KindEditor version 4.1.2 suffers from a cross site scripting vulnerability.
d200f0debb0858f080de57b04eec8d8220a0d2c68dcbce9408afd9284a013239Zero Day Initiative Advisory 12-163 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP H3C/3Com iNode Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the iNOdeMngChecker.exe component which listens by default on TCP port 9090. When handling the 0x0A0BF007 packet type the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
ee7c5bfa82696ab8aa7a9203728c81408dd095f92518ca4087f80ecfbbb8f412web@all CMS version 2.0 suffers from a remote SQL injection vulnerability.
5d1d7ebd196c640fddfa29873457fec265a82ada0de5d0e392034b0e69ae384aZero Day Initiative Advisory 12-162 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Diagnostics Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the magentservice.exe process which listens on port 23472 by default. The process performs insufficient bounds checking on user-supplied data prior to copying it into a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
dcd7cf44eeb2efc5811f159ad32b2a2a46d94210337e1caeadce33e89a9944c1Zero Day Initiative Advisory 12-161 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Autostart ftAgent, which is deployed on machines managed by EMC Autostart by default. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing routines for op-codes used by EMC Autostart ftAgent's proprietary network protocol. This ftAgent.exe service listens on TCP port 8045, and performs arithmetic for memory size calculation using values read from the network without validation. This arithmetic is susceptible to integer overflow, causing the memory allocation to be undersized, ultimately allowing for heap-based memory corruption. An attacker can exploit this condition to gain remote code execution as user SYSTEM.
fdee368795f66f47a0823976f64f0ad1a9e458bf0bb5679fe899f32f95d88be7web@all CMS version 2.0 suffers from multiple cross site scripting vulnerabilities.
6cd5faf8324579b088ba2034a7b37c0353b83bdaee14873cab31f958c1d4a9c6Zero Day Initiative Advisory 12-160 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Autostart ftAgent, which is deployed on machines managed by EMC Autostart by default. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing routines for op-codes used by EMC Autostart ftAgent's proprietary network protocol. This ftAgent.exe service listens on TCP port 8045, and performs arithmetic for memory size calculation using values read from the network without validation. This arithmetic is susceptible to integer overflow, causing the memory allocation to be undersized, ultimately allowing for heap-based memory corruption. An attacker can exploit this condition to gain remote code execution as user SYSTEM.
348d05843c763b998c72cde1986b0d8d86a8273201adf2954ae96744db28070bSiNG (Simple Network Gear) CMS version 2.9.0 suffers from a cross site scripting vulnerability.
2dd4683095f57b84f9f17963bc0ac47ccc118c24ab51a6cb32e792f956fa89e7Zero Day Initiative Advisory 12-159 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Autostart ftAgent, which is deployed on machines managed by EMC Autostart by default. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing routines for op-codes used by EMC Autostart ftAgent's proprietary network protocol. This ftAgent.exe service listens on TCP port 8045, and performs arithmetic for memory size calculation using values read from the network without validation. This arithmetic is susceptible to integer overflow, causing the memory allocation to be undersized, ultimately allowing for heap-based memory corruption. An attacker can exploit this condition to gain remote code execution as user SYSTEM.
4bb37e39d0935a5921ebcc259ad1ceee61b056d1620045f860f85c5536084c0bZero Day Initiative Advisory 12-158 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the MSADO component. When handling the a user specified CacheSize property the process uses this value to calculate the 'real' cache size. This value is used without proper validation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
25f27ea24db03707d8d1f1ca2b9b9b97150f758bbeaa6f9411a4fd1ba4b8e8a1Zero Day Initiative Advisory 12-157 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Series records. The code within Excel.exe makes an assumption about the data types within a Series record and can be made to write beyond the bounds of a heap buffer when a specific combination of fields are set to unexpected values. This corruption can be leveraged to achieve code execution under the context of the user running the application.
f52695b3a13a59917363ca6548d598bbe3338195c4a82c3631daf262b2709a17Zero Day Initiative Advisory 12-156 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco AnyConnect VPN Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to insufficient signature checks with the Cisco AnyConnect VPN Client. When the client is invoked through the ActiveX control it downloads and checks a file called vpndownloader.exe. This file has to be properly signed by Cisco. Once this file is downloaded it is run and downloads additional configuration files. Within the downloaded config file it is possible to force a download of executable files. Those files are not properly checked for valid certificates and are run on the host as soon as they are downloaded.
bb507fe8757aaf4a980506dd8a097f561be4b5b256078e3bd81e13cc1436b65eZero Day Initiative Advisory 12-155 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ISSymbol.ocx ActiveX component. When an overly large string is passed as the 'InternationalOrder' parameter, a heap overflow occurs. This vulnerability can be leveraged to execute code under the context of the user running the browser.
4d8a96e8d4946c80fb99bd380aee7e80cced8ae91d13979eb16c63348af95c53Zero Day Initiative Advisory 12-154 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within notes.exe. When handling URLs, it is possible to inject the -RPARAMS command line argument into the call to notes.exe, which will then launch rcplauncher.exe. Including the java -vm command will allow for the attacker to execute code under the context of the process.
b7bcdf06670bcf0bb125d88044d00d71075aeb8b81da424ae63e97db20de1a7dZero Day Initiative Advisory 12-153 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Quicktime.qts when parsing the 'sean' atom. The size specified in the atom's header is added to 0x0C and subsequently allocated. File data is then copied into that buffer along with a series of nulls. If the buffer is undersized, the copy operation can be made to corrupt adjacent memory. An attacker can leverage this vulnerability to execute code under the context of the process.
8da4cff4b1d9800ae714c51f995bc945a5e2f466d7fc61a5e4306177b1d40aa6Zero Day Initiative Advisory 12-152 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of applications that utilize Oracle's Outside In Technology. User interaction is required to exploit this vulnerability in that the target must visit open a malicious file. The specific flaw exists within the parsing of Excel files. When handling the MergeCells record, the process does not properly validate size values which can lead to an integer overflow. The resulting value is used to allocate a heap buffer which can be corrupted by an attacker to execute arbitrary code under the context of the application.
4e5bdd9a0b6986ddb42b1587891f373e03bb93e2427cf08d33202dabde9b74f1Zero Day Initiative Advisory 12-151 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of products utilizing Oracle's Outside In Technology. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the library's parsing of Excel files. When handling the TxO record, the vseshr.dll module can be made to wrap an integer value when parsing a specific field. This can lead to an improper memory allocation that can be leveraged to corrupt the heap leading to arbitrary code execution under the context of the user running the application.
ccb3ba9557e561df8fd6def3da1cacaf4340c9575687b248317212de8adddcadZero Day Initiative Advisory 12-150 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable products utilizing the Oracle Outside In Technology. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XPM files. When parsing the chars_per_pixel element the code within vsgdsf.dll does not validate that the data can fit within a stack buffer prior to copying it. This can be leveraged by a remote attacker to execute code under the context of the user running the application.
eba26479d31d9534018f7b20e8660d292b7d1b0c5a202480dcba7ea403cb9719Zero Day Initiative Advisory 12-149 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco AnyConnect VPN Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists because the VPN AnyConnect helper program does not check the version number of the vpndownloader.exe program it downloads. As such it is possible to forcefully install an older version of the vpndownloader.exe that is vulnerable to previously patched issues.
75dc16487817f808542467ad8adc6967577a1b02ed4a8410431a230537dc12d4Zero Day Initiative Advisory 12-148 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy Real-Time Information Portal. Authentication is not required to exploit this vulnerability. This specific flaw exists within the Remote Interface Service (rifsrvd.exe). The Remote Interface Service listens on TCP port 5159 by default. The process does not sufficiently validate two input strings that are used to create a configuration file on the server. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed ID_SAVE_SRVC_CFG message packets to the target, which could ultimately lead to remote code execution under the context of the SYSTEM user.
105619c0c35e771cefc01222c654039cf66ff780a580e1617564f397a94b07ccZero Day Initiative Advisory 12-147 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the library attempts to replace a particular element due to an HTML5 ContentEditable command. Due to the library not accommodating for DOM mutation events that can be made to occur, an aggressor can modify the tree out from underneath the library, leading to a type change. This can be used to trigger a use-after-free condition at which point can lead to code execution under the context of the application.
760af7f903dcffc7c994f6ae84b2433bd35d6a3fcecf961d0e142117a41598e1Zero Day Initiative Advisory 12-146 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the service handles a specially formatted LDAP request. When handling a particular set of commands, the server will copy a string described in the packet into a statically sized buffer without validating it's length. This leads to a stack-based overflow and as such can be exploited to achieve code execution under the context of the application.
78a844aa564c45bcbedc5aa122d217064bc707ec60821d90a52d07cb262ceb3dZero Day Initiative Advisory 12-145 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists within SemSvc.exe which listens by default on TCP port 8443 (https). The SemSvc service exposes a servlet called 'AgentServlet" which allows remote users to activate certain tasks without prior authentication. In doing so, it is vulnerable to directory traversal attacks and arbitrary file deletion. When certain files are deleted, the eval() method will allow for executing user supplied commands. An attacker can leverage these vulnerabilities to execute code under the context of the SYSTEM.
f61f4ce29b8d52c4a9c1b37082ef4cd64b59d5ec479c79388cbea56bd8342bedUbuntu Security Notice 1545-1 - Padraig Brady discovered that the fix for CVE-2012-3361 was incomplete and an authenticated user could still corrupt arbitrary files on the host running Nova. A remote attacker could use this to cause a denial of service or possibly gain privileges.
3a53bddd2287929957d5420dddeed230d9b331445336b2c7e6db112365ac459aUbuntu Security Notice 1544-1 - Tom Lane discovered that ImageMagick would not always properly allocate memory. If a user or automated system using ImageMagick were tricked into opening a specially crafted PNG image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
b37133d805b7960899db28d9eedaf2c123febd26d7a8b1e46218788828326038
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed