Core Security Technologies Advisory - A vulnerability has been found in the way that Microsoft Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed record value. An attacker who successfully exploited this vulnerability could execute arbitrary code with the privileges of the user running the MS Word application.
6f84551f3249c3aa35a7feb4f055de3b8c4220bfed506d6013db37f88a75caec
Core Security Technologies Advisory - Lattice Diamond Programmer is vulnerable to client-side attacks, which can be exploited by remote attackers to run arbitrary code by sending specially crafted '.xcf' files.
df8058279a3a470f0f6120f9c7043177979a194827cfc608434c36cb3b42c698
Core Security Technologies Advisory - There is a bug in the ReadLayoutFile Windows Kernel function that can be leveraged into a local privilege escalation exploit, potentially usable in a client-side attack scenario or after a remote intrusion by other means.
ad5c6d91d11d4dcc9b8463439354e1e8142812d8ed2bc300fc637ac6cc763462
Secunia Security Advisory - Core Security Technologies has reported multiple vulnerabilities in SAP NetWeaver, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
eff6f18dc3bd34c48491384e92912b99a2774c1815ef38d72844839aba14e852
Core Security Technologies Advisory - SAP Netweaver is a technology platform for building and integrating SAP business applications. Multiple vulnerabilities have been found in SAP Netweaver that could allow an unauthenticated, remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered sending specially crafted SAP Diag packets to remote TCP port 32NN (being NN the SAP system number) of a host running the "Dispatcher" service, part of SAP Netweaver Application Server ABAP. By sending different messages, the different vulnerabilities can be triggered.
84108ccf75a417b942e0291cf7c3798ea4c264ddce271305c260f4c3931d47e5
Secunia Security Advisory - Core Security Technologies has reported a vulnerability in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
3d524580c71764b5d3cc900bb22709290434a48db35fefdef8adf40529de9e7e
Core Security Technologies Advisory - Apple OS X suffered from a sandbox predefined profiles bypass vulnerability. Several of the default pre-defined sandbox profiles do not properly limit all the available mechanisms and therefore allow exercising part of the restricted functionality. Namely, sending Apple events is possible within the no-network sandbox (kSBXProfileNoNetwork). A compromised application hypothetically restricted by the use of the no-network profile may have access to network resources through the use of Apple events to invoke the execution of other applications not directly restricted by the sandbox.
a93c8053536e7abfedb811843ec4811b01921f6a36f6987012ab0bbdb0ab1c23
Core Security Technologies Advisory - A memory corruption vulnerability in Adobe Shockwave Player can be leveraged to execute arbitrary code on vulnerable systems by enticing users to visit a malicious web site with a specially crafted .dir file. This vulnerability could be used by a remote attacker to execute arbitrary code with the privileges of the user that opened the malicious file.
695649c7d963064d7f163ac945a29aca4d694e1c7ff52a09ee8e2a7a93377531
Core Security Technologies Advisory - When the install script for e107 CMS has not been removed, an attacker can "reinstall" the application using arbitrary parameters. If the attacker puts a valid MySql server followed a semicolon and PHP code, this will be executed when the config file gets requested. This parameters are stored in the config file "e107_config.php". Version 0.7.24 is affected.
f1aa6364a9b7aec87affa0e57cc0ec5d09d69d9a12a32fe5e884c8288d964039
Secunia Security Advisory - Core Security Technologies has reported a vulnerability in Microsoft Office Publisher 2007, which can be exploited by malicious people to compromise a user's system.
9f8cd5af4fb62d219d656368b4151ddb77e67059235d35c11cb787fbce38e991
Core Security Technologies Advisory - Microsoft Publisher is a desktop publishing application from Microsoft that uses a proprietary file format (.pub). A vulnerability has been found in Publisher 2007, that can be leveraged by an attacker to execute arbitrary code by enticing users to insert a specially-crafted .pub file into a document.
7393db4575d55c43a0190c93fc1da01edde0c4413669ca97163f00e3e4952ff0
Core Security Technologies Advisory - A security vulnerability was discovered in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user receives a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid logon credentials and be able to log on locally in order to exploit this vulnerability.
63a99e0648400fc4a825807649566b16a5329ecd24004648e3f3de7fcc0edde8
Core Security Technologies Advisory - HP Data Protector is an automated backup and recovery software for single-server to enterprise environments. A vulnerability in HP Data Protector could allow a remote attacker to execute arbitrary code. The vulnerability is triggered by sending a request to port 5555 of a host running the "data protector inet" service, part of HP Data Protector.
efa1df6ff293fc879184a56101095c205856a98933d395ba652967d9bb7600a0
Core Security Technologies Advisory - HP Data Protector is an automated backup and recovery software for single-server to enterprise environments. Multiple vulnerabilities have been found in HP Data Protector that could allow a remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered by sending a request to port 5555 of a host running the "data protector inet" service, part of HP Data Protector. The request has several parameters, including an opcode. By sending requests with specially crafted parameters, the different bugs can be triggered.
f98a13749e7a39ecb264fe5f8d281306487eb2c3e90b78c64ce6d9396ad34261
Secunia Security Advisory - Core Security Technologies has reported a vulnerability in IBM WebSphere Application Server, which can be exploited by malicious people to conduct cross-site request forgery attacks.
7c1531b169bcb2242a12e252567da29d369cacd155b2931061e145718727d15d
Core Security Technologies Advisory - The administrative console of IBM WebSphere Application Server is vulnerable to Cross-Site Request Forgery (CSRF) attacks, which can be exploited by remote attackers to force a logged-in administrator to perform unwanted actions on the IBM WebSphere administrative console, by enticing him to visit a malicious web page. Versions 7.0.0.11 and 7.0.0.13 are confirmed vulnerable.
c5935cba98df6fe3be07143a413aa1c7d1b1b171f7643b662db9f9dff22ce27e
Core Security Technologies Advisory - A security vulnerability was found in the driver 'vmswitch.sys', associated to the Windows Hypervisor subsystem, allowing an authenticated local DoS. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. The impact is all guests on that host became non-responsive. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability.
91762eded6d6cb85d92e2b2d56180960888179b29b556d5094c71c5746715573
Core Security Technologies Advisory - A memory corruption vulnerability in the Lotus Notes client application can be leveraged to execute arbitrary code on vulnerable systems by enticing users to open specially crafted spreadsheet files with the '.XLS' extension. The vulnerability arises from improper parsing of a BIFF record. This vulnerability could be used by a remote attacker to execute arbitrary code with the privileges of the user that opened the malicious file.
e3fb382c6354356fed21097c9c079189d9d234cd9528617f0916077745bc2a7c
Core Security Technologies Advisory - Adobe Audition is vulnerable to numerous buffer overflows while parsing several fields inside the TRKM chunk on session (.ses) files. Then, a memory corruption can be leveraged to execute arbitrary code on vulnerable systems by enticing users to open specially crafted session files.
bca39d351128dc119a842d9e07ba7f07d956f9a7c41897996b07986de69c7d31
Secunia Security Advisory - Core Security Technologies has reported a vulnerability in Sun GlassFish Enterprise Server, which can be exploited by malicious people to bypass certain security restrictions.
55f7f1ff824d14ad25853c782f038fd9af35f93eb2917d110b1f5caf236c2f48
Core Security Technologies Advisory - The Administration Console of Oracle GlassFish Server, which is listening by default on port 4848/TCP, is prone to an authentication bypass vulnerability. This vulnerability can be exploited by remote attackers to access sensitive data on the server without being authenticated, by making 'TRACE' requests against the Administration Console. Oracle GlassFish Server version 3.0.1 and Sun GlassFish Enterprise Server version 2.1.1 are affected.
3069091a5a304083556b231d526f0d1b73792c5176a24a96007d6fd9dee86cb0
Core Security Technologies Advisory - Two vulnerabilities have been found in VLC media player, when handling .AMV and .NSV file formats. These vulnerabilities can be exploited by a remote attacker to obtain arbitrary code execution with the privileges of the user running VLC. Versions 1.1.4 through 1.1.7 are affected.
8be83321208dda4d6d31da8ff809448217d99f09c95ce0362ee9c5369cec08f6
Secunia Security Advisory - Core Security Technologies has reported multiple vulnerabilities in ManageEngine ADSelfService Plus, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.
e01fb2bacf86b57d46885ab97ae04578d903d518300dd47c3e3bdc7aad3bb4d4
Core Security Technologies Advisory - ManageEngine ADSelfService Plus version 4.4 suffers from authentication bypass, protection mechanism failure, and cross site scripting vulnerabilities.
a4ee9856738a01de33d18e20d426b4e2dfb7b45bc125c6315a92425571b2ae12
Core Security Technologies Advisory - There are stack overflows on WebEx that can be exploited by sending maliciously crafted .atp and .wrf files to a vulnerable WebEx user. When opened, these files trigger a reliably exploitable stack based buffer overflow. Code execution is trivially achieved on the .wrf case because WebEx Player allocates a function pointer on the stack that is periodically used in what seems to be a callback mechanism, and also because DEP and ASLR are not enabled. In the .atp case an exception handler can be overwritten on the stack, and most registers can be trivially overwritten.
352f1691497ff70b83f9039f8094fb6c41b1beb68e1b341fbc1f1722864dc8d2
Core Security Technologies Advisory - The Intel Alert Handler service ('hndlrsvc.exe') fails to correctly process the 'CommandLine' field in the AMS request. A source address in a 'MOV' instruction is calculated from values present in the request, causing a remote denial-of-service.
55e5c8b436e323fd3f97ab13849257975ad0f4264ec70be10dbcab9dc97bde9d