This Metasploit module exploits a vulnerability found in BlazeVideo HDTV Player's filename handling routine. When supplying a string of input data embedded in a .plf file, the MediaPlayerCtrl.dll component will try to extract a filename by using PathFindFileNameA(), and then copies whatever the return value is on the stack by using an inline strcpy. As a result, if this input data is long enough, it can cause a stack-based buffer overflow, which may lead to arbitrary code execution under the context of the user.
ab34370a5debea1b2a8db24c582834304ee72c0e5a992dbbbcfedc31867011f6
Axis Commerce version 0.8.7.2 suffers from multiple stored cross site scripting vulnerabilities.
5b98c30892bfc1275681ae20caf39f5a066c85801cedca3fd96ad0fd88b04a10
SysAid Helpdesk version 8.5 Pro suffers from multiple remote blind SQL injection vulnerabilities.
6b32da064f8d6d2d434491a60fd914b8e9cf99d9ceab79f915c421782d761761
Squiz CMS version 11654 suffers from a directory traversal vulnerability.
9aad92b935f5ad7c893786de544430c0d9cb211b6cbbaed9edeef9c1a0e15cce
Nagios XI Network Monitor version 2011R1.9 suffers from a remote blind SQL injection vulnerability.
2cf56eed695230c853b7b3b4f90eb894c8c6fc9ed6af1f23249a37152923da76
Nagios XI Network Monitor version 2011R1.9 suffers from OS command injection vulnerabilities.
cefe812c8837b8e434b4ea93fe2c8a19e990a7fdd85084570601625036f225c8
Oracle Gridengine's sgepasswd suffers from a buffer overflow vulnerability.
27c545a1cda033f55904dc6058b6be0f7c4252cea190bf6782a8be65bf19b66d
DataArmor and DriveArmor versions prior to 3.0.12.861 suffer from restricted environment breakout, privilege escalation, and full disk decryption vulnerabilities.
0fc5ee98ad7150597b23a730a459a04feb859a6daba3aacc92a056f31d04b665
jsupload.cgi.pl versions 0.6.4 and below suffer from a directory traversal vulnerability.
ccd62aaa39befe158eac096c007c49a7c571779c421b3de5eb034f9c0b7abff3
Apple Security Advisory 2012-11-29-1 - Apple TV 5.1.1 is now available and addresses information disclosure and code execution vulnerabilities.
caa20eb0d66851c61553ae776f1f9fa646d8aa08b83a087b6b2dc7fe2af9bede
PayPal suffered from a persistent cross site scripting vulnerability.
2410978fe3d394fded3f60d02efa3b9655e8eff8e42012acccdeb9c375cab246
Safend Data Protector suffers from multiple privilege escalation vulnerabilities.
7fa4ab53d92dfd88c732eb79417967adbe52865b5df1b66c86b093a3abbc15b9
VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error within the "imgRequestProxy::OnStopRequest()" function, which could allow remote attackers to execute arbitrary code via a specially crafted web page.
6ff9c9465d128e7723f00c6eb8b2c513970c66279404d1491f6201d4b7ded1cd
Ubuntu Security Notice 1430-5 - USN-1430-3 fixed vulnerabilities in Thunderbird. This update provides an updated mozilla-devscripts which produces packaged addons compatible with the latest thunderbird packaging.
2e3cd2c8aeffd832578a924739c75e1773dc2e46546fb23e4d3f9e27f601fccf
Ubuntu Security Notice 1643-1 - It was discovered that the decode_xs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. It was discovered that the 'new' constructor in the Digest module is vulnerable to an eval injection. An attacker could use this to execute arbitrary code. Various other issues were also addressed.
6c274eedfdb3da7dbb7671102ad6fe7a37edb74ba2b040227e902cbb757d04a1
Debian Linux Security Advisory 2579-1 - A vulnerability has been found in the Apache HTTPD Server.
75cc0f2d9d8dabf15819407aef98d97059d1c26d0754a1dead1d43130c26538d
Ubuntu Security Notice 1652-1 - Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
e2ab2490ada83b444a66c52183f126e16e8175d3cffdad175af3f948c4a2e280
Ubuntu Security Notice 1651-1 - Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
050be699e44be98ae2ca0aff99370d56139223bf52fe876c8f83644c51ece493
Ubuntu Security Notice 1650-1 - Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
ea0d826ac97c808d41bf039a736c91d3f83693af9097f54d42f504187da73d53
Ubuntu Security Notice 1649-1 - Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
50d96a46ae540807a3cbac6d9da2f0a742defbec6c2aeb63630420490e1280e4
Ubuntu Security Notice 1648-1 - Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
4eb660e26fd88a32afdbb6f4745741f275f50287259f53e6fcf824c0f62ee4ce
Ubuntu Security Notice 1647-1 - Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
bc7bae042dda4167991eaaa3aba4772592c4a371088803032bf38ec4fc7d8f3b
Ubuntu Security Notice 1646-1 - Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
e417f1d428863d8eb7268db89617f507396def202c65c7aa89768f7915d5e0be
Ubuntu Security Notice 1645-1 - Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
4d3dae198ecc5f0fab30ae0aa3248050f97447564d01f2bdf33aa7274130728c
Ubuntu Security Notice 1644-1 - Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
5a24998d89af0c468b0e5534c8e4d28d186288d82114644816fad0f143a37bfb