This is a thorough analysis of the Microsoft XML core services uninitialized memory vulnerability as noted by CVE-2012-1889. It includes proof of concept data to trigger the issue and goes through the flow.
71478922d4d7dd398af9e4e90d1f859e3494d8ddf266086e502d50612e95667aThe JULI logging component in Tomcat versions 5.5.9 through 5.5.25 and versions 6.0.0 to 6.0.15 allows web applications to provide their own logging configurations. The default security policy does not restrict this configuration and allows an untrusted web application to add files or overwrite existing files where the Tomcat process has the necessary file permissions to do so.
66606f1673de22575c8893d54b52647fdb228feb8f44f542c4a94d96aaa28b7dThe Adobe Flash Player suffers from a cross site scripting vulnerability in an Active-X control.
f6c57285f5f9177d0686e13925e869c92795808b569382452b6d141d45ffc92fBroadcast Machine is susceptible a cross site scripting vulnerability in the login form.
8241a33bb964ea259feca73c69ede830f25a8e4f545f97d6c5d5c9b1031f89c1IBM Lotus Domino IMAP4 server LSUB command exploit. Binds a shell to tcp/4444.
773b707809d24e3b39210ae41f67d5268fb2011eb73260a3b0f1c8900b05ac7eThe Protect Worksheet functionality, used to protect sections Mathcad sheets from alterations, is easily bypassed allowing access to the protected data due to the implementation of the file format used to save the files. Versions 12 through 14 are susceptible.
59212c73addc60b27330c7a5cc490343f6632c8a536237a0f3a3bc03659abf30ShellExecuteFisaco - This is a temporary, third-party patch to help mitigate the URL handling issue discovered in Windows XP and Windows Server 2003.
0ff695c1b0c5d9e7f8c0aa50738be627a3c4f7d8d77fd0b2c0b6be7970eab8f2Tomcat versions 5.5.0 to 5.5.24 and 6.0.0 to 6.0.13 suffer from a cross site scripting vulnerability in the host manager functionality.
84aa48ad32c84fc16f0e577cc862d655e1f81b84b1b780d61e5ec1d8d0ba64d7Tomcat versions 3.3 to 3.3.2, 4.1.0 to 4.1.36, 5.0.0 to 5.0.30, 5.5.0 to 5.5.24, and 6.0.0 to 6.0.13 suffer from an information leak disclosure in the way they handle \ characters in cookies.
e5589b41bdac2a0cffbf674971524413fe5a6341732f9a0f585fadb94c8d0951Tomcat versions 3.3 to 3.3.2, 4.1.0 to 4.1.36, 5.0.0 to 5.0.30, 5.5.0 to 5.5.24, and 6.0.0 to 6.0.13 suffer from an information leak disclosure in the way they handle ' characters in cookies.
41519194941a60fb4c6de2f97ec088ad75995c1dece7ff92c6a5b9b74e676145Tomcat versions 3.3 through 3.3.2 suffer from a cross site scripting vulnerability.
36084975dae6956494d65e72bd4a33f442d3b4c6dbbdb2fd1b7ce7a52906b08aTomcat versions 4.0.0 to 4.0.6 and 4.1.0 to 4.1.36 suffer from a cross site scripting vulnerability.
18d606dd2290c995c57c23bf0c1b1e49d55196f30e1dcbb36548399e8febeefeJWIG might allow context-dependent attackers to cause a denial of service via loops of references to external templates.
0ead7d2c9293234988840ac672454f04d0bb39727a583dc26868cfb6d076d5a3gobi/helma is susceptible to information disclosure and cross site scripting vulnerabilities.
b31cdd86d58c76d997b07b7ed5d8e8298619d66cf08a08dd821df264df808ccfApache Tomcat versions 4.0.0 to 4.0.6, 4.1.0 to 4.1.34, 5.0.0 to 5.0.30, 5.5.0 to 5.5.20, and 6.0.0 to 6.0.5 suffer from a cross site scripting flaw in Accept-Language header processing.
d999b15d8c14e8f9941eb0de2b9fcc406bb711763d4e143d20615de1a557bab6Apache Tomcat versions 4.0.0 to 4.0.6, 4.1.0 to 4.1.36, 5.0.0 to 5.0.30, 5.5.0 to 5.5.24, and 6.0.0 to 6.0.13 suffer from a cross site scripting flaw in the Host Manager Application.
0cf8c43036f2c7837ce86bba5bc54b9dea03e8669966df6441046992fbb203b0Apache Tomcat versions 4.0.0 to 4.0.6, 4.1.0 to 4.1.36, 5.0.0 to 5.0.30, 5.5.0 to 5.5.24, and 6.0.0 to 6.0.13 suffer from a cross site scripting flaw in their JSP examples.
a6c3ae6ce4360fc4d056e2d6c0d8f910d71d7afb1587a7db9a0a2d4f30cc120aExploit that takes advantage of the Microsoft IIS5 NTLM and basic authentication bypass vulnerability.
da48bc1fb0d7baf79ec390c809a98038135a0452d168b8ba8cd128e1daa06466The Tomcat documentation web application includes a sample application that contains multiple cross site scripting vulnerabilities. Versions affected include Tomcat 4.0.0 to 4.0.6, Tomcat 4.1.0 to 4.1.36, Tomcat 5.0.0 to 5.0.30, Tomcat 5.5.0 to 5.5.23, and Tomcat 6.0.0 to 6.0.10.
968c88845b898089e8b8029963655b7859cb75e7641ac130b217cc79a098793amephisto version 0.7.3 suffers from a cross site scripting vulnerability.
84c3561d85dc79e1f03d58fe2d684422b948aa552404f0f3892c557b39343ed8toendaCMS version 1.5.1 suffers from cross site scripting vulnerabilities.
8b014fa1afa7977911bb87c72ae3b8f2b6a0e3a8fa083c52487875a74043ecc8chcounter version 3.1.3 suffers from cross site scripting vulnerabilities.
49556ce1b3b02159dcde4feb9763c44a651aa58ff57caaba25fea6fe15f8f7a3The name of a file on the server's share is used as the format string when setting an NT security descriptor through the afsacl.so VFS plugin. This affects Samba versions 3.0.6 through 3.0.23d. Patch included.
1b9a5933a61b5ba5816be5b3ed95fee8d77b027e7ccbbe015eab2b33ace3c7f3A logic error in the deferred open code can lead to an infinite loop in smbd. This affect Samba versions 3.0.6 through 3.0.23d. Patch included.
f7857b2a68d7a679f8925c8272b9cc6e79a032b0159f6cba512e0905b3125d31Samba versions 3.0.21 through 3.0.23d suffer from a potential overrun in the gethostbyname() and getipnodebyname() in the nss_winbind.so.1 library on Solaris that can potentially allow for code execution. Patch included.
25a9b7c50109733111e809ad13bdcb9a8fcd574b275715d781e59adc978d92cfCVE-2006-0745 - Local privilege escalation in X.Org server 1.0.0 and later and X11R6.9.0 and X11R7.0. When parsing arguments, the server takes care to check that only root can pass the options -modulepath, which determines the location to load many modules providing server functionality from, and -logfile, which determines the location of the logfile. Normally, these locations cannot be changed by unprivileged users.
6597d054bf1ef5dc391e506a54c9531f46d310afd1d4f729bf2368bf13702df2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed