Adive Framework version 2.0.7 suffers from a privilege escalation vulnerability.
fabbbf5ca28fd0f0d55a57bb29f69d80Zero Day Initiative Advisory 12-141 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within Microsoft .NET XAML Browser Application (XBAP) handling of Clipboard object data. It is possible to cause unsafe memory access within System.Windows.Forms.Clipboard, allowing an attacker to control the memory used by an object's native code. This unsafe access allows for control of a function pointer, which can be exploited to remotely execute code. In the case of Internet Explorer, execution of attacker code occurs outside of the Protected Mode sandbox.
115854b44c0ecde1869f05b2c8d44fc5ICS-CERT Advisory ICSA-12-228-01 - Independent security researchers Billy Rios and Terry McCorkle have identified multiple vulnerabilities in the Tridium Niagara AX Framework software. The vulnerabilities include directory traversal, weak credential storage, session cookie weaknesses, and predictable session IDs, all of which can be exploited remotely. All known versions of the Tridium Niagara AX Framework software products are susceptible to these vulnerabilities.
b06e40e7ae0926a970fbe505f761c4c7Secunia Security Advisory - A vulnerability has been reported in Niagara Framework, which can be exploited by malicious people to hijack a user's session.
426d6a3485d26c4af5870f2216547503Debian Linux Security Advisory 2529-1 - Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework.
aa54004a5bc8a82e1f64044c06bdd517This paper documents step by step instructions for intercepting TOR users via proxies and using the BeEF framework. It takes injection and proxying attacks on TOR to another level and is a very useful read.
36c7fedcbd07be678550e31f031d444aZend Framework suffers from local file disclosure via XXE injection.
4c5039d0fbbff40111dc0a2628bba0ddZero Day Initiative Advisory 12-131 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Microsoft .NET handling of XAML Browser Applications (XBAP) graphics components. It is possible to cause an undersized allocation for a buffer which is populated with user-supplied glyph data, resulting in memory corruption which can be leveraged to remotely execute code.
fa28d73142451f1eab4aa6b9a737d9eciptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
8bf564ea8348522fc1db727868828defTermineter is a framework written in python to provide a platform for the security testing of smart meters. It implements the C12.18 and C12.19 protocols for communication. Currently supported are Meters using C12.19 with 7-bit character sets. Termineter communicates with Smart Meters via a connection using an ANSI type-2 optical probe with a serial interface.
2ea2025b17d9409ef543310269cad355The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
674b6bf22606298c98e7735b994dec25Secunia Security Advisory - A vulnerability has been reported in Niagara Framework, which can be exploited by malicious people to disclose system information.
6bd1d154cff43190bc526ffa1fceac4eMagento eCommerce platform uses a vulnerable version of Zend framework which is prone to XML eXternal Entity Injection attacks. The SimpleXMLElement class of Zend framework (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections.
b4c3759ec30e246aac884dcd47c7d37cRed Hat Security Advisory 2012-1057-01 - RESTEasy provides various frameworks to help you build RESTful web services and RESTful Java applications. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.
1f083d2fdb5f82c7e938357c1f210eb8Red Hat Security Advisory 2012-1059-01 - RESTEasy provides various frameworks to help you build RESTful web services and RESTful Java applications. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.
de1443fcebf272e76c7aac74d642aef8Red Hat Security Advisory 2012-1056-01 - RESTEasy provides various frameworks to help you build RESTful web services and RESTful Java applications. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.
b77aa2285072c1ee1ae3d730e211ee39Red Hat Security Advisory 2012-1058-01 - RESTEasy provides various frameworks to help you build RESTful web services and RESTful Java applications. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.
3555b3d549386134345e317aa4c8d2b9Secunia Security Advisory - Debian has issued an update for zendframework. This fixes a vulnerability, which can be exploited by malicious people to disclose sensitive information.
33138290f67a214d804a9484caca1313Microsoft IIS suffers from a short file/folder name disclosure vulnerability when handling tilde characters. The .NET framework may also suffer from a denial of service condition relating to the handling of tilde. Proof of concept scanner included.
2b424f4a874aa574d9d64507b3cab96aDebian Linux Security Advisory 2505-1 - An XML External Entities inclusion vulnerability was discovered in Zend Framework, a PHP library. This vulnerability may allow attackers to access to local files, depending on how the framework is used.
0a5213fc1f3b5b1fc91375c0a200f38cDebian Linux Security Advisory 2504-1 - It was discovered that the Spring Framework contains an information disclosure vulnerability in the processing of certain Expression Language (EL) patterns, allowing attackers to access sensitive information using HTTP requests.
427c6307d581a794ea16527ff5fb061aZend Framework versions 1.11.11, 1.12.0 RC1, and 2.0.0 beta4 suffer from remote file disclosure via an XXE injection vulnerability.
65d9aa7bd7a07e5a0dfc325960ebd152Secunia Security Advisory - SEC Consult has reported a vulnerability in Zend Framework, which can be exploited by malicious people to disclose sensitive information.
85af201b2352b2ba6f2875df782da18aRed Hat Security Advisory 2012-0811-04 - The php-pecl-apc packages contain APC, the framework for caching and optimization of intermediate PHP code. A cross-site scripting flaw was found in the "apc.php" script, which provides a detailed analysis of the internal workings of APC and is shipped as part of the APC extension documentation. A remote attacker could possibly use this flaw to conduct a cross-site scripting attack. Note: The administrative script is not deployed upon package installation. It must manually be copied to the web root .
c1f2e2155f67e7037dd2ce43ca63f41cSecunia Security Advisory - SUSE has issued an update for python-tornado. This fixes a vulnerability, which can be exploited by malicious people to conduct HTTP response splitting attacks in an application using the framework.
52011803ac1ec85c832ef098e024d921Secunia Security Advisory - A vulnerability has been reported in Microsoft .NET Framework, which can be exploited by malicious people to compromise a user's system.
e29efbf86668651be3be5d7f99c763e6
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed