WiFi Camera Roll version 1.2 suffers from local file inclusion and remote arbitrary file upload vulnerabilities.
3c3e22dfc6db82838915c2af74c60ae29e40e2e7c6afa63e749fdd5bea9ab9b5This Metasploit module exploits a vulnerability in the U3D handling within versions 9.x through 9.4.6 and 10 through to 10.1.1 of Adobe Reader. The vulnerability is due to the use of uninitialized memory. Arbitrary code execution is achieved by embedding specially crafted U3D data into a PDF document. A heap spray via JavaScript is used in order to ensure that the memory used by the invalid pointer issue is controlled.
958220f3112687e60ccfaeeb8830223cf29aa4ac4c24d29d128ae6cc845d5953RedTeam Pentesting discovered a cross site scripting vulnerability in Bugzilla's chart generator during a penetration test. If attackers can persuade users to click on a prepared link or redirected them to such a link from an attacker-controlled website, they are able to run arbitrary JavaScript code in the context of the Bugzilla installation's domain. Versions affected include 2.17.1 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3.
ca81bb38b09a55cb4defe19fe6466a61b7037842c123590640a2365869115e44Zero Day Initiative Advisory 11-345 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trent Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet, controlled data is copied into a 256-byte stack buffer. This can be exploited to execute remote code under the context of the user
2f0b0bef4c75980c94c4ba1550763495aa8d02b888a699d46ae959adb180fc1bRed Hat Security Advisory 2011-1533-04 - Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large scale Linux and UNIX deployments. A Cross-Site Request Forgery flaw was found in Red Hat Identity Management. If a remote attacker could trick a user, who was logged into the management web interface, into visiting a specially-crafted URL, the attacker could perform Red Hat Identity Management configuration changes with the privileges of the logged in user.
0e823f1a2ae89e3334938c90bcec4ce2eb598bf36bbbf703ea7582c3e523706cThis Metasploit module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectable address, thus allowing arbitrary code execution. This Metasploit module works on multiple Windows platforms including: Windows XP SP3, Windows Vista, and Windows 7.
b1838839c525c11d9b53cae384041c70a3a02194b24bf115638e1db8ac88a5f5This Metasploit module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectable address, thus allowing arbitrary code execution.
62edddea0f0519c92d9a92f2e69fc9d8e1666dd6111763683d4173038b2a9bcaRSA has delivered an update on RSA Key Manager Appliance 2.7 Service Pack1 that includes security related component updates including Oracle Critical Patch Update (CPU) July 2011 and RSA Access Manager Server, security vulnerability fix, hot fix roll-ups and bug fixes.
b3b3018dfe32899d541965ac824cd23af6a61e18beae800a1a6ae93c827686e0Zero Day Initiative Advisory 11-307 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists because Java does not sufficiently verify parameters certain functions. The function MixerSequencer.nAddControllerEventCallback fails to check for negative index numbers before writing user supplied data into a static array. This allows a malicious applet to write user controlled data outside the array boundaries resulting in remote code execution under the context of the current user.
060a302119a9b97e9bbab4d11daf2343cda725d77cd345adbb06190183d3233fVarious Qt applications including KSSL (the KDE class library responsible for SSL negotiation), Rekonq, Arora and Psi IM are vulnerable to UI spoofing due to their use of QLabel objects to render externally controlled security critical information. The primary area of concern at this time relates to the named applications SSL certificate dialogue UI however other similar dialogue boxes may also be vulnerable.
f1104d7ba2003aa2ac18e3d2d43aeb4860aa6ccd918b4b4b79f4e418e6abe44fDesarrollado por Goyo suffers from a remote SQL injection vulnerability.
6e49240d75a170bb754ea35085fc8e2f297647d2bf8675564e9399af2597eb67Red Hat Security Advisory 2011-1293-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to cause the squid child process to crash or execute arbitrary code with the privileges of the squid user, by making Squid perform a request to an attacker-controlled Gopher server. Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.
ea39bfc892a77fdbe8a6f552fe2926423db15874fcc35fa5cc0dfca4f6715324BroadWin WebAccess Client with bwocxrun.ocx versions 1.0.0.10 and below suffer from format string and memory corruption vulnerabilities. The OcxSpool function is affected by a format string vulnerability caused by the usage of the Msg string provided by the attacker directly with vsprintf() without the required format argument. WriteTextData and CloseFile allow to corrupt arbitrary zones of the memory through a fully controllable stream identifier in fclose() and fwrite().
15455c76959ce3375afe0d9ca55c3e3406b7eb808cd072c8d28bf369a9e800f5Zero Day Initiative Advisory 11-253 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for evaluating the scroll method of the Actionscript Bitmap class. The function that uses the parameters to the scroll method performs arithmetic using data from the instantiated Bitmap object. By creating a Bitmap with certain integer values and subsequently calling the scroll method with other large integer values it is possible to force an integer wrap to occur. The resulting value is utilized to calculate a pointer which is operated upon by memory copy operations. By crafting specific values this issue can be exploited to execute remote code in the context of the user running the browser.
cbcee4905d289d85fc316e709eeb8ade0f8cda5d0c07506d3de8211862d0232dZero Day Initiative Advisory 11-245 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase Adaptive Server Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Sybase Backup and Monitor servers handle certain data in the login packets. Malformed packets can cause the service in question to lookup a function pointer outside a predefined function pointer array. It is possible to set this function pointer to an address where user controlled data exists and this will result in code execution under the rights of the user running the Monitor Server.
a33a5097372aa85175aa3ce715085578d3c1258260b45dacbedcb9fe9a6fb67aDebian Linux Security Advisory 2287-1 - The PNG library libpng has been affected by several vulnerabilities. The most critical one is the identified as CVE-2011-2690. Using this vulnerability, an attacker is able to overwrite memory with an arbitrary amount of data controlled by her via a crafted PNG image.
3e4ff8efb347ee8c838157bb520547cc9e35f8767d8e12ee5f0743289e6a2a10The Joomla Controller component suffers from a remote SQL injection vulnerability.
e888d01396ceb94d941bcd2f921047012849a712495d7b4cd987468ed2ac00e2Red Hat Security Advisory 2011-0930-01 - NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. It was found that NetworkManager did not properly enforce PolicyKit settings controlling the permissions to configure wireless network sharing. A local, unprivileged user could use this flaw to bypass intended PolicyKit restrictions, allowing them to enable wireless network sharing. Users of NetworkManager should upgrade to these updated packages, which contain a backported patch to correct this issue. Running instances of NetworkManager must be restarted for this update to take effect. Various other issues were also addressed.
b7ab38f7999b982feca87c5853853695ba8e9668b475ada75d85fd8504c2f8f5Secunia Security Advisory - A vulnerability has been reported in Aruba Mobility Controller and AirWave, which can be exploited by malicious people to conduct script insertion attacks.
1571c186941df6842280034d2d7213b7774055865224181eba19b4870d3b3262Secunia Security Advisory - A weakness has been reported in Aruba Mobility Controller, which can be exploited by malicious people to conduct spoofing attacks.
099c943843bff7ac69a018836d517965aabd4b17eb506c211537ccbd352c30c8The software referred to as BCAAA (Blue Coat Authentication and Authorization Agent) is installed on a domain server (not necessarily a domain controller, a member server is enough) and acts as an intermediary between a Blue Coat ProxySG and the domain. The BCAAA Windows Service is vulnerable to a stack-based buffer overflow, this can lead to remote code execution running with SYSTEM privileges. Affected are all versions of BCAAA associated with ProxySG releases 4.2.3, 4.3, 5.2, 5.3, 5.4, 5.5, and 6.1 available prior to April 21, 2011 or with a build number less than 60258. All versions of BCAAA associated with ProxyOne are also vulnerable.
54bac8253d4a2373e84fd3215e027da96d0d0887a6fbb0fdaedba7dac543322fZero Day Initiative Advisory 11-228 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on Windows and multiple applications on OSX. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the ColorSync component which is used when handling image files containing embedded ICC data. When handling the ncl2 tag the process miscalculates an integer value used in a memory allocation. This buffer is later used as a destination when copying user controlled data. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user running the application.
28f0c86a7153f8ab01da15469d3e82484598e321f5062bb00f5e5d3205b4d7beRed Hat Security Advisory 2011-0883-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update includes backported fixes for security issues. These issues, except for CVE-2011-1182, only affected users of Red Hat Enterprise Linux 6.0 Extended Update Support as they have already been addressed for users of Red Hat Enterprise Linux 6 in the 6.1 update, RHSA-2011:0542. Security fixes: Buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology based controllers. A local, unprivileged user could use these flaws to cause a denial of service, an information leak, or escalate their privileges. Various other issues were also addressed.
32c69eb58d8c9cfe079f467c02ccea31eabfd23e1dfefd7f8f1a39af947e1df7Zero Day Initiative Advisory 11-220 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the RIFF-based Director (.dir) files. When handling an undocumented substructure, the code within dirapi.dll can be forced to incorrectly calculate a destination pointer if it encounters certain 1-byte opcodes within the .dir file. The assumptions made by the code can allow for malicious values to influence a size parameter that is used to calculate a memory address. This address is then written to with controlled data. This can be abused by an attacker to corrupt memory and subsequently execute arbitrary code under the context of the user running the browser.
7ce4bc2e5363a0845511ebbcaf9f91ca8d13fd5a47368fb1908ec0231aa16841Zero Day Initiative Advisory 11-213 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the rcsL RIFF chunk within Director files. When handling specific structures within this chunk, the process trusts an offset and uses it to calculate a pointer value. By modifying this element an attacker can force the application to corrupt memory at a controlled location. This can be leveraged by an attacker to execute arbitrary code under the context of the user running the browser.
df4e10793b2e4e485be19b31ec65b5d6273cc4bb1017ffebe49a2f5b0fe7e4dcZero Day Initiative Advisory 11-207 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for embedding various file types within the RIFF-based Director file format. Several of the asset modules distributed with Shockwave do not properly extract string values from within embedded media objects. The code attempts to null-terminate such strings using a 32-bit size value specified prior to the string value. By crafting an embedded media object with a large string size an attacker can write a NULL byte to a controlled offset from the buffer containing the string. This can be leveraged to execute arbitrary code under the context of the user running the browser.
ebb726bfe36fbf867b2338a278267d4eae9e06cce3a5cd050555ea67fc7d2a08
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed