is copied into a fixed size stack buffer. This can result in a buffer overflow which can lead to remote code execution under the context of the current process.
-
17:54
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow in Wireshark versions 1.4.4 and below. When opening a malicious .pcap file in Wireshark, a stack buffer overflow occurs, resulting in arbitrary code execution.
-
17:54
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow in Wireshark versions 1.4.4 and below. When opening a malicious .pcap file in Wireshark, a stack buffer overflow occurs, resulting in arbitrary code execution.
-
17:54
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow in Wireshark versions 1.4.4 and below. When opening a malicious .pcap file in Wireshark, a stack buffer overflow occurs, resulting in arbitrary code execution.
-
-
16:46
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow in HP Diagnostics Server magentservice.exe service. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by AbdulAziz Harir via ZDI.
-
16:46
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow in HP Diagnostics Server magentservice.exe service. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by AbdulAziz Harir via ZDI.
-
16:46
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow in HP Diagnostics Server magentservice.exe service. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by AbdulAziz Harir via ZDI.
-
-
13:18
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.50. This issue was fixed in 5.52. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP and 2003.
-
13:18
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.50. This issue was fixed in 5.52. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP and 2003.
-
13:18
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.50. This issue was fixed in 5.52. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP and 2003.
-
-
15:16
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow in versions 2.112 of UltraPlayer by creating a specially crafted .m3u file. The file allows an attacker to execute arbitrary code.
-
15:16
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow in versions 2.112 of UltraPlayer by creating a specially crafted .m3u file. The file allows an attacker to execute arbitrary code.
-
15:16
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow in versions 2.112 of UltraPlayer by creating a specially crafted .m3u file. The file allows an attacker to execute arbitrary code.
-
-
21:40
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-017 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Outside In. Authentication is not required to exploit this vulnerability. The flaw exists within the sccfut.dll component which is used by multiple vendors, most notably the Novell Groupwise E-Mail Client. When opening the OOXML formatted mail attachment for preview the process copies the target of a Relationship tag to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
-
21:40
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-017 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Outside In. Authentication is not required to exploit this vulnerability. The flaw exists within the sccfut.dll component which is used by multiple vendors, most notably the Novell Groupwise E-Mail Client. When opening the OOXML formatted mail attachment for preview the process copies the target of a Relationship tag to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
-
21:40
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-017 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Outside In. Authentication is not required to exploit this vulnerability. The flaw exists within the sccfut.dll component which is used by multiple vendors, most notably the Novell Groupwise E-Mail Client. When opening the OOXML formatted mail attachment for preview the process copies the target of a Relationship tag to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
-
9:22
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01213 without the SSRT100649 hotfix. By specifying a long 'textFile' argument when calling the 'webappmon.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code is within the "_OVBuildPath" function within "ov.dll". There are no stack cookies, so exploitation is achieved by overwriting the saved return address. The vulnerability is due to the use of the function "_OVConcatPath" which finally uses "strcat" in a insecure way. User controlled data is concatenated to a string which contains the OpenView installation path. To achieve reliable exploitation a directory traversal in OpenView5.exe (OSVDB 44359) is being used to retrieve OpenView logs and disclose the installation path.
-
9:22
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01213 without the SSRT100649 hotfix. By specifying a long 'textFile' argument when calling the 'webappmon.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code is within the "_OVBuildPath" function within "ov.dll". There are no stack cookies, so exploitation is achieved by overwriting the saved return address. The vulnerability is due to the use of the function "_OVConcatPath" which finally uses "strcat" in a insecure way. User controlled data is concatenated to a string which contains the OpenView installation path. To achieve reliable exploitation a directory traversal in OpenView5.exe (OSVDB 44359) is being used to retrieve OpenView logs and disclose the installation path.
-
9:22
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01213 without the SSRT100649 hotfix. By specifying a long 'textFile' argument when calling the 'webappmon.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code is within the "_OVBuildPath" function within "ov.dll". There are no stack cookies, so exploitation is achieved by overwriting the saved return address. The vulnerability is due to the use of the function "_OVConcatPath" which finally uses "strcat" in a insecure way. User controlled data is concatenated to a string which contains the OpenView installation path. To achieve reliable exploitation a directory traversal in OpenView5.exe (OSVDB 44359) is being used to retrieve OpenView logs and disclose the installation path.
-
-
15:48
»
Packet Storm Security Exploits
A possible stack buffer overflow in Suhosin extension's transparent cookie encryption that can only be triggered in an uncommon and weakened Suhosin configuration can lead to arbitrary remote code execution, if the FORTIFY_SOURCE compile option was not used when Suhosin was compiled. Versions 0.9.32.1 and below are affected.
-
15:48
»
Packet Storm Security Recent Files
A possible stack buffer overflow in Suhosin extension's transparent cookie encryption that can only be triggered in an uncommon and weakened Suhosin configuration can lead to arbitrary remote code execution, if the FORTIFY_SOURCE compile option was not used when Suhosin was compiled. Versions 0.9.32.1 and below are affected.
-
15:48
»
Packet Storm Security Misc. Files
A possible stack buffer overflow in Suhosin extension's transparent cookie encryption that can only be triggered in an uncommon and weakened Suhosin configuration can lead to arbitrary remote code execution, if the FORTIFY_SOURCE compile option was not used when Suhosin was compiled. Versions 0.9.32.1 and below are affected.
-
-
18:13
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow in GOM Player version 2.1.33 by creating a specially crafted .asx file which will allow an attacker to execute arbitrary code.
-
18:13
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow in GOM Player version 2.1.33 by creating a specially crafted .asx file which will allow an attacker to execute arbitrary code.
-
18:13
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow in GOM Player version 2.1.33 by creating a specially crafted .asx file which will allow an attacker to execute arbitrary code.
-
-
18:42
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-016 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Diagnostics server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the HP Diagnostics server handles incoming packets with 0x00000000 as the first 32-bit value. The magentservice.exe process listens on port 23472 by default. It will eventually take that first dword, decrease it by one and use it as a size value to copy data into a stack buffer. The resulting stack-based buffer overflow can result in remote code execution under the system user.
-
18:42
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-016 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Diagnostics server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the HP Diagnostics server handles incoming packets with 0x00000000 as the first 32-bit value. The magentservice.exe process listens on port 23472 by default. It will eventually take that first dword, decrease it by one and use it as a size value to copy data into a stack buffer. The resulting stack-based buffer overflow can result in remote code execution under the system user.
-
18:42
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-016 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Diagnostics server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the HP Diagnostics server handles incoming packets with 0x00000000 as the first 32-bit value. The magentservice.exe process listens on port 23472 by default. It will eventually take that first dword, decrease it by one and use it as a size value to copy data into a stack buffer. The resulting stack-based buffer overflow can result in remote code execution under the system user.
-
-
23:32
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-011 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP port 32779. When decoding the xdr encoded caller_name from an NLM_TEST procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
-
23:32
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-011 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP port 32779. When decoding the xdr encoded caller_name from an NLM_TEST procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
-
23:32
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-011 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP port 32779. When decoding the xdr encoded caller_name from an NLM_TEST procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
-
23:29
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-010 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020006 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
-
23:29
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-010 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020006 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
-
23:29
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-010 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020006 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
-
23:17
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-09 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020000 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
-
23:17
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-09 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020000 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
-
23:17
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-09 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020000 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
-
-
16:25
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-07 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP and TCP port 32778. When decoding the xdr encoded data from an STAT_NOTIFY procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
-
16:25
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-07 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP and TCP port 32778. When decoding the xdr encoded data from an STAT_NOTIFY procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
-
16:25
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-07 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP and TCP port 32778. When decoding the xdr encoded data from an STAT_NOTIFY procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
-
16:12
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-06 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP port 2049. When decoding the xdr encoded filename from an NFS_RENAME procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
-
16:12
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-06 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP port 2049. When decoding the xdr encoded filename from an NFS_RENAME procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
-
16:12
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-06 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP port 2049. When decoding the xdr encoded filename from an NFS_RENAME procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
-
-
20:11
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-345 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trent Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet, controlled data is copied into a 256-byte stack buffer. This can be exploited to execute remote code under the context of the user
-
20:11
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-345 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trent Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet, controlled data is copied into a 256-byte stack buffer. This can be exploited to execute remote code under the context of the user
-
20:11
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-345 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trent Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet, controlled data is copied into a 256-byte stack buffer. This can be exploited to execute remote code under the context of the user
-
-
17:38
»
Packet Storm Security Exploits
This Metasploit module exploits a stack-based buffer overflow in Ability Server 2.34. Ability Server fails to check input size when parsing STOR and APPE commands, which leads to a stack based buffer overflow. This plugin uses the STOR command. The vulnerability has been confirmed on version 2.34 and has also been reported in version 2.25 and 2.32. Other versions may also be affected.
-
17:38
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack-based buffer overflow in Ability Server 2.34. Ability Server fails to check input size when parsing STOR and APPE commands, which leads to a stack based buffer overflow. This plugin uses the STOR command. The vulnerability has been confirmed on version 2.34 and has also been reported in version 2.25 and 2.32. Other versions may also be affected.
-
17:38
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack-based buffer overflow in Ability Server 2.34. Ability Server fails to check input size when parsing STOR and APPE commands, which leads to a stack based buffer overflow. This plugin uses the STOR command. The vulnerability has been confirmed on version 2.34 and has also been reported in version 2.25 and 2.32. Other versions may also be affected.
-
9:22
»
Packet Storm Security Exploits
SopCast suffers from a stack-based buffer overflow vulnerability when parsing the user input using the SoP protocol in sopocx.ocx module allowing the attacker to gain system access and execute arbitrary code on the affected machine. Version 3.4.7.45585 is affected.
-
9:22
»
Packet Storm Security Recent Files
SopCast suffers from a stack-based buffer overflow vulnerability when parsing the user input using the SoP protocol in sopocx.ocx module allowing the attacker to gain system access and execute arbitrary code on the affected machine. Version 3.4.7.45585 is affected.
-
9:22
»
Packet Storm Security Misc. Files
SopCast suffers from a stack-based buffer overflow vulnerability when parsing the user input using the SoP protocol in sopocx.ocx module allowing the attacker to gain system access and execute arbitrary code on the affected machine. Version 3.4.7.45585 is affected.
-
-
10:34
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660.
-
10:34
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660.
-
10:34
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660.
-
10:32
»
Packet Storm Security Exploits
This Metasploit module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectable address, thus allowing arbitrary code execution. This Metasploit module works on multiple Windows platforms including: Windows XP SP3, Windows Vista, and Windows 7.
-
10:32
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectable address, thus allowing arbitrary code execution. This Metasploit module works on multiple Windows platforms including: Windows XP SP3, Windows Vista, and Windows 7.
-
10:32
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectable address, thus allowing arbitrary code execution. This Metasploit module works on multiple Windows platforms including: Windows XP SP3, Windows Vista, and Windows 7.
-
-
16:35
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow in the site chmod command in versions of Serv-U FTP Server prior to 4.2. You must have valid credentials to trigger this vulnerability. Exploitation also leaves the service in a non-functional state.
-
16:35
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow in the site chmod command in versions of Serv-U FTP Server prior to 4.2. You must have valid credentials to trigger this vulnerability. Exploitation also leaves the service in a non-functional state.
-
16:35
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow in the site chmod command in versions of Serv-U FTP Server prior to 4.2. You must have valid credentials to trigger this vulnerability. Exploitation also leaves the service in a non-functional state.
-
-
21:08
»
Packet Storm Security Exploits
The AvidPhoneticIndexer.exe network daemon that ships with Avid Media Composer version 5.5 suffers from a remote stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory and a Metasploit module.
-
21:08
»
Packet Storm Security Recent Files
The AvidPhoneticIndexer.exe network daemon that ships with Avid Media Composer version 5.5 suffers from a remote stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory and a Metasploit module.
-
21:08
»
Packet Storm Security Misc. Files
The AvidPhoneticIndexer.exe network daemon that ships with Avid Media Composer version 5.5 suffers from a remote stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory and a Metasploit module.
-
20:09
»
Packet Storm Security Exploits
StoryBoard Quick version 6 suffers from a file format stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory, a proof of concept and a Metasploit module.
-
20:09
»
Packet Storm Security Recent Files
StoryBoard Quick version 6 suffers from a file format stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory, a proof of concept and a Metasploit module.
-
20:09
»
Packet Storm Security Misc. Files
StoryBoard Quick version 6 suffers from a file format stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory, a proof of concept and a Metasploit module.
-
17:49
»
Packet Storm Security Exploits
Final Draft version 8 suffers from a file format stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory, a proof of concept and a Metasploit module.
-
17:49
»
Packet Storm Security Recent Files
Final Draft version 8 suffers from a file format stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory, a proof of concept and a Metasploit module.
-
17:49
»
Packet Storm Security Misc. Files
Final Draft version 8 suffers from a file format stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory, a proof of concept and a Metasploit module.
-
-
7:29
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-320 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy iFix HMI/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ihDataArchiver.exe process which listens by default on TCP port 14000. The code within this module trusts a value supplied over the network and uses it as a length when copying user-supplied data to a stack buffer. By providing a large enough value, this buffer can be overflowed leading to arbitrary code execution under the context of the user running the service.
-
7:29
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-320 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy iFix HMI/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ihDataArchiver.exe process which listens by default on TCP port 14000. The code within this module trusts a value supplied over the network and uses it as a length when copying user-supplied data to a stack buffer. By providing a large enough value, this buffer can be overflowed leading to arbitrary code execution under the context of the user running the service.
-
7:29
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-320 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy iFix HMI/SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ihDataArchiver.exe process which listens by default on TCP port 14000. The code within this module trusts a value supplied over the network and uses it as a length when copying user-supplied data to a stack buffer. By providing a large enough value, this buffer can be overflowed leading to arbitrary code execution under the context of the user running the service.
-
-
10:39
»
SecuriTeam
A stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
10:39
»
SecuriTeam
A stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
10:29
»
SecuriTeam
A stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
15:44
»
SecuriTeam
A stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:39
»
SecuriTeam
A stack buffer overflow vulnerability in Autonomy Corp.'s KeyView SDK could allow an attacker to execute arbitrary code with the privileges of the targeted application.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:25
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow vulnerability in NJStar Communicator Version 3.00 MiniSMTP server. The MiniSMTP application can be seen in multiple NJStar products, and will continue to run in the background even if the software is already shutdown. According to the vendor's testimonials, NJStar software is also used by well known companies such as Siemens, NEC, Google, Yahoo, eBay; government agencies such as the FBI, Department of Justice (HK); as well as a long list of universities such as Yale, Harvard, University of Tokyo, etc.
-
17:25
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow vulnerability in NJStar Communicator Version 3.00 MiniSMTP server. The MiniSMTP application can be seen in multiple NJStar products, and will continue to run in the background even if the software is already shutdown. According to the vendor's testimonials, NJStar software is also used by well known companies such as Siemens, NEC, Google, Yahoo, eBay; government agencies such as the FBI, Department of Justice (HK); as well as a long list of universities such as Yale, Harvard, University of Tokyo, etc.
-
17:25
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow vulnerability in NJStar Communicator Version 3.00 MiniSMTP server. The MiniSMTP application can be seen in multiple NJStar products, and will continue to run in the background even if the software is already shutdown. According to the vendor's testimonials, NJStar software is also used by well known companies such as Siemens, NEC, Google, Yahoo, eBay; government agencies such as the FBI, Department of Justice (HK); as well as a long list of universities such as Yale, Harvard, University of Tokyo, etc.
-
-
10:56
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-299 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe 2D.x3d PICT image parsing routines. When Adobe Reader parses an PICT image it uses a static buffer to store certain image header values. Due to insufficient checks for the end of the buffer it is possible to write outside the stack buffer. The resulting stack overflow could result in remote code execution under the context of the current user.
-
10:56
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-299 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe 2D.x3d PICT image parsing routines. When Adobe Reader parses an PICT image it uses a static buffer to store certain image header values. Due to insufficient checks for the end of the buffer it is possible to write outside the stack buffer. The resulting stack overflow could result in remote code execution under the context of the current user.
-
10:56
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-299 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe 2D.x3d PICT image parsing routines. When Adobe Reader parses an PICT image it uses a static buffer to store certain image header values. Due to insufficient checks for the end of the buffer it is possible to write outside the stack buffer. The resulting stack overflow could result in remote code execution under the context of the current user.
-
-
6:22
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow in Azeotech's DaqFactory product. The specific vulnerability is triggered when sending a specially crafted 'NETB' request to port 20034. Exploitation of this vulnerability may take a few seconds due to the use of egghunter. This vulnerability was one of the 14 releases discovered by researcher Luigi Auriemma.
-
6:22
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow in Azeotech's DaqFactory product. The specific vulnerability is triggered when sending a specially crafted 'NETB' request to port 20034. Exploitation of this vulnerability may take a few seconds due to the use of egghunter. This vulnerability was one of the 14 releases discovered by researcher Luigi Auriemma.
-
6:22
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow in Azeotech's DaqFactory product. The specific vulnerability is triggered when sending a specially crafted 'NETB' request to port 20034. Exploitation of this vulnerability may take a few seconds due to the use of egghunter. This vulnerability was one of the 14 releases discovered by researcher Luigi Auriemma.
-
-
6:01
»
Packet Storm Security Exploits
This exploit leverages three vulnerabilities to escalate privileges. The primary vulnerability is a kernel stack overflow, not a stack buffer overflow as the CVE description incorrectly states. This may be the first public exploit for a kernel stack overflow, and it turns out to be a bit tricky due to some particulars of the econet vulnerability. It involves the econet_sendmsg function, ec_dev_ioctl function, and the ipc subsystem. Linux kernel versions prior to 2.6.36.2 are affected.
-
6:01
»
Packet Storm Security Recent Files
This exploit leverages three vulnerabilities to escalate privileges. The primary vulnerability is a kernel stack overflow, not a stack buffer overflow as the CVE description incorrectly states. This may be the first public exploit for a kernel stack overflow, and it turns out to be a bit tricky due to some particulars of the econet vulnerability. It involves the econet_sendmsg function, ec_dev_ioctl function, and the ipc subsystem. Linux kernel versions prior to 2.6.36.2 are affected.
-
6:01
»
Packet Storm Security Misc. Files
This exploit leverages three vulnerabilities to escalate privileges. The primary vulnerability is a kernel stack overflow, not a stack buffer overflow as the CVE description incorrectly states. This may be the first public exploit for a kernel stack overflow, and it turns out to be a bit tricky due to some particulars of the econet vulnerability. It involves the econet_sendmsg function, ec_dev_ioctl function, and the ipc subsystem. Linux kernel versions prior to 2.6.36.2 are affected.
-
-
21:04
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-268 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles DEFINEFONT fields in Flash Files. When the process parses corrupt a ShapeRecord with the DefineFont record it reads outside a stack buffer and uses a random stack value as a heap pointer. Later this pointer will be used to write data into. The resulting corruption can lead to remote code execution under the context of the current user.
-
21:04
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-268 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles DEFINEFONT fields in Flash Files. When the process parses corrupt a ShapeRecord with the DefineFont record it reads outside a stack buffer and uses a random stack value as a heap pointer. Later this pointer will be used to write data into. The resulting corruption can lead to remote code execution under the context of the current user.
-
21:04
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-268 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles DEFINEFONT fields in Flash Files. When the process parses corrupt a ShapeRecord with the DefineFont record it reads outside a stack buffer and uses a random stack value as a heap pointer. Later this pointer will be used to write data into. The resulting corruption can lead to remote code execution under the context of the current user.
-
6:26
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-256 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime parses QuickTime Media Link (.qtl) files. The code which parses the .qtl parameter files fails to properly validate the size of the src parameter before copying it into a fixed length stack buffer. By supplying an overly long value for the src parameter, an attacker can leverage this flaw to execute malicious code within the context of the browser.
-
6:26
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-256 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime parses QuickTime Media Link (.qtl) files. The code which parses the .qtl parameter files fails to properly validate the size of the src parameter before copying it into a fixed length stack buffer. By supplying an overly long value for the src parameter, an attacker can leverage this flaw to execute malicious code within the context of the browser.
-
6:26
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-256 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime parses QuickTime Media Link (.qtl) files. The code which parses the .qtl parameter files fails to properly validate the size of the src parameter before copying it into a fixed length stack buffer. By supplying an overly long value for the src parameter, an attacker can leverage this flaw to execute malicious code within the context of the browser.
-
-
21:20
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow in ZipGenius version 6.3.2.3000. It creates a specially crafted .zip file that allows an attacker to execute arbitrary code.
-
21:20
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow in ZipGenius version 6.3.2.3000. It creates a specially crafted .zip file that allows an attacker to execute arbitrary code.
-
21:20
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow in ZipGenius version 6.3.2.3000. It creates a specially crafted .zip file that allows an attacker to execute arbitrary code.
-
-
12:59
»
SecuriTeam
Remote exploitation of a stack buffer overflow vulnerability in RealNetworks Helix DNA Server.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
12:48
»
Packet Storm Security Exploits
This Metasploit module exploits a buffer overflow vulnerability found in Freeamp 2.0.7. The overflow occurs when an overly long string is parsed in the FAT file. This Metasploit module creates a txt file that has to be used in the creation of a FAT file. The FAT file then has to be imported as a theme. To create the FAT file you need to first decompress the basic theme template, MakeTheme -d freeamp.fat. Next create the new FAT file MakeTheme crash.fat theme.xml title.txt *.bmp.
-
12:48
»
Packet Storm Security Recent Files
This Metasploit module exploits a buffer overflow vulnerability found in Freeamp 2.0.7. The overflow occurs when an overly long string is parsed in the FAT file. This Metasploit module creates a txt file that has to be used in the creation of a FAT file. The FAT file then has to be imported as a theme. To create the FAT file you need to first decompress the basic theme template, MakeTheme -d freeamp.fat. Next create the new FAT file MakeTheme crash.fat theme.xml title.txt *.bmp.
-
12:48
»
Packet Storm Security Misc. Files
This Metasploit module exploits a buffer overflow vulnerability found in Freeamp 2.0.7. The overflow occurs when an overly long string is parsed in the FAT file. This Metasploit module creates a txt file that has to be used in the creation of a FAT file. The FAT file then has to be imported as a theme. To create the FAT file you need to first decompress the basic theme template, MakeTheme -d freeamp.fat. Next create the new FAT file MakeTheme crash.fat theme.xml title.txt *.bmp.
-
7:29
»
Packet Storm Security Exploits
This Metasploit module exploits a buffer overflow vulnerability found in ABBS Electronic Flash Cards 2.1. The overflow occurs when an overly long string is passed in the fcd file. To execute this fcd file the victim has to start to start a new "random" test.
-
7:29
»
Packet Storm Security Recent Files
This Metasploit module exploits a buffer overflow vulnerability found in ABBS Electronic Flash Cards 2.1. The overflow occurs when an overly long string is passed in the fcd file. To execute this fcd file the victim has to start to start a new "random" test.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution