Next Page >>
Remote Code Execution
III. ANALYSIS
Summary:
A) Remote Code Execution (RCE) Vulnerability
B) Cross Site Request Forgery (CSRF) Vulnerabilities
C) Local File Inclusion (LFI) Vulnerability
D) Cross Side Scripting (XSS) Vulnerability
A) Remote Code Execution (Windows Only) Vulnerability
Moodle 1.9.3 Remote Code Execution
Name Remote Code Execution in Moodle
Systems Affected Moodle 1.9.3 and possibly earlier versions
Severity High
Impact (CVSSv2) High 7.3/10, vector: (AV:N/AC:L/Au:M/C:P/I:P/A:C)
Vendor http://moodle.org/
Advisory http://www.ush.it/team/ush/hack-moodle193/moodle193.txt
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
works with MySQL, MS SQL, and PostgreSQL databases and a webserver.".
II. DESCRIPTION
Multiple vulnerabilities exist in Mantis software (XSS, CSRF, Remote
Code Execution).
III. ANALYSIS
Summary:
A) XSS Vulnerabilities
.text:10001220 push eax
.text:10001221 call ZwQueryObject ; query object
name information
---
Arbitrary code execution is probably impossible, since an attacker
does not control content which will be written to the pointers under
user's control.
These drivers are only present after installation of the application -
after reboot they are not loaded. There is strong possibility that
SugarCRM 5.2.0e Remote Code Execution
Name Remote Code Execution in SugarCRM
Systems Affected Sugar CRM 5.2.0e and possibly earlier versions
Severity High
Impact (CVSSv2) High 8/10, vector: (AV:N/AC:L/Au:S/C:P/I:C/A:P)
Vendor http://www.sugarcrm.com
Advisory http://www.ush.it/team/ush/hack-sugarcrm_520e/adv.txt
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Note: Patch installation instructions are shown at the end of this table.
-------------------------------------------------
MS Patch - MS08-041 Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access
Could Allow Remote Code Execution (955617)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
-------------------------------------------------
MS Patch - MS08-042 Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)
Analysis - SMA does not have this component. Patch will not run successfully.
-------------------------------------------------
MS Patch - MS08-005 Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
Analysis - Possible security issue exists. Patch will run successfully.
Action - For SMA v2.1, customers should download patch from Microsoft and install.
-------------------------------------------------
MS Patch - MS08-006 Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
-------------------------------------------------
MS Patch - MS08-007 Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)
Analysis - SMA does not have this component. Patch will not run successfully.
-------------------------------------------------
MS Patch - MS08-005 Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
Analysis - Possible security issue exists. Patch will run successfully.
Action - For SMA v2.1, customers should download patch from Microsoft and install.
-------------------------------------------------
MS Patch - MS08-006 Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
-------------------------------------------------
MS Patch - MS08-007 Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)
Analysis - SMA does not have this component. Patch will not run successfully.
HP strongly recommends the immediate installation of all security patches that apply to third party software which is integrated with SMA software products supplied by HP, and that patches are applied in accordance with an appropriate patch management policy.
NOTE: Patch installation instructions are shown at the end of this table.
-------------------------------------------------
MS Patch - MS07-042 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
Analysis - Possible security issue exists. Patch will run successfully.
Action - For SMA v2.1, customers should download patch from Microsoft and install.
-------------------------------------------------
MS Patch - MS07-043 Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)
Analysis - Possible security issue exists. Patch will run successfully.
III. ANALYSIS
Summary:
A) Remote Code Execution
B) Cross Site Request Forgery
C) Local File Inclusion
A) Remote Code Execution
>
> III. ANALYSIS
>
> Summary:
>
> A) Remote Code Execution
> B) Cross Site Request Forgery
> C) Local File Inclusion
>
> A) Remote Code Execution
>
[waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10
===============================================================================
Author: Janek Vind "waraxe"
Independent discovery: koziolek
Date: 16. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-61.html
III. ANALYSIS
Summary:
A) Remote Code Execution (RCE) Vulnerability
B) Local File Inclusion (LFI) Vulnerability (pre-auth)
C) Cross Site Scripting (XSS) Vulnerabilities (pre-auth, reflected)
D) Cross Site Scripting (XSS) Vulnerabilities (post-auth, reflected)
A) Remote Code Execution (RCE) Vulnerability
HP strongly recommends the immediate installation of all security patches that apply to third party software which is integrated with SMA software products supplied by HP, and that patches are applied in accordance with an appropriate patch management policy.
Note: Patch installation instructions are shown at the end of this table.
-------------------------------------------------
MS Patch - MS08-070 Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
Analysis - SMA does not have this component. Patch will not run successfully
Action - Customers should not be concerned with this issue.
-------------------------------------------------
MS Patch - MS08-071 Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
Analysis - Possible security issue exists. Patch will run successfully.
-------------------------------------------------
MS Patch - MS08-056 Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
-------------------------------------------------
MS Patch - MS08-057 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
-------------------------------------------------
MS Patch - MS08-058 Cumulative Security Update for Internet Explorer (956390)
Analysis - Possible security issue exists. Patch will run successfully.
--[Description]--
A vulnerability has been found in the downloader component for Joomla. It can be exploited in various ways - from sensitive information disclosure to remote code execution.
Input passed to controller is not properly sanitized, allowing attacker to inject php code
via Local File Inclusion combined with Directory Traversal (/proc/self/environ method) and Null Byte Injection, leading to Remote Code Execution.
--[Vendor]--
http://joomla.joelrowley.com/
--[Vulnerable Version]--
# GulfTech Security Research September 20, 2008
##########################################################
# Vendor : Electron Inc.
# URL : http://www.anelectron.com/
# Version : AEF Forum <= 1.0.6
# Risk : Remote Code Execution
##########################################################
Description:
CORRECTION:
===========
TPTI-10-07: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-10-07
August 11, 2010
==============
Should replace
==============
ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability
* Unauthenticated Common Gateway Interface (CGI) Access
* CGI Command Injection
* TFTP Information Disclosure
* Malicious IP Address Injection
* XML-Remote Procedure Call (RPC) Command Injection
* Cisco Discovery Protocol Remote Code Execution
Duplicate Issue Identification in Other Cisco TelePresence Advisories
+--------------------------------------------------------------------
The Cisco Discovery Protocol Remote Code Execution vulnerability
* Unauthenticated Arbitrary File Upload
* XML-Remote Procedure Call (RPC) Arbitrary File Overwrite
* Cisco Discovery Protocol Remote Code Execution
* Ad Hoc Recording Denial of Service
* Java Remote method Invocation (RMI) Denial of Service
Multipoint Switch. This security advisory outlines details of the
following vulnerabilities:
* Unauthenticated Java Servlet Access
* Unauthenticated Arbitrary File Upload
* Cisco Discovery Protocol Remote Code Execution
* Unauthorized Servlet Access
* Java RMI Denial of Service
* Real-Time Transport Control Protocol Denial of Service
* XML-Remote Procedure Call (RPC) Denial of Service
This security advisory outlines the details of the following
vulnerabilities:
* Simple Object Access Protocol (SOAP) Authentication Bypass
* Java Remote Method Invocation (RMI) Command Injection
* Cisco Discovery Protocol Remote Code Execution
Duplicate Issue Identification in Other Cisco TelePresence Advisories
+--------------------------------------------------------------------
The Cisco Discovery Protocol remote code execution vulnerability
> From: rdancer@gmail.com [mailto:rdancer@gmail.com] On Behalf
> Of Jan Minr
> Sent: Friday, 22 August, 2008 10:26
> To: bugs@vim.org; vim-dev@vim.org;
> full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> Subject: Vim: Arbitrary Code Execution in Commands: K, Control-], g]
>
> Vim: Arbitrary Code Execution in Commands: K, Control-], g]
This report greatly overstates the danger of this bug. It's worth reading the discussion from the Vim Dev list (Minr's [2] below).
Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution
1. OVERVIEW
Jcow CMS versions (4.x: 4.2 and lower, 5.x: 5.2 and lower) are
vulnerable to Arbitrary Code Execution.
control from being initialized outside of an authorized domain.
Unfortunately due to a lack of data-sanitization, OScan.ocx can be
forced to be initialized in an unsafe domain and it can be manipulated
to corrupt arbitrary memory locations with user supplied values. This
could allow a memory corruption scenario that would lead to arbitrary
code execution or denial of service conditions.
Technical Description:
A remote vulnerability lies within a malformed request sent to
BitDefender's Online Anti-Virus Scanner ActiveX Controller, OScan.ocx.
1. Summary
Product : Vim -- Vi IMproved
Version : Tested with 7.1.314 and 6.4
Impact : Arbitrary code execution
Wherefrom: Local and remote
Original : http://www.rdancer.org/vulnerablevim.html
Improper quoting in some parts of Vim written in the Vim Script can lead to
arbitrary code execution upon opening a crafted file.
Advisory ID: TSSA-2011-01
CVE Name: CVE-2011-0764 (previously known as VU#376500)
Title: xpdf : multiple vulnerabilities in t1lib
Remotely Exploitable: Yes
Locally Exploitable: No
Impact: Arbitrary code execution
Advisory URL: http://www.toucan-system.com/advisories/tssa-2011-01.txt
- --[ Introduction:
to GET parameters. There are 25 infected
files, but approximately whole of them are protected else of the
'index.php' and 'rss.php' files. Check the
exploits section for the details.
+--> Remote Code Execution
With a RAW HTTP packet sender, you can send unescaped php code to
AneCMS. Then this code can be executed using
the LFI vulnerability. Check the exploits section for the details.
####################
========
A memory corruption vulnerability exists in the ActiveX Controls of Microsoft Office Web Components which allows a remote attacker to compromise a system through a malicious site.
Impact:
=======
Remote Code Execution.
Risk:
=====
Critical
Hash: SHA1
Title: CDNetworks Nefficient Download(NeffyLauncher.dll) Vulnerabilities
Author: Simon Ryeo(bar4mi (at) gmail.com, barami (at) ahnlab.com)
Severity: High
Impact: Remote Code Execution
Vulnerable Systems: MS Windows Systems
Version: NeffyLauncher 1.0.5 {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C}
Solution: Upgrade the vendor's patch
Vendor's Homepage: http://www.cdnetworks.com
Reference: How to stop an ActiveX control from running in Internet Explorer
Next Page>>
|
