seeing is believing
Showing 1 - 25 of 37 RSS Feed

Files Date: 2012-08-03

Zero Day Initiative Advisory 12-135
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-135 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Apple QuickTime handles movies with the jpeg2k codec. When the size for a sample defined in the stsz atom is too big the QuickTime player fails to allocate the required memory for that sample. A pointer to the previous sample data still exists after the previous sample got freed. This pointer normally gets updated to point to the current sample data, but this does not happen when the allocation fails. The QuickTime player then re-uses the stale pointer and a use-after-free situation occurs. This can lead to remote code execution under that context of the current process.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2012-0661
MD5 | a3c9630afd77f3911b82c081120f46a0
Zero Day Initiative Advisory 12-134
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-134 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Quickr. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QP2.cab ActiveX control. When passing a long string argument to the Attachment_Times or Import_Times parameters during the control's instantiation it is possible to overflow a stack buffer causing memory corruption. This can be leveraged by an attacker to execute code under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2012-2176
MD5 | ed2e52c95096a4f85ce14dc4a4b7f9dd
Zero Day Initiative Advisory 12-133
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-133 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE iFix. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ihDataArchiver.exe process which listens by default on TCP port 14000. Several errors are present in the code responsible for parsing data from the network. By providing malformed data for opcodes 6, 7, 8, 10, and 12 the process can be made to corrupt memory which can lead to arbitrary code execution in the context of the user running the service.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2012-0229
MD5 | 4e41450ecea92e9c6983d629f31d3fcb
Zero Day Initiative Advisory 12-132
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-132 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus iNotes. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dwa85W.cab ActiveX control. When passing a long string argument to the Attachment_Times parameter during the control instantiation it is possible to overflow a stack buffer causing memory corruption. This can be leveraged by an attacker to execute code under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2012-2175
MD5 | 1a87b7a70ab1f842064e21890f64dd2d
Zero Day Initiative Advisory 12-131
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-131 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Microsoft .NET handling of XAML Browser Applications (XBAP) graphics components. It is possible to cause an undersized allocation for a buffer which is populated with user-supplied glyph data, resulting in memory corruption which can be leveraged to remotely execute code.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0162
MD5 | fa28d73142451f1eab4aa6b9a737d9ec
Zero Day Initiative Advisory 12-130
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-130 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header containing codec-specific data. When handling an error case, the application will forget to initialize a pointer which will later be used in a memory operation. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3458
MD5 | 2b0085628fee048c74492dad644f5d62
Zero Day Initiative Advisory 12-129
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-129 - This vulnerability allows remote attackers to execute arbitrary code from the contact of kernelspace on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the kernel's support for TrueType font parsing of compound glyphs. A sign extension error exists in win32k.sys when processing compound glyphs having a total number of contours above 0x7FFF. This can be exploited to corrupt kernel heap memory placed below the space allocated for the "flags" buffer and potentially execute arbitrary code in kernel space.

tags | advisory, remote, arbitrary, kernel
systems | windows
advisories | CVE-2012-0159
MD5 | 6638cda1f10a49e2ab4453a0387c340a
Zero Day Initiative Advisory 12-128
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-128 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within nsINode::ReplaceOrInsertBefore() in content/base/src/nsGenericElement.cpp. A use-after-free condition can be triggered by adding an already parented option element to an option collection and then removing its associated select element during an event handler execution. Successful exploitation of this vulnerability will lead to code execution in the context of the browser.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-3671
MD5 | 28593cf01646b351920076824b7d648b
Elefant CMS 1.2.0 Cross Site Scripting
Posted Aug 3, 2012
Authored by PuN!Sh3r

Elefant CMS version 1.2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 584104abe7b7f43d78d64ca8ff97ad56
Am4ss 1.2 Cross Site Scripting
Posted Aug 3, 2012
Authored by s3n4t00r

Am4ss versions 1.2 and below suffer from reflective and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 92c04e96b435bd6bf1f9e4af4177a007
Am4ss 1.2 PHP Code Injection
Posted Aug 3, 2012
Authored by i-Hmx

Am4ss versions 1.2 and below suffer from a remote PHP code injection vulnerability.

tags | exploit, remote, php
MD5 | 16aae2d502e5b6e134b9e50c7c6f6e88
FreeBSD Kernel SCTP Denial Of Service
Posted Aug 3, 2012
Authored by Shaun Colley

The SCTP implementation used by FreeBSD ("reference implementation") is vulnerable to a remote NULL pointer dereference in kernel due to a logic bug. When parsing ASCONF chunks, an attempt is made to find an association by address. if the address found is INADDR_ANY, sctp_findassoc_by_vtag() is called and an attempt is made to find an association by vtag. Before searching for the vtag in a hash table, a pointer is set to NULL, with the intention of redefining it after finding the association. However, if the specified vtag is not found, the function returns and the ptr is never reinitialized, causing a kernel panic when the NULL pointer is later dereferenced by the SCTP_INP_DECR_REF macro when flow returns to sctp_process_control(). This is a proof of concept denial of service exploit.

tags | exploit, remote, denial of service, kernel, proof of concept
systems | freebsd
MD5 | 05cc888759970d3a27b3dd8dfef71014
Liferay JSON Server API Authentication
Posted Aug 3, 2012
Authored by Danilo Massa, Enrico Cinquini

The Liferay JSON implementation does not check if a user calling a method on a serviceClass is disabled. Usually the default administrator user, test@liferay.com, is used to create a new administrator and disabled without a change to the default password, so it is possible to use it to execute JSON API calls. Versions 6.0.5 and 6.0.6 are vulnerable.

tags | exploit, bypass
MD5 | 7b177aebe36921c8322de2f1d1b6ba54
Apache Libcloud 0.11.1 Possible Man In The Middle
Posted Aug 3, 2012
Authored by Suman Jana, Vitaly Shmatikov, Martin Georgiev | Site libcloud.apache.org

Apache Libcloud versions 0.4.2 through 0.11.1 suffer from a possible man-in-the-middle condition. When establishing a secure (SSL / TLS) connection to a target server an invalid regular expression has been used for performing the hostname verification. Subset instead of the full target server hostname has been marked as an acceptable match for the given hostname.

tags | advisory
advisories | CVE-2012-3446
MD5 | 24bc72c0224f57e8d361ca64a9846287
Secunia Security Advisory 50173
Posted Aug 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in the XVE Various Embed plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 40a413d82c6734e4fa17a05032abbecf
Secunia Security Advisory 50135
Posted Aug 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for openoffice.org. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, debian
MD5 | a9c2762cb656b4d46905e9d9cc0addfd
Secunia Security Advisory 50164
Posted Aug 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, gain knowledge of potentially sensitive information, and compromise a user's system.

tags | advisory, vulnerability, xss
MD5 | 9b025bb31d962148f051bad1c1a334de
Secunia Security Advisory 50158
Posted Aug 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, redhat
MD5 | 7319b1e4b99356930c7035da217e65be
Secunia Security Advisory 50175
Posted Aug 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for dhcp. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, redhat
MD5 | 14fa61b6a71bb5b87f336159adb57192
Mandriva Linux Security Advisory 2012-122
Posted Aug 3, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-122 - Multiple vulnerabilities has been discovered and corrected in icedtea-web. An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code. It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface. When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution. The updated packages have been upgraded to the 1.1.6 version which is not affected by these issues.

tags | advisory, web, arbitrary, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2012-3422, CVE-2012-3423
MD5 | 3cc27f97068a6b9857d9f6b7e626b6c0
Zenoss 3 showDaemonXMLConfig Command Execution
Posted Aug 3, 2012
Site metasploit.com

This Metasploit module exploits a command execution vulnerability in Zenoss 3.x which could be abused to allow authenticated users to execute arbitrary code under the context of the 'zenoss' user. The show_daemon_xml_configs() function in the 'ZenossInfo.py' script calls Popen() with user controlled data from the 'daemon' parameter.

tags | exploit, arbitrary
MD5 | 18a8996e6624e3d43734b0f35bf0562f
Psexec Via Current User Token
Posted Aug 3, 2012
Authored by Jabra, egypt | Site metasploit.com

This Metasploit module uploads an executable file to the victim system, creates a share containing that executable, creates a remote service on each target system using a UNC path to that file, and finally starts the service(s). The result is similar to psexec but with the added benefit of using the session's current authentication token instead of having to know a password or hash.

tags | exploit, remote
advisories | CVE-1999-0504, OSVDB-3106
MD5 | 0bbd2a9a13a6e081275470dda5d8d388
HP Security Bulletin HPSBMU02796 SSRT100594 3
Posted Aug 3, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02796 SSRT100594 3 - Potential security vulnerabilities have been identified with HP Operations Agent and HP Performance Agent for AIX, HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in the execution of arbitrary code. Revision 3 of this advisory.

tags | advisory, arbitrary, vulnerability
systems | linux, windows, solaris, aix, hpux
advisories | CVE-2012-2019, CVE-2012-2020
MD5 | d6b3e9050d33abbeba7b072544e86852
Cisco Linksys PlayerPT ActiveX Control SetSource sURL argument Buffer Overflow
Posted Aug 3, 2012
Authored by Carsten Eiram, juan | Site metasploit.com

This Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, when handling a specially crafted sURL argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.

tags | exploit, web, overflow, code execution
systems | cisco
advisories | CVE-2012-0284
MD5 | ecab8e56ceac6dddbd1e6960e3f65b68
Dell SonicWALL Scrutinizer 9 SQL Injection
Posted Aug 3, 2012
Authored by muts, sinn3r, Devon Kearns | Site metasploit.com

This Metasploit module exploits a vulnerability found in Dell SonicWall Scrutinizer. While handling the 'q' parameter, the PHP application does not properly filter the user-supplied data, which can be manipulated to inject SQL commands, and then gain remote code execution. Please note that authentication is NOT needed to exploit this vulnerability.

tags | exploit, remote, php, code execution
advisories | CVE-2012-2962, OSVDB-84232
MD5 | 759e78201b01aab52f1b6d318bceac01
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    5 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close