exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 37 RSS Feed

Files Date: 2012-08-03

Zero Day Initiative Advisory 12-135
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-135 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Apple QuickTime handles movies with the jpeg2k codec. When the size for a sample defined in the stsz atom is too big the QuickTime player fails to allocate the required memory for that sample. A pointer to the previous sample data still exists after the previous sample got freed. This pointer normally gets updated to point to the current sample data, but this does not happen when the allocation fails. The QuickTime player then re-uses the stale pointer and a use-after-free situation occurs. This can lead to remote code execution under that context of the current process.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2012-0661
SHA-256 | 09e42dfec87839316c3fa4944a3bae8125996c32c045c1e6fe4f1e71fe9cdf07
Zero Day Initiative Advisory 12-134
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-134 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Quickr. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QP2.cab ActiveX control. When passing a long string argument to the Attachment_Times or Import_Times parameters during the control's instantiation it is possible to overflow a stack buffer causing memory corruption. This can be leveraged by an attacker to execute code under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2012-2176
SHA-256 | f5b1d3bdb902f6fbbf1d919f024758ceeac8eabd9d85a7109b8e3468ff8294f4
Zero Day Initiative Advisory 12-133
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-133 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE iFix. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ihDataArchiver.exe process which listens by default on TCP port 14000. Several errors are present in the code responsible for parsing data from the network. By providing malformed data for opcodes 6, 7, 8, 10, and 12 the process can be made to corrupt memory which can lead to arbitrary code execution in the context of the user running the service.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2012-0229
SHA-256 | 487790ac548dd5ba5b92afb2b44a4620d3c83044346486bd2ccf2967ab6f9787
Zero Day Initiative Advisory 12-132
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-132 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus iNotes. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dwa85W.cab ActiveX control. When passing a long string argument to the Attachment_Times parameter during the control instantiation it is possible to overflow a stack buffer causing memory corruption. This can be leveraged by an attacker to execute code under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2012-2175
SHA-256 | 9ef39f1d18db5bb43468373d5a85085d53296aa6327d16072c4c35ffac79e8ed
Zero Day Initiative Advisory 12-131
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-131 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Microsoft .NET handling of XAML Browser Applications (XBAP) graphics components. It is possible to cause an undersized allocation for a buffer which is populated with user-supplied glyph data, resulting in memory corruption which can be leveraged to remotely execute code.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0162
SHA-256 | 2ba150accd380124e735108b1edaea64553b981dcdfde6e7789e26f7a74b150f
Zero Day Initiative Advisory 12-130
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-130 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header containing codec-specific data. When handling an error case, the application will forget to initialize a pointer which will later be used in a memory operation. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3458
SHA-256 | 5be5f0f92f11f0903a9f72e52afb3d8e5df2b6562bc8079d4ebab29e5466eba6
Zero Day Initiative Advisory 12-129
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-129 - This vulnerability allows remote attackers to execute arbitrary code from the contact of kernelspace on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the kernel's support for TrueType font parsing of compound glyphs. A sign extension error exists in win32k.sys when processing compound glyphs having a total number of contours above 0x7FFF. This can be exploited to corrupt kernel heap memory placed below the space allocated for the "flags" buffer and potentially execute arbitrary code in kernel space.

tags | advisory, remote, arbitrary, kernel
systems | windows
advisories | CVE-2012-0159
SHA-256 | e75b08b74f32bfc501dc8a86f8d3c57d49f38b38038de8495feb68116308083e
Zero Day Initiative Advisory 12-128
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-128 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within nsINode::ReplaceOrInsertBefore() in content/base/src/nsGenericElement.cpp. A use-after-free condition can be triggered by adding an already parented option element to an option collection and then removing its associated select element during an event handler execution. Successful exploitation of this vulnerability will lead to code execution in the context of the browser.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-3671
SHA-256 | f0da9b5ef6fab41061ead47f03f210ae169ca522e644b97eac719b6f7a7aa4db
Elefant CMS 1.2.0 Cross Site Scripting
Posted Aug 3, 2012
Authored by PuN!Sh3r

Elefant CMS version 1.2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7d633ca35dcdd51ec04d43ffc83bc31ba4e60aac4c2f13837b01cf53564b35cb
Am4ss 1.2 Cross Site Scripting
Posted Aug 3, 2012
Authored by s3n4t00r

Am4ss versions 1.2 and below suffer from reflective and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 069ae1e4b1045c54a44da03f4a570d666486a1585a68fe8468d77ce035c1d9fe
Am4ss 1.2 PHP Code Injection
Posted Aug 3, 2012
Authored by i-Hmx

Am4ss versions 1.2 and below suffer from a remote PHP code injection vulnerability.

tags | exploit, remote, php
SHA-256 | 14691d46558a43db63b5ae8d7df76e0c095c233b3ef1a03c99e9e84d0f602415
FreeBSD Kernel SCTP Denial Of Service
Posted Aug 3, 2012
Authored by Shaun Colley

The SCTP implementation used by FreeBSD ("reference implementation") is vulnerable to a remote NULL pointer dereference in kernel due to a logic bug. When parsing ASCONF chunks, an attempt is made to find an association by address. if the address found is INADDR_ANY, sctp_findassoc_by_vtag() is called and an attempt is made to find an association by vtag. Before searching for the vtag in a hash table, a pointer is set to NULL, with the intention of redefining it after finding the association. However, if the specified vtag is not found, the function returns and the ptr is never reinitialized, causing a kernel panic when the NULL pointer is later dereferenced by the SCTP_INP_DECR_REF macro when flow returns to sctp_process_control(). This is a proof of concept denial of service exploit.

tags | exploit, remote, denial of service, kernel, proof of concept
systems | freebsd
SHA-256 | 318b17b766a7c0e5fc891db3c6cd991c6323ae2a559c0d010ec2ec369599711b
Liferay JSON Server API Authentication
Posted Aug 3, 2012
Authored by Danilo Massa, Enrico Cinquini

The Liferay JSON implementation does not check if a user calling a method on a serviceClass is disabled. Usually the default administrator user, test@liferay.com, is used to create a new administrator and disabled without a change to the default password, so it is possible to use it to execute JSON API calls. Versions 6.0.5 and 6.0.6 are vulnerable.

tags | exploit, bypass
SHA-256 | 840d89136b0bbd34dcc7fbaa674c8f425af2c5bab7ef9bb1fac81338af82ef39
Apache Libcloud 0.11.1 Possible Man In The Middle
Posted Aug 3, 2012
Authored by Suman Jana, Vitaly Shmatikov, Martin Georgiev | Site libcloud.apache.org

Apache Libcloud versions 0.4.2 through 0.11.1 suffer from a possible man-in-the-middle condition. When establishing a secure (SSL / TLS) connection to a target server an invalid regular expression has been used for performing the hostname verification. Subset instead of the full target server hostname has been marked as an acceptable match for the given hostname.

tags | advisory
advisories | CVE-2012-3446
SHA-256 | 9e708dbf4b24b26ef40d5b23c71eaa9fae3674a5663c7c3350ac8e0bede741fe
Secunia Security Advisory 50173
Posted Aug 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in the XVE Various Embed plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | f4d5fecdc356557b2890cf99029ffce4c3d7a8bb6bcb3bee9c7476681af88c42
Secunia Security Advisory 50135
Posted Aug 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for openoffice.org. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | 3e23076ea797a8d6aafedb22dbc607794c8f7cacc01260c9477e0fdaef685928
Secunia Security Advisory 50164
Posted Aug 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in BlackBerry Tablet OS, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, gain knowledge of potentially sensitive information, and compromise a user's system.

tags | advisory, vulnerability, xss
SHA-256 | 4358c8241e6bd5b544810371e1ff4688a3d168a3472b6bbfa715df033dd2e189
Secunia Security Advisory 50158
Posted Aug 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, redhat
SHA-256 | 17c12c5c54c0c7837d919a4dfcf236c5e30c022bd1b6198d5b420f85bd85422b
Secunia Security Advisory 50175
Posted Aug 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for dhcp. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, redhat
SHA-256 | b8941568d6555d007d8fcbfa07e7a46e1869c720b6b61b5ae1d705881339eedb
Mandriva Linux Security Advisory 2012-122
Posted Aug 3, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-122 - Multiple vulnerabilities has been discovered and corrected in icedtea-web. An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code. It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface. When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution. The updated packages have been upgraded to the 1.1.6 version which is not affected by these issues.

tags | advisory, web, arbitrary, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2012-3422, CVE-2012-3423
SHA-256 | e54255ca79425edaf6f80ec86b150446915000646da9fc75bb873211676e0a94
Zenoss 3 showDaemonXMLConfig Command Execution
Posted Aug 3, 2012
Site metasploit.com

This Metasploit module exploits a command execution vulnerability in Zenoss 3.x which could be abused to allow authenticated users to execute arbitrary code under the context of the 'zenoss' user. The show_daemon_xml_configs() function in the 'ZenossInfo.py' script calls Popen() with user controlled data from the 'daemon' parameter.

tags | exploit, arbitrary
SHA-256 | 33a140d75ff71c375fe706c83c3e8477cf89926c68093442613d62be2a4e1ddd
Psexec Via Current User Token
Posted Aug 3, 2012
Authored by Jabra, egypt | Site metasploit.com

This Metasploit module uploads an executable file to the victim system, creates a share containing that executable, creates a remote service on each target system using a UNC path to that file, and finally starts the service(s). The result is similar to psexec but with the added benefit of using the session's current authentication token instead of having to know a password or hash.

tags | exploit, remote
advisories | CVE-1999-0504, OSVDB-3106
SHA-256 | 1266e769e519a09d7281cc5e6e4bf971bf2865f98a66227eb701a97be346b69f
HP Security Bulletin HPSBMU02796 SSRT100594 3
Posted Aug 3, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02796 SSRT100594 3 - Potential security vulnerabilities have been identified with HP Operations Agent and HP Performance Agent for AIX, HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in the execution of arbitrary code. Revision 3 of this advisory.

tags | advisory, arbitrary, vulnerability
systems | linux, windows, solaris, aix, hpux
advisories | CVE-2012-2019, CVE-2012-2020
SHA-256 | 3f6dc4794fecdbb1b3d9d771df74bec69fbc5554fc0f551c124b56e6401a877c
Cisco Linksys PlayerPT ActiveX Control SetSource sURL argument Buffer Overflow
Posted Aug 3, 2012
Authored by Carsten Eiram, juan | Site metasploit.com

This Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, when handling a specially crafted sURL argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.

tags | exploit, web, overflow, code execution
systems | cisco
advisories | CVE-2012-0284
SHA-256 | 5a88ff9a13dc712f648150200591ec804a09cb0631600c4db7449f3c17604a4b
Dell SonicWALL Scrutinizer 9 SQL Injection
Posted Aug 3, 2012
Authored by muts, sinn3r, Devon Kearns | Site metasploit.com

This Metasploit module exploits a vulnerability found in Dell SonicWall Scrutinizer. While handling the 'q' parameter, the PHP application does not properly filter the user-supplied data, which can be manipulated to inject SQL commands, and then gain remote code execution. Please note that authentication is NOT needed to exploit this vulnerability.

tags | exploit, remote, php, code execution
advisories | CVE-2012-2962, OSVDB-84232
SHA-256 | 2fd37f85b3b97b8f8c3c3028dc3ce694832b09af2ec361d954d869e453380a88
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close