exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Squiggle 1.7 SVG Browser Java Code Execution
Posted May 18, 2012
Authored by Nicolas Gregoire, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least SVG version 1.1 or newer, (2) It must support Java code and (3) The "Enforce secure scripting" check must be disabled. The module has been tested against Windows and Linux platforms.

tags | exploit, java, arbitrary, code execution
systems | linux, windows
SHA-256 | 24c7b9f43ad4bc7ab845971e498435dbb71b35eb0f5542e9973eab4ad82fb513

Related Files

Open-Xchange 7.4.1 Script Insertion
Posted Feb 11, 2014
Authored by joernchen, Martin Braun

Open-Xchange AppSuite version 7.4.1 fails to properly neutralize javascript inserted at the header of an SVG image file.

tags | advisory, javascript
advisories | CVE-2014-1679
SHA-256 | 902503927eb1161ffb0b2ded9523ac54b5ca2dc0ca6eb132a17f1234f1998415
Red Hat Security Advisory 2014-0127-01
Posted Feb 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0127-01 - The librsvg2 packages provide an SVG library based on libart. An XML External Entity expansion flaw was found in the way librsvg2 processed SVG files. If a user were to open a malicious SVG file, a remote attacker could possibly obtain a copy of the local resources that the user had access to. All librsvg2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that use librsvg2 must be restarted for this update to take effect.

tags | advisory, remote, local, xxe
systems | linux, redhat
advisories | CVE-2013-1881
SHA-256 | fcbc112c2011bbfaa630a03173d317b36980caa81e028f8712270b3e2516fabe
Mandriva Linux Security Advisory 2014-009
Posted Jan 18, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-009 - librsvg before version 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference. For Business Server 1 gtk+3.0 has been patched to cope with the changes in SVG loading due to the fix in librsvg.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2013-1881
SHA-256 | a8a5daad2c6d3d3246c089eaf7364d8a45fe880d93a700d893540b19bc9de1d3
Open-Xchange AppSuite Script Insertion
Posted Nov 6, 2013
Authored by Martin Braun

Open-Xchange AppSuite versions prior to 7.4.0 fail to properly neutralize script code embedded within SVG files and also suffer from an information exposure vulnerability.

tags | advisory, xss
advisories | CVE-2013-6074, CVE-2013-6241
SHA-256 | 39e0180e7166549e3f32416ad6dcba8d15a526692b1b27889998d45ebd1eefe2
Apple Security Advisory 2013-04-16-1
Posted Apr 17, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-04-16-1 - Safari 6.0.4 is now available and fixes one vulnerability. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: An invalid cast issue existed in the handling of SVG files. This issue was addressed through improved type checking.

tags | advisory, arbitrary, code execution
systems | apple
advisories | CVE-2013-0912
SHA-256 | 3a89ff7462c5244bed37bf3530980d2b9d9ba36623eb4725d574dfba20f33962
Opera SVG Use-After-Free
Posted Feb 5, 2013
Authored by cons0ul

Opera appears to suffer from a SVG use-after-free vulnerability.

tags | exploit
SHA-256 | d90e95931435f6286ab827232216ed637ec6b27b22b209246804429448843063
Ubuntu Security Notice USN-1712-1
Posted Jan 31, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1712-1 - It was discovered that Inkscape incorrectly handled XML external entities in SVG files. If a user were tricked into opening a specially-crafted SVG file, Inkscape could possibly include external files in drawings, resulting in information disclosure. It was discovered that Inkscape attempted to open certain files from the /tmp directory instead of the current directory. A local attacker could trick a user into opening a different file than the one that was intended. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. Various other issues were also addressed.

tags | advisory, local, info disclosure, xxe
systems | linux, ubuntu
advisories | CVE-2012-5656, CVE-2012-6076, CVE-2012-5656, CVE-2012-6076
SHA-256 | ad9711511dcca224388d073b2dfe23803a095bc6b5187c2009d479f41de3f37d
Opera 12.02 Cross Site Scripting
Posted Oct 10, 2012
Authored by volema.com

Opera appears to suffer from a cross site scripting vulnerability due to a content inspection issue with image/svg+xml.

tags | exploit, xss
SHA-256 | 47c58bfa83f5960e04d82e9e18ef5a405a829e835b66320e8d0d8cd3da1b9ba0
SVG Java Execution Trigger
Posted May 15, 2012
Authored by Nicolas Gregoire

Some SVG specifications, like SVG 1.1 and SVG tiny 1.2, allow Java code execution when the file is opened. Proof of concept code included.

tags | exploit, java, code execution, proof of concept
systems | linux
SHA-256 | d11b15fccafdf18190f23d0b7a7f20f25dfc6fada15ef8cba05227b1c2721da0
Mozilla Firefox 7 / 8 Out-Of-Bounds Access
Posted May 8, 2012
Authored by regenrecht | Site metasploit.com

This Metasploit module exploits an out-of-bounds access flaw in Firefox 7 and 8 (versions 8.0.1 and below). The notification of nsSVGValue observers via nsSVGValue::NotifyObservers(x,y) uses a loop which can result in an out-of-bounds access to attacker-controlled memory. The mObserver ElementAt() function (which picks up pointers), does not validate if a given index is out of bound. If a custom observer of nsSVGValue is created, which removes elements from the original observer, and memory layout is manipulated properly, the ElementAt() function might pick up an attacker provided pointer, which can be leveraged to gain remote arbitrary code execution.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2011-3658
SHA-256 | 94acb924f037607a74196ffbd40dc6b26726a6b5e2a13e1caa089d6e3b0c2406
Zero Day Initiative Advisory 12-056
Posted Apr 10, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-056 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of nsSVGValue observers. A certain method call can be made to loop excessively causing an out-of-bounds memory access. By abusing this behavior an attacker can ensure this memory is under control and leverage the situation to achieve remote code execution under the context of the user running the browser.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-3658
SHA-256 | e23cbda38aef4fa8e327d43e94f029544e7d3574236da08ee39385b384e0cbfe
Ubuntu Security Notice USN-1400-4
Posted Apr 4, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1400-4 - USN-1400-3 fixed vulnerabilities in Thunderbird. The new Thunderbird version caused a regression in IMAP connections and mail filtering. This update fixes the problem. Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. Various other issues were also addressed.

tags | advisory, javascript, vulnerability, imap
systems | linux, ubuntu
advisories | CVE-2012-0455, CVE-2012-0457, CVE-2012-0456, CVE-2012-0451, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0462, CVE-2012-0464
SHA-256 | 383ee8f33b48cc0d16f1ee299e10b50a13188dcf42cd76498072c4c7bb351a6c
Ubuntu Security Notice USN-1401-2
Posted Mar 23, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1401-2 - USN-1401-1 fixed vulnerabilities in Xulrunner. This update provides the corresponding fixes for Thunderbird. It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash. Atte Kettunen discovered a use-after-free vulnerability in the Gecko Rendering Engine's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the Xulrunner based application. Atte Kettunen discovered an out of bounds read vulnerability in the Gecko Rendering Engine's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Soroush Dalili discovered that the Gecko Rendering Engine did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents of the frame or steal confidential data. Mariusz Mlynski discovered that the Home button accepted JavaScript links to set the browser Home page. An attacker could use this vulnerability to get the script URL loaded in the privileged about:sessionrestore context. Bob Clary, Vincenzo Iozzo, and Willem Pinckaers discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2011-3658, CVE-2012-0457, CVE-2012-0456, CVE-2012-0455, CVE-2012-0458, CVE-2011-3658, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0461, CVE-2012-0464
SHA-256 | 18ff4554ba8f49486a34fb7d8714a434cb13cd31e28f8877c79af56223cd9ced
Ubuntu Security Notice USN-1400-3
Posted Mar 22, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1400-3 - USN-1400-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered an out of bounds read vulnerability in Firefox's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Various other issues have also been addressed.

tags | advisory, remote, arbitrary, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2012-0455, CVE-2012-0457, CVE-2012-0456, CVE-2012-0451, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0462, CVE-2012-0464, CVE-2012-0451, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0464
SHA-256 | 553d78be7f7ed2853eaa6177ea136db38c2d1a480fb986ca79ad0876030a8c06
Mandriva Linux Security Advisory 2012-032
Posted Mar 21, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-032 - Security issues were identified and fixed in mozilla firefox and thunderbird. Security researchers Blair Strang and Scott Bell of Security Assessment found that when a parent window spawns and closes a child window that uses the file open dialog, a crash can be induced in shlwapi.dll on 32-bit Windows 7 systems. Security researcher Soroush Dalili reported a way to bypass this protection. Security researcher Atte Kettunen from OUSPG found two issues with Firefox's handling of SVG using the Address Sanitizer tool. Various other issues were also addressed.

tags | advisory
systems | linux, windows, mandriva
advisories | CVE-2012-0454, CVE-2012-0455, CVE-2012-0457, CVE-2012-0456, CVE-2012-0451, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0464
SHA-256 | 49b3630cca0e0de5bb12bfca94a302580b25a97edcb8bcd005ed74bcb9ba23bf
Ubuntu Security Notice USN-1401-1
Posted Mar 19, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1401-1 - It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash. Atte Kettunen discovered a use-after-free vulnerability in the Gecko Rendering Engine's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the Xulrunner based application. Atte Kettunen discovered an out of bounds read vulnerability in the Gecko Rendering Engine's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-3658, CVE-2012-0457, CVE-2012-0456, CVE-2012-0455, CVE-2012-0458, CVE-2011-3658, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0461, CVE-2012-0464
SHA-256 | 72dd23ef0655b7dc1ad658c36b42d88462bc63744bcfe1aa8b0aa2db6ebbcf36
Mandriva Linux Security Advisory 2012-031
Posted Mar 18, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-031 - Security issues were identified and fixed in mozilla firefox. Security researcher Atte Kettunen from OUSPG found two issues with Firefox's handling of SVG using the Address Sanitizer tool. Various other issues were also addressed.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-3658, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0461, CVE-2012-0464
SHA-256 | d92ffa90f8b38deb02160aa118083d4bbf9b53eff209ebe6ac726f72ce1b0ce4
Ubuntu Security Notice USN-1400-2
Posted Mar 16, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1400-2 - USN-1400-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered an out of bounds read vulnerability in Firefox's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Various other issues were also addressed.

tags | advisory, remote, arbitrary, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2012-0455, CVE-2012-0457, CVE-2012-0456, CVE-2012-0451, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0462, CVE-2012-0464
SHA-256 | 5b55ea6fffee26c72843021b56e71cfb46a31c56e38ee3b9f75b058db2e502a3
Ubuntu Security Notice USN-1400-1
Posted Mar 16, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1400-1 - Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, remote, arbitrary, javascript, xss
systems | linux, ubuntu
advisories | CVE-2012-0455, CVE-2012-0457, CVE-2012-0456, CVE-2012-0451, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0462, CVE-2012-0464, CVE-2012-0451, CVE-2012-0455, CVE-2012-0457, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0464
SHA-256 | 6ec8a17ac5494f22879ac72d2367bc10e24938596bb360d6ddb0c7b09b2668c5
Red Hat Security Advisory 2012-0387-01
Posted Mar 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0387-01 - Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws were found in the way Firefox parsed certain Scalable Vector Graphics image files. A web page containing a malicious SVG image file could cause an information leak, or cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2012-0451, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0464
SHA-256 | 54c3b9a3bc3b539c19efaab86387cb31f5468f34c7133309f16ce134aab81c47
Red Hat Security Advisory 2012-0388-01
Posted Mar 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0388-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws were found in the way Thunderbird parsed certain Scalable Vector Graphics image files. An HTML mail message containing a malicious SVG image file could cause an information leak, or cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2012-0451, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0464
SHA-256 | 3dd40ab51030e9ae870a195c9b560c97904e1bb39c116285b0e7dade2276f05e
Mandriva Linux Security Advisory 2011-192
Posted Dec 24, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-192 - Security issues were identified and fixed in mozilla firefox and thunderbird. The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving removal of SVG elements. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-3658, CVE-2011-3660, CVE-2011-3661, CVE-2011-3663, CVE-2011-3665
SHA-256 | 74b1c50fa04b0741fdb76a94c0c90b30b2e95ec9554f1e5264d61525601acb44
Secunia Security Advisory 45992
Posted Nov 19, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for librsvg. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

tags | advisory, denial of service
systems | linux, ubuntu
SHA-256 | d42ba784cae11587df33af2eb9e5bdd88cf557961cd0a699be6efdf9bb3c553a
Secunia Security Advisory 46078
Posted Nov 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for librsvg2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

tags | advisory, denial of service
systems | linux, fedora
SHA-256 | 1841f85f1daa2a7cc4dd80622f69f9215d2377bedd370441f5f23d3b59904593
Secunia Security Advisory 46317
Posted Oct 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for librsvg. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

tags | advisory, denial of service
systems | linux, suse
SHA-256 | e10d6ae3cf3811695dcb7929d428a201eb5687c14452fc92918c052cceaf7c5b
Page 1 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close