WBiz Desk version 1.2 suffers from a remote SQL injection vulnerability in the idtk parameter. This is a variant finding from the original discovery of SQL injection in this version attributed to h4ck3r in May of 2023.
332b84c29819f7a13b61e09456a833eac210172edb2ce5d235400faeb63c454bThe NCC Group has discovered a remote code execution vulnerability in Microsoft Windows Remote Desktop. Unfortunately, as usual, they are withholding any details for three months.
0fa10f8bd72eefcf41477492323bf1a29066a62a63f7c0287de0cac6b2c9a5efSecunia Security Advisory - loneferret has discovered a vulnerability in ManageEngine Service Desk Plus, which can be exploited by malicious people to conduct script insertion attacks.
4b576f909e08c470239259f64d977553f3e5fa4e4a72ed165b1d7a788f36a797This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).
d858c8b6d6fe0d0ffc9d06afc12e482599a5ca2b027ef372734fa46886a66c4dRed Hat Security Advisory 2012-1136-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way OpenOffice.org processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
b59bd2e586688730a92ac126349c089bef1303f0b4131b5918f5c095da0db017Red Hat Security Advisory 2012-1135-01 - LibreOffice is an open source, community-developed office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way LibreOffice processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in a LibreOffice application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
ef5af1d4129c97a023a0cc2e74caaa7ad86b3ab37d19926858984185cae82c3cZero Day Initiative Advisory 12-098 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of America Online's Toolbar, Desktop, IM, and winamp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dnUpdater ActiveX Control. When initializing the ActiveX control object, dnu.exe assumes the 5th argument being used for the Init() method, to be a legitimate pointer to a function. This vulnerability can be leveraged to execute code under the context of the user.
a43f556f3d5f1fb2f42adb830bd5d07dc569dc14ea9ec83ad846c3de1fe60ccbMyDesktop suffers from a remote SQL injection vulnerability.
b483fc4a413ecf61218995b5a31ab35d3a76cd27173b00ae7bb801caf250abb5Red Hat Security Advisory 2012-0705-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an invalid Escher graphics records length in Microsoft Office PowerPoint documents. An attacker could provide a specially-crafted Microsoft Office PowerPoint document that, when opened, would cause OpenOffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running OpenOffice.org.
6a657f9b42a90e909284ccc79fb9187564b90245173cbab2a1f6851f0a6a3370ExoPHPDesk version 1.2.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
bc686aa635201f14247dc246ac28bf215ac17cb4d6b29a73397658378a20ab02Secunia Security Advisory - Two vulnerabilities have been reported in Hitachi JP1/IT Desktop Management, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
e0fdb9f7c33b5703a29340209d510b8b6eead3975c286d792e8c5b0a8a4fe19dSecunia Security Advisory - Multiple vulnerabilities have been reported in ReadyDesk, which can be exploited by malicious people to conduct script insertion attacks.
db69da7634774c7d34b6d0f9da83a9ad4c9d93e03f550b057209111e2ea4a086ReadyDesk suffers from a cross site scripting vulnerability.
d933cf2d5240cd1b9fef0c9dff0b3afddcab16f19f6a7204ee5c5a9fe6166cd9This Metasploit module can be used to execute a payload on LANDesk Lenovo ThinkManagement Suite 9.0.2 and 9.0.3. The payload is uploaded as an ASP script by sending a specially crafted SOAP request to "/landesk/managementsuite/core/core.anonymous/ServerSetup.asmx" , via a "RunAMTCommand" operation with the command '-PutUpdateFileCore' as the argument. After execution, the ASP script with the payload is deleted by sending another specially crafted SOAP request to "WSVulnerabilityCore/VulCore.asmx" via a "SetTaskLogByFile" operation.
0f339f9c1af48dbfe9bfacaefebfc2b71162b36ed475e3bea07c0a38fda09f1bRed Hat Security Advisory 2012-0411-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. OpenOffice.org embeds a copy of Raptor, which provides parsers for Resource Description Framework files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If OpenOffice.org were to open a specially-crafted file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running OpenOffice.org had access to. A bug in the way Raptor handled external entities could cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org.
9a0a4f543457fc7348795ef6b90c507f9cb100611358fcad986b6f701a4bd297LANDesk Lenovo ThinkManagement Suite version 9.0.3 suffers from a core server remote arbitrary file deletion vulnerability.
0c80de7eb7401e75b9edafdab61c3336a8c7bbaca85898f61b94f2f26254ccd3LANDesk Lenovo ThinkManagement Suite version 9.0.3 suffers from a core server remote code execution vulnerability.
fe7e3841d8266a0bdf777c01b95935543a5458d8b05813ac7e4e79d579cbd473Kayako Fusion Help Desk Software suffers from a cross site scripting vulnerability.
565127ad9b187160e79043dbc0756f9abe1cadd29b782f144822a834134e3377Pakyu Cenloder Microsoft Remote Desktop python denial of service exploit.
6679e3355cf673033887af137fcccfdd01c59d366258732210ba0294f9b2d753This archive encompasses an advisory about the MS12-020 use-after-free vulnerability in Microsoft Remote Desktop, details about the leaked exploit in relation to this report, and a proof of concept exploit.
9a94d068fd0f6a8f044593bfb8ff8e4f4527cff18adacfeaddb785decdbbaa82Zero Day Initiative Advisory 12-044 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft's Remote Desktop Protocol. Authentication is not required to exploit this vulnerability. The specific flaw exists during handling of an error while loading elements into an array. This condition can cause the driver to abort a connection and part of the logic of the abort is to free an object associated with it. This will actually occur twice when each of channels are disconnected. The second time this object is freed, the driver will fetch a virtual pointer from the freed object and call it. This can lead to code execution under the context of the driver.
10864a15ca77b98406254b2f35007bb2b449eabd2c3ebff0d116a3416159f77eRed Hat Security Advisory 2012-0349-01 - On March 01, 2012, all Red Hat Enterprise Linux 4-based products listed transition from the Production Phase to the Extended Life Phase: Red Hat Enterprise Linux AS 4, Red Hat Enterprise Linux ES 4, Red Hat Enterprise Linux WS 4, Red Hat Desktop 4, Red Hat Global File System 4, Red Hat Cluster Suite 4.
e326550afcdeea4064006170ceef17b1544525cfcecf9f031e3dac47bae27ec1Secunia Security Advisory - Sony has reported multiple vulnerabilities in WonderDesk SQL, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.
7079b5c38c21caaae92f52f361e785a17d6ade637955b191713c7ac2081c3298WonderDesk suffers from a cross site scripting vulnerability.
bdd01d5b99c5b3fb619e5cc517a12bfb74b7dcb1c9b1d843a53ddc0a14cedfa7Red Hat Security Advisory 2012-0324-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
5523df1edf9b9bf00698149c5299eca8f8b5e0c4b4ab304f7d57cc4905cc9491Secunia Security Advisory - Two vulnerabilities have been reported in swDesk, which can be exploited by malicious people to compromise a vulnerable system.
b9a9624b38f1f69785758ca0381fd79a1cb0a4a279a7918cf803c22e2f55f007
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed