RealTerm Serial Terminal version 2.0.0.70 suffers from an echo port buffer overflow vulnerability.
801b86d255328b3fedc995c0bcbbcc29d2ca3f7b6e8522ecf7a4d5babd746c01Secunia Security Advisory - Debian has issued an update for xfce4-terminal. This fixes a security issue, which can be exploited by malicious people to inject shell commands.
1478959eb63590dc4b208b338ac436338f3786882d2e8ead48b4e80e6e89e595Debian Security Advisory 1393-1 - It was discovered that xfce-terminal, a terminal emulator for the xfce environment, did not correctly escape arguments passed to the processes spawned by "Open Link". This allowed malicious links to execute arbitrary commands upon the local system.
31be8cc034e77cdfc8024b7182247c9b9c32d51c2d7e9a0014476144661a646eOpenCT is a library for accessing smart card terminals. It provides a rich set of functions for driver writers, protocol drivers for T=0 and T=1, serial and USB functionality, including USB hotplugging. The main user of OpenCT is the OpenSC smart card framework, but OpenCT can of course be used by other applications as well. OpenCT provides a native OpenCT, CT-API and PC/SC Lite IFD interface with an OpenCT ifdhandler resource manager.
3df187f63eb6694652098238bdf967b304dad8f62e9219be4cf3b6d5ec5db58bThe Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). Both source tarball and binary tarballs are included.
6be2b9d8c80c3ce8623695fe34d59e1da13a69e745c495039e6e3840b294cafdThe Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). Both source tarball and binary tarballs are included.
12647279df0a167a813e91d94627b92abe1cca879d0528921db39c1d55eb68d2Secunia Security Advisory - Ubuntu has issued an update for xfce4-terminal. This fixes a security issue, which can be exploited by malicious people to inject shell commands.
bd2232b539f5a18100f0129c62660c9c3c1cceb450ea5ff5917a0ae35a3a4542Gentoo Linux Security Advisory GLSA 200708-07 - Lasse Karkkainen discovered that the function terminal_helper_execute() in file terminal-helper.c does not properly escape the URIs before processing. Versions less than 0.2.6_p25931 are affected.
330b4e24fb821b2cd5f7c0a3bd591f92d633d2a9129ad6efcf09f92746b72a12Secunia Security Advisory - Gentoo has issued an update for terminal. This fixes a security issue, which can be exploited by malicious people to inject shell commands.
a7f3981a5ef06e535dabe1150e3b4c997589a4a74eafb6b4f4877812f7d50644iDefense Security Advisory 07.26.07 - Local exploitation of a stack-based buffer overflow vulnerability in the 'capture' program, as included with IBM Corp.'s AIX operating system, allows an attacker to execute arbitrary code with root privileges. The vulnerability exists within the code that parses terminal control sequences. A long series of control sequences will trigger an exploitable stack-based buffer overflow. iDefense has confirmed the existence of this vulnerability in AIX version 5.3 with service pack 6. Previous versions may also be affected.
908a645d01d8e4edec8e221b469bcc9e5ff3c39e86322bbb73f81a6763bd38fcIBM AIX versions 5.3 sp6 and below capture Terminal Sequence local root exploit.
829483f58084eaa4308caec735b5d7f3bfb3532ddfeb7bf8502ec83b60b014faOpenCT is a library for accessing smart card terminals. It provides a rich set of functions for driver writers, protocol drivers for T=0 and T=1, serial and USB functionality, including USB hotplugging. The main user of OpenCT is the OpenSC smart card framework, but OpenCT can of course be used by other applications as well. OpenCT provides a native OpenCT, CT-API and PC/SC Lite IFD interface with an OpenCT ifdhandler resource manager.
21ce1c8c53f21ecb807cfd6a9bef0a10ea60506a6b6cb2be9e1cf79049e43e5fMicrosoft's Terminal Server on Windows 2003 Server with all of the current service packs fails to enforce its own settings.
8798b9bc51b7d84c7da9fb7f5b4f9eba6130b48b4e845424495701e089d46febOpenCT is a library for accessing smart card terminals. It provides a rich set of functions for driver writers, protocol drivers for T=0 and T=1, serial and USB functionality, including USB hotplugging. The main user of OpenCT is the OpenSC smart card framework, but OpenCT can of course be used by other applications as well. OpenCT provides a native OpenCT, CT-API and PC/SC Lite IFD interface with an OpenCT ifdhandler resource manager.
b4fdc700e9778a8c115d0bed82781f967c41ac1c941451b01a91c45ae43088a9OpenCT is a library for accessing smart card terminals. It provides a rich set of functions for driver writers, protocol drivers for T=0 and T=1, serial and USB functionality, including USB hotplugging. The main user of OpenCT is the OpenSC smart card framework, but OpenCT can of course be used by other applications as well. OpenCT provides a native OpenCT, CT-API and PC/SC Lite IFD interface with an OpenCT ifdhandler resource manager.
febfef88b93c876fbff1b59e3da4e1db4dd18e6d3af76594ca1e4cfbf5e178e2Debian Security Advisory 1202-1: "cstone" and Rich Felker discovered that specially crafted UTF-8 sequences may lead an out of bands memory write when displayed inside the screen terminal multiplexer, allowing denial of service and potentially the execution of arbitrary code.
0336be55907d9761d17e884f264abb9f84a424adbf5dccce23401605deae86d3OpenPKG Security Advisory - OpenPKG-SA-2006.026: According to a vendor release announcement [0], a denial of service vulnerability exists in the virtual terminal application GNU screen [1], version 4.0.2 and earlier. The vulnerabilities exist in the handling of "UTF-8 combining characters" and allow user-assisted attackers to cause a Denial of Service (crash or hang of GNU screen) via certain UTF-8 character sequences.
3d1d7b3be9c6d2ccd5c51acc0f2c4f73714fb8ee5beedde2d14d7a6468e3b555SCO Openserver 5.0.7 termsh exploit. 'termsh' is a program to view or modify an existing terminal entry on SCO Openserver. A stack based overflow exists in the handling of command line arguments, namely the [-o oadir] argument. It is installed setgid auth in a default SCO Openserver 5.0.7 install. An attacker may use this flaw to gain write access to /etc/passwd or /etc/shadow allowing for local root compromise.
80848a38a842001ba4c5cb1a4aa2616cfde210738c9f9ac3f9e0ec9ee9fa8266Safebreaker is a demonstration next-generation packet-sniffing backdoor, that doesn't require libpcap. It offers a full terminal support, comes with a tls encryption for the connection, and the authentication parameters are configurable.
f6f72ee772f76cad2c257e301e9e32dd81ea91eb20dff6bdc36e59f08553c705OpenCT is a library for accessing smart card terminals. It provides a rich set of functions for driver writers, protocol drivers for T=0 and T=1, serial and USB functionality, including USB hotplugging. The main user of OpenCT is the OpenSC smart card framework, but OpenCT can of course be used by other applications as well. OpenCT provides a native OpenCT, CT-API and PC/SC Lite IFD interface with an OpenCT ifdhandler resource manager.
878703c82cbc1caac996063f1efc54d1adc2b2b94a03dad97d813ca6691a6ef0A vulnerability has been found in Internet Explorer 6.0 on Microsoft Windows 2003. When Internet Explorer tries to instantiate the tsuserex.dll (Terminal Services) COM object as an ActiveX control, it may corrupt system memory in such a way that an attacker may cause a denial of service and/or execute arbitrary code.
45bcc9edc70442e2ba1be2fee5c00146f0504b9dd513529c6d211f040618dda6There is a vulnerability in Microsoft Terminal Server when an application is specified for the user instead of a full Windows Desktop. It is possible to easily cause an error in explorer.exe and to gain access to a full Desktop. This is an issue for anyone publishing applications through TS to domain users who also logon to full desktops either on the TS or on another machine.
d64c9d402f1bb8e25e76432b26bcff82f0808bc359afaae44e10c6fe851b3e67Apple Mac OS X Safari 2.0.3 Vulnerability: A vulnerability exists in Safari 2.0.3 (417.9.2) and perhaps in prior versions which causes the operating system to slow down SRCOD (Spinning Rainbow Cursor Of Death), and therefore, it's not possible to launch any applications like Terminal to kill the process. After several minutes Safari crashes.
1b1b00d7a05322c9df74a0bf3744fc5fa2b4665c1d920ba9ac0ca53cb19b8700This Metasploit module exploits a vulnerability in Safari's "Safe file" feature, which will automatically open any file with one of the allowed extensions. This can be abused by supplying a zip file, containing a shell script, with a metafile indicating that the file should be opened by Terminal.app. This module depends on the 'zip' command-line utility.
d07fb300961da20240be4d01af4bf9ae28d737166fc35716c762ae250e33252fA vulnerability in versions 5.0(1) and 5.0(3) of the software used in Cisco Anomaly Detection and Mitigation appliances and service modules may allow unauthorized users to get unauthorized access to the devices and/or escalate their privileges if Terminal Access Controller Access Control System Plus (TACACS+) is incompletely configured.
f4b129b457b402f8fe7136fcc31d2b398212b4e009abebc6478cb32c7649e9e9FileZilla Server Terminal version 0.9.4d appears to suffer from a buffer overflow vulnerability when being passed 900-3000 characters to the USER directive.
334bebb9956a106eb2cd459c8d4304a22a36821a0e716ac35a08441077fc83c3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed