Zero Day Initiative Advisory 10-129 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Internet Agent. Authentication is required to exploit this vulnerability. The flaw exists within the IMAP functionality included with GWIA. When provided with an overly long mailbox name to the CREATE verb, the IMAP server can be forced to overflow a buffer on the stack. Successful exploitation leads to remote code execution under the context of the server.
c38190bbe6cf2654a24eaabcd78ecd040cbac6cf773df475162d54315a49992e
Group Office version 3.5.9 suffers from a remote command execution vulnerability.
d395780e5580c0301934155e011a6e18ec6447417232cef5adc8718a94ff5e55
The Novell Groupwise Internet Agent suffers from a remote code execution vulnerability due to a stack overflow.
76736a6c8ea0fb9f7f9a0f12dd5cf5394064dec0c96b1d6cf55ca7dee72c2d5f
ActiTime version 2.0-MA suffers from a cross site request forgery vulnerability.
7ffc90c83666da1448e58b4d7792f8c5e3f865d85fc1b893bc5df889050e7665
My Book suffers from an insecure cookie handling vulnerability.
a29827e1ca16915e2d7afbdb5e7b956a5d2d58ffd1c18ec8b119d77b2956f904
Kanarya Shop suffers from a remote database disclosure vulnerability.
69fbe4b53ecfb180b40ae3484e5a0e50663da1178494b1d683bbbc2847895221
Advanced Management For Services Sites suffers from a remote file inclusion vulnerability.
c5d21bffb0aa5bfb010119083c19eeefdc1426ade4cbbee9ecd019485aa7bb75
Group Office suffers from a remote SQL injection vulnerability.
bac72b012a143df904a3867be5a1fa3da472f92978594f803af6d9357f30c3af
Power/Personal FTP server version 2.30 RETR remote denial of service exploit.
8eb5be68d140f5c719236df4f806ecfe5541c74edb10de2eee9b728ea928b676
Haihaisoft PDF Reader with OCX control version 1.1.2.0 suffers from a remote buffer overflow vulnerability.
f4f2df2555e6a1b165df2624885a25e4c36da2d1ed12ade17c8c774d9d6cbb70
Universal stack buffer overflow exploit for Mini-Stream RM-MP3 Converter version 3.1.2.1 that creates a malicious .pls file.
2d21c24af7764b4ae41792b6351041be17be14984b31d19baf9460494491f17d
Pre Podcast Portal suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d6ccf2eda4aa207ef41787011032a875efd56bbf6a901d840ea984b9df6f1570
SoftClones Marketing Management System suffers from a remote SQL injection vulnerability that allows for authentication bypass.
5e9b43b5f3b06b5391f598908fe6c8effa8f6ac51bbb071efec0e2288b86ffd2
Pre Dynamic Institution Web suffers from a remote SQL injection vulnerability that allows for authentication bypass.
9e4d718f4d60f7d1de7823b1d56d1c7206cfe27636ab8542383aee718c2d5b6f
Pre Webhost suffers from a remote SQL injection vulnerability that allows for authentication bypass.
77f51ba784add431406c6bab60dc2057c4e59ab848f6d29b8a9b7921a488e955
This exploits a memory corruption vulnerability present in Samba versions prior to 3.3.13. When handling chained response packets, Samba fails to validate the offset value used when building the next part. By setting this value to a number larger than the destination buffer size, an attacker can corrupt memory. Additionally, setting this value to a value smaller than 'smb_wct' (0x24) will cause the header of the input buffer chunk to be corrupted. After close inspection, it appears that 3.0.x versions of Samba are not exploitable. Since they use an "InputBuffer" size of 0x20441, an attacker cannot cause memory to be corrupted in an exploitable way. It is possible to corrupt the heap header of the "InputBuffer", but it didn't seem possible to get the chunk to be processed again prior to process exit. In order to gain code execution, this exploit attempts to overwrite a "talloc chunk" destructor function pointer. This particular module is capable of exploiting the flaw on x86 Linux systems that do not have the nx memory protection. NOTE: It is possible to make exploitation attempts indefinitely since Samba forks for user sessions in the default configuration.
62e4dbdef10ca045ef1ec88681d7b84288ebd9bf3ef44718fc8ad5724142a978