[POC] Advisory #17 Local [VMWare]: There is an exploitable overfclow in VMWare that will allow the ability to execute malicious code on a local system. This is lame since you have to MSN the html gfile or p2p it as the ActiveX component is not marked as safe for scripting.
[POC] Advisory #16 Remote [Xine]: Xine media player suffers from an exploitable format string bug that could allow a malicious attacker to exploit a remote vulnerable system by embedding exploit code in a playlist and triggering the format bug.
[POC] Advisory #15 Local [Windows Help]: Windows Help suffers from a fairly generic heap based overflow in .hlp file rendering that will allow a malicious help file the possibility of executing malicious code on the victims machine.
[POC] Advisory #14.5 Local [UNZIP]: UNZIP is a widely used archiving program for un-archiving .zip file formats. There is a buffer overflow in the application that when parsing a large file name, a stack overflow will occur allowing code execution.
[POC] Advisory #14 Local [Appfluent]: Appfluent develop a Database IDS system that will allow an admin to capture all SQL activity on a database, logging it to some location for reporting purposes. There is a local root exploit that can be abused to gain unauthorised access to the system.
[POC] Advisory #13 Remote [RealPlayer / Helix]: RealPlayer && helixPlayer Gold both suffer froma remotely exploitable format string bug that will allow a user to execute malicious code on the victims machine by abusing an embedded file such as realpic and realtext.
[POC] Advisory #12 Remote [ELM Email Client]: ELM email client 2.5.8 has a stack overflow in the Expires field that will allow for an attacker to gain remote access to the system as the user running ELM. Bug found by Ulf Harnhammar so he gets the discovery credit.
[POC] Advisory #11 Local [Lantronix SCS]: Multiple security issues have been found in the Lantronix Secure Console Server, these issues range from file destruction from insecure /tmp files to outright system compromise by abusing buffer overflows in root owned setuid binaries.
[POC] Advisory #9 Remote [eRoom Doom]: eRoom has some vulnerabilities in that it does not deal with attached files or handle cookies in a secure manner. This being the case, it is possible to abuse trust between users utilising the system, execute code on systems of valid users and compromise user accounts by stealing/replaying their session cookies.
[POC] Advisory #8 Remote [McAfee IPS]: I have found some security vulnerabilities in this product whereby a user can elevate their privileges from a user that can only view alerts logged by remote sensors, to a scenario where the user can gain access to acknowledge, accept and delete alerts and access the Management Console.
[POC] Advisory #7 Local [SolSockJack]: Solaris has a bug in the use of SO_REUSEADDR in that the Kernel favours any socket binding operation that is more specific than the general "*.*" wildcard bind(). As such, a malicious socket can bind to an already bound interface if a specific IP address is used.
[POC] Advisory #6 Remote [Xine's Mine]: Xine is a popular media player for Linux, UNIX and Windows based systems. Discovered during the Media Player audit, there is a stack based overflow that can be abused to allow remote code exection on a vulnerable machine. The bug can also be abused on a local basis by tricking a user to play a specially crafted media file. Link Posted: August 08th 2004 by c0ntex
[POC] Advisory #5 Remote [MPlayer Memplayer]: MPlayer is a popular open-source media player. Discovered on the 28th May there is vulnerability allowing remote exploit attacks, due to incorrect data sanity checks on user supplied information. Multiple input methods allow for remote code execution as the user running MPlayer binary. Link Posted: May 28th 2004 by c0ntex
[POC] Advisory #4 Local [Oracle Ownage]: Oracle 9i database has been found to contain a stack based buffer overflow that can be manipulated in such a way as to yield an attacker with uid of the binary. This is usually the user ORACLE or ROOT and group DBA or SYSTEM or ROOT. Link Posted: October 25th 2003 by c0ntex
[POC] Advisory #3 Remote [Irrational]: Rational ClearCase, which is now owned by IBM has multiple vulnerabilities in many of the default shipped binaries. This includes those binaries that are modified or upgraded by the latest patch kit. Both [v4] and [v5] streams are vulnerable to these stack smash attacks. Link Posted: September 16th 2003 by c0ntex
[POC] Advisory #2 Remote [Hummingbird Cull]: Hummingbird Exceed has a bug in the way it handles and references fonts. It is possible to cause a stack based buffer overflow in the vulnerable client. It is also possible to cause a remote Denial Of Service attack against a vulnerable system. Link Posted: August 18th 2003 by c0ntex
[POC] Advisory #1 Local [Kon 2 root]: Kon is vulnerable to a generic stack based overflow. The bug is found in the "-Coding" option of Kon, where data input is not checked correctly. An attack will provide root access to the system as the binary is setuid ROOT as default. Link Posted: July 5th 2003 by c0ntex