Some examples and sample code to experiment with C++ exploitation and vptr overwriting.
3812cd1a468cea7f002d82cb54fd72d84f9275f492ebe8e187e4d4b2d50f828c
The C Code Analyzer (CCA) is a static analysis tool for detecting potential security problems in C source code. It's fully automatic; no code annotations or the like are required. It features an automatic user input tracer, potential buffer overflow detection, and more. An eclipse front-end plugin is included.
ea38609932b78433e929fee731bc065e252e36c55600ffdcc609d2be42a5fae4
An active-x control used to set up e-mail, nntp, and ldap accounts in Outlook Express for the University of Phoenix allows for later account manipulation.
4bca6a33736e5903a701811c2b98fceeb18af1da5f873243b6df0556d9db116d
Travesty is an interactive program for managing the hardware addresses of ethernet devices on your computer. It supports manually changing the MAC, generating random addresses, and applying different vendor prefixes to the current address. It also allows the user to import their own lists of hardware addresses and descriptions that can be navigated from within the Travesty interface. Travesty is written in Python, and is very simple to add functionality to, or modify.
ceaa2d9749025c8c0f32d7fac3044536812c4ea4b1d23cb7205c1afce0d119dd
Gentoo Linux Security Advisory GLSA 200501-46 - ClamAV contains two vulnerabilities that could lead to Denial of Service and evasion of virus scanning. Versions below 0.81 are affected.
c27b7807c952f6c3861c059035ef6ed33978ea406e0b2a8f22af7901bf5ba551
Whitepaper discussing the best security practices for host naming and URL conventions.
e9a5dc480f6839ca756e12580e639976fae0181c72d56978a013e4263afab1cb
The 80/20 Rule for Web Application Security: Increase your security without touching the source code . This article discusses ways to make your website more difficult to exploit with little effort.
bba7f7e823c6583f2e30e376b8c5ab99b4d303a27d637867f9f30645116bb148
Secunia Security Advisory - A vulnerability has been reported in fprobe, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
b8800e9c24b142f5e9d91642e25bb5d79904a19b3fec24b33015e78cd154a813
Secunia Security Advisory - Soroush Dalili has discovered a vulnerability in SmarterMail, which can be exploited by malicious users to conduct script insertion attacks.
8efc37760a688943166d98b1db1db088cda82738b385689c6ea2d0925eae7f37
Secunia Security Advisory - Vladimir Kraljevic has reported a security issue in Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
305c66d2b555ae7ff47f00dd30c6052417a63dd409b5ddf93e4f9987ed95d44b
Secunia Security Advisory - Details have been released about several vulnerabilities in Firefox, Mozilla and Thunderbird. These can be exploited by malicious people to bypass certain security restrictions, conduct spoofing and script insertion attacks and disclose sensitive and system information.
a8915f9684acfb40baf7234fa34a3d935c81940168ecd3068d48c40f43175bb1
HP Security Bulletin - A potential vulnerability has been identified that affects the Software Development Kit (SDK) and Run Time Environment (RTE) for the Tru64 UNIX Operating System for the Java(TM) Platform. Object deserialization may allow a remote attacker to cause the Java Virtual Machine to become unresponsive, resulting in Denial of Service (DoS) for the runtime environment and servers that run on the runtime environment. Affected versions: SDK and RTE v 1.4.2-3 and earlier 1.4.2 releases, and 1.4.1 releases.
fd7f837c394cd9ac4773864bc0a2c48a18d056f0ee0d39ef415c42e31429db1c
Secunia Security Advisory - ShineShadow has reported two weaknesses in IceWarp Web Mail, which can be exploited by malicious users to gain knowledge of certain system information or sensitive information.
81646ae7c3f632e96dcc38278762aecc370d6a962c849c281bcd71c7ba6d8e1c
Secunia Security Advisory - HP has acknowledged some vulnerabilities in Virtualvault and Webproxy, which can be exploited to gain escalated privileges, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
6fd74d9018d0902c129a75959137018c97478591aca8a2952fb226add696ff53
Secunia Security Advisory - A vulnerability has been reported in HP Virtualvault, which can be exploited by malicious people to cause a DoS (Denial of Service).
aa6dc75d05f3114cde8805d370de2464018521b62738476804c80733b6d09b65
Secunia Security Advisory - SmOk3 has reported a vulnerability in JShop Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
d6413caaaa4f5d52ef9cbfd9ae48135aebfc7709cd2dc95af789588e78893c1c
Secunia Security Advisory - Larok has reported a vulnerability in the Incontent module for Xoops, which can be exploited by malicious people to disclose sensitive information.
fc8c4a5ca768654a937300a8b798a2bdec92c7058bd7730403ceaeb0e0b2adba
PafileDB 3.1 Final is susceptible to full path disclosure and php injection bugs.
a04346894a0b513e64fd8e1ed0af710d9e47c68804d433ac721b3e4f24714c11
Remote denial of service exploit for Xpand Rally version 1.0.0.0 that makes use of a crash due to reading and writing on unallocated memory.
0c38c27fbb4d8ce1cd2746933da0239b82bbe9af968ded27e19f90870baa9c2b
Xpand Rally version 1.0.0.0 is susceptible to a denial of service attack during a crash due to reading and writing on unallocated memory.
7f0ccd99f6efaa1172d65d53b33076811fe80539cde5898e6adb0b04166d7d17
Local exploit for ncpfs that gain access to /etc/shadow entries.
1c5ef83be0a27228da5f732d4d3448a7a252ce6eeaf13cac4d1406c5a0a28782
Gentoo Linux Security Advisory GLSA 200501-44 - The ncpfs utilities contain multiple flaws, potentially resulting in the remote execution of arbitrary code or local file access with elevated privileges.
cdbf840399011b7a2266ab1e7ce35b8e382816ee8165f420f45f59d9331dc751
Packet Storm new exploits for January, 2005.
b3cc672742ae6abc2421a5291f99236c6ac9529789725a2f01dfeceea21e9b3a
Gentoo Linux Security Advisory GLSA 200501-42 - VDR insecurely accesses files with elevated privileges, which may result in the overwriting of arbitrary files.
58c8381dad7330528213133aa399c575074abc76fb1a6fa12cddc943bc9c980d
IDS Policy Manager was written to manage Snort IDS sensors in a distributed environment. This is done by having the ability to take the text configuration and rule files and allow you to modify them with an easy to use Graphical interface. With the added ability to merge new rule sets, manage pre processors, control output modules and scp rules to sensors, this tool makes managing snort easy for most security professionals.
fce92a285eaf9b9b22e83b109b315e21722dc3594d70a426b0c0e04983b48eef