Zero Day Initiative Advisory 10-166 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMedia .IVR file containing a malformed data header. The application explicitly trusts an index in this data structure to seek into a list of objects. If one specifies an index outside the bounds of the array, the application will later dereference an object from the calculated pointer and then call it, leading to code execution under the context of the current user.
2d9a63b087cb4706f154dcd000abf7cec3eff4687dc7f08bc5ef49d148e9d064Hinnendahl.com Gaestebuch version 1.2 suffers from a remote file inclusion vulnerability.
753a16c21cf462ee367332422953a0909aae6ec64af5922e9601b62b4b8d6e59Quicktime PictureViewer version 7.6.5 DLL hijacking exploit.
3c4993bb0ffd2ab50592053a13f3f93437f114eaaa769691e057f119d77020c2Nero version 8.2.8.0 DLL hijacking exploit.
21c34a913ea9cd3acec88bac9d5ef4f6950f80b017209659a83a162154ad150cBentaly Microstation version 7.1 DLL hijacking exploit.
be1f00eabd025c42c58792ca2d54c785c2c33c426ad39ed7d3c567d77d537a40Hack In The Box is proud to announce, a brand new lightning session called HITB SIGINT (Signal Intelligence/Interrupt)! HITB SIGINT sessions are designed to provide a quick 15 minute overview for material and research that's up and coming - stuff that isn't quite ready for the mainstream tracks of the conference but deserve a mention nonetheless. Final year students who want to present their projects to industry experts are also strongly encouraged to submit their papers.Submissions are due 1st October 2010.
bcd400b2d666c47240f50a7d859342c147fc50b7fdb01c8ac3fab8f81cebdb39Prometeo version 1.0.65 suffers from a remote SQL injection vulnerability.
9d7883d4b8c99971294c9a9f9f7783f83bd71df0d1936ee56798193bdffa420aHycus CMS version 1.0.1 suffers from multiple cross site request forgery vulnerabilities.
87368a22437aa448cbd5a74a544d4d23465ca1922cdb74e8703fc58f09598a9eAtomic Photo Album version 1.0.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
0c2bcceba9439a45aac31417029510fb1f5f4fdc4a980e61123922f07f5c5f8eosCommerce Online Merchant version 3.0 suffers from a remote file inclusion vulnerability.
4e7b280fbeb7d2f5760e10222e458937fbf0a0a99728fb3b37e6c436c9e14c24TCMS version 100728 suffers from file content disclosure, cross site scripting, local file inclusion and remote SQL injection vulnerabilities.
f974e4a6f72f2c28051cebdf018a6eee9d29e847905d69433d67001e9be424e1Webmatic version 3.0.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
05eebc66600216a12da7f891d76fc5bebe0589dd09065dd196b86c95c6cc1fdeApple Preview.app is the default application used in Apple MacOS systems in order to visualize PDF files and does not properly parse PDF files, which leads to memory corruption when opening a malformed file with an invalid size on JBIG2 structure at offset 0x2C1 as in PoC Repro1.pdf or offset 0x2C5 as in PoC Repro2.pdf (both values trigger the same vulnerability).
53ce5615d54db8981ef51e6b34e7974571da0512912d9784b1b7d1be0444b0fdThis tool demonstrates the watermarking vulnerability in EncFS. Watermarking is an attack which does not give any secrets to the attacker but allows him to prove that the user of the encrypted file system has a certain file stored on his drive. The file has previously been specially prepared by the attacker.
e9383dceabbd0522871ea3716c7742bb58d16e38d3390c8b5b22e4f230326e91
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed