«
Expand/Collapse
1063 items tagged "arbitrary code execution"
Related tags:
taiwan [+],
stack buffer [+],
internet [+],
explorer [+],
debian [+],
china taiwan [+],
cbutton [+],
attackers [+],
viewer [+],
red [+],
apple security [+],
web [+],
image [+],
web browser security [+],
vlc [+],
ubuntu [+],
player [+],
overflow [+],
office [+],
notice [+],
memory corruption [+],
malicious website [+],
data protector [+],
buffer overflow [+],
application crash [+],
apple quicktime [+],
vulnerability [+],
texml [+],
office excel [+],
ld library [+],
jpegsnoop [+],
jboss [+],
firefox [+],
apache http server [+],
zenworks [+],
x lion [+],
x control [+],
wordpress [+],
uplay [+],
server [+],
remote [+],
readav [+],
pdf [+],
openstack [+],
novell zenworks asset management [+],
novell [+],
multiple [+],
module [+],
manager [+],
launchhelp [+],
image viewer [+],
http [+],
gnu [+],
freevimager [+],
file [+],
faststone [+],
excel code [+],
excel [+],
esri [+],
dimin [+],
buffer [+],
attacker [+],
asset manager [+],
asset [+],
apple mac os [+],
apache [+],
adminstudio [+],
active x control [+],
access violation [+],
xoda [+],
wordperfect files [+],
windows [+],
web interface [+],
vulnerabilities [+],
vlc player [+],
victim machine [+],
ubisoft [+],
timo warns [+],
tiff [+],
thunderbird [+],
tcp ports [+],
target machine [+],
sunwbindr [+],
strcpy [+],
sql injection [+],
sql [+],
sourceforge mirror [+],
simple web server [+],
simple [+],
sflog [+],
server sync [+],
server authentication [+],
semiconductor [+],
security advisory [+],
secure [+],
safari [+],
realplayer [+],
reader [+],
race [+],
process [+],
pickle module [+],
php scripting language [+],
php file [+],
perl 5 [+],
perl [+],
passbook [+],
pac designer [+],
orchestration [+],
openshift [+],
open source web [+],
office productivity suite [+],
novell zenworks [+],
nmm [+],
mysql [+],
mozilla thunderbird [+],
mozilla [+],
mof [+],
mobility [+],
mmplayer [+],
microsoft windows [+],
memory allocation [+],
memory [+],
map [+],
management storage [+],
management interface [+],
management [+],
lotus word [+],
location object [+],
library [+],
lattice semiconductor [+],
lattice [+],
jpeg [+],
ios [+],
initiative [+],
information disclosure [+],
information [+],
heap corruption [+],
heap allocation [+],
health packet [+],
hdtv [+],
hat [+],
hardcorereview [+],
gif format images [+],
filename [+],
file upload [+],
exploit [+],
employee surveillance [+],
employee [+],
emc [+],
egallery [+],
dll loading [+],
design flaws [+],
cyclope [+],
corruption [+],
console [+],
connection header [+],
condition [+],
cms [+],
client vpn [+],
client [+],
cisco anyconnect [+],
business process automation [+],
blazevideo [+],
arcmap [+],
application [+],
applet [+],
apple os x [+],
apple os [+],
andy davis [+],
activex [+],
code [+],
security [+],
vlc media player [+],
visual basic for applications [+],
visual [+],
untrusted [+],
tcp port [+],
retired [+],
real networks [+],
real [+],
read access [+],
networks [+],
net [+],
mozilla firefox [+],
microsoft visual basic [+],
microsoft net framework [+],
media [+],
local [+],
linux gnu [+],
java sandbox [+],
java [+],
icedtea web [+],
gnu debugger [+],
gnu automake [+],
framework [+],
foxit reader [+],
foxit [+],
drupal [+],
debugger [+],
cyberlink [+],
content [+],
automake [+],
based buffer overflow [+],
zero [+],
day [+],
zero day [+],
xaurora [+],
web companion [+],
virusscan enterprise [+],
virusscan [+],
umplayer [+],
u stack [+],
trojan horse [+],
techsmith snagit [+],
techsmith [+],
swift [+],
streamauthor [+],
snagit [+],
sleipnir [+],
sink [+],
search path [+],
search [+],
script execution [+],
register [+],
reflection [+],
ppl [+],
powerproducer [+],
poc [+],
patch [+],
open [+],
office component [+],
ngs [+],
mobile [+],
microsoft office [+],
mcafee [+],
manual [+],
lotus [+],
insecure [+],
iceape [+],
ibm [+],
hub [+],
hcview [+],
hardcoreview [+],
fill [+],
file search [+],
expeditor [+],
event [+],
effective [+],
ec software [+],
denial of service [+],
denial [+],
cyberlink streamauthor [+],
cyberlink powerproducer [+],
cve [+],
cross site scripting [+],
component [+],
companion [+],
com [+],
buffer overflow vulnerability [+],
attachmate [+],
apple mac os x [+],
apple [+],
android [+],
adobe acrobat [+],
adobe [+],
acrobat [+],
Software [+],
red hat security [+],
microsoft [+],
mandriva linux [+],
mandriva [+],
advisory [+],
linux [+],
arbitrary [+],
writeav [+],
dll [+],
upload [+],
php [+],
malicious user [+],
exploits [+],
execution [+],
zsl,
ziv welch,
zdi,
xradio,
xpdf,
xls file,
xendesktop,
xenapp,
xcf,
x server,
x player,
x imageio,
x image,
x code,
www data,
wordperfect documents,
wireshark,
wintab,
windows server,
windows movie maker,
windows address book,
winamp versions,
winamp 5,
winamp,
willem pinckaers,
webid,
webhmi,
webcalendar,
web gateway,
web application security,
way,
wav,
vmx,
vmware,
vmrc,
visio,
video,
version,
vector,
value pairs,
value,
usn,
user,
usb,
usa,
url,
uploadservlet,
unsuspecting users,
unserializer,
unicode,
uni,
uma,
ultravnc,
uis,
ufo alien invasion,
ufo,
u seh,
txt,
tv player,
trust issue,
trigger,
trendnet,
trace tool,
tor,
tomas hoger,
tivoli storage manager,
time developers,
tiff image,
tiff heap,
termination,
temp directory,
target user,
target,
tar,
t termis,
system privileges,
system,
svg,
sun jvm,
sun,
subtitle,
subscription customers,
subject alternate names,
studio,
string,
stream recorder,
stefan esser,
static program analysis,
stage,
stack overflow,
stack frame,
ssh server,
ssh,
sqlite,
spywall,
springsource,
spring framework,
spring,
spoofing,
splobjectstorage,
sparc versions,
space,
source,
sound libraries,
somplplayer,
solaris,
software suite,
soap request,
sklenar,
site,
sisoftware sandra,
sisoftware,
siemens,
shockwave user,
shockwave,
shellcode,
shell escape,
shadow,
session,
service,
server rpc,
server crash,
securview,
security technologies,
security bulletin,
securing web applications,
secunia,
searchbar,
seamonkey,
scriptftp,
script injection,
script file,
script,
scalable vector graphics,
scalable,
save,
sandra,
samba server,
samba packages,
samba,
safer use,
safari search,
s system,
rpc service,
rpc protocol,
rpc,
rop,
root certificate,
rich text,
request,
replication manager,
rename,
remote buffer overflow vulnerability,
realplayer user,
reading,
raw,
rabidhamster,
quserex,
quicktime,
quickplayer,
query execution,
query,
punk,
public key cryptography,
pthreads win,
pthreads,
psd,
protection,
proper bounds,
proof of concept,
progressive mesh,
proficy,
processor,
print,
pre,
powerdvd,
potential security vulnerability,
postscript printer description,
port 587,
pointers,
pointer,
png graphics,
plus,
player versions,
pipe character,
pictureviewer,
picasa,
php vulnerability,
php session,
php interpreter,
php code,
photoshop,
pgp,
petr sklenar,
performance,
pdf xchange,
paul harrington,
path,
party software components,
pages,
page,
package fixes,
package,
overwrite,
overflow vulnerability,
osx,
option,
opml,
opera,
openview,
openoffice,
opening,
openafs,
open music,
opcode,
omnivista,
ole,
null pointers,
null pointer dereference,
nsv file,
novell netware rpc,
node,
nnmrptconfig,
nnm,
new samba,
new,
networker server,
networker,
network node manager,
network,
netware,
nessus,
native instruments,
native,
music manager,
music,
multiplication operation,
multiple products,
multiple buffer overflow,
mppl,
movie,
morphological analysis,
modem string,
mjm,
mit,
minh,
midi parser,
microsoft word documents,
microsoft word document,
microsoft windows movie maker,
microsoft windows media,
microsoft visio 2003,
microsoft products,
microsoft office xp,
microsoft office document,
microsoft office 2007,
microsoft internet connection,
microsoft applications,
microp,
mic,
method,
metalink,
memory registers,
memory region,
memory layout,
memory copy,
memory allocator,
mdvsa,
mathias svensson,
mathias payer,
math libraries,
marshaled,
manager fastback,
malicious files,
mailto,
mailbox account,
mail transfer agent,
mail,
mac os x server,
mac os,
mac,
m3u playlist,
m3u file,
m3u,
lzw compression algorithm,
lzw,
lucent,
lua script,
lotus domino,
logging function,
log,
local security,
loading,
livecycle,
linux security,
linux platforms,
lingo,
lindo systems,
lindo,
libwpd,
libresolv,
library path,
libmikmod library,
libmikmod,
libavcodec,
lhasa,
length,
lempel ziv,
ldd,
krb,
kernel stack,
kernel code,
kernel,
kerberos 5,
jcow,
java runtime environment,
java code execution,
issue,
ispvm,
ircd hybrid,
irc proxy,
invasion,
invalid pointer,
intrusion prevention system,
internet explorer user,
internet explorer,
internet connection wizard,
interface code,
interface,
integer overflow vulnerability,
integer,
instruments,
insight,
insecure settings,
input validation,
informix dynamic server,
informix database server,
indesign,
import,
imap services,
imageio,
illustrator,
idefense security advisory,
idefense,
iconics,
hybrid ircd,
html engine,
html,
hpsbma,
hp openview network node manager,
hp openview,
host kernel,
host configuration protocol,
hips,
helium,
heap memory,
heap,
handling,
gzip,
gtk,
greenbrowser,
graphics,
google picasa,
google,
gnu cpio,
glsa,
gentoo linux security,
gentoo,
functions,
function pointers,
function,
ftp,
freetype,
freepbx,
freebsd,
free,
frameset,
fpx,
foxypress,
format string attacks,
format,
font,
flash player 10,
flash,
filter,
filename property,
file php,
file format converter,
fg vd,
ffmpeg,
feeddemon,
factorylink,
exploitation,
execution stack,
executable,
exec script,
exec function,
exe,
erp,
eroom,
emc documentum,
dynamic host configuration protocol,
dwmapi,
dvi,
dvd x player,
dsa,
dropbear,
downloader,
domino icalendar,
domino,
dominic chell,
dom nodes,
dom,
dolibarr,
documentum,
documentsummaryinformation,
dll v2,
dll module,
divx,
directory traversal,
digital,
dhcp,
device server,
destination buffer,
desktop,
dell latitude,
default mail,
debian linux,
david keeler,
database backup,
database archiving,
database,
data access component,
data,
dangling pointer,
dan rosenberg,
dan kaminsky,
d2d,
d. a,
d memory,
csservice,
css clip,
css,
cross,
crm,
creator,
cpio,
corruption issues,
core,
copy operations,
copy,
conversion issue,
content management framework,
content ,
connection,
configuration interface,
configuration,
computer associates arcserve,
computer,
common services,
common,
command line interfaces,
command,
color,
cmsd,
cmf,
class,
citrix xml service,
ciscoworks,
cisco security,
cisco,
cid,
child nodes,
child,
chell,
chaos communication congress,
cgi bugs,
cfnetwork,
center tags,
ccmplayer,
ca arcserve,
c. an,
c stack,
bytecode,
bypass,
burning,
bundle,
bulletin,
bugtraq,
buffer overflow vulnerabilities,
buffer overflow condition,
buffer memory,
bs player,
browser,
book,
bob clary,
blogging software,
binary,
besextension,
based intrusion prevention,
barnowl,
backup feature,
babylon,
aviosoft,
attributechildremoved,
atl,
ashampoo,
ascii strings,
array index,
array,
arcserve replication,
arcserve,
archiving,
archive mirror,
arcade,
apprain,
application firewall,
application crashes,
apple tv,
apple safari,
apple quicktime player,
aol,
amv,
alpha,
alien,
alice,
alert management,
alcatel lucent,
adobe shockwave player,
adobe photoshop,
adobe livecycle,
adobe indesign,
adobe illustrator,
adobe flashplayer,
adobe flash player,
adobe director,
address,
activex control,
activex buffer overflow,
active x,
active accessibility,
actfax,
accessibility,
Programming,
95b,
010 editor
Skip to page:
1
2
3
...
5
-
-
12:26
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
-
12:26
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
-
12:26
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
-
-
19:17
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
-
19:17
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
-
19:17
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
-
19:17
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
-
19:17
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
-
19:17
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
-
-
19:40
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in WordPress plugin Asset-Manager versions 2.0 and below. By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.
-
19:40
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in WordPress plugin Asset-Manager versions 2.0 and below. By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.
-
19:40
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in WordPress plugin Asset-Manager versions 2.0 and below. By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.
-
19:40
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in WordPress plugin Asset-Manager versions 2.0 and below. By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.
-
-
7:44
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-202 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable products utilizing the Oracle Outside In technology. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of WordPerfect files. When parsing font records the code within vswp5.dll does not validate the datasize value prior to performing arithmetic on it. The result is used to make a heap allocation that can be undersized which can be leveraged to corrupt memory leading to arbitrary code execution under the context of the user running the application.
-
7:44
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-202 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable products utilizing the Oracle Outside In technology. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of WordPerfect files. When parsing font records the code within vswp5.dll does not validate the datasize value prior to performing arithmetic on it. The result is used to make a heap allocation that can be undersized which can be leveraged to corrupt memory leading to arbitrary code execution under the context of the user running the application.
-
7:44
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-202 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable products utilizing the Oracle Outside In technology. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of WordPerfect files. When parsing font records the code within vswp5.dll does not validate the datasize value prior to performing arithmetic on it. The result is used to make a heap allocation that can be undersized which can be leveraged to corrupt memory leading to arbitrary code execution under the context of the user running the application.
-
-
16:00
»
SecuriTeam
UMPlayer is prone to a vulnerability that lets attackers execute arbitrary code.
-
16:00
»
SecuriTeam
VLC Media Player is prone to an arbitrary code-execution vulnerability.
-
-
21:00
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2585-1 - A heap-based buffer overflow was discovered in bogofilter, a software package for classifying mail messages as spam or non-spam. Crafted mail messages with invalid base64 data could lead to heap corruption and, potentially, arbitrary code execution.
-
21:00
»
Packet Storm Security Recent Files
Debian Linux Security Advisory 2585-1 - A heap-based buffer overflow was discovered in bogofilter, a software package for classifying mail messages as spam or non-spam. Crafted mail messages with invalid base64 data could lead to heap corruption and, potentially, arbitrary code execution.
-
21:00
»
Packet Storm Security Misc. Files
Debian Linux Security Advisory 2585-1 - A heap-based buffer overflow was discovered in bogofilter, a software package for classifying mail messages as spam or non-spam. Crafted mail messages with invalid base64 data could lead to heap corruption and, potentially, arbitrary code execution.
-
-
18:36
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1555-01 - The OpenShift Management Console provides a web interface for managing OpenShift Enterprise. It was found that the OpenShift Management Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the OpenShift Management Console, into visiting an attacker controlled web page, the attacker could make changes to applications hosted within OpenShift Enterprise with the privileges of the victim which may lead to arbitrary code execution in the OpenShift Enterprise hosted applications.
-
18:36
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1555-01 - The OpenShift Management Console provides a web interface for managing OpenShift Enterprise. It was found that the OpenShift Management Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the OpenShift Management Console, into visiting an attacker controlled web page, the attacker could make changes to applications hosted within OpenShift Enterprise with the privileges of the victim which may lead to arbitrary code execution in the OpenShift Enterprise hosted applications.
-
18:36
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1555-01 - The OpenShift Management Console provides a web interface for managing OpenShift Enterprise. It was found that the OpenShift Management Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the OpenShift Management Console, into visiting an attacker controlled web page, the attacker could make changes to applications hosted within OpenShift Enterprise with the privileges of the victim which may lead to arbitrary code execution in the OpenShift Enterprise hosted applications.
-
-
16:00
»
SecuriTeam
Mozilla Firefox is prone to a vulnerability that lets attackers execute arbitrary code.
-
-
21:20
»
Packet Storm Security Exploits
This Metasploit modules takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers (due to the use of a .mof file). This may result in arbitrary code execution under the context of SYSTEM. However, please note in order to use this module, you must have a valid MySQL account on the target machine.
-
21:20
»
Packet Storm Security Recent Files
This Metasploit modules takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers (due to the use of a .mof file). This may result in arbitrary code execution under the context of SYSTEM. However, please note in order to use this module, you must have a valid MySQL account on the target machine.
-
21:20
»
Packet Storm Security Misc. Files
This Metasploit modules takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers (due to the use of a .mof file). This may result in arbitrary code execution under the context of SYSTEM. However, please note in order to use this module, you must have a valid MySQL account on the target machine.
-
-
16:00
»
SecuriTeam
Real Networks RealPlayer is prone to an arbitrary code-execution vulnerability.
-
-
9:29
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in BlazeVideo HDTV Player's filename handling routine. When supplying a string of input data embedded in a .plf file, the MediaPlayerCtrl.dll component will try to extract a filename by using PathFindFileNameA(), and then copies whatever the return value is on the stack by using an inline strcpy. As a result, if this input data is long enough, it can cause a stack-based buffer overflow, which may lead to arbitrary code execution under the context of the user.
-
9:29
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in BlazeVideo HDTV Player's filename handling routine. When supplying a string of input data embedded in a .plf file, the MediaPlayerCtrl.dll component will try to extract a filename by using PathFindFileNameA(), and then copies whatever the return value is on the stack by using an inline strcpy. As a result, if this input data is long enough, it can cause a stack-based buffer overflow, which may lead to arbitrary code execution under the context of the user.
-
9:29
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in BlazeVideo HDTV Player's filename handling routine. When supplying a string of input data embedded in a .plf file, the MediaPlayerCtrl.dll component will try to extract a filename by using PathFindFileNameA(), and then copies whatever the return value is on the stack by using an inline strcpy. As a result, if this input data is long enough, it can cause a stack-based buffer overflow, which may lead to arbitrary code execution under the context of the user.
-
-
16:00
»
SecuriTeam
Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a buffer-overflow vulnerability that may allow arbitrary code execution.
-
-
8:25
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. This is due to the QuickTime3GPP.gtx component not handling certain Style subfields properly, as the font-table field, which is used to trigger the overflow in this module. Because of QuickTime restrictions when handling font-table fields, only 0x31-0x39 bytes can be used to overflow, so at the moment DEP/ASLR bypass hasn't been provided. The module has been tested successfully on IE6 and IE7 browsers (Windows XP and Vista).
-
8:25
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. This is due to the QuickTime3GPP.gtx component not handling certain Style subfields properly, as the font-table field, which is used to trigger the overflow in this module. Because of QuickTime restrictions when handling font-table fields, only 0x31-0x39 bytes can be used to overflow, so at the moment DEP/ASLR bypass hasn't been provided. The module has been tested successfully on IE6 and IE7 browsers (Windows XP and Vista).
-
8:25
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. This is due to the QuickTime3GPP.gtx component not handling certain Style subfields properly, as the font-table field, which is used to trigger the overflow in this module. Because of QuickTime restrictions when handling font-table fields, only 0x31-0x39 bytes can be used to overflow, so at the moment DEP/ASLR bypass hasn't been provided. The module has been tested successfully on IE6 and IE7 browsers (Windows XP and Vista).
-
-
16:00
»
SecuriTeam
Microsoft .NET Framework is prone to a vulnerability that lets attackers execute arbitrary code.
-
-
15:42
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-173 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution. Various other issues were also addressed.
-
15:42
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-173 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution. Various other issues were also addressed.
-
15:42
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-173 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution. Various other issues were also addressed.
-
-
16:00
»
SecuriTeam
Microsoft .NET Framework is prone to a vulnerability that lets attackers execute arbitrary code.
-
-
16:00
»
SecuriTeam
Iceape is prone to multiple remote vulnerabilities.
-
13:22
»
Packet Storm Security Advisories
Apple Security Advisory 2012-11-01-1 - iOS 6.0.1 is now available and addresses an information disclosure issue, a Passbook bypass, an arbitrary code execution vulnerability, and more.
-
13:22
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-11-01-1 - iOS 6.0.1 is now available and addresses an information disclosure issue, a Passbook bypass, an arbitrary code execution vulnerability, and more.
-
13:22
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-11-01-1 - iOS 6.0.1 is now available and addresses an information disclosure issue, a Passbook bypass, an arbitrary code execution vulnerability, and more.
-
-
19:58
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2570-1 - High-Tech Bridge SA Security Research Lab discovered multiple null-pointer dereferences based vulnerabilities in OpenOffice which could cause application crash or even arbitrary code execution using specially crafted files. Affected file types are LWP (Lotus Word Pro), ODG, PPT (MS Powerpoint 2003) and XLS (MS Excel 2003).
-
19:58
»
Packet Storm Security Recent Files
Debian Linux Security Advisory 2570-1 - High-Tech Bridge SA Security Research Lab discovered multiple null-pointer dereferences based vulnerabilities in OpenOffice which could cause application crash or even arbitrary code execution using specially crafted files. Affected file types are LWP (Lotus Word Pro), ODG, PPT (MS Powerpoint 2003) and XLS (MS Excel 2003).
-
19:58
»
Packet Storm Security Misc. Files
Debian Linux Security Advisory 2570-1 - High-Tech Bridge SA Security Research Lab discovered multiple null-pointer dereferences based vulnerabilities in OpenOffice which could cause application crash or even arbitrary code execution using specially crafted files. Affected file types are LWP (Lotus Word Pro), ODG, PPT (MS Powerpoint 2003) and XLS (MS Excel 2003).
-
-
15:46
»
Packet Storm Security Advisories
The Perl 5 interpreter is vulnerable to a memory corruption vulnerability which results in memory disclosure and potentially arbitrary code execution when large values are supplied to the x operator.
-
15:46
»
Packet Storm Security Recent Files
The Perl 5 interpreter is vulnerable to a memory corruption vulnerability which results in memory disclosure and potentially arbitrary code execution when large values are supplied to the x operator.
-
15:46
»
Packet Storm Security Misc. Files
The Perl 5 interpreter is vulnerable to a memory corruption vulnerability which results in memory disclosure and potentially arbitrary code execution when large values are supplied to the x operator.
-
-
13:48
»
Packet Storm Security Advisories
Ubuntu Security Notice 1617-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
-
13:48
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1617-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
-
13:48
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1617-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
-
-
19:20
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1379-01 - OpenStack Swift is a highly available, distributed, eventually consistent object/blob store. It was found that OpenStack Swift used the Python pickle module in an insecure way to serialize and deserialize data from memcached. As memcached does not have authentication, an attacker on the local network, or possibly an unprivileged user in a virtual machine hosted on OpenStack, could use this flaw to inject specially-crafted data that would lead to arbitrary code execution.
-
19:20
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1379-01 - OpenStack Swift is a highly available, distributed, eventually consistent object/blob store. It was found that OpenStack Swift used the Python pickle module in an insecure way to serialize and deserialize data from memcached. As memcached does not have authentication, an attacker on the local network, or possibly an unprivileged user in a virtual machine hosted on OpenStack, could use this flaw to inject specially-crafted data that would lead to arbitrary code execution.
-
19:20
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1379-01 - OpenStack Swift is a highly available, distributed, eventually consistent object/blob store. It was found that OpenStack Swift used the Python pickle module in an insecure way to serialize and deserialize data from memcached. As memcached does not have authentication, an attacker on the local network, or possibly an unprivileged user in a virtual machine hosted on OpenStack, could use this flaw to inject specially-crafted data that would lead to arbitrary code execution.
-
12:22
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-10-16-1 - Multiple vulnerabilities exist in Java 1.6.0_35, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_37.
-
12:22
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-10-16-1 - Multiple vulnerabilities exist in Java 1.6.0_35, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_37.
-
-
12:22
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-167 - Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. The mozilla firefox packages has been upgraded to the latest version which is unaffected by this security flaw.
-
12:22
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-167 - Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. The mozilla firefox packages has been upgraded to the latest version which is unaffected by this security flaw.
-
12:22
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-167 - Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution. The mozilla firefox packages has been upgraded to the latest version which is unaffected by this security flaw.
-
-
16:58
»
Packet Storm Security Advisories
Vulnerabilities exist in EMC NMM that could potentially be exploited by a malicious user to execute arbitrary code. Also, there is a risk that sensitive information could be disclosed under specific circumstances described in the details below.
-
16:58
»
Packet Storm Security Recent Files
Vulnerabilities exist in EMC NMM that could potentially be exploited by a malicious user to execute arbitrary code. Also, there is a risk that sensitive information could be disclosed under specific circumstances described in the details below.
-
16:58
»
Packet Storm Security Misc. Files
Vulnerabilities exist in EMC NMM that could potentially be exploited by a malicious user to execute arbitrary code. Also, there is a risk that sensitive information could be disclosed under specific circumstances described in the details below.
-
18:29
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1350-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws in Firefox could allow a malicious website to bypass intended restrictions, possibly leading to information disclosure, or Firefox executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution.
-
18:29
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1350-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws in Firefox could allow a malicious website to bypass intended restrictions, possibly leading to information disclosure, or Firefox executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution.
-
18:29
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1350-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws in Firefox could allow a malicious website to bypass intended restrictions, possibly leading to information disclosure, or Firefox executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution.
-
18:28
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1351-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws in Thunderbird could allow malicious content to bypass intended restrictions, possibly leading to information disclosure, or Thunderbird executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution.
-
18:28
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1351-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws in Thunderbird could allow malicious content to bypass intended restrictions, possibly leading to information disclosure, or Thunderbird executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution.
-
18:28
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1351-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws in Thunderbird could allow malicious content to bypass intended restrictions, possibly leading to information disclosure, or Thunderbird executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution.
-
-
15:05
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-157 - A heap-based buffer overflow was found in the way OpenJPEG, an open-source JPEG 2000 codec written in C language, performed parsing of JPEG2000 image files. A remote attacker could provide a specially crafted JPEG 2000 file, which when opened in an application linked against openjpeg would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application. The updated packages have been patched to correct this issue.
-
15:05
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-157 - A heap-based buffer overflow was found in the way OpenJPEG, an open-source JPEG 2000 codec written in C language, performed parsing of JPEG2000 image files. A remote attacker could provide a specially crafted JPEG 2000 file, which when opened in an application linked against openjpeg would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application. The updated packages have been patched to correct this issue.
-
15:05
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-157 - A heap-based buffer overflow was found in the way OpenJPEG, an open-source JPEG 2000 codec written in C language, performed parsing of JPEG2000 image files. A remote attacker could provide a specially crafted JPEG 2000 file, which when opened in an application linked against openjpeg would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application. The updated packages have been patched to correct this issue.
-
-
17:00
»
SecuriTeam
This allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
-
-
17:04
»
Packet Storm Security Advisories
Andy Davis of NCC Group has discovered an arbitrary code execution vulnerability in Apple OS X Lion versions 10.7 to 10.7.4 and OS X Lion Server versions 10.7 to 10.7.4.
-
17:04
»
Packet Storm Security Recent Files
Andy Davis of NCC Group has discovered an arbitrary code execution vulnerability in Apple OS X Lion versions 10.7 to 10.7.4 and OS X Lion Server versions 10.7 to 10.7.4.
-
17:04
»
Packet Storm Security Misc. Files
Andy Davis of NCC Group has discovered an arbitrary code execution vulnerability in Apple OS X Lion versions 10.7 to 10.7.4 and OS X Lion Server versions 10.7 to 10.7.4.
-
-
20:07
»
Packet Storm Security Exploits
This Metasploit module exploits an arbitrary code execution backdoor placed into phpMyAdmin version 3.5.2.2 through a compromised SourceForge mirror.
-
20:07
»
Packet Storm Security Recent Files
This Metasploit module exploits an arbitrary code execution backdoor placed into phpMyAdmin version 3.5.2.2 through a compromised SourceForge mirror.
-
20:07
»
Packet Storm Security Misc. Files
This Metasploit module exploits an arbitrary code execution backdoor placed into phpMyAdmin version 3.5.2.2 through a compromised SourceForge mirror.
-
-
20:39
»
Packet Storm Security Exploits
This Metasploit module exploits multiple design flaws in Sflog 1.0. By default, the CMS has a default admin credential of "admin:secret", which can be abused to access administrative features such as blogs management. Through the management interface, we can upload a backdoor that's accessible by any remote user, and then gain arbitrary code execution.
-
20:39
»
Packet Storm Security Recent Files
This Metasploit module exploits multiple design flaws in Sflog 1.0. By default, the CMS has a default admin credential of "admin:secret", which can be abused to access administrative features such as blogs management. Through the management interface, we can upload a backdoor that's accessible by any remote user, and then gain arbitrary code execution.
-
20:39
»
Packet Storm Security Misc. Files
This Metasploit module exploits multiple design flaws in Sflog 1.0. By default, the CMS has a default admin credential of "admin:secret", which can be abused to access administrative features such as blogs management. Through the management interface, we can upload a backdoor that's accessible by any remote user, and then gain arbitrary code execution.
-
-
7:18
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-172 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Operations Orchestration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RSScheduler service JDBC component of Operations Orchestra which listens by default on TCP port 9001. The component is vulnerable to SQL injection attacks. Remote, unauthenticated attackers can exploit this vulnerability by injecting malicious SQL into the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
7:18
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-172 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Operations Orchestration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RSScheduler service JDBC component of Operations Orchestra which listens by default on TCP port 9001. The component is vulnerable to SQL injection attacks. Remote, unauthenticated attackers can exploit this vulnerability by injecting malicious SQL into the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
7:18
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-172 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Operations Orchestration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RSScheduler service JDBC component of Operations Orchestra which listens by default on TCP port 9001. The component is vulnerable to SQL injection attacks. Remote, unauthenticated attackers can exploit this vulnerability by injecting malicious SQL into the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
-
19:55
»
Packet Storm Security Exploits
This Metasploit module exploits a file upload vulnerability found in XODA 0.4.5. Attackers can abuse the "upload" command in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution. The module has been tested successfully on XODA 0.4.5 and Ubuntu 10.04.
-
19:55
»
Packet Storm Security Recent Files
This Metasploit module exploits a file upload vulnerability found in XODA 0.4.5. Attackers can abuse the "upload" command in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution. The module has been tested successfully on XODA 0.4.5 and Ubuntu 10.04.
-
19:55
»
Packet Storm Security Misc. Files
This Metasploit module exploits a file upload vulnerability found in XODA 0.4.5. Attackers can abuse the "upload" command in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution. The module has been tested successfully on XODA 0.4.5 and Ubuntu 10.04.
-
19:52
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-165 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Operations Agent for NonStop Server. User interaction is required to exploit this vulnerability in that the target must check the status of an existing node on the network. The specific flaw exists within ELinkService process which listens on TCP ports 7771 and 8976 by default. The process performs insufficient bounds checking on user-supplied data within in a HEALTH packet prior to copying it into a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
19:52
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-165 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Operations Agent for NonStop Server. User interaction is required to exploit this vulnerability in that the target must check the status of an existing node on the network. The specific flaw exists within ELinkService process which listens on TCP ports 7771 and 8976 by default. The process performs insufficient bounds checking on user-supplied data within in a HEALTH packet prior to copying it into a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
19:52
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-165 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Operations Agent for NonStop Server. User interaction is required to exploit this vulnerability in that the target must check the status of an existing node on the network. The specific flaw exists within ELinkService process which listens on TCP ports 7771 and 8976 by default. The process performs insufficient bounds checking on user-supplied data within in a HEALTH packet prior to copying it into a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
19:46
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-162 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Diagnostics Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the magentservice.exe process which listens on port 23472 by default. The process performs insufficient bounds checking on user-supplied data prior to copying it into a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
19:46
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-162 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Diagnostics Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the magentservice.exe process which listens on port 23472 by default. The process performs insufficient bounds checking on user-supplied data prior to copying it into a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
19:46
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-162 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Diagnostics Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the magentservice.exe process which listens on port 23472 by default. The process performs insufficient bounds checking on user-supplied data prior to copying it into a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
19:37
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-151 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of products utilizing Oracle's Outside In Technology. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the library's parsing of Excel files. When handling the TxO record, the vseshr.dll module can be made to wrap an integer value when parsing a specific field. This can lead to an improper memory allocation that can be leveraged to corrupt the heap leading to arbitrary code execution under the context of the user running the application.
-
19:37
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-151 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of products utilizing Oracle's Outside In Technology. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the library's parsing of Excel files. When handling the TxO record, the vseshr.dll module can be made to wrap an integer value when parsing a specific field. This can lead to an improper memory allocation that can be leveraged to corrupt the heap leading to arbitrary code execution under the context of the user running the application.
-
19:37
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-151 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of products utilizing Oracle's Outside In Technology. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the library's parsing of Excel files. When handling the TxO record, the vseshr.dll module can be made to wrap an integer value when parsing a specific field. This can lead to an improper memory allocation that can be leveraged to corrupt the heap leading to arbitrary code execution under the context of the user running the application.
-
-
17:00
»
SecuriTeam
GNU Debugger is prone to an arbitrary-code-execution vulnerability.
-
-
17:00
»
SecuriTeam
Sleipnir Mobile for Android is prone to an arbitrary code-execution vulnerability and an arbitrary script-execution vulnerability.
-
-
21:31
»
Packet Storm Security Exploits
This Metasploit module exploits a path traversal flaw in Novell ZENworks Asset Management 7.5. By exploiting the CatchFileServlet, an attacker can upload a malicious file outside of the MalibuUploadDirectory and then make a secondary request that allows for arbitrary code execution.
-
21:31
»
Packet Storm Security Exploits
This Metasploit module exploits a path traversal flaw in Novell ZENworks Asset Management 7.5. By exploiting the CatchFileServlet, an attacker can upload a malicious file outside of the MalibuUploadDirectory and then make a secondary request that allows for arbitrary code execution.
-
21:31
»
Packet Storm Security Recent Files
This Metasploit module exploits a path traversal flaw in Novell ZENworks Asset Management 7.5. By exploiting the CatchFileServlet, an attacker can upload a malicious file outside of the MalibuUploadDirectory and then make a secondary request that allows for arbitrary code execution.
-
21:31
»
Packet Storm Security Misc. Files
This Metasploit module exploits a path traversal flaw in Novell ZENworks Asset Management 7.5. By exploiting the CatchFileServlet, an attacker can upload a malicious file outside of the MalibuUploadDirectory and then make a secondary request that allows for arbitrary code execution.
-
21:30
»
Packet Storm Security Exploits
This Metasploit module exploits a SQL injection found in Cyclope Employee Surveillance Solution. Because the login script does not properly handle the user-supplied username parameter, a malicious user can manipulate the SQL query, and allows arbitrary code execution under the context of 'SYSTEM'.
-
21:30
»
Packet Storm Security Recent Files
This Metasploit module exploits a SQL injection found in Cyclope Employee Surveillance Solution. Because the login script does not properly handle the user-supplied username parameter, a malicious user can manipulate the SQL query, and allows arbitrary code execution under the context of 'SYSTEM'.
-
21:30
»
Packet Storm Security Misc. Files
This Metasploit module exploits a SQL injection found in Cyclope Employee Surveillance Solution. Because the login script does not properly handle the user-supplied username parameter, a malicious user can manipulate the SQL query, and allows arbitrary code execution under the context of 'SYSTEM'.
-
18:04
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1165-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.3.0. It includes various bug fixes. The following security issue is also fixed with this release: It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.
-
18:04
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1165-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.3.0. It includes various bug fixes. The following security issue is also fixed with this release: It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.
-
18:04
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1165-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.3.0. It includes various bug fixes. The following security issue is also fixed with this release: It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.
-
-
18:33
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1152-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.
-
18:33
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1152-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.
-
18:33
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1152-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.
-
18:33
»
Packet Storm Security Advisories
Ubuntu Security Notice 1524-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
-
18:33
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1524-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
-
18:33
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1524-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
-
7:05
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-127 - A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF image format files, performed write of TIFF image content into particular PDF document file, when not properly initialized T2P context struct pointer has been provided by tiff2pdf as one of parameters for the routine performing the write. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary. The updated packages have been patched to correct this issue.
-
7:05
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-127 - A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF image format files, performed write of TIFF image content into particular PDF document file, when not properly initialized T2P context struct pointer has been provided by tiff2pdf as one of parameters for the routine performing the write. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary. The updated packages have been patched to correct this issue.
-
7:05
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-127 - A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF image format files, performed write of TIFF image content into particular PDF document file, when not properly initialized T2P context struct pointer has been provided by tiff2pdf as one of parameters for the routine performing the write. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary. The updated packages have been patched to correct this issue.
-
-
17:00
»
SecuriTeam
GNU Automake is prone to a local arbitrary code-execution vulnerability.
-
17:00
»
SecuriTeam
The Finder module for Drupal is prone to a cross-site-scripting vulnerability and an arbitrary-code execution vulnerability because the application fails to sufficiently sanitize user-supplied data..
-
8:11
»
Packet Storm Security Exploits
The uplay ActiveX component allows an attacker to execute any command line action. User must sign in, unless auto-sign in is enabled and uplay is not already running. Due to the way the malicious executable is served (WebDAV), the module must be run on port 80, so please ensure you have proper privileges. Ubisoft released patch 2.04 as of Mon 20th July.
-
8:11
»
Packet Storm Security Recent Files
The uplay ActiveX component allows an attacker to execute any command line action. User must sign in, unless auto-sign in is enabled and uplay is not already running. Due to the way the malicious executable is served (WebDAV), the module must be run on port 80, so please ensure you have proper privileges. Ubisoft released patch 2.04 as of Mon 20th July.
-
8:11
»
Packet Storm Security Misc. Files
The uplay ActiveX component allows an attacker to execute any command line action. User must sign in, unless auto-sign in is enabled and uplay is not already running. Due to the way the malicious executable is served (WebDAV), the module must be run on port 80, so please ensure you have proper privileges. Ubisoft released patch 2.04 as of Mon 20th July.
-
-
6:33
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-124 - Multiple heap-based buffer overflow flaws were found in the XML manifest encryption tag parsing code of openoffice.org. An attacker could create a specially-crafted file in the Open Document Format for Office Applications format which when opened could cause arbitrary code execution. The updated packages have been patched to correct this issue.
-
6:33
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-124 - Multiple heap-based buffer overflow flaws were found in the XML manifest encryption tag parsing code of openoffice.org. An attacker could create a specially-crafted file in the Open Document Format for Office Applications format which when opened could cause arbitrary code execution. The updated packages have been patched to correct this issue.
-
6:33
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-124 - Multiple heap-based buffer overflow flaws were found in the XML manifest encryption tag parsing code of openoffice.org. An attacker could create a specially-crafted file in the Open Document Format for Office Applications format which when opened could cause arbitrary code execution. The updated packages have been patched to correct this issue.
-
5:13
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-123 - Multiple heap-based buffer overflow flaws were found in the XML manifest encryption tag parsing code of LibreOffice. An attacker could create a specially-crafted file in the Open Document Format for Office Applications format which when opened could cause arbitrary code execution. libreoffice for Mandriva Linux 2011 has been upgraded to the 3.5.5 version which is not vulnerable to this issue.
-
5:13
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-123 - Multiple heap-based buffer overflow flaws were found in the XML manifest encryption tag parsing code of LibreOffice. An attacker could create a specially-crafted file in the Open Document Format for Office Applications format which when opened could cause arbitrary code execution. libreoffice for Mandriva Linux 2011 has been upgraded to the 3.5.5 version which is not vulnerable to this issue.
-
5:13
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-123 - Multiple heap-based buffer overflow flaws were found in the XML manifest encryption tag parsing code of LibreOffice. An attacker could create a specially-crafted file in the Open Document Format for Office Applications format which when opened could cause arbitrary code execution. libreoffice for Mandriva Linux 2011 has been upgraded to the 3.5.5 version which is not vulnerable to this issue.
-
-
15:36
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-133 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE iFix. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ihDataArchiver.exe process which listens by default on TCP port 14000. Several errors are present in the code responsible for parsing data from the network. By providing malformed data for opcodes 6, 7, 8, 10, and 12 the process can be made to corrupt memory which can lead to arbitrary code execution in the context of the user running the service.
-
15:36
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-133 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE iFix. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ihDataArchiver.exe process which listens by default on TCP port 14000. Several errors are present in the code responsible for parsing data from the network. By providing malformed data for opcodes 6, 7, 8, 10, and 12 the process can be made to corrupt memory which can lead to arbitrary code execution in the context of the user running the service.
-
15:36
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-133 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE iFix. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ihDataArchiver.exe process which listens by default on TCP port 14000. Several errors are present in the code responsible for parsing data from the network. By providing malformed data for opcodes 6, 7, 8, 10, and 12 the process can be made to corrupt memory which can lead to arbitrary code execution in the context of the user running the service.
-
-
19:15
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2520-1 - Timo Warns from PRE-CERT discovered multiple heap-based buffer overflows in OpenOffice.org, an office productivity suite. The issues lies in the XML manifest encryption tag parsing code. Using specially crafted files, an attacker can cause application crash and could cause arbitrary code execution.
-
19:15
»
Packet Storm Security Recent Files
Debian Linux Security Advisory 2520-1 - Timo Warns from PRE-CERT discovered multiple heap-based buffer overflows in OpenOffice.org, an office productivity suite. The issues lies in the XML manifest encryption tag parsing code. Using specially crafted files, an attacker can cause application crash and could cause arbitrary code execution.
-
19:15
»
Packet Storm Security Misc. Files
Debian Linux Security Advisory 2520-1 - Timo Warns from PRE-CERT discovered multiple heap-based buffer overflows in OpenOffice.org, an office productivity suite. The issues lies in the XML manifest encryption tag parsing code. Using specially crafted files, an attacker can cause application crash and could cause arbitrary code execution.
-
-
17:00
»
SecuriTeam
xAurora is prone to a vulnerability that lets attackers execute arbitrary code.
-
-
15:37
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in Simple Web Server 2.2 rc2. A remote user can send a long string data in the Connection Header to cause an overflow on the stack when function vsprintf() is used, and gain arbitrary code execution. The module has been tested successfully on Windows 7 SP1 and Windows XP SP3.
-
15:37
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in Simple Web Server 2.2 rc2. A remote user can send a long string data in the Connection Header to cause an overflow on the stack when function vsprintf() is used, and gain arbitrary code execution. The module has been tested successfully on Windows 7 SP1 and Windows XP SP3.
-
15:37
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in Simple Web Server 2.2 rc2. A remote user can send a long string data in the Connection Header to cause an overflow on the stack when function vsprintf() is used, and gain arbitrary code execution. The module has been tested successfully on Windows 7 SP1 and Windows XP SP3.
-
15:37
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in EGallery 1.2 By abusing the uploadify.php file, a malicious user can upload a file to the egallery/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 10.04.
-
15:37
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in EGallery 1.2 By abusing the uploadify.php file, a malicious user can upload a file to the egallery/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 10.04.
-
15:37
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in EGallery 1.2 By abusing the uploadify.php file, a malicious user can upload a file to the egallery/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 10.04.
-
-
15:33
»
Packet Storm Security Exploits
There is a race condition with the postinstall script for SUNWbindr that if update manager is being used or smpatch while the system is in multi user mode could lead to arbitrary code execution as root.
-
15:33
»
Packet Storm Security Recent Files
There is a race condition with the postinstall script for SUNWbindr that if update manager is being used or smpatch while the system is in multi user mode could lead to arbitrary code execution as root.
-
15:33
»
Packet Storm Security Misc. Files
There is a race condition with the postinstall script for SUNWbindr that if update manager is being used or smpatch while the system is in multi user mode could lead to arbitrary code execution as root.
-
-
21:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-115 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Performance Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coda.exe process which listens on a random TCP port by default. The process trusts a value within a GET request as a size. It then proceeds to copy that many bytes of user-supplied data into a fixed-length buffer on the stack. Remote unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
21:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-114 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Performance Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coda.exe process which listens on a random TCP port by default. The process trusts a value within a GET request as a size. It then proceeds to copy that many bytes of user-supplied data into a fixed-length buffer on the stack. Remote unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
-
16:52
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in AdminStudio LaunchHelp.dll ActiveX control. The LaunchProcess function found in LaunchHelp.HelpLauncher.1 allows remote attackers to run arbitrary commands on the victim machine. This Metasploit module has been successfully tested with the ActiveX installed with AdminStudio 9.5, which also comes with Novell ZENworks Configuration Management 10 SP2, on IE 6 and IE 8 over Windows XP SP 3.
-
16:52
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in AdminStudio LaunchHelp.dll ActiveX control. The LaunchProcess function found in LaunchHelp.HelpLauncher.1 allows remote attackers to run arbitrary commands on the victim machine. This Metasploit module has been successfully tested with the ActiveX installed with AdminStudio 9.5, which also comes with Novell ZENworks Configuration Management 10 SP2, on IE 6 and IE 8 over Windows XP SP 3.
-
16:52
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in AdminStudio LaunchHelp.dll ActiveX control. The LaunchProcess function found in LaunchHelp.HelpLauncher.1 allows remote attackers to run arbitrary commands on the victim machine. This Metasploit module has been successfully tested with the ActiveX installed with AdminStudio 9.5, which also comes with Novell ZENworks Configuration Management 10 SP2, on IE 6 and IE 8 over Windows XP SP 3.
-
-
7:44
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. The flaw is generally known as a bug while processing the 'transform' attribute, however, that attack vector seems to only cause a TerminateProcess call due to a corrupt stack cookie, and more data will only trigger a warning about the malformed XML file. This Metasploit module exploits the 'color' value instead, which accomplishes the same thing.
-
7:44
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. The flaw is generally known as a bug while processing the 'transform' attribute, however, that attack vector seems to only cause a TerminateProcess call due to a corrupt stack cookie, and more data will only trigger a warning about the malformed XML file. This Metasploit module exploits the 'color' value instead, which accomplishes the same thing.
-
7:44
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. The flaw is generally known as a bug while processing the 'transform' attribute, however, that attack vector seems to only cause a TerminateProcess call due to a corrupt stack cookie, and more data will only trigger a warning about the malformed XML file. This Metasploit module exploits the 'color' value instead, which accomplishes the same thing.
-
-
17:00
»
SecuriTeam
Apache HTTP Server is prone to a vulnerability that lets attackers execute arbitrary code.
-
-
17:00
»
SecuriTeam
Cisco AnyConnect Secure Mobility Client is prone to multiple vulnerabilities that allow attackers to run an arbitrary executable. This issue affects the VPN Downloader component.
-
-
20:43
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-097 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Express. Authentication is not required to exploit this vulnerability. User interaction is not required to exploit this vulnerability. The specific flaw exists within the dpwinsdr.exe process which listens on TCP port 3817 by default. The process has insufficient bounds checking on user-supplied data copied to a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed opcode 0x320 message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
20:43
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-097 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Express. Authentication is not required to exploit this vulnerability. User interaction is not required to exploit this vulnerability. The specific flaw exists within the dpwinsdr.exe process which listens on TCP port 3817 by default. The process has insufficient bounds checking on user-supplied data copied to a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed opcode 0x320 message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
20:43
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-097 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Express. Authentication is not required to exploit this vulnerability. User interaction is not required to exploit this vulnerability. The specific flaw exists within the dpwinsdr.exe process which listens on TCP port 3817 by default. The process has insufficient bounds checking on user-supplied data copied to a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed opcode 0x320 message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
20:33
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-096 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Express. Authentication is not required to exploit this vulnerability. User interaction is not required to exploit this vulnerability. The specific flaw exists within the dpwinsdr.exe process which listens on TCP port 3817 by default. The process has insufficient bounds checking on user-supplied data copied to a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed opcode 0x330 message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
20:33
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-096 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Express. Authentication is not required to exploit this vulnerability. User interaction is not required to exploit this vulnerability. The specific flaw exists within the dpwinsdr.exe process which listens on TCP port 3817 by default. The process has insufficient bounds checking on user-supplied data copied to a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed opcode 0x330 message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
20:33
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-096 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Express. Authentication is not required to exploit this vulnerability. User interaction is not required to exploit this vulnerability. The specific flaw exists within the dpwinsdr.exe process which listens on TCP port 3817 by default. The process has insufficient bounds checking on user-supplied data copied to a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed opcode 0x330 message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
-
-
22:26
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow in iTunes 10.4.0.80 to 10.6.1.7. When opening an extended .m3u file containing an "#EXTINF:" tag description, iTunes will copy the content after "#EXTINF:" without appropriate checking from a heap buffer to a stack buffer and write beyond the stack buffers boundary. This allows arbitrary code execution. The Windows XP target has to have QuickTime 7.7.2 installed for this module to work. It uses a ROP chain from a non safeSEH enabled DLL to bypass DEP and safeSEH. The stack cookie check is bypassed by triggering a SEH exception.
-
22:26
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow in iTunes 10.4.0.80 to 10.6.1.7. When opening an extended .m3u file containing an "#EXTINF:" tag description, iTunes will copy the content after "#EXTINF:" without appropriate checking from a heap buffer to a stack buffer and write beyond the stack buffers boundary. This allows arbitrary code execution. The Windows XP target has to have QuickTime 7.7.2 installed for this module to work. It uses a ROP chain from a non safeSEH enabled DLL to bypass DEP and safeSEH. The stack cookie check is bypassed by triggering a SEH exception.
-
22:26
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow in iTunes 10.4.0.80 to 10.6.1.7. When opening an extended .m3u file containing an "#EXTINF:" tag description, iTunes will copy the content after "#EXTINF:" without appropriate checking from a heap buffer to a stack buffer and write beyond the stack buffers boundary. This allows arbitrary code execution. The Windows XP target has to have QuickTime 7.7.2 installed for this module to work. It uses a ROP chain from a non safeSEH enabled DLL to bypass DEP and safeSEH. The stack cookie check is bypassed by triggering a SEH exception.
-
-
20:36
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-093 - There is a programming error in the DES implementation used in crypt() in ext/standard/crypt_freesec.c when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored. An integer overflow, leading to heap-based buffer overflow was found in the way Phar extension of the PHP scripting language processed certain fields by manipulating TAR files. A remote attacker could provide a specially-crafted TAR archive file, which once processed in an PHP application using the Phar extension could lead to denial of service , or, potentially arbitrary code execution with the privileges of the user running the application. The updated php packages have been upgraded to the 5.3.14 version which is not vulnerable to these issues.
-
20:36
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-093 - There is a programming error in the DES implementation used in crypt() in ext/standard/crypt_freesec.c when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored. An integer overflow, leading to heap-based buffer overflow was found in the way Phar extension of the PHP scripting language processed certain fields by manipulating TAR files. A remote attacker could provide a specially-crafted TAR archive file, which once processed in an PHP application using the Phar extension could lead to denial of service , or, potentially arbitrary code execution with the privileges of the user running the application. The updated php packages have been upgraded to the 5.3.14 version which is not vulnerable to these issues.
-
20:36
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-093 - There is a programming error in the DES implementation used in crypt() in ext/standard/crypt_freesec.c when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored. An integer overflow, leading to heap-based buffer overflow was found in the way Phar extension of the PHP scripting language processed certain fields by manipulating TAR files. A remote attacker could provide a specially-crafted TAR archive file, which once processed in an PHP application using the Phar extension could lead to denial of service , or, potentially arbitrary code execution with the privileges of the user running the application. The updated php packages have been upgraded to the 5.3.14 version which is not vulnerable to these issues.
-
20:00
»
Packet Storm Security Exploits
This Metasploit module exploits a buffer overflow in MMPlayer 2.2 The vulnerability is triggered when opening a malformed M3U/PPL file that contains an overly long string, which results in overwriting a SEH record, thus allowing arbitrary code execution under the context of the user.
-
20:00
»
Packet Storm Security Recent Files
This Metasploit module exploits a buffer overflow in MMPlayer 2.2 The vulnerability is triggered when opening a malformed M3U/PPL file that contains an overly long string, which results in overwriting a SEH record, thus allowing arbitrary code execution under the context of the user.
-
20:00
»
Packet Storm Security Misc. Files
This Metasploit module exploits a buffer overflow in MMPlayer 2.2 The vulnerability is triggered when opening a malformed M3U/PPL file that contains an overly long string, which results in overwriting a SEH record, thus allowing arbitrary code execution under the context of the user.
-
17:00
»
SecuriTeam
The Fill PDF module for Drupal is prone to a security-bypass vulnerability and an arbitrary-code-execution vulnerability because the application fails to sufficiently sanitize user-supplied data.
-
-
15:16
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Lattice Semiconductor PAC-Designer 6.21. As a .pac file, when supplying a long string of data to the 'value' field under the 'SymbolicSchematicData' tag, it is possible to cause a memory corruption on the stack, which results in arbitrary code execution under the context of the user.
-
15:16
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in Lattice Semiconductor PAC-Designer 6.21. As a .pac file, when supplying a long string of data to the 'value' field under the 'SymbolicSchematicData' tag, it is possible to cause a memory corruption on the stack, which results in arbitrary code execution under the context of the user.
-
15:16
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in Lattice Semiconductor PAC-Designer 6.21. As a .pac file, when supplying a long string of data to the 'value' field under the 'SymbolicSchematicData' tag, it is possible to cause a memory corruption on the stack, which results in arbitrary code execution under the context of the user.
Skip to page:
1
2
3
...
5