OX Documents version 7.10.5 suffers from multiple improper authorization vulnerabilities.
fdc415c0e1479fc1bbd7c9da23f2c1893080132040e14750beb56328b7efaa61IS-IS cheatsheet that documents NSAP addressing, the protocol header, and more. Version 2.0.
c144b803463d2f8beaf7175bf909fad90e6bc2bdebaa1e3abe313c33524f4f67iDefense Security Advisory 03.04.10 - Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView Filter SDK allows attackers to execute arbitrary code with the privileges of the targeted application. This vulnerability occurs when processing specially crafted documents. When processing such a document, the software reads an integer value from the file and uses this integer, without validation, in an arithmetic operation to calculate the amount of memory to allocate. If a sufficiently large number is supplied, the calculation overflows, resulting in a buffer of insufficient size being allocated. The software then proceeds to copy data into this under-sized buffer. This results in an exploitable heap buffer overflow condition.
9a38749723b857cb3e896aba20e2a23b58f974d6729609fcebae71db896a4859This paper documents approximately 50 remote file inclusion vulnerabilities in Joomla and related components.
8a5d92efdfd15123d6ad869d4c6c3d04d04313918ae5fffeaf1cd2c0d2e807faUbuntu Security Notice 903-1 - OpenOffice suffers from multiple vulnerabilities. It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. If a user were tricked into opening a specially crafted image, an attacker could execute arbitrary code with user privileges. Nicolas Joly discovered that OpenOffice did not correctly handle certain Word documents. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary code with user privileges. It was discovered that OpenOffice did not correctly handle certain VBA macros correctly. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary macro commands, bypassing security controls.
d0a5d9315dd8e403cd8b3e519b8802f52fab3266e43dcc3d765e96967c414897Secunia Security Advisory - A vulnerability has been reported in the Documents Seller component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
36f4029c6e6392aa5cad6924a4441ec1b5301f663a4aa6aae3af6fe0971d157bThis advisory documents vulnerabilities in the HMS HICP protocol as well as an Intellicom NetBiterConfing.exe remote stack overflow vulnerability. Proof of concept code included.
568bd797eaf1f7ed214afde142e6f10f82177d14ce3e3f83f9c7be7f09b32e90This Metasploit module exploits a vulnerability in the 3Com 3CDaemon FTP service. This package is being distributed from the 3Com web site and is recommended in numerous support documents. This Metasploit module uses the USER command to trigger the overflow.
815045260e465802c35cbda9285c0622bfe5f32298f8df68633b64d3f5a3b2a0This Metasploit module exploits a stack overflow in the MaxDB WebDBM service. This service is included with many recent versions of the MaxDB and SAPDB products. This particular module is capable of exploiting Windows systems through the use of an SEH frame overwrite. The offset to the SEH frame may change depending on where MaxDB has been installed, this module assumes a web root path with the same length as: C:\\Program Files\\sdb\\programs\\web\\Documents
ddfaa8c6118e77caf9e117e63cda2d90418cbdc78f05a4580f53a23a6e6acf0dPDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.
a0ff0a8ec79bf6713fe5bd669e6ff55f9916ec2d34e69f219fc8a3fcb182a836Ubuntu Security Notice 850-3 - USN-850-1 fixed vulnerabilities in poppler. This update provides the corresponding updates for Ubuntu 9.10. Original advisory details: It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
63c3ccfbae71b61e42605e0cd81a7cff6e1cf05926b86d413a70fe812affcec3Debian Linux Security Advisory 1923-1 - A denial of service vulnerability has been found in libhtml-parser-perl, a collection of modules to parse HTML in text documents which is used by several other projects like e.g. SpamAssassin.
9f1818d3726640fc83c9bc282de4c5ec25b1509a4b848c6a2dd32c8de7c5aaf4Improper parsing of the PDF structure by various McAfee products leads to evasion of detection of malicious PDF documents at scantime and runtime.
74ef4730aa72a94a3d6fb571ee56a4ae27ce295cced8e9dca51ce6c1107da9f3Improper parsing of the PDF structure by various F-Secure products leads to evasion of detection of malicious PDF documents at scantime and runtime.
9f02651ae92071b892771f844ff0763ef40c20e6cfbe5d8fad99e50e0bae8eadImproper parsing of the PDF structure by various Symantec products leads to evasion of detection of malicious PDF documents at scantime and runtime.
c5195c92e8b5682c7ce5d732aadf8cc4e11df997abb11873f6eaa932099bcaa0Ubuntu Security Notice 850-2 - USN-850-1 fixed vulnerabilities in poppler. The security fix for CVE-2009-3605 introduced a regression that would cause certain applications, such as Okular, to segfault when opening certain PDF files. This update fixes the problem. It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
2cf3d8acd59c9223beedc1f2cefbcb79dea982230a631fe717af3cb4e1cb518fUbuntu Security Notice 850-1 - It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
2f82b6f88a4cf4427aa354e47da6d119543a06f31b58f73dfeef3c7d9b2a663biDefense Security Advisory 10.13.09 - Remote exploitation of a use after free vulnerability in Adobe Systems Inc.'s Acrobat and Reader Firefox plugin could allow an attacker to execute arbitrary code with the privileges of the current user. When Adobe Acrobat/Reader is installed, it also installs various browser plugins that allow PDF documents to be viewed in the browser. This vulnerability occurs within the Firefox browser plugin. The Internet Explorer version is not affected. The vulnerability occurs when Firefox attempts to navigate away from a page and unload the PDF viewing plugin. When Firefox calls the plugin's destroy method, the plugin does not properly free its resources. Specifically, a function pointer for the window update routine is not properly freed. This results in uninitialized memory being used when the window is redrawn, which leads to attacker supplied data being executed when the function pointer is dereferenced. iDefense has confirmed the existence of this vulnerability in Acrobat and Reader versions 8.1.3, 8.1.4, 8.1.5, and 8.1.6. Previous versions are also likely affected. Version 9.1.3 and previous 9.x versions are not affected.
26d2526e5fa4a158dc90e307c84a2c19f9b708a1d9689add295e4f768fab5f65origami is a Ruby framework designed to parse, analyze, edit, manipulate, forge, exploit PDF files. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and/or analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.
03d625dd6742e83e1cf1e7aada8ac8204c837386922d724032600a741c8dd32dSecunia Security Advisory - A vulnerability has been reported in BPowerHouse BPLawyerCaseDocuments, which can be exploited by malicious users to conduct SQL injection attacks.
3d9ed4b113f911b8d5bef0307d833a44bd4322ce258e97797f6986ac2af710b3PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.
267e613adcd2e4def5a8b399243921d9e748a1b9c49c328a68a4fff6c8882117PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.
ad97a700df805201f0faf0f1f0121a46a4839f54351997009d49262a8e3e0f46This paper documents a cross site scripting workaround for strip_tags and addslashes.
7aa842a76e4ec47865c611db68a692cad7db17b86333f2d6fba41e17ca13aff2origami is a Ruby framework designed to parse, analyze, edit, manipulate, forge, exploit PDF files. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and/or analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.
7405bfc439b78efdaa51fa0a0e50f65ec3a0fa667d5346b12c0813e56d269d1fUbuntu Security Notice USN-779-1 - Several flaws were discovered in the browser and JavaScript engines of Firefox. Pavel Cvrcek discovered that Firefox would sometimes display certain invalid Unicode characters as whitespace. Gregory Fleischer, Adam Barth and Collin Jackson discovered that Firefox would allow access to local files from resources loaded via the file: protocol. Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that Firefox did not properly handle error responses when connecting to a proxy server. Wladimir Palant discovered Firefox did not check content-loading policies when loading external script files into XUL documents. It was discovered that Firefox could be made to run scripts with elevated privileges.
4b1fdb412e2b54dca514e5aa57046f7901ab30c8d647f187151e3f4ccaf6738cPDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.
cf35a2dbcc6076011b5ad1bf115619a109832b123bfa84ba7d96cdbb3dba42cf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed