<< Previous Next >>
Previous versions
consumption (CPU and memory).
http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit4.html
This exploit for wmk protocol works in Mozilla Firefox 3.0.19 (and besides
previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
(6.0.2900.2180), Google Chrome 1.0.154.48 and Opera 9.52.
For work of exploit the WebMoney Keeper Classic must be installed. In
browsers Firefox and IE occurs blocking and overloading of the system from
starting of WebMoney Keeper (also must work in IE8, but there was no
Vulnerable are Firefox 3.0.12 and Opera, but without access to cookies (the
same as in case of refresh-header redirectors), because code executed not in
context of original site. It can be used for fishing and executing of
JavaScript code (for malware spreading).
Vulnerable version is Mozilla Firefox 3.0.12 and previous versions (and 3.5
should be also vulnerable).
Vulnerable version is Opera 9.52 and previous versions (and
potentially next versions too).
execution of arbitrary code in kernel context. Exploitation has proven
to be non-trivial.
In order to reach the vulnerable code, a system would have to have
AppleTalk turned on. It would likely be used on a network consisting of
older Mac hosts since previous versions of Mac relied on it to implement
Apple File Sharing.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in Mac OS X
will likely crash the system. Exploitation has proven to be
non-trivial.
In order to exploit this vulnerability, a system would have to have
AppleTalk turned on. It would likely be used on a network consisting of
older Mac hosts since previous versions of Mac relied on it to implement
Apple File Sharing.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in Mac OS X
Location: javascript:alert%28document.cookie%29
The browser will show “Object Moved” page. At click on the link “here” the
code will execute in context of this site.
Vulnerable versions are Mozilla 1.7.x and previous versions.
Vulnerable versions are Firefox 3.0.13 and previous versions (and 3.5.x
should be also vulnerable).
As I wrote in my article Cross-Site Scripting attacks via redirectors
ciscoasa# show running-config threat-detection scanning-threat
threat-detection scanning-threat shun
Note: This feature was first introduced in Cisco ASA Software Version
8.0(2), Previous versions of Cisco ASA are not vulnerable.
Cisco ASA Syslog Message 305006 Denial of Service Vulnerability
+--------------------------------------------------------------
Affected products:
-------------------------
Vulnerable are both systems CMS WebManager-Pro from two developers.
Vulnerable are versions CMS WebManager-Pro v.7.0 (version from WebManager)
and previous versions, and also CMS WebManager-Pro v.7.4.3 (version from
FGS_Studio) and previous versions.
----------
Details:
----------
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180
Description:
Previous versions of openssl, when
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG was enabled, were
vulnerable to a ciphersuite downgrade attack, which could lead to
a remote attacker to potentially forcing a client to use a weaker
cipher.
-------------------------
Affected products:
-------------------------
Vulnerable are versions of plugin Register Plus 3.5.1 and previous versions.
Also for Insufficient Anti-automation are vulnerable WordPress 3.0.1 and
previous versions.
----------
Details:
moved" answer) outputs double quote in Location header in plain (not in URL
encoding) form.
Affected software:
Vulnerable are Mozilla 1.7.x and previous versions.
Vulnerable are Mozilla Firefox 3.0.19, Firefox 3.5.11, Firefox 3.6.8,
Firefox 4.0b2 and previous versions.
Vulnerable are Opera 10.53 and potentially all 10.x versions (at that
6. *Vendor Information, Solutions and Workarounds*
Oracle notifies that GlassFish Server 3.1 was released in March 2011 and
was fixed before release, so it is not affected. Oracle also notifies
that patches for previous versions will be available in July, 2011. As a
policy, Oracle does not provide workarounds unless they can be easily
applied by every customer.
6.1. *Workaround by Core Security*
site scripting vulnerabilities.
Systems affected:
-----------------
This has been confirmed in version 1.2.0 of Active Calendar. Previous
versions may also be affected.
Impact:
-------
When a user is tricked into clicking on a malicious link or submitting
a specially crafted form, the injected code travels to the vulnerable
HTML Injection:
http://site/modules/mod_jvclouds3D/jvclouds3D/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='http://websecurity.com.ua'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E
Vulnerable are JVClouds3D 1.0.9b and previous versions.
I mentioned about this vulnerability at my site
(http://websecurity.com.ua/3839/).
Best wishes & regards,
the SmartSockets framework.
IV. DETECTION
iDefense has confirmed the existence of these vulnerabilities in TIBCO
SmartSockets version 6.8.0. Previous versions may also be affected.
V. WORKAROUND
iDefense is currently unaware of any workarounds for these issues.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in Sun
Microsystem Inc.'s Java JRE version 1.6.0_07 for Windows. Previous
versions and versions for other platforms may also be affected.
V. WORKAROUND
iDefense is currently unaware of any workarounds for this vulnerability.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116
Description:
Previous versions of the perl package contain weaknesses when evaluating
regular expressions.
If a system is serving a perl-based web application that evaluates
remote input as a regular expression, an attacker may be be able to
exploit these weaknesses to execute arbitrary, attacker-provided code on
===============================================
Vendor: Microsoft (http://www.microsoft.com)
Product: ASP.Net (http://www.asp.net)
Versions affected: .Net 3.5 is confirmed vulnerable;
previous versions are likely to be vulnerable as well.
Description:
ASP.Net is a web-application development framework that
provides for both user interfaces, and back-end
functionality.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2941
Description:
Previous versions of the HP Linux Imaging and Printing (HPLIP) allow
local users to gain privileges and send e-amil messages from the root
account and cause a denial of service through the hpssd message parser
via a crafted packet.
http://wiki.rpath.com/Advisories:rPSA-2009-0014
===============================================
Vendor: Microsoft (http://www.microsoft.com)
Product: ASP.Net (http://www.asp.net)
Versions affected: .Net 3.5 is confirmed vulnerable;
previous versions are likely to be vulnerable as well.
Description:
ASP.Net is a web-application development framework that
provides for both user interfaces, and back-end
functionality.
===============================================
Vendor: Microsoft (http://www.microsoft.com)
Product: ASP.Net (http://www.asp.net)
Versions affected: .Net 3.5 is confirmed vulnerable;
previous versions are likely to be vulnerable as well.
Description:
ASP.Net is a web-application development framework that
provides for both user interfaces, and back-end
functionality.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553
Description:
Previous versions of the tk package are vulnerable to an Arbitrary Code
Execution attack in which an attacker may use a maliciously crafted GIF
file to trigger a buffer overflow in an application using libtk.
http://wiki.rpath.com/Advisories:rPSA-2008-0054
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-2187
https://issues.rpath.com/browse/RPL-2188
Description:
Previous versions of the mysql package contain multiple weaknesses that
can lead to local-server crashes and internal privilege escalations.
Additionally, the immediately previous version of mysql was unable to
create databases in TRADITIONAL mode. This has been corrected.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021
Description:
Previous versions of NTP do not properly check the return value from the
OpenSSL EVP_VerifyFinal funciton, which allows remote attackers to bypass
validation of the certificate chain via a malformed SSL/TLS signature for
DSA and ECDSA keys.
http://wiki.rpath.com/Advisories:rPSA-2009-0010
CMS VULNERABILITY:
-->TESTED ON: firefox 3
-->DORK: N/A
-->CATEGORY: SQL INJECTION
-->AFFECT VERSION: <= 1.2-Beta (Checked previous versions are also vulns)
-->Discovered Bug date: 2009-06-08
-->Reported Bug date: 2009-06-09
-->Fixed bug date: 2009-06-10
-->Info patch (1.3): http://sourceforge.net/projects/splog/
-->Author: YEnH4ckEr
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939
Description:
Previous versions of the httpd package contain multiple vulnerabilities:
mod_proxy_http is vulnerable to a Denial of Service attack, and
mod_proxy_ftp contains a weakness that enables a cross-site-scripting
(XSS) attack.
In their default configurations, rPath Linux 1 and rPath Appliance
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379
Description:
Previous versions of the xorg-x11 package contain multiple
vulnerabilities, the most serious of which allow authenticated
users to execute arbitrary code with elevated privileges.
http://wiki.rpath.com/Advisories:rPSA-2008-0201
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4316
Description:
Previous versions of glib contain a vulnerability in the base64
encode and decode functions which may result in executing
attacker-supplied code when processing large strings. This
vulnerability is present only through applications that accept
user-supplied strings and process them with the base64 encode or
decode functionality of glib.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528
Description:
Previous versions of the kernel package contain multiple
vulnerabilities, the most serious of which my allow a
local user to cause a Denial of Service or possibly gain
escalated privileges.
A system reboot is required to resolve these vulnerabilities.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
Description:
Previous versions of libpng are vulnerable to denial of service or
possibly arbitrary code execution attacks via buffer overflows
caused by a maliciously crafted PNG file.
http://wiki.rpath.com/Advisories:rPSA-2009-0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5937
http://wiki.rpath.com/Advisories:rPSA-2007-0266
http://wiki.rpath.com/Advisories:rPSA-2008-0007
Description:
Previous versions of the tetex package are vulnerable to multiple issues,
the worst of which is believed to allow arbitrary code execution via
user-assisted vectors when dvips or dviljk are run of specially-crafted
files, or when loading malformed font data using t1lib.
- ---
<<Previous Next>>
|
