This is a thorough analysis of the Microsoft XML core services uninitialized memory vulnerability as noted by CVE-2012-1889. It includes proof of concept data to trigger the issue and goes through the flow.
71478922d4d7dd398af9e4e90d1f859e3494d8ddf266086e502d50612e95667aOpenSSL versions 0.9.8k and 1.0.0-beta2 DTLS remote memory exhaustion denial of service exploit.
707ecaa806e575970e45edb096353e9e70a251a1b313a57024ad97ba671abea1Linux 2.6 kernel udev versions below 1.4.1 local privilege escalation exploit.
bd6992d84b7f36f4d79d12ce8930abcac49295702f6e9938849399ecc5ab82cdlibvirt_proxy versions 0.5.1 and below local privilege escalation exploit.
d6a86f33d2c8f6b21caeda9e12fe29f7be896e99bc24a3e50439a596759674f8Apache Tomcat mod_jk versions 1.2.0 through 1.2.26 suffer from an information disclosure vulnerability.
82a8f73ad304a3a139da882c821b3194c48cbad8270a4c890591b51a66f9f916pam-krb5 versions below 3.13 local privilege escalation exploit.
ed6caf64e916f13fb22ba283a61616d7a4668b0cdd50588a48572cfcd9deedfbThe calendar application for Apache Tomcat contains invalid HTML which renders the cross site scripting protection for the time parameter ineffective. An attacker can therefore perform an cross site scripting attack using the time attribute. Version affected include Tomcat 6.0.0 to 6.0.18, Tomcat 5.5.0 to 5.5.27, and Tomcat 4.1.0 to 4.1.39.
2fd4d18e046935391c0b4eb23d19aed3bf6cd14d57e11ae2522468cf694b91a4Apache Tomcat versions 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 suffer from an information disclosure vulnerability.
768d53d9e66098ca1617ffada6c18d5bb474b2b3a0457418984e05a53b42a23eLinux Kernel versions below 2.6.26.4 SCTP kernel memory disclosure exploit.
7e0bf7e87eb0ba0da140e07ab53740c3709083af939cf0f1e2a5c0226a2ac6dbPHP versions 5.2.7 and below suffer from a mbstring buffer overflow vulnerability.
37409b5b7371a744b1320cc0009af571db7064e7ad18669697f3b62fd7f1c554This vulnerability was originally reported to the Apache Software Foundation as a Tomcat vulnerability. Investigations quickly identified that the root cause was an issue with the UTF-8 charset implementation within the JVM. The issue existed in multiple JVMs including current versions from Sun, HP, IBM, Apple and Apache. It was decided to continue to report this as a Tomcat vulnerability until such time as the JVM vendors had released fixed versions.
e900270f78788247830b00a35c41b325144bc065b616b71c79bd1ef3ec0ed86bAvahi mDNS daemon versions below 0.6.24 remote denial of service exploit.
21710acf10701ccd19d56410ec9950524c32406536eccbcb87f1aab4060bb059Linux kernel versions 2.6.27.8 and below ATMSVC local denial of service exploit.net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table.
1ac5511bb7124a05d8d0461db2da89076c5d7276da1e422a0eed18b95223456aPeopleTools version 8.49 suffers from a brute forcing vulnerability that bypasses the account lock-out mechanism.
1794832b45dbd92fd22d7dfa4a7894a3017ca74fc0a57e60ed4181884fae20edOracle versions 8i, 9i, 10g Release 1, and 10g Release 2 suffer from an unauthenticated proxy vulnerability.
ec3cad539a775dde2997a1297f85c3d7574fae33267cd0c9794bbc00b97b00dbApache Tomcat versions 4.1.0 to 4.1.31 and 5.5.0 suffer from an information disclosure vulnerability.
465aad4edd5d33fc410a93390311c63759bed560f67aa892017afbf7cb22422bDenial of service exploit for Postfix versions 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel.
be4de29c579743f90fbea63e452a1da0c2f608677d7e66f78cf782b3ccc6d70cDeep analysis of the integer overflow in Microsoft GDI+ that can occur during the processing of PolyPolygon records in WMF files.
7a9b40b846c927ee326e5b2b5de32049d98d127571d293ef63109d59bb828c00Apache Tomcat versions 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 suffer from an information disclosure vulnerability.
336ae34f18a11aaa4141e2fcd7aeb318b8b924dd30a3de3cafb02c982c3cd061Tomcat versions 4.1.0 to 4.1.37, 5.5.0 to 5.5.26, and 6.0.0 to 6.0.16 all suffer from an information disclosure vulnerability.
f8c36b93b9442322e44a0b2612396b39102152d21428d8074fa6dbbc58be85ffTomcat versions 4.1.0 to 4.1.37, 5.5.0 to 5.5.26, and 6.0.0 to 6.0.16 all suffer from a cross site scripting vulnerability in HttpServletResponse.sendError().
a5cb236b30e41b1e924b392a708b771a95f2290c765c9d8c5a8597f677aa5ddcTomcat versions 5.5.9 through 5.5.26 and versions 6.0.0 through 6.0.16 suffer from a host-manager cross site scripting vulnerability.
8808a3da5ed86e0f31b49d8245c32c84d0730206e950d7964fd18089497a3952Clam-AV versions below 0.93 suffer from an endless loop vulnerability when handling specially crafted ARJ files.
f975acf9d28711c1ba81f2592579ef7b9338976b9b3020f121d957117570ee4dSerendipity (S9Y) is vulnerable to cross site scripting vulnerabilities.
dd63fb188152a551ba836b956d929e9d741646329f28f1ee2f401f93732ec998Apache Tomcat versions 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15 suffer from a duplicate request processing vulnerability.
22729b358466fbd68bb4271ffdf26a6060ba0c78b027606cde7fa63482f7d411Apache Tomcat versions 4.1.0 through 4.1.36, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14 suffers from a cookie handling vulnerability that allows for session hi-jacking.
b39d081913bab5de110b695d04a57477a5c95855e6a8d1817540793912383f76
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed