<< Previous Next >>
graphical user interface
+---------------------------------------
Unprivileged users can elevate their privileges to those of the
LocalSystem account by enabling the Start Before Logon (SBL) feature
and interacting with the Cisco AnyConnect Secure Mobility Client
graphical user interface in the Windows logon screen.
To prevent this issue, fixed versions of the Cisco AnyConnect Secure
Mobility Client limit the amount of interaction that is possible in
the client's graphical user interface when it is displayed on the
Windows logon screen.
> > diminishes VM guest/host isolation in such a manner to facilitate privilege
> > escalation, spreading of malware, and compromise of guest operating systems.
> >
>
> Furthermore, this attack only works if you are running the vmware guest
> utilities *and* you are currently logged into a GUI desktop running the
> vmware userland process.
>
> In (not so) short, this attack vector is virtually worthless if reasonable
> security practices are employed.
Unapproved download does open exploit vectors against other
vulnerabilities, especially when the download is to a location the
attacker can predict.
Merely opening a folder in a GUI triggers exploitable actions such as
icon display. Desktop.ini in Windows triggers actions when its
containing folder is opened. Selecting a file to delete it can trigger
other exploitable actions. Anti-virus scans and other automatic
processes can be exploited by the download or even the mere presence of
some hostile files.
physical security. If the host OS (or an account within it) is compromised,
of course all bets are off when it comes to a virtual machine running within
it.
Furthermore, this attack only works if you are running the vmware guest
utilities *and* you are currently logged into a GUI desktop running the
vmware userland process.
I personally look at this as an issue for Windows. I personally don't
install the vmware guest software for my Linux VMs, nor would I log into a
GUI as root. For that matter, if you are merely hosting the guest VMs why
of course all bets are off when it comes to a virtual machine running
within
it.
Furthermore, this attack only works if you are running the vmware guest
utilities *and* you are currently logged into a GUI desktop running the
vmware userland process.
I personally look at this as an issue for Windows. I personally don't
install the vmware guest software for my Linux VMs, nor would I log into
a
Overview:
The premium and new line of QNAP network storage solutions allow
for full hard disk encryption. When rebooting, the user has to
unlock the hard disk by supplying the encryption passphrase via
the web GUI.
However, when the hard disk is encrypted, a secondary key is
created, added to the keyring, and stored in the flash with minor
obfuscation.
protected by the author's digital signature:
1) Store it in an additional file inside the OOXML ZIP container
2) Apply a suitable transformation during the signature creation to
protect user defined Meta-data entries, then what ever the user did not
fill in before signing is not protected, but here we have a problem
communicating this via GUI to the user.
3) probably several other ways ...
> Just think of it as a sticker placed on the outside of a sealed
> envelope: You mustn't trust anything on the outside, just look inside
> the envelope to find the information you can rely on.
physical security. If the host OS (or an account within it) is compromised,
of course all bets are off when it comes to a virtual machine running within
it.
Furthermore, this attack only works if you are running the vmware guest
utilities *and* you are currently logged into a GUI desktop running the
vmware userland process.
I personally look at this as an issue for Windows. I personally don't
install the vmware guest software for my Linux VMs, nor would I log into a
GUI as root. For that matter, if you are merely hosting the guest VMs why
protected by the author's digital signature:
1) Store it in an additional file inside the OOXML ZIP container
2) Apply a suitable transformation during the signature creation to
protect user defined Meta-data entries, then what ever the user did not
fill in before signing is not protected, but here we have a problem
communicating this via GUI to the user.
3) probably several other ways ...
> Just think of it as a sticker placed on the outside of a sealed
> envelope: You mustn't trust anything on the outside, just look inside
> the envelope to find the information you can rely on.
installed in. This means that you can write arbitrary things to it or
change files around, so you can have the same effect if you, say, add
a command to the root user's crontab...
>
> Furthermore, this attack only works if you are running the vmware guest
> utilities *and* you are currently logged into a GUI desktop running the
> vmware userland process.
Many people are in this situation.
>
> I personally look at this as an issue for Windows. I personally don't
> install the vmware guest software for my Linux VMs, nor would I log into a
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-043
Application: EAI WebViewer2D (EnjoySAP, SAP GUI for Windows 6.4 and 7.1)
Versions Affected: Tested on 7100.2.7.1038 PL 7
Vendor URL: http://SAP.com
Bugs: insecure method, File owervriting
Exploits: YES
Reported: 02.07.2009
Vendor response: 02.07.2009
WifiZoo v1.2:
-Bug Fixes
-It now has a web GUI running on localhost:8000, it will hopefully
make its use more 'convenient'
-And it also has an 'http proxy' ala ferret/hamster. You can display
the captured cookies with the web gui, clicking on a cookie will set
that cookie on the wifizoo proxy. Set your browser to use the proxy,
and again, hopefully, that will do the trick.
Norman
Norman Security Suite, Antivirus version 8.00, Norman Scanner Engine
version 6.07.11
Does not seem to recognize BO2k server as a threat.
Tested with the bo2k GUI executable: Prevents execution, claims to
move to quarantine,
but file stays where it was.
The Engine version 6.07.13 does not recognize neither the BO2K GUI or
server as malware,
installation may be vulnerable.
Workaround:
As a workaround solution, disable the Apache HTTP Server with the
"stopgui" command. To re-enable the server, run "startgui".
Stopping the Apache HTTP Server will prevent the ARCserve user
from performing GUI operations. Most of the operations provided by
the GUI can be accomplished via the command line.
http://www.dsecrg.com/files/pub/pdf/Writing%20JIT-Spray%20Shellcode%20for%20fun%20and%20profit.pdf
As we give much attention on ERP and Business applications security
you can also download new exploits for popular client side Business applications
such as SAP GUI and Oracle Document Capture that use JIT-Spray
Shellcode.
SAP GUI 7.10 WebViewer3D ActiveX - JIT-Spray Exploit
http://dsecrg.com/files/exploits/SAP-Logon7-System.zip
<String>
</String>
</List>
</Attribute>
The workaround is somewhat fragile, it must be re-applied each time
after the password policy gets edited via GUI, because GUI drops the new
line character from the rule.
6) Time Table
2008/12/24 The vendor was informed
read document TEC446265.
Workaround:
As a workaround solution, disable the Apache HTTP Server with the
"stopgui" command. To re-enable the server, run "startgui".
Stopping the Apache HTTP Server will prevent the ARCserve user
from performing GUI operations. Most of the operations provided by
the GUI can be accomplished via the command line.
Version affected: 2.3.1 and prior
Product description:
Centreon is network supervision and monitoring tool that is based upon
the Nagios open source monitoring engine. Centreon can be used as a
Nagios GUI and it can provide such features as real time system
monitoring, performance management and system management.
Credit: Christophe De La Fuente of Trustwave SpiderLabs
Finding 1: Remote Command Execution
net user Administrator password
;-)
If in XP Professional you can use GUI or command prompt to change default
admin's password, then in XP HE you can only use command prompt (due to
Windows XP HE limitations).
P.S.
Published: 2010-02-08 Version: 1.1
SpiderLabs has documented view state tampering
vulnerabilities in three products from separate vendors.
View states are used by some web application frameworks to
store the state of HTML GUI controls. View states are
typically stored in hidden client-side input fields,
although server-side storage is widely supported.
The affected vendors generally recommend that client-side
view states are cryptographically signed and/or encrypted,
>>
>> net user Administrator password
>>
>> ;-)
>>
>> If in XP Professional you can use GUI or command prompt to change default
>> admin's password, then in XP HE you can only use command prompt (due to
>> Windows XP HE limitations).
>>
>> P.S.
>>
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-0930 CVE-2008-0931
Steve Kemp from the Debian Security Audit project discovered several local
vulnerabilities have been discovered in xwine, a graphical user interface
for the WINE emulator.
The Common Vulnerabilities and Exposures project identifies the following
problems:
Debian-specific: no
CVE Id : CVE-2009-2369
Tielei Wang has discovered an integer overflow in wxWidgets, the wxWidgets
Cross-platform C++ GUI toolkit, which allows the execution of arbitrary
code via a crafted JPEG file.
For the oldstable distribution (etch), this problem has been fixed in version
2.4.5.1.1+etch1 for wxwindows2.4 and version 2.6.3.2.1.5+etch1 for
wxwidgets2.6.
to BrightStor Hierarchical Storage Manager r11.6.
BrightStor Hierarchical Storage Manager r11.6:
http://supportconnectw.ca.com/premium/bstorhsm/downloads/BHSMr11_6.zip
How to determine if you are affected:
Run the BrightStor HSM Administrator GUI and open Help->About from
the toolbar to view the version. If the version is less than 11.6,
the installation is vulnerable.
Workaround: None
>
> Which is my point. If you don't have security on the host, you're already
> massively vulnerable regardless of whether or not this functionality exists.
>
> >> Furthermore, this attack only works if you are running the vmware guest
> >> utilities *and* you are currently logged into a GUI desktop running the
> >> vmware userland process.
> > Many people are in this situation.
>
> So we're surrounded by lemmings. You're not pinning that on me, man. ;-)
>
Vapid Labs http://vapid.dhs.org
1/24/2010
With the GUI Sun Update Manager being used to install patches on a system
local users can easily run scripts and create symlinks in an attempt to
clobber files and potentially escalate privileges as this application is
typically run in multi-user mode.
Many patches use insecure file creation in /tmp to store data during
installation. The easiest one to exploit is /tmp/CLEANUP which is used in a
POC:
::Save the following as a batch file and execute it.
:here
taskkill /im smcgui.exe /f
goto :here
Now since the smcgui.exe is running in the user account, It will not be
denied access to.
When the batch file is running, Open the file "c:\Program
>>>
>>> net user Administrator password
>>>
>>> ;-)
>>>
>>> If in XP Professional you can use GUI or command prompt to change
>>> default
>>> admin's password, then in XP HE you can only use command prompt (due to
>>> Windows XP HE limitations).
>>>
>>> P.S.
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RavenNuke is a web-based automated news publishing and content management
system based on PHP and MySQL. The system is fully controlled using a web-based
graphical user interface (GUI). RavenNuke is an extensively changed fork of
the phpNuke\portal system.
http://ravenphpscripts.com/
* Multiple Cross-Site Scripting vulnerabilities exist in the file
action/AttachFile.py when using the message, pagename, and target
filenames (CVE-2008-0781).
* Multiple Cross-Site Scripting vulnerabilities exist in
formatter/text_gedit.py (aka the gui editor formatter) which can be
exploited via a page name or destination page name, which trigger an
injection in the file PageEditor.py (CVE-2008-1098).
Impact
======
<<Previous Next>>
|
