exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 732 RSS Feed

Files

Oracle AutoVue ActiveX SetMarkupMode Remote Code Execution
Posted Jun 30, 2012
Authored by HP DVLabs, Brian Gorenc | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle AutoVue. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AutoVueX.ocx ActiveX object. There exists a method SetMarkupMode() that takes an unbounded string as an argument and copies it to a fixed-length buffer on the stack. This can lead to memory corruption which can be leveraged to execute code under the context of the process.

tags | advisory, remote, arbitrary, activex
SHA-256 | d0b8d50ce085b0435944a0735fd5ffce0d7e03f8b5c5b4f151b32a911007ff7a
Hewlett-Packard Data Protector DtbClsAddObject Parsing Remote Code Execution
Posted Jun 29, 2012
Authored by Aaron Portnoy, HP DVLabs | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dpwintdb.exe process which listens by default on TCP port 3817. When parsing data within a DtbClsAddObject request, the process copies data from the network into a fixed-length buffer on the stack via an unchecked loop. This can be leveraged by attackers to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2012-0123
SHA-256 | 556adc16dad6ca3f4873f33810b698ebf5dfd71151e2fd435143e01f45c5066c
Debian Security Advisory 2505-1
Posted Jun 29, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2505-1 - An XML External Entities inclusion vulnerability was discovered in Zend Framework, a PHP library. This vulnerability may allow attackers to access to local files, depending on how the framework is used.

tags | advisory, local, php, xxe
systems | linux, debian
advisories | CVE-2012-3363
SHA-256 | d45dbbe7fa51ef7a30834fdc072c235fb62211ea1d381d9c18fffe4027dd77c5
Ubuntu Security Notice USN-1493-1
Posted Jun 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1493-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2313, CVE-2012-2319, CVE-2012-2313, CVE-2012-2319
SHA-256 | 77525d18fe3903454b40d845ae40d20592c749585227b9b425eaaa4ee7df89b9
Ubuntu Security Notice USN-1492-1
Posted Jun 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1492-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2313, CVE-2012-2319, CVE-2012-2313, CVE-2012-2319
SHA-256 | 5c008bad4bf5b5e6f2d1edfe0b628bc54eaa408b4b6b43672c68f300dcd7c96c
Ubuntu Security Notice USN-1491-1
Posted Jun 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1491-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2313, CVE-2012-2319, CVE-2012-2313, CVE-2012-2319
SHA-256 | da9199238227f76fc593b9934eb5128793f02fc7a4f1b881de72ef364cf8b2fc
Ubuntu Security Notice USN-1490-1
Posted Jun 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1490-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges. A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS). Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2313, CVE-2012-2319, CVE-2012-2375, CVE-2012-2313, CVE-2012-2319, CVE-2012-2375
SHA-256 | 8f1a22f35dec0021c950b54a8ef4715f583605a9e928beaab4afd45ba2ffe802
Ubuntu Security Notice USN-1489-1
Posted Jun 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1489-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2012-2375
SHA-256 | a0160d2bf1976d1fe7a48540546da24d592052eae3d9e80102788a8201dfa773
Ubuntu Security Notice USN-1488-1
Posted Jun 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1488-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges. A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS). Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2313, CVE-2012-2319, CVE-2012-2375, CVE-2012-2313, CVE-2012-2319, CVE-2012-2375
SHA-256 | 9ff2c344a22dd177a74b4584652f72e70cc7becfc17793c4eb7ac7dc1549d124
Ubuntu Security Notice USN-1487-1
Posted Jun 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1487-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2012-2375
SHA-256 | 818704e55d7a06e1a37274e59681ade1cd3395e22dd1ce9e2a161df2bcedfc23
Ubuntu Security Notice USN-1486-1
Posted Jun 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1486-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2012-2375
SHA-256 | ec7dfba0e891878772a737bc7291e76b065bb2ab7ad0105a3f6c7511633de311
Secunia Security Advisory 49755
Posted Jun 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Support Assistant, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

tags | advisory, vulnerability, xss
SHA-256 | 71c9253703bf5bf2d581cc9ee2ab76440afb59136515badd54ad8abcf4ac4b92
Secunia Security Advisory 49690
Posted Jun 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for bcfg2. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, debian
SHA-256 | 6f41ac202fc35d6547ba6ff0f2fda80d82d7e9f63e765de4317d406dbca32e3a
Secunia Security Advisory 49762
Posted Jun 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Avaya IP Office Customer Call Reporter, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | ebe6c2ceb1275dc2811f5802b7baa5ce2cb55fd58ed250abb9a6be6edd1f1b2b
Secunia Security Advisory 49760
Posted Jun 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for python-crypto. This fixes a weakness, which can be exploited by malicious people to conduct brute force attacks.

tags | advisory, cryptography, python
systems | linux, ubuntu
SHA-256 | bc029fce5673bf2054a75e646770f76352b50f52789172738c802ace6abce190
Secunia Security Advisory 49684
Posted Jun 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for libspring-2.5-java. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory, java
systems | linux, debian
SHA-256 | c55aa8555cb0c5ce86342ab8be4ea4ffeeb2e4a103e6ff47c7bd60dd3dc079d1
Secunia Security Advisory 49695
Posted Jun 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in accountsservice, which can be exploited by malicious, local users to disclose sensitive information.

tags | advisory, local
SHA-256 | 5906e432b70b0eeddcc362fb337bf6421be8aa296d63418f9648744ef5058678
Secunia Security Advisory 49759
Posted Jun 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for accountsservice. This fixes a vulnerability, which can be exploited by malicious, local users to disclose sensitive information.

tags | advisory, local
systems | linux, ubuntu
SHA-256 | 435cdd79dde3bb7cc5ecda8ed203f49ff129c6112ed220563b4223902e609ca4
Secunia Security Advisory 49761
Posted Jun 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IP.Board, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | cda6881bbf77aed21b0441e84b1dc5287ad4cd6d8a7a3e42df2f803ebc863c03
Secunia Security Advisory 49728
Posted Jun 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in multiple GE Intelligent Platforms products, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 5870c4b090d1b64963f717703d1a860db29f53d55726c7ab401f8bf06ebcc549
Zero Day Initiative Advisory 12-113
Posted Jun 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-113 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational ClearQuest. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CQOle ActiveX control. A function prototype mismatch in an ActiveX wrapper results in an extra argument to be pushed onto the stack, thereby misaligning the stack offset. When the function returns, it can be made to jump to a memory address provided via the ActiveX method call. This can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2012-0708
SHA-256 | ee2420a705a26ed773b1354114c6612b6c63f17469cb4b7177fbc350de395af5
Zero Day Initiative Advisory 12-112
Posted Jun 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-112 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opcode 0x4 contains a Parameter Name string NetWeaver will eventually write a \x00 byte onto the stack to mark the end of the string. The location of this null byte is dependent on user supplied data and the resulting stack corruption can lead to remote code execution under the context of the running process.

tags | advisory, remote, arbitrary, code execution
SHA-256 | a0f622145843006fa62dd9d19de99eb5f3c0d11cce559f5e222a1eee50b9b533
Zero Day Initiative Advisory 12-111
Posted Jun 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-111 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user supplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process.

tags | advisory, remote, overflow, arbitrary, code execution
SHA-256 | ad22b44c74644b46fdacc02308bbd21656af15bb64c46cfe7da8bd7939f91b79
Zero Day Initiative Advisory 12-110
Posted Jun 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-110 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Firefox handles nsDOMAttribute child removal. It is possible to remove a child without setting the removed child pointer to NULL, thus leaving it still accessible as a dangling pointer. Subsequent use of this pointer allows for remote code execution.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-3659
SHA-256 | 75a17d05bb1ce9d85c18a44c0f62f0d23ba1f077eab5fccd0a2a8d01acd33897
Zero Day Initiative Advisory 12-108
Posted Jun 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the sampleData element the code within QuickTime3GPP.qtx does not properly validate the length of the data within a color sub-field before copying it into a fixed-length buffer on the stack. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code under the context of the user running Quicktime.

tags | advisory, remote, arbitrary
systems | apple
SHA-256 | 67df3b8ec25a60a634a3128373f2eafefadf0c72627a2cc6d57389c101714488
Page 1 of 30
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close