Matthew Dempsky

CVE-2009-0858 EXPLOITDB text WRITEUP

D.j.bernstein Djbdns < 1.05 - Improper Input Validation

The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.

View Code

CVE-2008-4546 EXPLOITDB text WRITEUP

Adobe Flash Player - Resource Management Error

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.

View Code