House Style version 0.1.2 suffers from a readfile() local file disclosure vulnerability.
f0e12ae5abdf3d6c1f4d058141489a08c550c3d153d77562c509b480d09570aeGoogle Chrome developers, while trying to be adaptive and current, added some windows 8 helper functions to aid the development of Metro style behavior, but does not include the library file itself, thus resulting in an unqualified dynamic-link library call to 'metro_driver.dll'. A user with local disk access can carefully construct a DLL that suits the pattern that is being traversed by the client and implement it somewhere along the search path and the client will load it seamlessly.
dbb9d62577ac5b978fa6419192db9f6b4808436e28a90885a8548c968b26a7d8Zero Day Initiative Advisory 12-107 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the style XML element the code within QuickTime3GPP.qtx does not properly validate the length of the data within specific sub-fields. By providing specially crafted data, the code can be made to copy too much into a fixed-length buffer on the stack. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code under the context of the user running Quicktime.
ec9ca6e89db17756e89ac2f6a9f8f242ae57ba337294689a6345cc4b405617e3Red Hat Security Advisory 2012-1046-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
fe71e26fd75c9403f91014baf93c4a6d167a5d5aef0be73d9f6c0fe60b8a1865Red Hat Security Advisory 2012-1045-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
57bee9f577390f47d09269171763d581bac37a4751fb81fddb955d4db237ace9Red Hat Security Advisory 2012-1047-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
ad1e0d74169944968d087c38eeee1c4b790cf754e68c22a60bc2f608214be628Zero Day Initiative Advisory 12-093 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles dynamically changed colspans on a column in a table with the table-layout:fixed style. If the colspan is increased after initial creation it will result in a heap overflow. This can lead to remote code execution under the context of the current program.
8f092c9a13be63d1f680705e9f626e08f3dffdf52fc8e721397a923db23101f6StyleDesign CMS suffers from a remote SQL injection vulnerability.
9245f4296cae4d66fd3a2cd48c7e10efe9f94637f6b20f0b08aa56f45981be4eStyleDesign suffers from multiple remote SQL injection vulnerabilities.
790e2d4f1f19a59fff61876bdcff9494a8ffd67f8b3ba8b412908182e572d1bfSecunia Security Advisory - A vulnerability has been reported in the eZ Style Editor extension for eZ Publish, which can be exploited by malicious people to bypass certain security restrictions.
16ed60ba0dec2bb46082dfc398ee4580eb59450303cf96fc25e27a51246884ffUbuntu Security Notice 1369-1 - Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Thunderbird can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. It was discovered that memory corruption could occur during the decoding of Ogg Vorbis files. If the user were tricked into opening a specially crafted file, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
828f494e34eb5a1f78ece739fb1b1d40cd48f816fcc1acab7510901c4f61b8a8Red Hat Security Advisory 2012-0103-01 - SquirrelMail is a standards-based webmail package written in PHP. A cross-site scripting flaw was found in the way SquirrelMail performed the sanitization of HTML style tag content. A remote attacker could use this flaw to send a specially-crafted Multipurpose Internet Mail Extensions message that, when opened by a victim, would lead to arbitrary web script execution in the context of their SquirrelMail session. Multiple cross-site scripting flaws were found in SquirrelMail. A remote attacker could possibly use these flaws to execute arbitrary web script in the context of a victim's SquirrelMail session.
040b4b10a49caa004db71999e8f7658921ee27aeb022c6727ca45cd9c27514adZero Day Initiative Advisory 12-026 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Render() method exposed by the ExportHTML.dll ActiveX control. This method causes a file to be written to an arbitrary path specified by the second argument (Output). The contents of the file can be controlled by manipulating the object members 'CssLocation', 'LayoutStyle' and 'EmbedCss'. The CssLocation member can be directed to a UNC path containing a file to be included in the file generated by the call to Render(). These behaviors can be exploited by an attacker to execute arbitrary code on the target system.
5faff96d7b772db4987ba0423e5a6873f87e25fb7f156aa3410fe6e26a0817ceUbuntu Security Notice 1355-1 - It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
7c86a4200c1cdd5ec495e92bba3e2afcc5e13d73d936f2b664424e9313d4a442Ubuntu Security Notice 1355-2 - USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
62f3881e6cd502ee7165e7fac91f4e1740fb29a4f3934a23bb74f7d9d7782398Ubuntu Security Notice 1355-3 - USN-1355-1 fixed vulnerabilities in Firefox. This update provides updated ubufox and webfav packages for use with the latest Firefox. It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
2a1f3d1aba1379136bb62f0ebddb2710919d4326c73b90769f1c54518649f6b3i4Style Web Design suffer from remote SQL injection and cross site scripting vulnerabilities.
1c38a500e4e3bdab6965199201e8033eaa702be19dfcba11c26c7d32d01d9ef3HP Application Lifestyle Management (ALM) Platform version 11 suffers from a local root privilege escalation vulnerability.
ef932a54ded081a7757e2161d0584d1237286a7a50c4b0fad05bed5e152badceCircumference is a server-client-style implementation of a WebAuth client and server to supplement the WebAuth Diameter subprotocol, complete with an extensible Diameter server and base library. Diameter is a peer-to-peer authentication protocol as specified in RFC3588 and its updates.
55e699e9a3613a66c8aa3c26e48cc627c4e252b87662a175ea29de566d9ddc29Secunia Security Advisory - A vulnerability has been reported in the Freestyle FAQs and Freestyle Testimonials components for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
8ffab1b45de25e6717a031c1d3cff2410c39ca7bab397d61033f723752e6f71ephpBBStyles CMS suffers from a remote SQL injection vulnerability.
87a5ecae294b173ef2714f24d86f1a81ba625c18b81f0019ccd05ac1de6b6d88Code Widgets DataBound Index Style Menu suffers from a remote SQL injection vulnerability.
a08157d34b3038a71365eed7e228fb47a5ff5d1f3c33eac71cbb3460fc03e2a5Zero Day Initiative Advisory 11-248 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the part of the application that is responsible for handling STYLE elements. By creating a STYLE element with an invalid behavior, an attacker can force an object of invalid type to be called, resulting in corruption of heap memory. This can be leveraged by an attacker to achieve code execution under the context of the application.
9eb2dfda180769f65780f31f14c72642a804c72ddbb88f6572507e71448979f2Zero Day Initiative Advisory 11-243 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit as utilized by either Apple Safari, or Google's Chrome browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the library handles implicitly defined styles. When processing a specific case for a style, the application will dispatch an event. During this dispatch, code can be executed that can be used to manipulate the DOM tree causing a type-switch. This type-switch can lead to code execution under the context of the application.
271b74fa85acb6b77a0e3a8b90d17138c1ec8c1c86c7849005154a58cb31c6e6The recent discussion relating to insecure library loading on the Microsoft Windows platform provoked a significant amount of debate as to whether GNU/Linux and UNIX variants could be vulnerable to similar attacks. Whilst the general consensus of the Slashdot herd appeared to be that this was just another example of Microsoft doing things wrong, the author felt this was unfair and responded with a blog post that sought to highlight an example of where POSIX style linkers get things wrong. Based on the feedback received to that post, the author decided to investigate the issue a little further. This paper is an amalgamation of what was learnt.
38725ccf48a81f4e7da57a4196862e45b938f1fbb3f88bb603cf2a91867ab832This Metasploit module exploits a use-after-free vulnerability in Internet Explorer. The vulnerability occurs when an invalid object tag exists and other elements overlap/cover where the object tag should be when rendered (due to their styles/positioning). The mshtml!CObjectElement is then freed from memory because it is invalid. However, the mshtml!CDisplay object for the page continues to keep a reference to the freed <object> and attempts to call a function on it, leading to the use-after-free.
b32377ac3beaa1414985310c6140cd9cbefd81ce42b9a9337bf648771c0e9476
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed