<< Previous Next >>
types
------------------------------------------------------------------------
ATTACH_BY_REF_RESOLVE
------------------------------------------------------------------------
A message or attachment can have a Message Class property that loosely
defines the type of a message, contact or other personal information
manager objects. For normal e-mail messages, the message class is set to
IPM.Note. The Message Class is set by the TNEF attMessageClass
structure or by the PR_MESSAGE_CLASS MAPI property.
If the Message Class is set to IPM.Document Outlook will process this
Xpdf runs under the X Window System on UNIX, VMS, and OS/2. The non-X
components (pdftops, pdftotext, etc.) also run on Win32 systems and
should run on pretty much any system with a decent C++ compiler.
Xpdf is designed to be small and efficient. It can use Type 1 or
TrueType fonts.
- --[ Synopsis:
January 14, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : t1lib
Vulnerability : several
Problem type : local
Debian-specific: no
CVE ID : CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552
CVE-2011-1553 CVE-2011-1554
Debian Bug : 652996
VMware Virtual Center 2.5 Update 6
----------------------------------
Version 2.5 Update 6
Build Number 227637
Release Date 2010/01/29
Type Product Binaries
http://downloads.vmware.com/download/download.do?downloadGroup=VC250U6
VirtualCenter DVD image - English only version
File size: 854 MB
File type: .iso
by Core was actually exploiting a different bug than the one originally
reported and therefore it should be considered a separate security
issue. The URLMON sniffing vulnerability refers to the variant
discovered in the CORE-2008-0826 time line. When loading a local file
Internet Explorer's HTML rendering engine [7] will only check its MIME
type to see if it is a positive match on the files it can handle. For
unknown types that are treated as HTML because they've been referred to
by a redirection, content type determination will default to 'text/html'
in absence of a type explicitly set by the content source. In the case
of non-html files for which there isn't an explicit content-type set,
URLMON will default to the 'text/html' type as suggested from the
September 4th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : silc-client/silc-toolkit
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2008-7159 CVE-2008-7160 CVE-2009-3051
Several vulnerabilities have been discovered in the software suite for the
SILC protocol, a network protocol designed to provide end-to-end security
rendered as if it belonged to the *Internet Zone* but since the file
containing it is stored in '\\127.0.0.1' it would also be able to access
any other file on the visitor's file system.
The problem is derived from the sequence of actions performed by
Internet Explorer to determine the content-type of the content to be
loaded and the appropriate way to render it. The algorithm followed for
this purpose is described in Microsoft's Knowledgebase article titled
MIME Type Detection in Internet Explorer [4] and implemented in the
function 'FindMimeFromData' in 'URLMON.DLL'[5].
bugs are targeted at users of a vulnerable web application rather than
at the application itself, although one could say that since the XSS
vulnerability in the web application created the vector that allows the
compromise of several of its user's web browsers, the web application
itself originated the problem. The term 'cross-site scripting' is also
sometimes used in a broader-sense referring to different types of
vulnerabilities that lead to attacks that inject scripting code into
client applications from sources that would not be trusted during script
execution runtime if the corresponding bug did not exist. For additional
information, please look at the references [2], [3], [4], [5] and [6].
timer. The shutdown dialog box displays status code -1073741819.
After restarting, errors similar to the following are found in the
application event log:
Type: Error
Source: Application Error
Category: (100)
Event ID: 1000
Description: Faulting application lsass.exe, version <version>,
faulting module authz.dll, version <version>, fault address
======
2) Bug
======
In CoD4 has been introduced a new type of connectionless command (like
getinfo, getstatus, connect and so on) called "stats" that seems
related to player statistics and can be of 6 types which are sent by
the client in sequential order just after having joined the remote
game.
Content negotiation, or more accurately content selection,
is the selection of the document that best matches the clients
capabilities, from one of several available documents. There are
two implementations of this.
* A type map (a file with the handler type-map) which explicitly
lists the files containing the variants.
* A MultiViews search (enabled by the MultiViews Option, where the
server does an implicit filename pattern match, and choose from
amongst the results.
the CPU's time introducing a Denial of Service condition.
Details
*******
Once a client connects to the database process and performs protocol
negoation (TNS packet type 1) and data type represenations (packet type 2)
it may then send packets of type 6 - Data packets. If the server gets a
packet with the 2nd bit of the Data flags is set then the server runs at
100% CPU:
"\x00\x1D" // Packet Size
WHID 2007-48: MSU investigating hacking incident
Reported: 17 October 2007
Occured: 09 October 2007
Incident Type: Security Breach
WASC Threat Classification: Unknown
Information including birth date and social security number of 1400
students who enrolled online to the Montana State University has been
stolen by hackers. While no technical explanation is provided, the fact
Vendor acknowledgment date: 1/25/2011
Public disclosure date: 2/14/2011
Type of vulnerability: Cross-Site Scripting (XSS) - Reflected
Exploit Vectors: Local and Remote
Vulnerability Description: The Web application management interface of Server Monitor contains multiple injection points, which allow for execution of Cross-site Scripting (XSS) attacks. Arbitrary client side code such as JavaScript can be included into certain parameters throughout the Web application. The following parameters and Web pages have been tested and verified; however, it is likely more views and parameters within the application are vulnerable:
http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_
0
Release Notes:
http://www.vmware.com/support/vsphere4/doc/vsp_vc40_u3_rel_notes.html
File type: .iso
md5sum: b04780df75f70621d0c8794e8773a983
sha1sum: a9f1398306158572ea1c3d202ed8c6ad922e0764
File type: .zip
md5sum: bc8179a639dcc6563d7dbf968095edc7
1.) Remote command execution in Struts <= 2.2.1.1 (ExceptionDelegator)
When an exception occurs while applying parameter values to properties
the value is evaluated as OGNL expression. For example this occurs when
setting a string value to a property with type integer. Since the
values are not filtered an attacker can abuse the power of the OGNL
language to execute arbitrary Java code leading to remote command
execution. This issue has been reported
(https://issues.apache.org/jira/browse/WW-3668) and was fixed in Struts
2.2.3.1. However the ability to execute arbitrary Java code has been
Advisory ID: CSA-12004
Title: OSClass directory traversal vulnerability
Product: OSClass
Version: 2.3.5 and probably prior
Vendor: osclass.org
Vulnerability type: Directory traversal
Risk level: 2 / 3
Credit: www.codseq.it
Vendor notification: 2012-01-25
Public disclosure: 2012-03-07
Original advisory: http://www.codseq.it/advisories/osclass_directory_traversal_vulnerability
VMware Virtual Center 2.5 Update 6b
-----------------------------------
Version 2.5 Update 6b
Build Number 598800
Release Date 2012/03/08
Type Product Binaries
http://www.vmware.com/download/download.do?downloadGroup=VC250U6B
vCenter Server DVD image - English only version
File type: iso
XSS, SQL injection vulnerability in I-Vision CMS
Vendor's Description of Software:
# http://international-vision.com/inner.php?id=14&type=2
Dork:
# n/a
Application Info:
-----------------------------
Drupal is a free software package that allows an individual or a
community of users to easily publish, manage and organize a wide
variety of content on a website. (From: http://drupal.org/about)
The Node Blocks module allows users to specify content type(s) as
being a block. This allows the content managers of the site to edit
the block text and title without having to access the block
administration page. (From: http://drupal.org/project/nodeblock)
The block title is not properly sanitized when a user displays a block
-> server read header
-> if it is chunked connection
-> [0] server will wait and then read data from socket (size of the chunk)
-> simple check what server received
-> [1] convert received data to 'long' type
-> if there is possitive chunk size
-> [2] directly convert 'long' to 'int' type <- here is integer overflow bug in amd64 architecture !!!
-> copy data using converted type
The device is vulnerable if the configuration has either a layer 3 or
layer 7 SIP application-specific policy configured, and these
policies are applied to any firewall zone. To determine whether the
device is running a vulnerable configuration, log in to the device
and issue the command line interface (CLI) command "show policy-map
type inspect zone-pair | include atch: access|protocol sip". If the
output contains "Match: protocol sip", the device is vulnerable. If
the output contains "Match: access-group number", then the device is
only vulnerable "if", the referenced access list permits the SIP
protocol (UDP port 5060, or TCP ports 5060 and 5061). The following
example shows a vulnerable device configured with Cisco IOS
http://msdn.microsoft.com/en-us/library/t9adwcde(VS.80).aspx
II. DESCRIPTION
Remote exploitation of a type confusion vulnerability in Microsoft
Corp.'s ATL/MFC ActiveX code as included in various vendors' ActiveX
controls, could allow an attacker to execute arbitrary code within
Internet Explorer (IE).
One aspect of COM is a process called initialization. This process
the media.
It has the following structure:
0 DWORD Size
4 DWORD Type
8 BYTE Version
9 BYTE[3] FLAGS
12 DWORD Number of entries
16 DWORD Sample description table
Affected products :
- All Fprot versions currently used, vendor supplies no patch for
current release. The vendor (Frisk) considers this problem to be
too low priority to patch in current release and notify clients.
To put this in perspective, rendering the Fprot scanning on GW
solutions completely useless (for certain archive types)
is low priority for Frisk.
If you are a Frisk customer and concerned about security I would
recommend calling support and ask for a patch. NB, if you are using
FPROT localy and with ON access scans you are not affected.
TPTI-09-01: VMWare VMnc Codec Invalid RFB Message Type Heap Overflow
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-09-01
April 6, 2009
-- CVE ID:
CVE-2009-0909
-- Affected Vendors:
VMWare, Inc.
!-- Configure a class to allow SSH from the trusted source
!
class-map type management match-all Permit_SSH_Class
description Allow SSH from trusted sources Class
match protocol ssh source-address 192.168.100.1 255.255.255.255
!
!-- Configure a management policy that allows ssh from the
This paper makes a short introduction on benchmarking attacks and then focuses on one kind of
these techniques which can be used to globally weaken the security of many applications running
under modern Windows operating systems (tested up to Windows 2008 in date of 27/01/2009).
This paper includes a detailed proof of concept of the weakness applied to the "runas.exe"
application, thus allowing a malicious user to _easily_ guess the password length typed in when
"runas" is used to launch an application under another user's privileges.
Note that we consider the vulnerability not being in "runas.exe" but in the operating system
itself. That will be explained in the last part of the paper.
== What is MIME? ==
MIME is the standard format for email-messages. One could say, MIME is for
email, what html is for the web. The first RFC for MIME was published in
1992, RFC 1341. The current standard is specified in RFC 2045 from 1996.
MIME is a recursive data format. MIME objects consist of a header and a
body, where the content-type field of the header specifies the type of the
body. The body can consist of several separated MIME-objects, a single
MIME-object, a block of text, an encoded image or about anything specified
in the header. It is possible to read some real-world examples by opening
some emails and hitting "show source".
brlc> == What is MIME? ==
brlc> MIME is the standard format for email-messages. One could say, MIME is for
brlc> email, what html is for the web. The first RFC for MIME was published in
brlc> 1992, RFC 1341. The current standard is specified in RFC 2045 from 1996.
brlc> MIME is a recursive data format. MIME objects consist of a header and a
brlc> body, where the content-type field of the header specifies the type of the
brlc> body. The body can consist of several separated MIME-objects, a single
brlc> MIME-object, a block of text, an encoded image or about anything specified
brlc> in the header. It is possible to read some real-world examples by opening
brlc> some emails and hitting "show source".
<<Previous Next>>
|
