«
Expand/Collapse
260 items tagged "target"
Related tags:
internet explorer user [+],
iscsi [+],
enterprise [+],
zero day [+],
system compromise [+],
sql [+],
shockwave [+],
scanner [+],
perl script [+],
perl [+],
lfi [+],
hacks [+],
buffer overflow [+],
arbitrary code execution [+],
adobe [+],
day [+],
vulnerability [+],
injection [+],
tgt [+],
targets [+],
target system [+],
stack buffer [+],
service vulnerability [+],
scapy [+],
red [+],
hat [+],
format string [+],
dll module [+],
denial of service [+],
code execution [+],
buffer overflow vulnerability [+],
realplayer user [+],
zdi [+],
uninitialized data [+],
timed interactive multimedia extensions [+],
text containers [+],
telnet servers [+],
tcp [+],
target systems [+],
systems solutions [+],
string type [+],
shockwave player [+],
server [+],
segment [+],
scanners [+],
sample [+],
remote desktop [+],
reference [+],
quicktime player [+],
php [+],
ocx [+],
novell zenworks [+],
mscomct [+],
microsoft office word [+],
memory copy [+],
memory address [+],
malicious attacker [+],
isavi [+],
internal browser [+],
google [+],
font [+],
element [+],
director movie files [+],
destination buffer [+],
dangling pointer [+],
content models [+],
buffer [+],
anonymous [+],
adobe shockwave player [+],
Pentesting [+],
application [+],
novell iprint [+],
code [+],
windows [+],
webkit [+],
web [+],
video [+],
version [+],
uri [+],
uninitialized pointer [+],
traceroute [+],
spies [+],
social engineering [+],
school [+],
reverse engineering tools [+],
protocol handlers [+],
pointer [+],
parent node [+],
nathan fain [+],
malware [+],
malicious website [+],
mail [+],
jtag [+],
joel [+],
industrial design students [+],
hacker [+],
format [+],
exchange server [+],
dev [+],
database [+],
cyber [+],
china [+],
child index [+],
chaos communication congress [+],
browser [+],
based buffer overflow [+],
attacker [+],
apple safari [+],
analysis [+],
Skype [+],
user [+],
file [+],
initiative [+],
zeus users [+],
zeus [+],
yemen [+],
wireless subscribers [+],
windows xp support [+],
website [+],
web attacks [+],
vulnerable [+],
vanguard [+],
uav [+],
tyler [+],
two [+],
transparency film [+],
trade secrets [+],
tracker [+],
tool [+],
tibetan activists [+],
target id [+],
target drone [+],
target domain [+],
target canada [+],
target acquisition [+],
tar gz [+],
tar [+],
tank wars [+],
tank [+],
system [+],
summit website [+],
summit [+],
subdomains [+],
stuxnet [+],
store [+],
spyware [+],
spyeye [+],
space labs [+],
song lyrics site [+],
song [+],
something [+],
someone [+],
social networks [+],
social [+],
sniper [+],
sites [+],
site [+],
shape data [+],
set [+],
service pack 1 [+],
seoul summit [+],
seoul [+],
security mechanisms [+],
scored [+],
scammers [+],
robots [+],
robot [+],
researcher [+],
regimes [+],
quot [+],
quick [+],
python script [+],
profit [+],
processinstruction [+],
pro [+],
prison system [+],
prison [+],
pretty pictures [+],
pogue [+],
personenseiten [+],
payroll processing [+],
payroll company [+],
pack [+],
organized [+],
ordinal [+],
new [+],
network accounts [+],
motivated [+],
mobile phone service [+],
mobile devices [+],
mobile [+],
microsoft windows [+],
microsoft [+],
mexican [+],
metasploit [+],
medical devices [+],
medical [+],
mcafee [+],
manhunt [+],
major [+],
mac app [+],
livecd [+],
led [+],
laser pointer [+],
kind [+],
justin bieber [+],
joe [+],
java [+],
iranian sites [+],
ipad [+],
international [+],
instant [+],
indian government [+],
index [+],
hunting [+],
human rights [+],
home office [+],
home [+],
heap memory [+],
harmless mischief [+],
hacktivists [+],
hacking [+],
hackers pirates [+],
hack [+],
gunnery [+],
graph [+],
game [+],
functional reference [+],
fun [+],
forensics [+],
focus [+],
fbi [+],
facebook [+],
exploits [+],
exploit [+],
exchange [+],
european commission [+],
europe [+],
error [+],
egypt [+],
e mail addresses [+],
e mail [+],
don [+],
domain [+],
distances [+],
digital [+],
defacement [+],
defaced [+],
ddos attacks [+],
data thieves [+],
data [+],
darknet [+],
darkcgi [+],
dalai lama visit [+],
dalai lama [+],
cybercrooks [+],
criminals [+],
copter [+],
colored balloons [+],
cms [+],
cisco [+],
christopher pogue [+],
cgifuzz [+],
cellphones [+],
cartel [+],
carberp [+],
captchas [+],
canada tibet committee [+],
canada [+],
cameras [+],
business users [+],
busine [+],
breach [+],
boston [+],
bmi [+],
blackberry [+],
banks [+],
ball [+],
auto focus [+],
auto [+],
attacks [+],
army [+],
arduino [+],
apple webkit [+],
antisec [+],
anonymous hackers [+],
animation [+],
and [+],
ambitious fundraising campaign [+],
airoscript [+],
airodump [+],
adrian [+],
addresses [+],
activists [+],
accuracy [+],
Wireless [+],
Visulization [+],
Newbie [+],
Latest [+],
Fixes [+],
ExploitsVulnerabilities [+],
Bugs [+],
BackTrack [+],
Area [+],
arbitrary code [+],
hackers [+],
shockwave user [+],
adobe acrobat reader [+],
acrobat reader user [+],
zero [+],
realplayer [+],
week,
way,
tar bz2,
table,
smb service,
showmodaldialog javascript,
rule,
modprobe,
massive media,
make,
macs,
hxxp,
handshake,
fantastic forum,
extravaganza,
domain policy,
caleb,
awus,
authentication protocol,
Support,
General
-
-
10:01
»
Hack a Day
[Joe] sent us an email to show off his latest build. Tank Wars is the beginning of a video game/robot hybrid. You control the tank via an iPad, telling it where to go and how to fire. You have real life targets, in this case another robot. When you hit your target, the interface is [...]
-
-
21:55
»
SecDocs
Authors:
Nathan Fain Tags:
embedded hardware hacking Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Bring your target. Will release a slew of simple tools that explore attack surfaces and explain of how to use: jtag/serial scanners, parallel flash dumper, DePCB board routing analysis. So, crossover from software RE and start hacking/improving like its 1996 again. (full documentation and reference at: http://events.ccc.de/congress/2010/wiki/Embedded_Analysis) "All non-trivial abstractions, to some degree, are leaky." -- Joel on Software This applies just as well to hardware. In the soft center of embedded security are the human abstraction layers between embedded developers, pcb designers and asic designers which expose attack surfaces that are often rudimentary and unmovable. Using a theoretical embedded target we walk through each surface overcoming obfuscation to gain control. Will release a slew of embedded analysis tools, some lolarduino based, some not. These tools are based on frameworks that support Industrial Design students with electronics prototyping. Meaning, with little technical background you can adapt these tools to your needs. The audience is invited to bring their target where contributors will be clustered in the hack center and be available to suggest means of protection or application of analysis techniques in your project.
-
-
21:33
»
SecDocs
Authors:
Nathan Fain Tags:
embedded hardware hacking Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Bring your target. Will release a slew of simple tools that explore attack surfaces and explain of how to use: jtag/serial scanners, parallel flash dumper, DePCB board routing analysis. So, crossover from software RE and start hacking/improving like its 1996 again. (full documentation and reference at: http://events.ccc.de/congress/2010/wiki/Embedded_Analysis) "All non-trivial abstractions, to some degree, are leaky." -- Joel on Software This applies just as well to hardware. In the soft center of embedded security are the human abstraction layers between embedded developers, pcb designers and asic designers which expose attack surfaces that are often rudimentary and unmovable. Using a theoretical embedded target we walk through each surface overcoming obfuscation to gain control. Will release a slew of embedded analysis tools, some lolarduino based, some not. These tools are based on frameworks that support Industrial Design students with electronics prototyping. Meaning, with little technical background you can adapt these tools to your needs. The audience is invited to bring their target where contributors will be clustered in the hack center and be available to suggest means of protection or application of analysis techniques in your project.
-
-
13:31
»
Hack a Day
We get a ton of tips about Kickstarter projects. Here is a great example of what we need to see in order to feature one of them. This LED Blinky Ball developed by Null Space Labs is the target of a rather ambitious fundraising campaign. But in addition to the fundraising write-up they’ve shared extensive [...]
-
-
14:28
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to InsertMarker() which in turn can allow an attacker to corrupt memory in a controlled fashion. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.
-
14:28
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to InsertMarker() which in turn can allow an attacker to corrupt memory in a controlled fashion. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.
-
14:28
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to InsertMarker() which in turn can allow an attacker to corrupt memory in a controlled fashion. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.
-
-
17:56
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-012 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within myCIOScn.dll. MyCioScan.Scan.ShowReport() will accept commands that are passed to a function that simply executes them without authentication. This can be leveraged by a malicious attacker to execute arbitrary code within the context of the browser.
-
17:56
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-012 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within myCIOScn.dll. MyCioScan.Scan.ShowReport() will accept commands that are passed to a function that simply executes them without authentication. This can be leveraged by a malicious attacker to execute arbitrary code within the context of the browser.
-
17:56
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-012 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within myCIOScn.dll. MyCioScan.Scan.ShowReport() will accept commands that are passed to a function that simply executes them without authentication. This can be leveraged by a malicious attacker to execute arbitrary code within the context of the browser.
-
-
18:32
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-347 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word 2007/2010. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application handles a border containing a specific property. When parsing this property, the application will incorrectly free it. If the application attempts to render the object, a use-after-free condition can be made to occur. This can lead to code execution under the context of the application.
-
18:32
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-347 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word 2007/2010. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application handles a border containing a specific property. When parsing this property, the application will incorrectly free it. If the application attempts to render the object, a use-after-free condition can be made to occur. This can lead to code execution under the context of the application.
-
18:32
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-347 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word 2007/2010. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application handles a border containing a specific property. When parsing this property, the application will incorrectly free it. If the application attempts to render the object, a use-after-free condition can be made to occur. This can lead to code execution under the context of the application.
-
-
20:10
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-344 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way that the application allocates space for parsing sample data encoded with the RV20 codec. After allocation, the application will partially fill the allocation with sample data. Upon usage of this sample data, the application will use the uninitialized data to calculate an index that is then written into. This can lead to code execution under the context of the application.
-
20:10
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-344 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way that the application allocates space for parsing sample data encoded with the RV20 codec. After allocation, the application will partially fill the allocation with sample data. Upon usage of this sample data, the application will use the uninitialized data to calculate an index that is then written into. This can lead to code execution under the context of the application.
-
20:10
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-344 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way that the application allocates space for parsing sample data encoded with the RV20 codec. After allocation, the application will partially fill the allocation with sample data. Upon usage of this sample data, the application will use the uninitialized data to calculate an index that is then written into. This can lead to code execution under the context of the application.
-
20:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-343 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mp4arender.dll module. If the channel count is altered inside the esds atom, the allocated buffer will be too small to support the decoded audio data, causing a heap overflow. This vulnerability can be leveraged to execute code under the context of the user running the application.
-
20:00
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-343 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mp4arender.dll module. If the channel count is altered inside the esds atom, the allocated buffer will be too small to support the decoded audio data, causing a heap overflow. This vulnerability can be leveraged to execute code under the context of the user running the application.
-
20:00
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-343 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mp4arender.dll module. If the channel count is altered inside the esds atom, the allocated buffer will be too small to support the decoded audio data, causing a heap overflow. This vulnerability can be leveraged to execute code under the context of the user running the application.
-
-
16:20
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-338 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header defined within a .ivr file. When parsing this header the application will explicitly trust a 16-bit value denoting an size and use it for performing an allocation. The code then uses a different value in the file to populate the buffer. Due to the difference in values used for allocation and the copy, this can be used to overwrite data outside the bounds of the buffer which can lead to code execution under the context of the application.
-
16:20
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-338 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header defined within a .ivr file. When parsing this header the application will explicitly trust a 16-bit value denoting an size and use it for performing an allocation. The code then uses a different value in the file to populate the buffer. Due to the difference in values used for allocation and the copy, this can be used to overwrite data outside the bounds of the buffer which can lead to code execution under the context of the application.
-
16:20
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-338 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header defined within a .ivr file. When parsing this header the application will explicitly trust a 16-bit value denoting an size and use it for performing an allocation. The code then uses a different value in the file to populate the buffer. Due to the difference in values used for allocation and the copy, this can be used to overwrite data outside the bounds of the buffer which can lead to code execution under the context of the application.
-
-
19:51
»
Packet Storm Security Recent Files
A small collection of scanners using SCAPY that scan for Remote Desktop, VNC, SSH and Telnet servers on networks. It can be used to build target lists or discover rogue services running on your networks. Written in Python.
-
19:51
»
Packet Storm Security Tools
A small collection of scanners using SCAPY that scan for Remote Desktop, VNC, SSH and Telnet servers on networks. It can be used to build target lists or discover rogue services running on your networks. Written in Python.
-
19:51
»
Packet Storm Security Misc. Files
A small collection of scanners using SCAPY that scan for Remote Desktop, VNC, SSH and Telnet servers on networks. It can be used to build target lists or discover rogue services running on your networks. Written in Python.
-
-
17:31
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-317 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the inclusion and usage of an antique ActiveX control (mscomct2.ocx: Tue Mar 14 18:39:28 2000). Though mscomct2.ocx has been killbitted, it is accessed by ZENWorks via an intermediate control (ISList.ISAvi) which is scriptable. Multiple vulnerabilities in mscomct2.ocx can be exploited to execute arbitrary code on the host system in the context of the browser.
-
17:31
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-317 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the inclusion and usage of an antique ActiveX control (mscomct2.ocx: Tue Mar 14 18:39:28 2000). Though mscomct2.ocx has been killbitted, it is accessed by ZENWorks via an intermediate control (ISList.ISAvi) which is scriptable. Multiple vulnerabilities in mscomct2.ocx can be exploited to execute arbitrary code on the host system in the context of the browser.
-
17:31
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-317 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the inclusion and usage of an antique ActiveX control (mscomct2.ocx: Tue Mar 14 18:39:28 2000). Though mscomct2.ocx has been killbitted, it is accessed by ZENWorks via an intermediate control (ISList.ISAvi) which is scriptable. Multiple vulnerabilities in mscomct2.ocx can be exploited to execute arbitrary code on the host system in the context of the browser.
-
-
16:32
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-309 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib.dll component. When handling the exposed method GetDriverSettings the application assembles a string for logging consisting of the hostname/port provided as a parameter. When building this message the process will blindly copy user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
16:32
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-309 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib.dll component. When handling the exposed method GetDriverSettings the application assembles a string for logging consisting of the hostname/port provided as a parameter. When building this message the process will blindly copy user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
16:32
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-309 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib.dll component. When handling the exposed method GetDriverSettings the application assembles a string for logging consisting of the hostname/port provided as a parameter. When building this message the process will blindly copy user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
-
0:09
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-270 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG text containers. The code within nsSVGGlyphFrame::GetCharNumAtPosition() does not account for user defined getter methods modifying or destroying the parent object. An attacker can abuse this flaw to create a dangling pointer which is referenced during the traversal of the SVG container hierarchy. This can be leveraged to execute arbitrary code within the context of the browser.
-
0:09
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-270 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG text containers. The code within nsSVGGlyphFrame::GetCharNumAtPosition() does not account for user defined getter methods modifying or destroying the parent object. An attacker can abuse this flaw to create a dangling pointer which is referenced during the traversal of the SVG container hierarchy. This can be leveraged to execute arbitrary code within the context of the browser.
-
0:09
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-270 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG text containers. The code within nsSVGGlyphFrame::GetCharNumAtPosition() does not account for user defined getter methods modifying or destroying the parent object. An attacker can abuse this flaw to create a dangling pointer which is referenced during the traversal of the SVG container hierarchy. This can be leveraged to execute arbitrary code within the context of the browser.
-
-
21:01
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-267 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles ID3v2 Tags. RealPlayer creates a fixed size buffer for certain tags and will then populate them with the data from the file. It uses a call to WideCharToMultiByte to convert the data, but fails to take into account that converting a single wide char might result in more then two multi-byte chars. This causes more data to be written into the fixed buffer then anticipated resulting in a heap buffer overflow.
-
21:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-267 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles ID3v2 Tags. RealPlayer creates a fixed size buffer for certain tags and will then populate them with the data from the file. It uses a call to WideCharToMultiByte to convert the data, but fails to take into account that converting a single wide char might result in more then two multi-byte chars. This causes more data to be written into the fixed buffer then anticipated resulting in a heap buffer overflow.
-
21:01
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-267 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles ID3v2 Tags. RealPlayer creates a fixed size buffer for certain tags and will then populate them with the data from the file. It uses a call to WideCharToMultiByte to convert the data, but fails to take into account that converting a single wide char might result in more then two multi-byte chars. This causes more data to be written into the fixed buffer then anticipated resulting in a heap buffer overflow.
-
20:54
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-265 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within qcpfformat.dll, which is responsible for parsing QCP media files. The process creates a static 256 byte allocation on the heap and trusts a user-supplied counter from the file within a memory copy loop. As the source data is also user-supplied from the file, this can be abused by a remote attacker to execute arbitrary code running in the context of the web browser.
-
20:54
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-265 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within qcpfformat.dll, which is responsible for parsing QCP media files. The process creates a static 256 byte allocation on the heap and trusts a user-supplied counter from the file within a memory copy loop. As the source data is also user-supplied from the file, this can be abused by a remote attacker to execute arbitrary code running in the context of the web browser.
-
20:54
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-265 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within qcpfformat.dll, which is responsible for parsing QCP media files. The process creates a static 256 byte allocation on the heap and trusts a user-supplied counter from the file within a memory copy loop. As the source data is also user-supplied from the file, this can be abused by a remote attacker to execute arbitrary code running in the context of the web browser.
-
-
8:06
»
Hack a Day
QR codes are everywhere these days, from being printed onto receipts to chiseled into granite tombstones. [Will] came up with a way to modify existing QR codes, and his hack has the potential to cause quite a bit of harmless mischief. [Will]‘s hack involves a little photo editing, transparency film, and some white-out/Liquid Paper/Tippex. After the ‘target’ [...]
-
7:55
»
Packet Storm Security Tools
This is a simple perl script called Viper LFI Scanner that enumerates local file inclusion attempts when given a specific target.
-
-
12:50
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-223 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG path segment objects. The function nsSVGPathSegList::ReplaceItem() does not account for deletion of the segment object list within a user defined DOMAttrModified EventListener. Code within nsSVGPathSegList::ReplaceItem() references the segment list without verifying that it was not deleted in the aforementioned callback. This can be abused to create a dangling reference which can be leveraged to execute arbitrary code within the context of the browser.
-
12:50
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-223 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG path segment objects. The function nsSVGPathSegList::ReplaceItem() does not account for deletion of the segment object list within a user defined DOMAttrModified EventListener. Code within nsSVGPathSegList::ReplaceItem() references the segment list without verifying that it was not deleted in the aforementioned callback. This can be abused to create a dangling reference which can be leveraged to execute arbitrary code within the context of the browser.
-
12:50
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-223 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG path segment objects. The function nsSVGPathSegList::ReplaceItem() does not account for deletion of the segment object list within a user defined DOMAttrModified EventListener. Code within nsSVGPathSegList::ReplaceItem() references the segment list without verifying that it was not deleted in the aforementioned callback. This can be abused to create a dangling reference which can be leveraged to execute arbitrary code within the context of the browser.
-
3:36
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-220 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the RIFF-based Director (.dir) files. When handling an undocumented substructure, the code within dirapi.dll can be forced to incorrectly calculate a destination pointer if it encounters certain 1-byte opcodes within the .dir file. The assumptions made by the code can allow for malicious values to influence a size parameter that is used to calculate a memory address. This address is then written to with controlled data. This can be abused by an attacker to corrupt memory and subsequently execute arbitrary code under the context of the user running the browser.
-
3:36
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-220 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the RIFF-based Director (.dir) files. When handling an undocumented substructure, the code within dirapi.dll can be forced to incorrectly calculate a destination pointer if it encounters certain 1-byte opcodes within the .dir file. The assumptions made by the code can allow for malicious values to influence a size parameter that is used to calculate a memory address. This address is then written to with controlled data. This can be abused by an attacker to corrupt memory and subsequently execute arbitrary code under the context of the user running the browser.
-
3:36
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-220 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the RIFF-based Director (.dir) files. When handling an undocumented substructure, the code within dirapi.dll can be forced to incorrectly calculate a destination pointer if it encounters certain 1-byte opcodes within the .dir file. The assumptions made by the code can allow for malicious values to influence a size parameter that is used to calculate a memory address. This address is then written to with controlled data. This can be abused by an attacker to corrupt memory and subsequently execute arbitrary code under the context of the user running the browser.
-
3:26
»
Packet Storm Security Tools
This is a simple perl script called Viper LFI Scanner that enumerates local file inclusion attempts when given a specific target.
-
-
16:10
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-219 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application explicitly trusting a string's length embedded within a particular file loaded by the 3difr.x3d component. The application will duplicate an arbitrarily sized string into a statically sized buffer located on the stack. This can lead to code execution under the context of the application.
-
16:10
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-219 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application explicitly trusting a string's length embedded within a particular file loaded by the 3difr.x3d component. The application will duplicate an arbitrarily sized string into a statically sized buffer located on the stack. This can lead to code execution under the context of the application.
-
16:10
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-219 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application explicitly trusting a string's length embedded within a particular file loaded by the 3difr.x3d component. The application will duplicate an arbitrarily sized string into a statically sized buffer located on the stack. This can lead to code execution under the context of the application.
-
16:10
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-218 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application explicitly trusting a string's length embedded within a particular file that is loaded by the tesselate.x3d plugin. The application will duplicate an arbitrarily sized string from the file into a statically sized buffer located on the stack. This can lead to code execution under the context of the application.
-
16:10
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-218 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application explicitly trusting a string's length embedded within a particular file that is loaded by the tesselate.x3d plugin. The application will duplicate an arbitrarily sized string from the file into a statically sized buffer located on the stack. This can lead to code execution under the context of the application.
-
16:10
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-218 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application explicitly trusting a string's length embedded within a particular file that is loaded by the tesselate.x3d plugin. The application will duplicate an arbitrarily sized string from the file into a statically sized buffer located on the stack. This can lead to code execution under the context of the application.
-
16:06
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-212 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Shockwave handles KEY* elements in a Director file. The Shockwave player will allocate memory with a size taken from the Shockwave file but will always copy a few bytes into that allocation. KEY* sizes smaller then 4 will therefore cause an overwrite of the allocation. By cleverly crafting the input file, an attacker can leverage this to execute remote code under the context of the current user.
-
16:06
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-212 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Shockwave handles KEY* elements in a Director file. The Shockwave player will allocate memory with a size taken from the Shockwave file but will always copy a few bytes into that allocation. KEY* sizes smaller then 4 will therefore cause an overwrite of the allocation. By cleverly crafting the input file, an attacker can leverage this to execute remote code under the context of the current user.
-
16:06
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-212 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Shockwave handles KEY* elements in a Director file. The Shockwave player will allocate memory with a size taken from the Shockwave file but will always copy a few bytes into that allocation. KEY* sizes smaller then 4 will therefore cause an overwrite of the allocation. By cleverly crafting the input file, an attacker can leverage this to execute remote code under the context of the current user.
-
14:08
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-193 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application handles multiple javascript modifications to the document. In certain instances the application will free an object due to a modification and then later access it again when attempting to destroy it. This re-use can lead to code execution under the context of the application.
-
14:08
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-193 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application handles multiple javascript modifications to the document. In certain instances the application will free an object due to a modification and then later access it again when attempting to destroy it. This re-use can lead to code execution under the context of the application.
-
14:08
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-193 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application handles multiple javascript modifications to the document. In certain instances the application will free an object due to a modification and then later access it again when attempting to destroy it. This re-use can lead to code execution under the context of the application.
-
-
20:12
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-181 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
20:12
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-181 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
20:12
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-181 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
20:12
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-180 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
20:12
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-180 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
20:12
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-180 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
19:43
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-178 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the client-file-name parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
19:43
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-178 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the client-file-name parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
19:43
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-178 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the client-file-name parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
18:46
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-177 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the core-package parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
18:46
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-177 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the core-package parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
18:46
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-177 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the core-package parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
18:45
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-176 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the driver-version parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
18:45
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-176 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the driver-version parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
18:45
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-176 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the driver-version parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
17:44
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-174 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the profile-name parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
17:44
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-174 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the profile-name parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
17:44
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-174 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the profile-name parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
17:43
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-172 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the uri parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
17:43
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-172 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the uri parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
17:43
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-172 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the uri parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
-
15:01
»
Hack a Day
We don’t know if our feature from a couple of days gave [Adrian] a kick in the pants, or if he was just on target to finish is writeup this week, but he’s posted about version 2 of his laser auto focus assist project. The original idea was to use an unfocused laser pointer dot to [...]
-
-
11:41
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-159 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Firefox's handling of observer OBJECTs. If an observer OBJECT is removed from the mObserverList during an iteration of LOOP_OVER_OBSERVERS macro, one can heap spray over |mObserverList.mNext| and change the execution flow. This would allow the attacker to execute arbitrary code under the context of the user running the browser.
-
11:41
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-159 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Firefox's handling of observer OBJECTs. If an observer OBJECT is removed from the mObserverList during an iteration of LOOP_OVER_OBSERVERS macro, one can heap spray over |mObserverList.mNext| and change the execution flow. This would allow the attacker to execute arbitrary code under the context of the user running the browser.
-
11:41
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-159 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Firefox's handling of observer OBJECTs. If an observer OBJECT is removed from the mObserverList during an iteration of LOOP_OVER_OBSERVERS macro, one can heap spray over |mObserverList.mNext| and change the execution flow. This would allow the attacker to execute arbitrary code under the context of the user running the browser.
-
-
14:03
»
Packet Storm Security Exploits
A vulnerability was discovered by Aung Khant that allows for exploitable SQL Injection attacks against a Joomla 1.6.0 install. This exploit attempts to leverage the SQL Injection to extract admin credentials, and use those credentials to execute arbitrary PHP code against the target. The vulnerability is due to a validation issue in /components/com_content/models/category.php that erroneously uses the "string" type whenever filtering the user supplied input. This issue was fixed by performing a whitelist check of the user supplied order data against the allowed order types, and also escaping the input.
-
14:03
»
Packet Storm Security Recent Files
A vulnerability was discovered by Aung Khant that allows for exploitable SQL Injection attacks against a Joomla 1.6.0 install. This exploit attempts to leverage the SQL Injection to extract admin credentials, and use those credentials to execute arbitrary PHP code against the target. The vulnerability is due to a validation issue in /components/com_content/models/category.php that erroneously uses the "string" type whenever filtering the user supplied input. This issue was fixed by performing a whitelist check of the user supplied order data against the allowed order types, and also escaping the input.
-
14:03
»
Packet Storm Security Misc. Files
A vulnerability was discovered by Aung Khant that allows for exploitable SQL Injection attacks against a Joomla 1.6.0 install. This exploit attempts to leverage the SQL Injection to extract admin credentials, and use those credentials to execute arbitrary PHP code against the target. The vulnerability is due to a validation issue in /components/com_content/models/category.php that erroneously uses the "string" type whenever filtering the user supplied input. This issue was fixed by performing a whitelist check of the user supplied order data against the allowed order types, and also escaping the input.
-
-
15:39
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-122 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer exposes a method called OpenURLInDefaultBrowser() that can be accessed through RealPlayer's internal browser. When this method is called, it will open and execute the first parameter based on the operating system's default handler for the filetype. An attacker can reach RealPlayer's internal browser by utilizing a specially crafted .rnx file. This can be leveraged to execute arbitrary code under the context of the user invoking RealPlayer.
-
15:39
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-122 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer exposes a method called OpenURLInDefaultBrowser() that can be accessed through RealPlayer's internal browser. When this method is called, it will open and execute the first parameter based on the operating system's default handler for the filetype. An attacker can reach RealPlayer's internal browser by utilizing a specially crafted .rnx file. This can be leveraged to execute arbitrary code under the context of the user invoking RealPlayer.
-
15:39
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-122 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer exposes a method called OpenURLInDefaultBrowser() that can be accessed through RealPlayer's internal browser. When this method is called, it will open and execute the first parameter based on the operating system's default handler for the filetype. An attacker can reach RealPlayer's internal browser by utilizing a specially crafted .rnx file. This can be leveraged to execute arbitrary code under the context of the user invoking RealPlayer.
-
-
9:30
»
Hack a Day
People spend years of their lives practicing on the courts to get the kind of accuracy that this robot achieves. It is able to shoot freethrows thanks to stereoscopic camera analysis of the target. We know what you’re thinking; big deal, it knows the distances which makes the calculations easy. That’s not the case, look [...]
-
-
23:10
»
Packet Storm Security Advisories
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Font Xtra.x32 asset module responsible for parsing font structures within Director movie files (.dir). When parsing data within the PFR1 chunk, the process implicitly sign-extends a 16-bit size value and seeks pointers accordingly. It then operates upon the data it has reached which can be abused by an attacker to corrupt memory and subsequently execute arbitrary code under the context of the user running the browser.
-
23:10
»
Packet Storm Security Recent Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Font Xtra.x32 asset module responsible for parsing font structures within Director movie files (.dir). When parsing data within the PFR1 chunk, the process implicitly sign-extends a 16-bit size value and seeks pointers accordingly. It then operates upon the data it has reached which can be abused by an attacker to corrupt memory and subsequently execute arbitrary code under the context of the user running the browser.
-
23:10
»
Packet Storm Security Misc. Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Font Xtra.x32 asset module responsible for parsing font structures within Director movie files (.dir). When parsing data within the PFR1 chunk, the process implicitly sign-extends a 16-bit size value and seeks pointers accordingly. It then operates upon the data it has reached which can be abused by an attacker to corrupt memory and subsequently execute arbitrary code under the context of the user running the browser.
-
9:44
»
Packet Storm Security Advisories
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing a DEMX RIFF chunk within Director files. The logic within the TextXtra.x32 module fails to account for a specific condition and can be made to misallocate a buffer on the heap. By crafting specific values within DEMX substructures an attacker can corrupt memory leading to arbitrary code execution under the context of the user running the browser.
-
9:44
»
Packet Storm Security Recent Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing a DEMX RIFF chunk within Director files. The logic within the TextXtra.x32 module fails to account for a specific condition and can be made to misallocate a buffer on the heap. By crafting specific values within DEMX substructures an attacker can corrupt memory leading to arbitrary code execution under the context of the user running the browser.
-
9:44
»
Packet Storm Security Misc. Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing a DEMX RIFF chunk within Director files. The logic within the TextXtra.x32 module fails to account for a specific condition and can be made to misallocate a buffer on the heap. By crafting specific values within DEMX substructures an attacker can corrupt memory leading to arbitrary code execution under the context of the user running the browser.
-
-
15:50
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-076 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the temporary file naming scheme used for storage of references to Real Media files. This easily predictable temporary filename can be brute forced and used in combination with the OpenURLinPlayerBrowser function available in classid:FDC7A535-4070-4B92-A0EA-D9994BCC0DC5 to execute the file. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
15:50
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-077 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When parsing a particular texture file specified by the format, the application will explicitly trust fields within the file in a multiply used to allocate space for the image data. Due to the application not accommodating for the result being larger than the architecture is able to store, the application will under allocate a buffer. When writing image data to this buffer the application will write outside the boundary of the allocation. This can lead to code execution under the context of the application.
-
15:50
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-077 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When parsing a particular texture file specified by the format, the application will explicitly trust fields within the file in a multiply used to allocate space for the image data. Due to the application not accommodating for the result being larger than the architecture is able to store, the application will under allocate a buffer. When writing image data to this buffer the application will write outside the boundary of the allocation. This can lead to code execution under the context of the application.
-
15:50
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-076 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the temporary file naming scheme used for storage of references to Real Media files. This easily predictable temporary filename can be brute forced and used in combination with the OpenURLinPlayerBrowser function available in classid:FDC7A535-4070-4B92-A0EA-D9994BCC0DC5 to execute the file. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
15:50
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-077 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When parsing a particular texture file specified by the format, the application will explicitly trust fields within the file in a multiply used to allocate space for the image data. Due to the application not accommodating for the result being larger than the architecture is able to store, the application will under allocate a buffer. When writing image data to this buffer the application will write outside the boundary of the allocation. This can lead to code execution under the context of the application.
-
15:50
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-076 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the temporary file naming scheme used for storage of references to Real Media files. This easily predictable temporary filename can be brute forced and used in combination with the OpenURLinPlayerBrowser function available in classid:FDC7A535-4070-4B92-A0EA-D9994BCC0DC5 to execute the file. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
14:46
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-075 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rt3d.dll component explicitly trusting a length embedded within a particular file in order to calculate the length of a buffer. The application will then duplicate an arbitrarily sized string into a statically sized buffer located on the stack. This can lead to code execution under the context of the application.
-
14:46
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-075 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rt3d.dll component explicitly trusting a length embedded within a particular file in order to calculate the length of a buffer. The application will then duplicate an arbitrarily sized string into a statically sized buffer located on the stack. This can lead to code execution under the context of the application.
-
14:46
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-075 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rt3d.dll component explicitly trusting a length embedded within a particular file in order to calculate the length of a buffer. The application will then duplicate an arbitrarily sized string into a statically sized buffer located on the stack. This can lead to code execution under the context of the application.
-
-
3:55
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-043 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Excel 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support for the office drawing file format. When parsing shape data within a particular container, the application will add a reference to an object to a linked list. If an error occurs during parsing, the application will free each element yet fail to remove the reference. Afterward, the application will use this reference. This can lead to code execution under the context of the application.
-
-
12:00
»
Hack a Day
Don’t just build a UAV, use it to blow things up. In this case a tri-copter seeks out colored balloons and pops them using low-grade fireworks. We’ve seen this type of flying armament before, but not in a ‘copter form factor. It looks like the targeting and firing is done by an operator, and is [...]
-
-
13:41
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-014 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Java OpenJDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the IcedTea.so component. When handling the an applet the process fails to properly restrict permission of code. It is possible to create and instantiate subclasses of ClassLoader. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
13:41
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-014 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Java OpenJDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the IcedTea.so component. When handling the an applet the process fails to properly restrict permission of code. It is possible to create and instantiate subclasses of ClassLoader. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
13:41
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-014 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Java OpenJDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the IcedTea.so component. When handling the an applet the process fails to properly restrict permission of code. It is possible to create and instantiate subclasses of ClassLoader. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
-
16:49
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-289 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must be convinced of visiting a malicious page or opening a malicious file. The specific flaw exists within usage of a particular element that's part of the Timed Interactive Multimedia Extensions component of the browser. By removing an element referenced by a tag used for implementing an animation, the application can be made to access an element that has been previously freed. Successful exploitation can lead to code execution under the context of the application.
-
16:49
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-289 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must be convinced of visiting a malicious page or opening a malicious file. The specific flaw exists within usage of a particular element that's part of the Timed Interactive Multimedia Extensions component of the browser. By removing an element referenced by a tag used for implementing an animation, the application can be made to access an element that has been previously freed. Successful exploitation can lead to code execution under the context of the application.
-
16:49
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 10-289 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must be convinced of visiting a malicious page or opening a malicious file. The specific flaw exists within usage of a particular element that's part of the Timed Interactive Multimedia Extensions component of the browser. By removing an element referenced by a tag used for implementing an animation, the application can be made to access an element that has been previously freed. Successful exploitation can lead to code execution under the context of the application.
-
16:49
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-288 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support for the select tag. Upon adding a particular element to the select tag, the application will free the contents of the select element and then use it. Successful exploitation can lead to code execution under the context of the application.
-
16:49
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-288 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support for the select tag. Upon adding a particular element to the select tag, the application will free the contents of the select element and then use it. Successful exploitation can lead to code execution under the context of the application.
-
16:49
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 10-288 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support for the select tag. Upon adding a particular element to the select tag, the application will free the contents of the select element and then use it. Successful exploitation can lead to code execution under the context of the application.
-
-
7:21
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-282 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer's parsing of RealPix files. If such a file contains an image tag pointing to a remote server, the player will attempt to fetch the remote file. When parsing the response from the web server, the process blindly copies the contents of the Server header into a fixed length heap buffer. If an attacker provides a large enough string, critical pointers can be overwritten allowing for arbitrary code execution under the context of the user running the player.
-
7:21
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-282 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer's parsing of RealPix files. If such a file contains an image tag pointing to a remote server, the player will attempt to fetch the remote file. When parsing the response from the web server, the process blindly copies the contents of the Server header into a fixed length heap buffer. If an attacker provides a large enough string, critical pointers can be overwritten allowing for arbitrary code execution under the context of the user running the player.
-
7:21
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 10-282 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer's parsing of RealPix files. If such a file contains an image tag pointing to a remote server, the player will attempt to fetch the remote file. When parsing the response from the web server, the process blindly copies the contents of the Server header into a fixed length heap buffer. If an attacker provides a large enough string, critical pointers can be overwritten allowing for arbitrary code execution under the context of the user running the player.
-
7:21
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-281 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the applications support for parsing the RMX file format. When parsing the format, the application will explicitly trust 32-bits in a field used in the header for the allocation of an array. This can cause a buffer to be under-allocated and will cause a buffer overflow when initializing the array. This can lead to code execution under the context of the application.
-
7:21
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-281 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the applications support for parsing the RMX file format. When parsing the format, the application will explicitly trust 32-bits in a field used in the header for the allocation of an array. This can cause a buffer to be under-allocated and will cause a buffer overflow when initializing the array. This can lead to code execution under the context of the application.
-
7:21
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 10-281 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the applications support for parsing the RMX file format. When parsing the format, the application will explicitly trust 32-bits in a field used in the header for the allocation of an array. This can cause a buffer to be under-allocated and will cause a buffer overflow when initializing the array. This can lead to code execution under the context of the application.
-
7:20
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-279 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses cook-specific data used for initialization. The application will use a length in a copy without verifying it being larger than the destination buffer. Successful exploitation can lead to code execution under the context of the application.
-
7:20
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-279 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses cook-specific data used for initialization. The application will use a length in a copy without verifying it being larger than the destination buffer. Successful exploitation can lead to code execution under the context of the application.
-
7:20
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 10-279 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses cook-specific data used for initialization. The application will use a length in a copy without verifying it being larger than the destination buffer. Successful exploitation can lead to code execution under the context of the application.
-
7:18
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-272 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious media file. The specific flaw exists in the parsing of audio codec information encapsulated in a Real Audio media file. While processing cook audio codec data the number of subbands is improperly calculated. By specifying a large number of subbands an allocated heap chunk can be overflown. Successful exploitation can result in system compromise under the credentials of the currently logged in user.
-
7:18
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-272 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious media file. The specific flaw exists in the parsing of audio codec information encapsulated in a Real Audio media file. While processing cook audio codec data the number of subbands is improperly calculated. By specifying a large number of subbands an allocated heap chunk can be overflown. Successful exploitation can result in system compromise under the credentials of the currently logged in user.
-
7:18
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 10-272 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious media file. The specific flaw exists in the parsing of audio codec information encapsulated in a Real Audio media file. While processing cook audio codec data the number of subbands is improperly calculated. By specifying a large number of subbands an allocated heap chunk can be overflown. Successful exploitation can result in system compromise under the credentials of the currently logged in user.
-
7:18
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-271 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious media file. The specific flaw exists in the parsing of GIF87a files over the streaming protocol RTSP. When specifying a large Screen Width size in the Screen Descriptor header a calculation on the destination heap chunks size is improperly checked for overflow. This leads to a smaller buffer being allocated and subsequently a heap overflow when processing the received data. Exploitation of this vulnerability can lead to system compromise under the credentials of the currently logged in user.
-
7:18
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-271 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious media file. The specific flaw exists in the parsing of GIF87a files over the streaming protocol RTSP. When specifying a large Screen Width size in the Screen Descriptor header a calculation on the destination heap chunks size is improperly checked for overflow. This leads to a smaller buffer being allocated and subsequently a heap overflow when processing the received data. Exploitation of this vulnerability can lead to system compromise under the credentials of the currently logged in user.
-
7:18
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 10-271 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious media file. The specific flaw exists in the parsing of GIF87a files over the streaming protocol RTSP. When specifying a large Screen Width size in the Screen Descriptor header a calculation on the destination heap chunks size is improperly checked for overflow. This leads to a smaller buffer being allocated and subsequently a heap overflow when processing the received data. Exploitation of this vulnerability can lead to system compromise under the credentials of the currently logged in user.
-
7:16
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-268 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMedia file containing a malformed Media Properties Header (MDPR). The application explicitly trusts an index in this data structure which is used to seek into an array of objects. If an attacker can allocate controlled data at some point after this array, an attacker can then get their fabricated object to get called leading to code execution under the context of the current user.
-
7:16
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-268 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMedia file containing a malformed Media Properties Header (MDPR). The application explicitly trusts an index in this data structure which is used to seek into an array of objects. If an attacker can allocate controlled data at some point after this array, an attacker can then get their fabricated object to get called leading to code execution under the context of the current user.
-
7:16
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 10-268 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMedia file containing a malformed Media Properties Header (MDPR). The application explicitly trusts an index in this data structure which is used to seek into an array of objects. If an attacker can allocate controlled data at some point after this array, an attacker can then get their fabricated object to get called leading to code execution under the context of the current user.
-
7:16
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-266 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMedia file containing a malformed multi-rate audio stream. The application explicitly trusts two 16-bit values in this data structure which are then used to calculate the size used for an allocation. When data is written to this allocated buffer, an overflow will occur which can lead to code execution under the context of the current user.
-
-
19:18
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-264 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support of the NodeIterator API used for element traversal. Due to a particular element not implementing functionality required by the API, a use-after free vulnerability can be forced to occur. This can be used to achieve code execution under the context of the application.
-
19:18
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-264 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support of the NodeIterator API used for element traversal. Due to a particular element not implementing functionality required by the API, a use-after free vulnerability can be forced to occur. This can be used to achieve code execution under the context of the application.
-
19:18
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 10-264 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support of the NodeIterator API used for element traversal. Due to a particular element not implementing functionality required by the API, a use-after free vulnerability can be forced to occur. This can be used to achieve code execution under the context of the application.
-
-
17:22
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-256 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the ienipp.ocx component. When handling the exposed method a GetDriverSettings call is made into nipplib!IppGetDriverSettings2 where the process will blindly copy user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
17:22
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-256 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the ienipp.ocx component. When handling the exposed method a GetDriverSettings call is made into nipplib!IppGetDriverSettings2 where the process will blindly copy user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
17:22
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 10-256 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the ienipp.ocx component. When handling the exposed method a GetDriverSettings call is made into nipplib!IppGetDriverSettings2 where the process will blindly copy user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
-
-
15:40
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-251 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support for huffman tables within a flashpix file. By specifying an index larger than a particular value, a pointer will cease to get initialized. Later the application will use this pointer to as the destination in a copy operation. Successful exploitation will lead to code execution under the context of the application.
-
15:40
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-251 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support for huffman tables within a flashpix file. By specifying an index larger than a particular value, a pointer will cease to get initialized. Later the application will use this pointer to as the destination in a copy operation. Successful exploitation will lead to code execution under the context of the application.
-
15:40
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 10-251 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support for huffman tables within a flashpix file. By specifying an index larger than a particular value, a pointer will cease to get initialized. Later the application will use this pointer to as the destination in a copy operation. Successful exploitation will lead to code execution under the context of the application.
-
-
20:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-212 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must open a malicious website or media file. The specific flaw exists within the code responsible for parsing Name Value Property (NVP) elements from within logical streams in a RealPlayer media file. Specifically, a function within the rjrmrpln.dll file allocates a buffer on the heap which can be directly influenced from data within the file. This buffer is then written to using another value defined in the file and thus also controlled. By crafting a malicious media file an attacker can abuse this to execute arbitrary code under the context of the user running the player.
-
20:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-213 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the RealPlayer ActiveX control. This module is responsible for handling the tfile, pnmm, cdda, protocol handlers. While parsing a long argument ending with .smil an attacker can overflow a buffer on the heap. This can be abused to execute arbitrary code under the context of the user invoking the control.
-
20:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-209 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMedia .IVR file containing malformed sample data. The application utilizes a index in this data stream for seeking into a list of objects. Due to the lack of constraints on this index, one can seek to an arbitrary object located in memory which will lead to code execution under the context of the currently logged in user.
-
20:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-212 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must open a malicious website or media file. The specific flaw exists within the code responsible for parsing Name Value Property (NVP) elements from within logical streams in a RealPlayer media file. Specifically, a function within the rjrmrpln.dll file allocates a buffer on the heap which can be directly influenced from data within the file. This buffer is then written to using another value defined in the file and thus also controlled. By crafting a malicious media file an attacker can abuse this to execute arbitrary code under the context of the user running the player.
-
20:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-213 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the RealPlayer ActiveX control. This module is responsible for handling the tfile, pnmm, cdda, protocol handlers. While parsing a long argument ending with .smil an attacker can overflow a buffer on the heap. This can be abused to execute arbitrary code under the context of the user invoking the control.
-
-
15:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-193 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application explicitly trusting a string's length embedded within a particular file format. The application will duplicate an arbitrarily sized string into a statically sized buffer located on the stack. This can lead to code execution under the context of the application.
-
15:01
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-193 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application explicitly trusting a string's length embedded within a particular file format. The application will duplicate an arbitrarily sized string into a statically sized buffer located on the stack. This can lead to code execution under the context of the application.
-
-
19:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-172 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for XUL <tree> objects. If a specific property of a tree object is set and the parent node attempts to remove the child, the process can be made to access invalid memory. This can be abused by an attacker to execute remote code under the context of the user running the browser.
-
19:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-173 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fix implemented for CVE-2010-2753 in the nsTreeSelection interface. In a certain condition, the application still can be made to free a reference and then made to use said freed reference. This can lead to code execution under the context of the application.
-
19:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-176 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the normalizeDocument function defined within nsDocument.cpp. When handling children nodes the code does not account for a varying number of children during normalization. An attacker can abuse this problem along with the fact that the code does not validate the child index is within bounds to access an invalid object and execute arbitrary code under the context of the browser.
-
19:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-172 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for XUL <tree> objects. If a specific property of a tree object is set and the parent node attempts to remove the child, the process can be made to access invalid memory. This can be abused by an attacker to execute remote code under the context of the user running the browser.
-
19:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-173 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fix implemented for CVE-2010-2753 in the nsTreeSelection interface. In a certain condition, the application still can be made to free a reference and then made to use said freed reference. This can lead to code execution under the context of the application.
-
19:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-176 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the normalizeDocument function defined within nsDocument.cpp. When handling children nodes the code does not account for a varying number of children during normalization. An attacker can abuse this problem along with the fact that the code does not validate the child index is within bounds to access an invalid object and execute arbitrary code under the context of the browser.
-
-
20:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-166 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMedia .IVR file containing a malformed data header. The application explicitly trusts an index in this data structure to seek into a list of objects. If one specifies an index outside the bounds of the array, the application will later dereference an object from the calculated pointer and then call it, leading to code execution under the context of the current user.
-
20:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-166 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMedia .IVR file containing a malformed data header. The application explicitly trusts an index in this data structure to seek into a list of objects. If one specifies an index outside the bounds of the array, the application will later dereference an object from the calculated pointer and then call it, leading to code execution under the context of the current user.
-
-
21:30
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-161 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing Director files. When the application parses the pami RIFF chunk, it trusts an offset value and seeks into the file data. If provided with signed values in the data at the given offset, the process can be made to incorrectly calculate a pointer and operate on the data at it's location. This can be abused by an attacker to execute arbitrary code under the context of the user running the browser.
-
21:29
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-161 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing Director files. When the application parses the pami RIFF chunk, it trusts an offset value and seeks into the file data. If provided with signed values in the data at the given offset, the process can be made to incorrectly calculate a pointer and operate on the data at it's location. This can be abused by an attacker to execute arbitrary code under the context of the user running the browser.
-
-
18:47
»
Packet Storm Security Recent Files
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the ienipp.ocx ActiveX control with CLSID 36723f97-7aa0-11d4-8919-FF2D71D0D32C. The function exposes a GetDriverFile method. When this method is invoked for the first time a pointer in the .data section is mapped to an external function within another module. When invoked the second time, the process fails to load the library and assumes the pointer is still valid. When the uninitialized pointer is called the process jumps to an address space easily controlled by an attacker. This can be leveraged to execute remote code under the context of the user running the browser.
-
18:47
»
Packet Storm Security Advisories
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the ienipp.ocx ActiveX control with CLSID 36723f97-7aa0-11d4-8919-FF2D71D0D32C. The function exposes a GetDriverFile method. When this method is invoked for the first time a pointer in the .data section is mapped to an external function within another module. When invoked the second time, the process fails to load the library and assumes the pointer is still valid. When the uninitialized pointer is called the process jumps to an address space easily controlled by an attacker. This can be leveraged to execute remote code under the context of the user running the browser.
-
-
7:18
»
Sophos security news
Users warned they may be signing up to expensive mobile phone service, not getting concert tickets.
-
-
13:00
»
Packet Storm Security Advisories
This vulnerability allows remote attackers to delete all files on a system with a vulnerable installation of the Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the nipplib.dll module that can be reached via the ienipp.ocx ActiveX control with CLSID 36723f97-7aa0-11d4-8919-FF2D71D0D32C. The CleanUploadFiles method appears to be used to remove temporary files within a contained directory. However, due to a logic flaw a remote attacker can abuse the function to force the process to recursively delete all files on the target system.
-
13:00
»
Packet Storm Security Advisories
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the ienipp.ocx ActiveX control. The control accepts a 'debug' parameter that is expected to be either yes or true . If a string of a specific length is provided instead, a processing loop within the ExecuteRequest method can be made to corrupt a stack-based buffer. This can be leveraged by a remote attacker to execute arbitrary code under the context of the user running the web browser.
-
12:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-140 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint Client Browser Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within handling plugin parameters. Specifically, a long value for the operation parameter can trigger a stack-based buffer overflow. Successful exploitation leads to execution of arbitrary code under the context of the user running the browser process.
-
12:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-141 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Webkit's layout implementation of an particular tag used for embedding a foreign document into the SVG namespace. Later when the application attempts to calculate layout information for rendering the contents of the tag, the application will attempt to access a linebox that was previously destroyed. Successful exploitation can lead to code execution under the context of the application.
-
12:01
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-140 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint Client Browser Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within handling plugin parameters. Specifically, a long value for the operation parameter can trigger a stack-based buffer overflow. Successful exploitation leads to execution of arbitrary code under the context of the user running the browser process.
-
12:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-141 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Webkit's layout implementation of an particular tag used for embedding a foreign document into the SVG namespace. Later when the application attempts to calculate layout information for rendering the contents of the tag, the application will attempt to access a linebox that was previously destroyed. Successful exploitation can lead to code execution under the context of the application.
-
-
6:03
»
Carnal0wnage
much much more available in the documentation
http://www.secdev.org/projects/scapy/doc/usage.htmlbut here is how to make a cool traceroute graph from you to another host.
from:
http://www.secdev.org/projects/scapy/doc/usage.html#tcp-traceroute-2
Welcome to Scapy (v1.1.1 / -)
>>> res, unans = traceroute("www.google.com",dport=80,maxttl=20)
Begin emission:
*****************Finished to send 20 packets.
*
Received 18 packets, got 18 answers, remaining 2 packets
209.85.225.103:tcp80
1 209.20.72.2 11
2 209.20.79.6 11
3 4.53.160.189 11
4 4.69.132.186 11
5 4.69.132.190 11
6 4.68.101.34 11
7 4.79.208.18 11
8 209.85.254.130 11
9 72.14.232.141 11
10 209.85.241.35 11
11 66.249.95.138 11
14 209.85.225.103 SA
15 209.85.225.103 SA
16 209.85.225.103 SA
17 209.85.225.103 SA
18 209.85.225.103 SA
19 209.85.225.103 SA
20 209.85.225.103 SA
>>> res.graph(target="> /tmp/graph.svg")
>>>
opening up /tmp/graph.svg will give you:
-
-
3:52
»
remote-exploit & backtrack
Hello,
So I recently have been messing around with Backtrack 4 Final (I've used previous versions before) on the LiveCD and I was fiddling with Airoscript. I ran into a problem where it seems something is wrong with the temporary files. I would run scan after putting my alfa into monitor on mon0, then I would click on the airodump-ng window and ctrl-c it. When I went back to the regular airoscript prompt and clicked on 2 (select target) , it said "ERROR: you have to scan for targets first." Something must be wrong with the temporary file listing the parsed networks? I am not sure how to fix this, so help would be appreciated. Thanks in advance!
-
-
21:03
»
SecDocs
Authors:
Tyler Shields Tags:
BlackBerry phone Event:
Source Conference Boston 2010 Abstract: Spyware has become a primary tool used in the capture of personal and private data. Surreptitiously installed on the computing system of a target victim, spyware can capture, log, monitor, and exfiltrate any data that the spyware owner desires. Your phone holds all of the same personal information as your computer, only in a smaller form factor. While a number of "vendors" sell Blackberry spyware, until now only a limited number of public code examples exist. Real time capture of SMS messages, Emails, and phone call logs are a fraction of the features to be presented. Full source code to the spyware will be released. Definition of the potential risk and threat involved in mobile related spyware is a requirement to implementation of security mechanisms. Finally, functional reference code has been presented and released that can be used in a positive manner. Until then only shady web sites selling compiled versions of the code for $100 - $400 annually existed. This is a future looking presentation that will help others learn about the security of their personal data in the time of mobile devices.
-
-
20:34
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-089 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing Director files. When the application parses the pami RIFF chunk, it trusts an offset value and seeks into the file data. If provided with signed values in the data at the given offset, the process can be made to incorrectly calculate a pointer and operate on the data at it's location. This can be abused by an attacker to execute arbitrary code under the context of the user running the browser.
-
20:34
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-087 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required in that a target visit a malicious website. The specific flaw exists within the code responsible for parsing Director files. The vulnerable function is exported as an ordinal from the iml32.dll module. Ordinal 1409 trusts a value from the file as an offset and updates pointers accordingly. By crafting a large enough value and seeking the file pointer past the end of a buffer this can be abused to corrupt heap memory. An attacker can abuse this to execute arbitrary code under the context of the user running the browser.
-
20:34
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-089 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing Director files. When the application parses the pami RIFF chunk, it trusts an offset value and seeks into the file data. If provided with signed values in the data at the given offset, the process can be made to incorrectly calculate a pointer and operate on the data at it's location. This can be abused by an attacker to execute arbitrary code under the context of the user running the browser.
-
-
12:40
»
remote-exploit & backtrack
[*] Automatically detecting the target...[*] Fingerprint: Windows 2003 Service Pack 1 - lang:Unknown[*] Could not determine the exact language pack[*] Exploit completed, but no session was created.
Exploit target:
Id Name
-- ----
0 Automatic Targeting
How can i manually select the version of it + language?
my 2nd question is how do i run the GUI of metasploit in windows?
Thanks.
-
-
16:00
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-028 - This vulnerability allows remote attackers to remove arbitrary XML files on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in Skype's handling of the 'skype-plugin:' protocol. An attacker can specify a malicious URI, that upon clicking, will trigger the deletion of an arbitrary attacker specified XML file.
-
16:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-028 - This vulnerability allows remote attackers to remove arbitrary XML files on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in Skype's handling of the 'skype-plugin:' protocol. An attacker can specify a malicious URI, that upon clicking, will trigger the deletion of an arbitrary attacker specified XML file.
-
-
6:21
»
remote-exploit & backtrack
HI all;
i need help. i am searching a tool that could list all subdomains for a target domain :confused: ex : .edu.* , i would like to collect all subdomains of this target for example i tried goorecon but it result only 60 subdomains for my target :rolleyes: at the other hand when searching manually through google i found 200 subdomains
-
-
21:26
»
remote-exploit & backtrack
Hi, I am doing some Pentesting at school with full permission of the target and the school. I am trying to either exploit it or use social engineering. I would prefer to try and exploit it because that would be more immediate. I looked in the exploit database but did not find an exploit. If either you can point me to an exploit in the database or some other form of exploit I would appreciate it. MITM is an option but I would prefer not to do that as I do not want to try it on a production network even though I am allowed to.
-
21:26
»
remote-exploit & backtrack
Hi, I am doing some Pentesting at school with full permission of the target and the school. I am trying to either exploit it or use social engineering. I would prefer to try and exploit it because that would be more immediate. I looked in the exploit database but did not find an exploit. If either you can point me to an exploit in the database or some other form of exploit I would appreciate it. MITM is an option but I would prefer not to do that as I do not want to try it on a production network even though I am allowed to.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Wirevolution
