|
VMWare Player
Damn Vulnerable Linux is prepared to run under VMWare player!
Who's Online
Statistics
Members: 8187
News: 94
Web Links: 0
Visitors: 404393
|
Kernel - [IEEE80211]: avoid integer underflow for runt rx frames
Reported by Chris Evans <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: The summary is that an evil 80211 frame can crash out a victim's achine. It only applies to drivers using the 80211 wireless code, and nly then to certain drivers (and even then depends on a card's irmware not dropping a dubious packet). I must confess I'... Read More >> |
| |
|
|
|
|
DVL included XPDF vulnerability (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)
Secunia Research has discovered some vulnerabilities in Xpdf, which can e exploited by malicious people to compromise a user's system. 1) An array indexing error within the DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be xploited to corrupt memory via a specially crafted PDF file. 2) An integer overflow error within the "DCTStream::reset()" method in pdf/Stream.cc can be exploited to cause a heap-based buffer overflow
via a specially crafted PDF file. ... Read More >> |
| |
|
|
DVL included Mplayer Buffer Overflow Vulnerability (CVE-2007-2948 and SAID 24302)
A stack overflow was found and reported by Stefan Cornelius of Secunia
Research in the code used to handle cddb queries. Two other similar issues
were found by Reimar Döffinger while fixing the issue. The vulnerability is
identified with CVE-2007-2948 and
SAID 24302. When copying the album title and category, no checking was performed on the size
of the strings before storing them in a fixed-size array. A malicious entry in
the database could trigger a stack overflow in the program, lead...
Read More >> |
| |
|
|
|
|
DVL included Vulnerability in Tor Installation!
Tor below 0.1.2.16 has a critical security vulnerability that allows a emote attacker in certain situations to rewrite the user's torrc onfiguration file. This can completely compromise anonymity of users in most configurations, including those running the Vidalia bundles, orK, etc. Or worse...
Read More >> |
| |
|
|
QT Vulnerability - Free provided with DVL Strychnine+E605
Trolltech,
producers of the Qt library, have released a source code patch for Qt3,
which fixes a security vulnerability. Bugs may lead to execution of
arbitrary code during processing of crafted strings by applications
which use the cross-platform C++ framework.
QTextEdit element contain format
string vulnerabilities and integer overflows. These can be triggered
when an application linked to Qt issues an error message which
incorporates text provided by the user. The bugs affect versio...
Read More >> |
| |
|
|
|
DVL Project Tracker
DVL 1.5
References
- IITAC - International Institute (Certification and Training)
- Leibnitz University of Hannover, Germany (Secure Software Development Lecture)
- University of Applied Sciences and Arts Hannover, Germany (Secure Software Development Lecture)
- East Tennessee State University, U.S (Ethical Hacking Class)
- University of the Basque Country, Spain (Computer Security Class)
- University of Florida, U.S. (Student Infosec Team)
- Institute Superieur Maritim, Algeria
|
