A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing a DEMX RIFF chunk within Director files. The logic within the TextXtra.x32 module fails to account for a specific condition and can be made to misallocate a buffer on the heap. By crafting specific values within DEMX substructures an attacker can corrupt memory leading to arbitrary code execution under the context of the user running the browser.
797bf403a4b513b396d26d36df0149d489cb9d807a1b1014511eb72dfabca1fd
rdesktop version 1.6.0 memory corruption proof of concept exploit.
054197abce8716778bf6a23bb2c4fe04790e5a39732a5602c0b3cd136e0d4c68
PHPXref version 0.7 suffers from a cross site scripting vulnerability.
1315c126618dd87d455d405922eaf2ce9ee86a21860d33dbf96aba5d753eee31
yInjector is a MySQL injection penetration tool. It has multiple features, proxy support, and multiple exploitation methods.
b52774ac099292a94a0f4f4c96f55843e963024e991196b4ce6f06d98c62454c
SourceBans version 1.4.7 suffers from a cross site scripting vulnerability.
66301349e8b7282ce75a5c2227f2c674aa6a43023ac759779edf2ded659cd0ff
HITB Magazine Volume 1 Issue 5 - Topics include Investigating Kernel Return Codes with the Linux Audit System, Secure Shell Attack Measurement and Mitigation, Windows CSRSS Tips and Tricks, and more.
7ba5cb3722469cf801f9eddceff6990948a8d5aeb5df0946b116b433a6a37127
The OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
0261dfa39fcafc4cb05a3c075181526dd4263640289efa218822e3b084efad74
MihanTools Script version 1.3.3 suffers from a remote SQL injection vulnerability.
4b8a9b355e11d4f0b10ae4d93ae60547605e9ba08172faf5d1500bfd92c45a3e
LIGATT Security's LocatePC software version 1.05 suffers from a remote SQL injection vulnerability.
a75bd59d0433d2ccdadcef841bbda360d42c5278246ad2df0b18df13636a1f3a
Mandriva Linux Security Advisory 2011-024 - The MIT krb5 Key Distribution Center daemon is vulnerable to denial of service attacks from unauthenticated remote attackers.
39c0572f12359cb86e2fd583adb8e4c9548610ab0a8802aee133beb16ae6eab8
Web 2.0 Social Network Freunde Community suffers from a remote SQL injection vulnerability.
4b5d409fb31c9f617374f6314f26f7b77deb28b1ef57aae3caa119bacb525e5d
Coppermine Photo Gallery version 1.5.x suffers from a remote command execution vulnerability.
4636daec10200eab943f199e537f5d755db8c132485916dc1fee0ff5c8b0cf28
xRadio version 0.95b local buffer overflow exploit that creates a malicious .xrl file.
32187c65a69839c6e38c7cf52e52084eccda06d0e18cb0b8534357352a627991
tudou.com suffers from a UTF7-BOM cross site scripting vulnerability.
77f0d0d5cee1f1942628632a5418bf0a7ee03fa31382d631e811d6018223f820
Enable Media Replace WordPress plugin version 2.3 suffers from remote shell upload and SQL injection vulnerabilities.
c704208044e25049fc23310c983128a5a4dd32de8271a106ecf2d492cf255edb
iDefense Security Advisory 02.08.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside of an Adobe Flash file. The problem exists in a certain ActionScript method. When the method is called with particular parameters, the ActionScript engine gets confused and takes a user supplied value as an object pointer which leads to an exploitable condition. iDefense has confirmed the existence of this vulnerability in the Flash Plugin version 10.1.82.76 and 10.1.85.3. A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-02.
685b513ec10df1aab8cf9099ac0c692b0194efef40546c518576a4c56b3acc4b
iDefense Security Advisory 02.08.11 - Remote exploitation of an integer overflow vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside an Adobe Flash file. The problem exists in the ActionScript method of the built-in "Function" class, which accepts an array object as a second parameter and uses this array's length multiplied by four for a memory allocation without any overflow checks. Then it writes the array's content into the allocated memory, which corrupts memory and leads to an exploitable condition. iDefense has confirmed the existence of this vulnerability in the Flash Plugin version 10.1.82.76 and 10.1.85.3. A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-02.
ebabde584383e97f6fef8ac29bc90485c63025e0e75518aef523118962a5863e
CGI:IRC is a Perl/CGI program that allows you to use IRC from a Web browser without having to have access to an IRC port. It does not use Java, but it does need a browser capable of rendering frames. It can be used on a Web page to allow users to chat, or it can be used to access chat from behind a firewall.
654409c768026e9565e54a39e27064a4f86fc778042e1d46959f30d24fbfbce0
Unreal Tournament remote buffer overflow exploit using SEH and written for Windows.
3501ce11a58cf39d271605054c6374c1f2573ea2afe44f7646baa59a2bc5fcaa
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DIRAPI.dll module distributed with the player. While parsing a director movie (.dir or .dcr) the code trusts the specified size of the IFWV chunk and uses it within a calculation to determine another offset within the file. By setting it to 0, the code jumps to the wrong location within the file. While parsing data at the new location, the code uses a value as a loop counter. Within the loop, the code copies data to a heap buffer. By crafting a file with a large enough size, this loop can be forced to corrupt memory. A remote attacker can abuse this logic to execute arbitrary code under the context of the user running the application.
7040bca9eccf6a2f720afeeef790fed7dd9623170dc56e8f376e1c3cd7629549
iDefense Security Advisory 02.08.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Shockwave Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability takes place during the processing of a malicious Adobe Director file. A malicious user could cause a memory corruption by including malformed data in a chunk. This condition may lead to arbitrary code execution. iDefense has confirmed the existence of this vulnerability in Shockwave Player version 11.5.8.612 and version 11.5.9.615 (the latest version at the time of testing). A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-01.
004f9f99eb403ab4abbeaa49b8e7d6edcd9e5d746d21146c4503da633a1ca603
iDefense Security Advisory 02.08.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Reader could allow an attacker to execute arbitrary code with the privileges of the current user. JPEG2000 (JP2K) is an image file format similar to JPEG. In addition to JPEG markers, JP2K files also provide "boxes" that define different image properties. JP2K is one of the image formats supported by Adobe Reader and Acrobat. The vulnerability occurs when parsing a JPEG2000 file embedded inside of a PDF file. Several different JP2K record types are involved in the vulnerability. It is possible to increment a buffer index beyond the allocated data, and store pointers to file data at that location. This can result in the corruption of heap structures and application data, which leads to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Adobe Reader and Acrobat versions 9.4 and 8.2.5. A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-03.
9023fb241705e726e7f30ccce3136b242840184453dce8f68b6886351ba171bc
EMC Replication Manager contains a potential vulnerability that may allow remote unauthenticated user to execute arbitrary code on vulnerable installations of the EMC Replication Manager. Affected products include EMC Replication Manager versions earlier than 5.3, EMC NetWorker Module for Microsoft Applications versions 2.1.x and 2.2.x.
4c30e9aed08c9c586089b2db66c9805be6a020c01be1c707e3e2691828f1e134
Secunia Security Advisory - A vulnerability has been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system.
7ab55e8075b44832a07846d002bff5431ff491921a831ffc693d14c4f05fc545
Secunia Security Advisory - A vulnerability has been discovered in Auto Database System module for PHP-Fusion, which can be exploited by malicious people to conduct SQL injection attacks.
152fe5b90710e20c0333515fc904ef84c091ebda62ec04c109f66cefcb5100b2