<< Previous Next >>
execution
for a site. And taking into account all those holes in CMS SiteLogic which I
reported to security mailing lists, which easily allow to gain access to
admin panel, the risk of this vulnerability is even growth (in combination
with other vulnerabilities).
> Many web hosting provider doesn't allow an user to execute commands
It's not a problem for serious hackers. Even those commands which allowed on
average server are enough for many things ;-).
> This is not a command execution vulnerability but an arbitrary file upload
fork of the Cute News project which is designed to improve security and
is available for free from http://korn19.ch/coding/utf8-cutenews/
Multiple vulnerabilities exist in Cute News and UTF-8 CuteNews. These
vulnerabilities can be exploited to steal user credentials, disclose
file contents, disclose the file path of the application and execute
arbitrary commands.
Cute News appears to be abandoned since September 2008. A local file
inclusion (LFI) vulnerability was discovered by athos on January 9th,
2009 for which no patch has been made.
b. Privilege escalation on ESX or Linux based hosted operating systems
This update fixes a security issue related to local exploitation of
an untrusted library path vulnerability in vmware-authd. In order to
exploit this vulnerability, an attacker must have local access and
the ability to execute the set-uid vmware-authd binary on an affected
system. Exploitation of this flaw might result in arbitrary code
execution on the Linux host system by an unprivileged user.
VMware would like to thank iDefense for reporting this issue to us.
AOL LLC Vendor Statement;
Overview
AOL has become aware of security vulnerabilities in several AIM instant
messaging clients. Successful exploitation of these vulnerabilities could
allow an attacker to execute arbitrary commands on a user's workstation.
AOL has deployed host side filtering on the AIM servers to block this
potentially malicious content from being sent to AIM clients.
Affected Products and Applications
* AIM 6.1
CGI Command Injection
+--------------------
A CGI command injection vulnerability exists within the Cisco
TelePresence Recording Server that could allow a remote,
unauthenticated attacker to execute arbitrary commands with elevated
privileges. To successfully exploit this vulnerability the attacker
would need the ability to submit a malformed request to an affected
device via TCP port 443.
An attacker must perform a three-way TCP handshake and establish a
---[ Vulnerability description ]
Positive Research Center has discovered multiple XSS vulnerabilties in Kayako Support Suite.
Application insufficiently verifies subscriberdata incoming parameter in /staff/index.php?_m=news&_a=importexport script.
An attacker with "staff" privileges can use the vulnerabilty to inject and execute arbitrary HTML code and scripts in a user's browser within the trust relationship between the browser and the server.
To use the vulnerability an attacker should convince a user with "staff" privileges to open URL like:
http://example.com/support/staff/index.php?_m=news&_a=managesubscribers&importsub=1&resultdata=YTo0OntzOjEzOiJzdWNjZXNzZW1haWxzIjtpOjA7czoxMjoiZmFpbGVkZW1haWxzIjtpOjE7czoxMToidG90YWxlbWFpbHMiO2k6MTtzOjk6ImVtYWlsbGlzdCI7czo5MDoiPHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD5APHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4uPHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4gIjt9
Application insufficiently verifies subject incoming parameter in /staff/index.php?_m=news&_a=insertnews script.
An attacker with "staff" privileges can use the vulnerabilty to inject and execute arbitrary HTML code and scripts in a user's browser within the trust relationship between the browser and the server.
An attacker should trick a user with "staff" privileges to open URL like:
.text:10001220 push eax
.text:10001221 call ZwQueryObject ; query object
name information
---
Arbitrary code execution is probably impossible, since an attacker
does not control content which will be written to the pointers under
user's control.
These drivers are only present after installation of the application -
after reboot they are not loaded. There is strong possibility that
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
earlier allows remote attackers to cause a denial of service (daemon
crash) and possibly execute arbitrary code via a crafted TIFF image,
which is not properly handled by the (1) _cupsImageReadTIFF function
in the imagetops filter and (2) imagetoraster filter, leading to a
heap-based buffer overflow. (CVE-2009-0163)
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
vulnerability.
Details:
SektionEins recently demonstrated how it is sometimes possible
to execute arbitrary PHP code in an application using unserialize()
on user supplied data. In detail various exploits were shown that
work against all Zend Framework based applications that unserialize()
user input. Part of this research was to find popular PHP open
source applications that are vulnerable to this.
the following problems:
CVE-2009-0945
Array index error in the insertItemBefore method in WebKit, allows remote
attackers to execute arbitrary code via a document with a SVGPathList data
structure containing a negative index in the SVGTransformList, SVGStringList,
SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object,
which triggers memory corruption.
Abstract
------------------------------------------------------------------------
While doing a quick sweep over the code base of FreeWebshop.org (FWS)
several vulnerabilities have been found in FWS. These vulnerabilities
allow attackers to obtain arbitrary information from the webserver and
database. It is even possible to execute arbitrary code with the
privileges of FWS. In some cases it may even be possible to fully
compromise the system on which FWS is installed. Most of these issues
are related to the fact that FWS fully trusts the content of the cookies
that it receives. These issues were discovered within a very small
time frame, it is likely that more issues exist within FWS. A full
crafted images with large or negative values that trigger a
buffer overflow. It only affects the oldstable distribution (etch).
CVE-2007-1797
Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted DCM image, or the colors or comments field in a
crafted XWD image. It only affects the oldstable distribution (etch).
CVE-2007-4985
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
earlier allows remote attackers to cause a denial of service (daemon
crash) and possibly execute arbitrary code via a crafted TIFF image,
which is not properly handled by the (1) _cupsImageReadTIFF function
in the imagetops filter and (2) imagetoraster filter, leading to a
heap-based buffer overflow. (CVE-2009-0163)
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
earlier allows remote attackers to cause a denial of service (daemon
crash) and possibly execute arbitrary code via a crafted TIFF image,
which is not properly handled by the (1) _cupsImageReadTIFF function
in the imagetops filter and (2) imagetoraster filter, leading to a
heap-based buffer overflow. (CVE-2009-0163)
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
large or negative values that trigger a buffer overflow. It only affects
the oldstable distribution (etch).
CVE-2007-1797
Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted DCM image, or the colors or comments field in a
crafted XWD image. It only affects the oldstable distribution (etch).
CVE-2007-4985
about software on the user's computer. This issue only affects Firefox 2.
(CVE-2008-5012)
It was discovered that Firefox did not properly check if the Flash
module was properly unloaded. By tricking a user into opening a crafted
SWF file, an attacker could cause Firefox to crash and possibly execute
arbitrary code with user privileges. This issue only affects Firefox 2.
(CVE-2008-5013)
Jesse Ruderman discovered that Firefox did not properly guard locks on
non-native objects. If a user were tricked into opening a malicious
Details follow:
Alin Rad Pop discovered an array index vulnerability in the SDP
parser. If a user or automated system were tricked into opening a
malicious RTSP stream, a remote attacker may be able to execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2008-0073)
Luigi Auriemma discovered that xine-lib did not properly check
buffer sizes in the RTSP header-handling code. If xine-lib opened an
Installation Instructions: (if applicable)
Download patches to a system other than the SMA
Copy the patch to a floppy diskette or to a CD
Execute the patch by using Terminal Services to the SMA or by attaching a keyboard, monitor and mouse to the SMA.
Note: The Microsoft Windows Installer 3.1 is supported on SMA v2.1. For more information please refer at the following website: http://www.microsoft.com/downloads/details.aspx?FamilyID=889482fc-5f56-4a38-b838-de776fd4138c&hash=SYSSXDF&displaylang=en
PRODUCT SPECIFIC INFORMATION
the CalDAV protocol for calendar sharing [2]. There is a growing number
of web sites providing calendars files and open subscription to calendar
updates [3][4][5].
Three vulnerabilities discovered in the iCal application may allow
un-authenticated attackers to execute arbitrary code on vulnerable
systems with (and potentially without) the assistance from the end user
of the application or to repeatean resource liberationdly execute a
denial of service attack to crash the iCal application.
The most serious of the three vulnerabilities is due to potential
the CalDAV protocol for calendar sharing [2]. There is a growing number
of web sites providing calendars files and open subscription to calendar
updates [3][4][5].
Three vulnerabilities discovered in the iCal application may allow
un-authenticated attackers to execute arbitrary code on vulnerable
systems with (and potentially without) the assistance from the end user
of the application or to repeatean resource liberationdly execute a
denial of service attack to crash the iCal application.
The most serious of the three vulnerabilities is due to potential
Installation Instructions: (if applicable)
Download patches to a system other than the SMA
Copy the patch to a floppy diskette or to a CD
Execute the patch by using Terminal Services to the SMA or by attaching a keyboard, monitor and mouse to the SMA.
Note: The Microsoft Windows Installer 3.1 is supported on SMA v2.1. For more information please refer at the following website: http://www.microsoft.com/downloads/details.aspx?FamilyID=889482fc-5f56-4a38-b838-de776fd4138c&hash=SYSSXDF&displaylang=en
PRODUCT SPECIFIC INFORMATION
Installation Instructions: (if applicable)
Download patches to a system other than the SMA
Copy the patch to a floppy diskette or to a CD
Execute the patch by using Terminal Services to the SMA or by attaching a keyboard, monitor and mouse to the SMA.
Note: The Microsoft Windows Installer 3.1 is supported on SMA v2.1. For more information please refer at the following website: http://www.microsoft.com/downloads/details.aspx?FamilyID=889482fc-5f56-4a38-b838-de776fd4138c&hash=SYSSXDF&displaylang=en
PRODUCT SPECIFIC INFORMATION
Installation Instructions: (if applicable)
Download patches to a system other than the SMA
Copy the patch to a floppy diskette or to a CD
Execute the patch by using Terminal Services to the SMA or by attaching a keyboard, monitor and mouse to the SMA.
Note: The Microsoft Windows Installer 3.1 is supported on SMA v2.1. For more information please refer at the following website: http://www.microsoft.com/downloads/details.aspx?FamilyID=889482fc-5f56-4a38-b838-de776fd4138c&hash=SYSSXDF&displaylang=en
PRODUCT SPECIFIC INFORMATION
Problem Description:
Multiple vulnerabilities was discovered and corrected in the
OpenOffice.org:
Integer overflow allows remote attackers to execute arbitrary code
via a crafted XPM file that triggers a heap-based buffer overflow
(CVE-2009-2949).
Heap-based buffer overflow allows remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code
users for requests that were initiated by a plugin and received a
307 redirect to a page on a different web site. (CVE-2011-0059)
Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird
before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers
to execute arbitrary code or cause a denial of service (application
crash) via a crafted JPEG image. (CVE-2011-0061)
The nsIScriptableUnescapeHTML.parseFragment method in the
ParanoidFragmentSink protection mechanism in Mozilla Firefox before
3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey
- --[ Synopsis:
The linux version of xpdf is linked against t1lib, which is vulnerable
to multiple vulnerabilities including off by ones, integer overflows
and heap corruptions. At least one of those is exploitable and allows
arbitrary code to be executed on the target machine when opening a
specially crafted pdf file.
- --[ Vulnerabilities overview:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ZENphoto, which can be exploited to perform arbitrary PHP code execution, sql injection and cross site scripting attacks.
1) Arbitrary PHP Code Execution in ZENphoto: CVE-2012-0993
Input passed via "viewer_size_image_saved" COOKIE parameter is not properly sanitised before being used in an "eval()" call.
This can be exploited to execute arbitrary PHP code.
The following PoC is available:
GET /[album_name]/[image.jpg].php HTTP/1.1
* Embedded Linux : Polycom Linux Development Platform v2.14.g3
Other versions or models may also be affected.
* Impact : Successful exploitation of this vulnerability may
allow an attacker to execute arbitrary commands on
Polycom operating system.
The Polycom HDX 8000 series [1] is a well-known video and audio
conference device running an embedded Linux PPC system.
Multipoint Switch. This security advisory outlines details of the
following vulnerabilities:
* Unauthenticated Java Servlet Access
* Unauthenticated Arbitrary File Upload
* Cisco Discovery Protocol Remote Code Execution
* Unauthorized Servlet Access
* Java RMI Denial of Service
* Real-Time Transport Control Protocol Denial of Service
* XML-Remote Procedure Call (RPC) Denial of Service
This security advisory outlines the details of the following
vulnerabilities:
* Simple Object Access Protocol (SOAP) Authentication Bypass
* Java Remote Method Invocation (RMI) Command Injection
* Cisco Discovery Protocol Remote Code Execution
Duplicate Issue Identification in Other Cisco TelePresence Advisories
+--------------------------------------------------------------------
The Cisco Discovery Protocol remote code execution vulnerability
<<Previous Next>>
|
