what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed

Files

Zero Day Initiative Advisory 12-134
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-134 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Quickr. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QP2.cab ActiveX control. When passing a long string argument to the Attachment_Times or Import_Times parameters during the control's instantiation it is possible to overflow a stack buffer causing memory corruption. This can be leveraged by an attacker to execute code under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2012-2176
SHA-256 | f5b1d3bdb902f6fbbf1d919f024758ceeac8eabd9d85a7109b8e3468ff8294f4

Related Files

Zero Day Initiative Advisory 12-039
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-039 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java Webstart handles the 'java-vm-args' parameter in the j2se tag within a jnlp file. Due to insufficient sanitation it is possible to add additional double quotes to the commandline argument string used to start a new java process. This can lead to remote code execution under the rights of the current user.

tags | advisory, java, remote, arbitrary, code execution
SHA-256 | d94a0659bb3d5751620c9a917bb3a7a6afb99e1f7b7888ddcbff44a739da4dbd
Zero Day Initiative Advisory 12-038
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-038 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JavaFX, a downloadable Java extension. The JavaFX Jar file is signed by Oracle and can be installed without user interaction. Once installed it is possible to invoke the main method of any trusted class with arbitrary arguments and with a trusted call stack. This can be leveraged to remote code execution under the context of the user.

tags | advisory, java, remote, arbitrary, code execution
SHA-256 | e396c40d1238a4b32b4de88a4e7c7a94f996dbe67c411ef01c6eb21bc7741d5a
Zero Day Initiative Advisory 12-037
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-037 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Webstart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within javaws.exe . Java Web Start does not safely handle double quotes that are placed anywhere except the beginning of certain property names in JNLP files. As a result, double quotes can be used to inject arbitrary command-line arguments into a javaw.exe process. Leveraging this would allow a remote attacker to execute code under the context of the user.

tags | advisory, java, remote, web, arbitrary
SHA-256 | a095f2b41c9458ca35fc7a84f9fa435bcb5c3afdd726d804553da5e42524a72c
Zero Day Initiative Advisory 12-036
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-036 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the handling of VML element positioning. When appending a VML element to a textArea element a reference to a cDispScroller object can be improperly freed. The object is can be reused, and due to this object being freed, a later allocation can be located in this memory region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0155
SHA-256 | 91ba23f83f6adbe244489b8b48522efdcef4f230714e8addb8a8a5a7d593320c
Zero Day Initiative Advisory 12-035
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within MSHTML, specifically the handling of an HTML time t:MEDIA element. A t:MEDIA element can be manipulated such that when the page is refreshed a reference to a freed CDispNode object remains allowing the repurpose of this region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0011
SHA-256 | df4f311fcd1579648e5945d76912d846d27da68fbe2df2c21540d95d6a0122e9
Zero Day Initiative Advisory 12-034
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-034 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ASX meta files. When the code within wmp.dll attempts to process the version string within a meta file, it copies it to a fixed-length buffer on the stack without checking that the destination can contain the input data. This can be abused remotely by attackers to execute arbitrary code under the context of the user running the media application.

tags | advisory, remote, arbitrary
systems | windows
advisories | CVE-2012-0150
SHA-256 | a83c58db30683d599df4aeb59ef7425627e17a94a25da7f227d7ceab7170b361
Zero Day Initiative Advisory 12-033
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-033 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB WebWare. Authentication is not required to exploit this vulnerability. The specific flaw exists within RobNetScanHost.exe and its parsing of network packets accepted on port 5512. The parsing of 'Netscan' packets with opcodes 0xE and 0xA are vulnerable to a stack-based buffer overflow with a fixed allocation of 20 bytes. This vulnerability can be exploited to execute arbitrary code in the context of the service process (LocalSystem).

tags | advisory, remote, overflow, arbitrary
SHA-256 | c19054aaeda7316388023d840ae6dfbe26300e49d337e63162e86a1ed98b70b4
Zero Day Initiative Advisory 12-032
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-032 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses structures for a specific tag descriptor with a specific ICC color profile. When handling a field from this structure, the application will incorrectly check for signedness and then perform an operation on it. This will then get passed to an allocation. Immediately following this, the application will use a different size to initialize the allocation. This can lead to a controllable memory corruption which can be leveraged to achieve code execution under the context of the application.

tags | advisory, java, remote, arbitrary, code execution
SHA-256 | de856aa61d7d5504a5332e85ae7a8c346fb55b885e46e6034141a1c3c1ca8861
Zero Day Initiative Advisory 12-031
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-031 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Server. Authentication is not required to exploit this vulnerability. The flaw exists within the mod_ipp apache module component of the iprint-server, which listens by default on 631/tcp. During the handling of get-printer-attributes requests containing a attributes-natural-language attribute cause a validation routine to be hit. When validating this parameter the contents of the attribute are copied, without validation, to a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2011-4194
SHA-256 | 8785ce5e4895042ebedf436b8cf98faabc69c6c55879154a348e72a44cb21bbb
Zero Day Initiative Advisory 12-030
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to TestCompatibilityRecordMode() which allows a remote attacker to reliably corrupt controlled memory regions. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-1388
SHA-256 | 622911706f81e9fdc034ca737be28695759a0dc4084b9264057c6fec06c15272
Zero Day Initiative Advisory 12-029
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to InsertMarker() which in turn can allow an attacker to corrupt memory in a controlled fashion. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-1391
SHA-256 | 76805c536c447f4915a19c2be819b065adf829fffb16f51c4133629f6e4650de
Zero Day Initiative Advisory 12-028
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-028 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within BB FlashBack Recorder.dll. The Filename property is vulnerable to directory traversal via the Start() method. PauseAndSave() is also vulnerable to directory traversal via its nextfilename parameter. InsertMarker() and InsertSoundToFBRAtMarker() have parameters that are vulnerable to script injection and can be combined with the previously mentioned vulnerabilities to achieve remote arbitrary code execution.

tags | advisory, remote, arbitrary, vulnerability, code execution
advisories | CVE-2011-1392
SHA-256 | b91a6531dea44477e2aadda1393a53b6738e18af1494bf5db32e2e7f7e05104f
Zero Day Initiative Advisory 12-027
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SaveDoc function exposed by the VsVIEW6.ocx ActiveX control. The SaveDoc function causes a file to be created at an arbitrary path specified by the first argument (FileName). The file contents can be controlled by first setting the 'Text' member of the object. These behaviors can be exploited by a remote attacker to execute arbitrary code on the target system.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2012-0189
SHA-256 | 18a904ce62adf630cb8f08055cd0c8789ee111f72763c2cbf5bde4315c6c054a
Zero Day Initiative Advisory 12-026
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-026 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Render() method exposed by the ExportHTML.dll ActiveX control. This method causes a file to be written to an arbitrary path specified by the second argument (Output). The contents of the file can be controlled by manipulating the object members 'CssLocation', 'LayoutStyle' and 'EmbedCss'. The CssLocation member can be directed to a UNC path containing a file to be included in the file generated by the call to Render(). These behaviors can be exploited by an attacker to execute arbitrary code on the target system.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2012-0190
SHA-256 | 5faff96d7b772db4987ba0423e5a6873f87e25fb7f156aa3410fe6e26a0817ce
Zero Day Initiative Advisory 12-025
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the indexd.exe handles rpc calls with opcode 0x1 for program 0x0005F3D9. While processing this message a user supplied string is copied into a fixed size stack buffer. This can result in a buffer overflow which can lead to remote code execution under the context of the current process.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2012-0395
SHA-256 | cc67964915fcfb176e4d7e59a6f033eda56531c16675a4a919fa72e82ca22936
Zero Day Initiative Advisory 12-024
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-024 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uncsp_ViewReportsHomepage stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the uncsp_ViewReportsHomepage stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request--which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
SHA-256 | 38c96fbd0758de3d47d24f2cd78a96e8dd8121809197ed09d568532c067566ad
Zero Day Initiative Advisory 12-023
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-023 - This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of CA Total Defense Suite UNC Management Web Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the App_Code.dll service listening by default on TCP ports 34444 and 34443 (SSL). The service allows a remote client to request encrypted domain credentials without authentication. The encryption lacks a salt allowing an attacker with a local installation of CA Total Defense Suite UNC Management Web Service to easily decrypt the credentials.

tags | advisory, remote, web, local, tcp
SHA-256 | 1de96172989487fd3a6ea16f36030260ccf1f16e55224c94d2ef37c87fcf3425
Zero Day Initiative Advisory 12-022
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-022 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ExportReport stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the ExportReport stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request--which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
SHA-256 | 0e8f7ca268f389e2b1876c29d7b402d6145d28a3f54451240d6162b5bbe3dc50
Zero Day Initiative Advisory 12-021
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-021 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within 2d.x3d, which is Adobe Reader's code responsible for processing BMP files. When passing a negative size parameter in the 'colors' field, a series of signed comparisons will be averted, and the overly large size parameter is passed to a memcpy(). This will cause a heap-based buffer overflow, allowing an attacker to execute code under the context of the user.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2011-4373
SHA-256 | 24f0d26f31e6c8fcf24c50cab38a6f9c749dcbe2a5ff797f47cc95f3469fc940
Zero Day Initiative Advisory 12-020
Posted Jan 31, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-020 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SaveDoc and PrintFile functions exposed by the VsVIEW6.ocx ActiveX control. The SaveDoc function causes a file to be created at an arbitrary path specified by the first argument (FileName). The file contents can be controlled by setting the 'Header' member and calling PrintFile() with the same path argument. These behaviors can be exploited by a remote attacker to execute arbitrary code on the target system.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2012-0189
SHA-256 | 0e61a6e226350f291abb2c1d035a02dd7b420e246ac20734c7e602223f151f77
Zero Day Initiative Advisory 12-019
Posted Jan 31, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-019 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within SetLicenseInfoEx() method exposed by the mraboutb.dll ActiveX Control. String data supplied to the first parameter (strInstallDir) of SetLicenseInfoEx() is copied into a 256 byte global buffer without first checking the string length. This overflow can be exploited to remotely execute arbitrary code on the target system.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2012-0188
SHA-256 | 854bc2e262fff88ef741e78bf82fffb4832ad1b7eb87f4f13c662b94e8d6c14e
Zero Day Initiative Advisory 12-018
Posted Jan 25, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-018 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec PCAnywhere. Authentication is not required to exploit this vulnerability. The flaw exists within the awhost32 component which is used when handling incoming connections. This process listens on TCP port 5631. When handling an authentication request the process copies the user supplied username unsafely to a fixed-length buffer of size 0x108. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM account.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2011-3478
SHA-256 | f2e5416cfb35582eb7bb064faa5f556740901c0c7936212dbaf2cc1269cea59b
Zero Day Initiative Advisory 12-017
Posted Jan 21, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-017 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Outside In. Authentication is not required to exploit this vulnerability. The flaw exists within the sccfut.dll component which is used by multiple vendors, most notably the Novell Groupwise E-Mail Client. When opening the OOXML formatted mail attachment for preview the process copies the target of a Relationship tag to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.

tags | advisory, remote, arbitrary, local
SHA-256 | e80d123ed6250589b8b3eca15fa9b0da08e7c39a53637e169b2b5417d40f956e
Zero Day Initiative Advisory 12-016
Posted Jan 13, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-016 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Diagnostics server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the HP Diagnostics server handles incoming packets with 0x00000000 as the first 32-bit value. The magentservice.exe process listens on port 23472 by default. It will eventually take that first dword, decrease it by one and use it as a size value to copy data into a stack buffer. The resulting stack-based buffer overflow can result in remote code execution under the system user.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2011-4789
SHA-256 | f89cf1cca7956e3476a79653108a775954c6207b163d593dad96b7179e74c5f5
Zero Day Initiative Advisory 12-015
Posted Jan 13, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-015 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP MSA 2000 G3. Authentication is not required to exploit this vulnerability. The specific flaws exists within the web interface listening on TCP port 80. There exists a directory traversal flaw that can allow a remote attacker to view any file on the system by simply specifying it in the default URI. Additionally, the password file contains a default login that can be used to authenticate to the device. This can be leveraged by a remote attacker to perform any tasks an administrator is able to.

tags | advisory, remote, web, arbitrary, tcp
advisories | CVE-2011-4788
SHA-256 | efef31e729581273d43acf86536cbf3cf65886fa8a51dab225bf70b406583cb8
Page 4 of 4
Back1234Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close