exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 660 RSS Feed

Files

Zero Day Initiative Advisory 11-150
Posted Apr 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-150 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed omniiaputil message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2011-1734
SHA-256 | 5cae608b4f061f0bdeac095e6b52bf8be9df614690be9309a49f69f71b8cbdf3
Zero Day Initiative Advisory 11-149
Posted Apr 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-149 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed HPFGConfig message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2011-1733
SHA-256 | 17b36d9a153ba25eb0f48fa2727ebd386363cc4c2c096bf2e33a91233b975eae
Zero Day Initiative Advisory 11-148
Posted Apr 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-148 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed stutil message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2011-1732
SHA-256 | 14ad6b33b2133aa33a41f1b429593d7a750571285a3866cfc02b76ba1486de4f
RSA Data Loss Prevention Cross Site Scripting
Posted Apr 29, 2011
Site emc.com

A potential cross site scripting vulnerability due to improper input validation that could be exploited in certain situations has been identified in RSA DLP Enterprise Manager versions 8.x.

tags | advisory, xss
advisories | CVE-2011-1423
SHA-256 | 38cd844b80979478bd8aa20e4c0f59b355da0733e4ab4803455be0aa2f29a4f0
HP Security Bulletin HPSBMA02668 SSRT100474
Posted Apr 29, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02668 SSRT100474 - Potential security vulnerabilities have been identified with HP OpenView Storage Data Protector. These vulnerabilities could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2011-1728, CVE-2011-1729, CVE-2011-1730, CVE-2011-1731, CVE-2011-1732, CVE-2011-1733, CVE-2011-1734, CVE-2011-1735, CVE-2011-1736
SHA-256 | 9c6b87ea5a51d78a49db66ccdad31b9b08c6d84e9f30b33bad4401cde966ee15
Zero Day Initiative Advisory 11-147
Posted Apr 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-147 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_INTEGUTIL message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2011-1731
SHA-256 | f659da60986105d1ea92fed5ce5fbcb2bdd152491092cabd7115a457e3ac66df
Zero Day Initiative Advisory 11-146
Posted Apr 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-146 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_SCRIPT message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2011-1730
SHA-256 | 2a4c0b62ef746b84a16567288fb88b57249195bc7c85abb96758824c31b89e12
Zero Day Initiative Advisory 11-145
Posted Apr 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-145 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed GET_FILE message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2011-1729
SHA-256 | fd833be83b009804f062058c2b0dd9fb78f7a2fc22faa3a3a6071d050d5dd951
Zero Day Initiative Advisory 11-144
Posted Apr 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-144 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_BAR message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2011-1728
SHA-256 | 6bee93a2fbb29c75cb6a138aa635508bdafbcda530ba4894b6930385c8a568e2
Secunia Security Advisory 44365
Posted Apr 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information and compromise a user's system.

tags | advisory, vulnerability
systems | linux, redhat
SHA-256 | bfe06d6b1b784c1c4bdfb25a05e8298f5ac717f5c05d83692ad45d3a1a061e3f
Secunia Security Advisory 44396
Posted Apr 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Alberto Ortega has discovered a vulnerability in eyeOS, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | 3197bde0e8770671d93e6ab53acd785c3b4358072758d90a538ac11024fdf75e
Secunia Security Advisory 43474
Posted Apr 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in Data Dynamics ActiveBar ActiveX Control, which can be exploited by malicious people to compromise a user's system.

tags | advisory, activex
SHA-256 | 49ba6957afe21a48b8b773ed89ac05afe62bf9844ca0f293ebbdf00c06782188
Secunia Security Advisory 44364
Posted Apr 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in udisks, which can be exploited by malicious, local users to bypass certain security restrictions.

tags | advisory, local
SHA-256 | 3c4c6054194ae6803a247de08f590bb13fe4c5f825401029a463f6dc50e79f2d
VMware Security Advisory 2011-0007
Posted Apr 29, 2011
Authored by VMware | Site vmware.com

VMware Security Advisory 2011-0007 - VMware ESXi and ESX could encounter a socket exhaustion situation which may lead to a denial of service. Updates to Likewise components and to the ESX Service Console address security vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2010-1323, CVE-2010-1324, CVE-2010-2240, CVE-2010-4020, CVE-2010-4021, CVE-2011-1785, CVE-2011-1786
SHA-256 | 5f83afe772b762282a93600a631d74790ef776e16da02e857f1d10bca8105619
Zero Day Initiative Advisory 11-143
Posted Apr 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-143 - This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Cisco Unified CM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Call Manager component. The system exposes an Apache webserver which contains a JSP script vulnerable to SQL injection. The xmldirectorylist.jsp file does not properly validate the f, l, and n parameters before passing them to the database. A remote attacker can abuse this to inject SQL statements to be evaluated by the underlying database.

tags | advisory, remote, arbitrary, sql injection
systems | cisco
advisories | CVE-2011-1610
SHA-256 | fa308914464bf01926e9a4d4ac3410d95c29f7cd0ee2f39af6da943a997c5e67
Secunia Security Advisory 44386
Posted Apr 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, redhat
SHA-256 | 1c6787b2aad7dcc287b2e748379d1a9ab2ccbab299c5b0152f0272de2a7c8f3e
Secunia Security Advisory 44386
Posted Apr 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, redhat
SHA-256 | 1c6787b2aad7dcc287b2e748379d1a9ab2ccbab299c5b0152f0272de2a7c8f3e
Oracle JD Edwards JDENET USRBROADCAST Denial Of Service
Posted Apr 28, 2011
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a specially crafted packet is sent to the JDENet service, and access violation is raised. As the process fails to process this exception, this results in a crash that would render the system unavailable.

tags | advisory, remote
SHA-256 | fb00b7dfd1a4bfaaa317b021b77e77953255278969e2ee8cefab09d76246d5df
Oracle JD Edwards JDENET Firewall Bypass
Posted Apr 28, 2011
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a specially-crafted UDP packet is sent to the JDENet port, the JDENET service creates a TCP connection to the provided IP and PORT parameters. This connection could be used to access the JDENET and all ERP functionality provided through that callback connection.

tags | advisory, remote, udp, tcp
SHA-256 | 0c98a162b3edfa493fb0a51d4bc92e4a10f6c96764005f2ec2eaeeb63450c32e
Oracle JD Edwards JDENET Buffer Overflow
Posted Apr 28, 2011
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a packet of a specific size is sent to the JDENet Service, a heap based buffer overflow condition is raised.

tags | advisory, remote, overflow
SHA-256 | 76921f4b4c1e91a19323ad91b682d4affa71e1a792efd459b4fefd21fe6aa43e
Oracle JD Edwards JDENET Remote Logging Deactivation
Posted Apr 28, 2011
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. Several ways remotely deactivate the kernel processes logging have been detected. If specifically crafted messages are sent to the JDENET Service, the JDENET Kernel will stop logging for the kernel processes activities.

tags | advisory, remote, kernel
SHA-256 | 6c0cc09e84bd9e005ca7c9ae97cdf041b999375c2808d37a4e86b78a4569c0fd
Oracle JD Edwards JDENET SawKernel Remote Password Disclosure
Posted Apr 28, 2011
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. It is possible for a remote and unauthenticated attacker to retrieve passwords of users that are allowed to login to the SAW Kernel (System Administration Workbench Kernel) in default installations of JD Edwards EnterpriseOne servers. As SAW users are allowed to, among other things, remotely execute commands on the server, the exploitation of this vulnerability leads to a full compromise of the server.

tags | advisory, remote, kernel
SHA-256 | f5e070e8139c15730f71e2ea443c613b4a3d3b03b82fa0971259148856bc1535
Oracle JD Edwards JDENET CallObjectKernel Remote Command Execution
Posted Apr 28, 2011
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a specially crafted message is sent to the JD Edwards server, running processes of XMLCallObject Kernel, then arbitrary commands can be executed through the JD Edwards CallObject Kernel process.

tags | advisory, remote, arbitrary, kernel
SHA-256 | 34c7ee07435c2ddc8c251c76a97e1bc8cc1efd0ab34980d34fa7d069d940abff
Oracle JD Edwards JDENET Kernel Shutdown
Posted Apr 28, 2011
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a specially-crafted message is sent to the JDENET Service, the JDENET Kernel performs a shutdown of the service.

tags | advisory, remote, kernel
SHA-256 | 495c315fad1554eb899346d39c9206a1fa99d8f13c9027b4c25f296d62c0b440
Insomnia Security Vulnerability Advisory 110427.1
Posted Apr 28, 2011
Authored by James Burton | Site insomniasec.com

Insomnia Security Vulnerability Advisory - The ODBC service component of IGSS listens on port 20222/tcp by default. The application layer protocol runs over TCP and reads an initial packet that specifies the amount of data to follow. A second read then takes place and the data is copied into a variable length buffer. Next the data is parsed and during this process a buffer overflow occurs on the stack. At minimum this vulnerability leads to denial of service though remote code execution may be possible.

tags | advisory, remote, denial of service, overflow, tcp, code execution, protocol
SHA-256 | 9b00196dabcaf93182f5a536e6c2c63ee2b1c359b79ac0f8472802f7bb57d00f
Page 2 of 27
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close