Core Security Technologies Advisory - This advisory describes multiple vulnerabilities based on quirks in how Windows handles file names. Nginx, Cherokee, Mongoose, and LightTPD webservers suffer from related vulnerabilities. Details are provided.
d14c8eb014b778de314270ccadfa10820be40c7e4cb58c2ae40cd08b564722b4
Core Security Technologies Advisory - A security vulnerability was discovered in LANDesk Management Suite: a cross-site request forgery which allows an external remote attacker to make a command injection that can be used to execute arbitrary code using the webserver user. As a result, an attacker can remove the firewall and load a kernel module, allowing root access to the appliance. It also can be used as a non-persistent XSS.
503f2b9ce130e8c9fd7df36be1f7004846c5609f67a25cc3666a370cdbd97a49
Core Security Technologies Advisory - This advisory describes two vulnerabilities that provide access to any file stored in on a user's desktop system if it is running a vulnerable version of Internet Explorer. These vulnerabilities can be used in attacks combined with a number of insecure features of Internet Explorer to provide remote access to locally stored files without the need for any further action from the victim after visiting a website controlled by the attacker.
c800a9c7100145533df8300c9ca9eb4514a7c1bea12adc78a2c14e81e1b7f5a6
Core Security Technologies Advisory - Corel Paint Shop Pro Photo X2 is prone to a heap-based buffer overflow when processing malformed FPX files, because it trusts user-controlled data located inside a FPX file and uses it as a loop counter when copying data from a FPX file into a fixed-size buffer located in the heap. This vulnerability can be exploited to overwrite adjacent heap chunks metadata, and possibly to gain arbitrary code execution.
a6f2c88aa2e79b669f40a3e754b153097c2a704191671ee32dc54d20f872330a
Core Security Technologies Advisory - The Cisco Secure Desktop web application does not sufficiently verify if a well-formed request was provided by the user who submitted the POST request, resulting in a cross-site scripting vulnerability. In order to be able to successfully make the attack, the Secure Desktop application on the Cisco Appliance must be turned on.
f8c48a5475b2b0502d92201a787561418f197b00968eea66badd89e44af41aab
Core Security Technologies Advisory - Google SketchUp is a 3D modeling program designed for architects, civil engineers, filmmakers, game developers, and related professions. Google SketchUp bundles an old version of 'lib3ds', a library used to process 3DS files. This library is being compiled in a way that leads to improper validation of data when importing 3DS files; this condition can be exploited by remote attackers to trigger a memory corruption vulnerability by enticing an unsuspecting user to open a specially crafted 3DS file, possibly leading to arbitrary code execution.
2f4f0b2f8e854921c30156980745b90a334a85148a9703a687f78ac65ba78572
Core Security Technologies Advisory - The TestLink Test Management and Execution System suffers from cross site scripting and remote SQL injection vulnerabilities. Versions below 1.8.5 are affected.
2bbdda7eafe32f627a758e47e2c6db60062bf70f69910951129140b25d14cab6
Core Security Technologies Advisory - DAZ Studio is a 3D figure illustration/animation application released by DAZ 3D Inc. DAZ Studio can be accessed via a scripting language which allows for quite a bit of diversity in tool creation. DAZ Studio does not ask for any confirmation from the user prior to executing a scripting file with any of the following extensions: .ds, .dsa, .dse, .dsb. An attacker could abuse the scripting interface by enticing an unsuspecting user to open a malicious scripting file, thus obtaining remote code execution. Proof of concept code included.
bc2f5464386e3be721cdbc8b583c0470e0611c6c6ed620163db7b5157d15915b
Core Security Technologies Advisory - Autodesk Maya Script Nodes suffers from an arbitrary command execution vulnerability.
712759632964aaf8f28383abb772e4eddf35bed1cc5ff8cf14afe7edc29eff56
Core Security Technologies Advisory - Autodesk 3DS Max Application Callbacks suffers from an arbitrary command execution vulnerability.
12afede80085a780e1c1f5f949f3e5fcff03a3da7d88aeb395f51b281b4bbef7
Core Security Technologies Advisory - Autodesk SoftImage Scene TOC suffers from an arbitrary command execution vulnerability.
6a65333fd95ea605b67837e1d86e4a86121099882aba62fc0c7d2e867650527f
Core Security Technologies Advisory - A remotely exploitable vulnerability was found in the database server core component of IBM SolidDB. Exploitation of this bug does not require authentication and will lead to a remotely triggered denial of service of the database service.
d60d3c2c38ac6ce3b4aefe7d471cb28d7e8c9c48ff97cecb711f736e13685b6a
Core Security Technologies Advisory - HP Openview Network Node Manager is one of the most widely-deployed network monitoring and management platforms used throughout enterprise organizations today. The platform includes many server and client-side core components with a long list of previously disclosed security bugs. In this case, a remotely exploitable vulnerability was found in the database server core component used by NNM. Exploitation of the bug does not require authentication and will lead to a remotely triggered denial of service of the internal database service. HP Openview NNM version 7.53 is affected.
7d534a7b0dbe0cbc5abd0d58b4d34abfed0c6b32115eace7c6021c6659df10e8
Core Security Technologies Advisory - Blender embeds a python interpreter to extend its functionality. Blender .blend project files can be modified to execute arbitrary commands without user intervention by design. An attacker can take full control of the machine where Blender is installed by sending a specially crafted .blend file and enticing the user to open it.
1fef8cb8fcac60f760b13718f93b477b71bdd1c6562c217b66231efa118f8715
Core Security Technologies Advisory - Jetty includes several sample web applications for the developer to learn from. One of them sets cookies with user supplied data, and then dumps them as html. This application does not filter the user supplied data when outputting it to the visitor. This constitutes a persistent XSS vulnerability.
1d3bae9ebf67441bb0401c9b336fb07ca5494eb9dfaf93b0173ebe8ac5891188
Core Security Technologies Advisory - Multiple cross-site scripting vulnerabilities (both stored and reflected) have been found in the web interface of Hyperic HQ, which can be exploited by an attacker to execute arbitrary JavaScript code in the context of the browser of a legitimate logged in user.
e24cd8f9420814d1efc5cad93c82dc019763d677a2ddf87759490020fa369ba3
Core Security Technologies Advisory - A vulnerability has been found in Dnsmasq that may allow an attacker to execute arbitrary code on servers or home routers running dnsmasq with the TFTP service enabled.
80df67764b34800eb08eb9d5dc454a391b749b4892f98025471140ae22b92ce6
Core Security Technologies Advisory - A remote arbitrary-code-execution vulnerability has been found in Libpurple (used by Pidgin and Adium instant messaging clients, among others), which can be triggered by a remote attacker by sending a specially crafted MSNSLP packet with invalid data to the client through the MSN server. No victim interaction is required, and the attacker is not required to be in the victim's buddy list (under default configuration). Libpurple versions 2.5.8 and below are affected.
f363baeb98fdd656675988b12ada553e50c4b259ca0340eeb44952b1b17ac21d
Core Security Technologies Advisory - A remote denial of service vulnerability has been found in Firebird SQL, which can be exploited by a remote attacker to force the server to close the socket where it is listening for incoming connections and to enter an infinite loop, by sending an unexpected 'op_connect_request' message with invalid data to the server. Proof of concept code included.
90ecc7675d7352bdb4c265d9a2f0486a70e7b76913144d97837f2fbf6942280f
Core Security Technologies Advisory - The Real Helix DNA RTSP and SETUP request handler suffers from multiple denial of service vulnerabilities.
cdff514d4f41c4b45e2a5462892a195bd759a59e2540efc5011f58cbf0636d02
Core Security Technologies Advisory - A vulnerability was found in the way that WordPress handles some URL requests. This results in unprivileged users viewing the content of plugins configuration pages, and also in some plugins modifying plugin options and injecting JavaScript code. Arbitrary native code may be run by a malicious attacker if the blog administrator runs injected JavasScript code that edits blog PHP code.
43efc5605f03f9b6b8bc960812c20a8df3e0ad4ba585ad37e94105a2c1f2b536
Core Security Technologies Advisory - Awakening's Winds3D Viewer, which runs as a plugin within most popular web browsers, is vulnerable to a remotely exploitable arbitrary command execution vulnerability which can be triggered by making the user visit a malicious link/website. Versions 3.5.0.0 and 3.0.0.5 are vulnerable.
9678ea739c83991289267c1a44276a19199e2657a49fbf488df9eccc5dd96d31
Core Security Technologies Advisory - Internet Explorer suffers from a security zone restrictions bypass vulnerability.
00ae2f69dfa84d56b233d948b78867e7ebdeb7f893db82ff83c658484348e7c6
Core Security Technologies Advisory - The DX Studio Player Firefox plug-in suffers from a command injection vulnerability.
f5f901c9f6726f2f43e4d97c8d0750144416ef2ed9e07d3b11923f7251e90b24
Core Security Technologies Advisory - CUPS versions 1.3.9 and below suffer from a handling flaw of the IPP_TAG_UNSUPPORTED tag that allows attackers to cause a remote pre-authentication denial of service.
c015aeb8f199c04414df0ffabb0edc2e28089f8b3418871e171f578104ffebe6