<< Previous Next >>
Remote code execution
CVE-2008-6071 CVE-2008-6072 CVE-2008-6621 CVE-2009-1882
Debian Bugs : 414370 417862 444266 491439 530946
Several vulnerabilities have been discovered in graphicsmagick, a
collection of image processing tool, which can lead to the execution
of arbitrary code, exposure of sensitive information or cause DoS.
The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-1667
CVE-2007-4987 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097
CVE-2009-1882
Debian Bug : 418057 412945 444267 530838
Several vulnerabilities have been discovered in the imagemagick image
manipulation programs which can lead to the execution of arbitrary code,
exposure of sensitive information or cause DoS. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2007-1667
CVE-2008-1768
Drew Yao discovered that multiple integer overflows in the MP4 demuxer,
Real demuxer and Cinepak codec can lead to the execution of arbitrary
code.
CVE-2008-1769
Drew Yao discovered that the Cinepak codec is prone to a memory
corruption, which can be triggered by a crafted Cinepak file.
Details follow:
It was discovered that Ghostscript contained a buffer underflow in its
CCITTFax decoding filter. If a user or automated system were tricked into
opening a crafted PDF file, an attacker could cause a denial of service or
execute arbitrary code with privileges of the user invoking the program.
(CVE-2007-6725)
It was discovered that Ghostscript contained a buffer overflow in the
BaseFont writer module. If a user or automated system were tricked into
opening a crafted Postscript file, an attacker could cause a denial of
Problem Description:
Heap-based buffer overflow in the rmff_dump_cont function in
input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote
attackers to execute arbitrary code via the SDP Abstract attribute,
related to the rmff_dump_header function and related to disregarding
the max field. Although originally a xine-lib issue, also affects
MPlayer due to code similarity. (CVE-2008-0225)
Multiple heap-based buffer overflows in the rmff_dump_cont function
CVE-2010-1797
Multiple stack-based buffer overflows in the
cff_decoder_parse_charstrings function in the CFF Type2 CharStrings
interpreter in cff/cffgload.c in FreeType allow remote attackers to
execute arbitrary code or cause a denial of service (memory
corruption) via crafted CFF opcodes in embedded fonts in a PDF
document, as demonstrated by JailbreakMe.
CVE-2010-2541
Problem Description:
Multiple vulnerabilities was discovered and corrected in the
OpenOffice.org:
Integer overflow allows remote attackers to execute arbitrary code
via a crafted XPM file that triggers a heap-based buffer overflow
(CVE-2009-2949).
Heap-based buffer overflow allows remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code
CVE ID : CVE-2010-3450 CVE-2010-3451 CVE-2010-3452 CVE-2010-3453
CVE-2010-3454 CVE-2010-3689 CVE-2010-4253 CVE-2010-4643
Several security related problems have been discovered in the
OpenOffice.org package that allows malformed documents to trick the
system into crashes or even the execution of arbitrary code.
CVE-2010-3450
During an internal security audit within Red Hat, a directory
traversal vulnerability has been discovered in the way
XSLT JAR filter description file, an Extension (aka OXT) file, or
unspecified other JAR or ZIP files (CVE-2010-3450).
Use-after-free vulnerability in oowriter allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via malformed tables in an RTF document (CVE-2010-3451).
Use-after-free vulnerability in oowriter allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via crafted tags in an RTF document (CVE-2010-3452).
based on Firefox:
CVE-2011-0083 / CVE-2011-2363
"regenrecht" discovered two use-after-frees in SVG processing, which
could lead to the execution of arbitrary code.
CVE-2011-0085
"regenrecht" discovered a use-after-free in XUL processing, which
could lead to the execution of arbitrary code.
unbranded version of Seamonkey:
CVE-2011-0083 / CVE-2011-2363
"regenrecht" discovered two use-after-frees in SVG processing,
which could lead to the execution of arbitrary code.
CVE-2011-0085
"regenrecht" discovered a use-after-free in XUL processing, which
could lead to the execution of arbitrary code.
version of the Thunderbird mail/news client.
CVE-2011-0083 / CVE-2011-2363
"regenrecht" discovered two use-after-frees in SVG processing,
which could lead to the execution of arbitrary code.
CVE-2011-0085
"regenrecht" discovered a use-after-free in XUL processing, which
could lead to the execution of arbitrary code.
III. ANALYSIS
Summary:
A) Remote Code Execution
B) Cross Site Request Forgery
C) Local File Inclusion
A) Remote Code Execution
>
> III. ANALYSIS
>
> Summary:
>
> A) Remote Code Execution
> B) Cross Site Request Forgery
> C) Local File Inclusion
>
> A) Remote Code Execution
>
[waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10
===============================================================================
Author: Janek Vind "waraxe"
Independent discovery: koziolek
Date: 16. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-61.html
III. ANALYSIS
Summary:
A) Remote Code Execution (RCE) Vulnerability
B) Local File Inclusion (LFI) Vulnerability (pre-auth)
C) Cross Site Scripting (XSS) Vulnerabilities (pre-auth, reflected)
D) Cross Site Scripting (XSS) Vulnerabilities (post-auth, reflected)
A) Remote Code Execution (RCE) Vulnerability
HP strongly recommends the immediate installation of all security patches that apply to third party software which is integrated with SMA software products supplied by HP, and that patches are applied in accordance with an appropriate patch management policy.
Note: Patch installation instructions are shown at the end of this table.
-------------------------------------------------
MS Patch - MS08-070 Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
Analysis - SMA does not have this component. Patch will not run successfully
Action - Customers should not be concerned with this issue.
-------------------------------------------------
MS Patch - MS08-071 Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
Analysis - Possible security issue exists. Patch will run successfully.
-------------------------------------------------
MS Patch - MS08-056 Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
-------------------------------------------------
MS Patch - MS08-057 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
-------------------------------------------------
MS Patch - MS08-058 Cumulative Security Update for Internet Explorer (956390)
Analysis - Possible security issue exists. Patch will run successfully.
.bib bibliography file (CVE-2009-1284).
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc
in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in
GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote
attackers to execute arbitrary code via a crafted PDF document that
triggers a heap-based buffer overflow (CVE-2009-3608).
Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX,
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted virtual font
Multiple vulnerabilities has been found and corrected in
mozilla-thunderbird:
Unspecified vulnerability in Mozilla Firefox 3 allows remote attackers
to execute arbitrary code via unknown vectors that trigger memory
corruption, as demonstrated by Nils during a Pwn2Own competition at
CanSecWest 2010 (CVE-2010-1121).
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function
in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4,
=======
Cisco IronPort Encryption Appliance devices contain two
vulnerabilities that allow remote, unauthenticated access to any file
on the device and one vulnerability that allows remote,
unauthenticated users to execute arbitrary code with elevated
privileges. There are workarounds available to mitigate these
vulnerabilities.
Cisco has released free software updates that address these
vulnerabilities. This advisory is posted at:
CVE-2009-2408 (CVE-2009-2702).
The JavaScript garbage collector in WebKit in Apple Safari before
4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1
through 2.2.1 does not properly handle allocation failures, which
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
HTML document that triggers write access to an offset of a NULL
pointer. (CVE-2009-1687).
WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit
Security issues were identified and fixed in firefox 3.5.x:
liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before
2.0.1 might allow context-dependent attackers to cause a denial of
service (application crash) or execute arbitrary code via unspecified
vectors, related to memory safety issues. (CVE-2009-3388)
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used
in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows
remote attackers to cause a denial of service (application crash)
the following problems:
CVE-2009-3070
Jesse Ruderman discovered crashes in the layout engine, which
might allow the execution of arbitrary code.
CVE-2009-3071
Daniel Holbert, Jesse Ruderman, Olli Pettay and "toshi" discovered
crashes in the layout engine, which might allow the execution of
A memory leak flaw allows remote attackers to cause a denial of service
(memory consumption and application crash) via a crafted image file
(CVE-2009-0581).
Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted image file that triggers a heap-based buffer
overflow (CVE-2009-0723).
Multiple stack-based buffer overflows allow remote attackers to
execute arbitrary code via a crafted image file associated with a large
integer value for the (1) input or (2) output channel (CVE-2009-0733).
A memory leak flaw allows remote attackers to cause a denial of service
(memory consumption and application crash) via a crafted image file
(CVE-2009-0581).
Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted image file that triggers a heap-based buffer
overflow (CVE-2009-0723).
Multiple stack-based buffer overflows allow remote attackers to
execute arbitrary code via a crafted image file associated with a large
integer value for the (1) input or (2) output channel (CVE-2009-0733).
8.2. *Arbitrary Remote Code Execution*
Once the Openfire administrator's browser is executing arbitrary
Javascript and his/her session cookies have been stolen, it is trivial
to execute arbitrary code as there is no need to re-authenticate to
upload a new server plugin. Secure web applications generally
re-authenticate the administrator when performing such sensitive tasks.
In this case, however, you can simply upload a new plugin, without
re-authentication, with arbitrary Java code on the constructor. The
constructor will be called when the plugin is uploaded.
Failure on manipulation of either MNG or Real or MOD files can lead
remote attackers to cause a denial of service by using crafted files
(CVE: CVE-2008-5233).
Heap-based overflow allows remote attackers to execute arbitrary
code by using Quicktime media files holding crafted metadata
(CVE-2008-5234).
Heap-based overflow allows remote attackers to execute arbitrary code
by using either crafted Matroska or Real media files (CVE-2008-5236).
CVE-2008-0016
Justin Schuh, Tom Cross and Peter Williams discovered a buffer
overflow in the parser for UTF-8 URLs, which may lead to the
execution of arbitrary code.
CVE-2008-3835
"moz_bug_r_a4" discovered that the same-origin check in
nsXMLDocument::OnChannelRedirect() could by bypassed.
provide a method whereby the viewer of that web page can request a local
print of a host resident print job, archived print job or a report
stream through a server-side script request.
Anzio Web Print Object is vulnerable to a buffer overflow attack, which
can be exploited by remote attackers to execute arbitrary code, by
providing a malicious web page with a long "mainurl" parameter for the
WePO ActiveX component.
*Vulnerable Packages*
<<Previous Next>>
|
