Next Page >>
contents
Title: Internet Explorer Zone Elevation Restrictions Bypass and Security
Zone Restrictions Bypass
Advisory ID: CORE-2008-0103
Advisory URL:
http://www.coresecurity.com/content/internet-explorer-zone-elevation
Date published: 2008-08-13
Date of last update: 2008-08-13
Vendors contacted: Microsoft
Release mode: Coordinated release
+---------------------------------------------------------------------
Summary
=======
The Cisco Internet Streamer application, part of the Cisco Content
Delivery System, contains a directory traversal vulnerability on its web
server component that allows for arbitrary file access. By exploiting
this vulnerability, an attacker may be able to read arbitrary files on
the device, outside of the web server document directory, by using a
specially crafted URL.
1. *Advisory Information*
Title: Internet Explorer Security Zone restrictions bypass
Advisory ID: CORE-2008-0826
Advisory URL: http://www.coresecurity.com/content/ie-security-zone-bypass
Date published: 2009-06-09
Date of last update: 2009-06-09
Vendors contacted: Microsoft
Release mode: Coordinated release
vulnerabilities in AOL's Instant Messaging software
Advisory ID: CORE-2007-0817
Advisory URL:
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1924
Date published: 2009-09-25
Date of last update: 2007-09-25
Vendors contacted: AOL LLC.
vulnerabilities in AOL's Instant Messaging software
Advisory ID: CORE-2007-0817
Advisory URL:
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1924
Date published: 2009-09-25
Date of last update: 2007-09-25
Vendors contacted: AOL LLC.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Content Delivery System Internet
Streamer: Web Server Vulnerability
Advisory ID: cisco-sa-20110525-spcdn
Revision 1.0
can cause an integer overflow resulting in a denial of service.
CVE-2010-3296
Dan Rosenberg discovered an issue in the cxgb network driver that allows
unprivileged users to obtain the contents of sensitive kernel memory.
CVE-2010-3297
Dan Rosenberg discovered an issue in the eql network driver that allows
local users to obtain the contents of sensitive kernel memory.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Content Services Gateway Denial of
Service Vulnerability
Advisory ID: cisco-sa-20110706-csg
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability.
EMC Identifier: ESA-2012-009
EMC Identifier: CS-16072
EMC Identifier: CS-16073
CVE Identifier: CVE-2011-4144
.text:10001221 call ZwQueryObject ; query object
name information
---
Arbitrary code execution is probably impossible, since an attacker
does not control content which will be written to the pointers under
user's control.
These drivers are only present after installation of the application -
after reboot they are not loaded. There is strong possibility that
these drivers are not used at all, as demonstrated by the most recent
= Summary =
The specification of the Portable Document Format (PDF) from version
1.3 onward, including ISO 19005-1:2005 (PDF/A-1) and ISO 32000-1:2008
(equivalent to PDF 1.7), ostensibly defines a mechanism for digitally
signing a document's contents so as to integrate cryptographic
authentication of a document's contents into the existing container
format. A common use of this mechanism is for the creation of supposedly
non-repudiable signatures on legal documents, including scenarios where
digital signatures are mandated by law.
Release Notes -- Apache Jackrabbit -- Version 1.5.2
Introduction
------------
Apache Jackrabbit is a fully conforming implementation of the Content
Repository for Java Technology API (JCR). A content repository is a
hierarchical content store with support for structured and unstructured
content, full text search, versioning, transactions, observation, and
more. See the Jackrabbit web site at http://jackrabbit.apache.org/ for
more information.
print "Waiting for connections on port 5050 TCP...\n";
while (my $browser = $server->accept()) { #When a connection occure...
binmode $browser;
my $method="";
my $content_length = 0;
my $content = 0;
my $accu_content_length = 0;
my $host;
my $hostAddr;
my $httpVer;
Although these specific vulnerabilities exist on a third–party component
the problem is compound by the way Lotus Notes displays information about
attachments, making it easier to elicit unsuspecting assistance from the
users to exploit them. Lotus Notes displays the file type and
corresponding icon based on the attached file’s extension rather than the
MIME Content-Type header in the email whereas the view functionality is
handled by the Verity KeyView component which processes the attachment
based on the file contents. Exploitation of these vulnerabilities
requires end-user interaction but the discrepancy described above could
allow an attacker to send a malicious Lotus 1-2-3 file as an attachment
with a seemingly innocuous extension (for example, .JPG or .GIF) that
Title:
======
Content Papst CMS v2011.2 - Multiple Web Vulnerabilities
Date:
=====
2011-12-18
Title: CA Secure Content Manager HTTP Gateway Service FTP Request
Vulnerabilities
CA Advisory Date: 2008-06-03
Reported By: Sebastian Apelt working with ZDI/TippingPoint
Cody Pierce, TippingPoint DVLabs
CA Threat Manager for the Enterprise (formerly eTrust Integrated
Threat Management) r8, 8.1
CA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1
CA Gateway Security r8.1
CA Protection Suites r2, r3, r3.1
CA Secure Content Manager (formerly eTrust Secure Content Manager)
1.1, 8.0, 8.1
CA Anti-Spyware for the Enterprise (Formerly eTrust PestPatrol)
r8, 8.1
CA Anti-Spyware 2007, 2008
CA Network and Systems Management (NSM) (formerly Unicenter
== Issue Details ==
Opera browser is vulnerable to stored Cross Site
Scripting. A malicious attacker is able to inject
arbitrary browser content through the
websites visited with the Opera browser. The code
injection is rendered into the Opera History Search
page which displays URL and a short
description of the visited pages.
Title: Internet Explorer Dynamic OBJECT tag and URLMON sniffing
vulnerabilities
Advisory Id: CORE-2009-0625
Advisory URL:
http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag
Date published: 2010-02-03
Date of last update: 2010-02-03
Vendors contacted: Microsoft
Release mode: User release
CA Threat Manager Total Defense
CA Gateway Security r8.1
CA Protection Suites r2
CA Protection Suites r3
CA Protection Suites r3.1
CA Secure Content Manager (formerly eTrust Secure Content
Manager) 1.1
CA Secure Content Manager (formerly eTrust Secure Content
Manager) 8.0
CA Network and Systems Management (NSM) (formerly Unicenter
Network and Systems Management) r3.0
*31 \ exe "doau filetypedetect BufRead " . expand("<afile>:r") |
32 \ endif
A (modified) file name is used as an argument to the ``execute'' command
without proper quoting. Crafted file name can be used to execute arbitrary Vim
Shell commands. Content of the file is not important.
3.4.2.1.2. Exploit
$ cd filetype.vim
Additionally, the attacker can avoid displaying the dialogue that
notifies the user about the message and the attached files making the
attack invisible for the target.
The other bug is a logging file content manipulation vulnerability
allowing the attacker to use the data inside protocol's packet to
disrupt the log file with control characters like '\n' and others. This
bug is not very important alone, but could be combined with the
traversal bug to cover tracks about the file upload inserting false log
lines or control characters.
2012-04-26
References:
===========
http://www.vulnerability-lab.com/get_content.php?id=518
VL-ID:
=====
518
1. *Advisory Information*
Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution
Advisory Id: CORE-2009-0908
Advisory URL:
http://www.coresecurity.com/content/softimage-arbitrary-command-execution
Date published: 2009-11-23
Date of last update: 2009-11-20
Vendors contacted: Autodesk
Release mode: User release
Versions affected: 8.0(4), 8.1.2, and 8.2.1
Description: Cisco's Adaptive Security Appliance (ASA)
provides a number of security related features, including
"Web VPN" functionality that allows authenticated users to
access a variety of content through a web interface. This
includes other web content, FTP servers, and CIFS file
servers.
The web content is proxied by the ASA and rewritten so that
any URLs in the web content are passed as query parameters
519| // Save the file
520| $save_data = array();
521| $save_data[ 'VERSION' ] = $sb_info[ 'version' ];
522| $save_data[ 'NAME' ] = clean_post_text( $comment_name );
523| $save_data[ 'DATE' ] = $comment_date;
524| $save_data[ 'CONTENT' ] = sb_parse_url( clean_post_text( $comment_text ) );
|
525| if ( $comment_email != '' ) {
526| $save_data[ 'EMAIL' ] = clean_post_text( $comment_email );
527| }
|
VGX.DLL Compressed Content Heap Overflow Vulnerability
Release Date:
August 14, 2007
Date Reported:
October 24, 2006
Severity:
High (Code Execution)
Calibre is a free and open source e-book library management application developed
by users of e-books for users of e-books. It has a cornucopia of features divided
into the following main categories: Library Management, E-book conversion, Syncing
to e-book reader devices, Downloading news from the web and converting it into
e-book form, Comprehensive e-book viewer, Content server for online access to your
book collection
http://calibre-ebook.com/
Affected versions
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities
Advisory ID: cisco-sa-20110126-csg2
http://www.cisco.com/warp/public/707/cisco-sa-20110126-csg2.shtml
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Digital Media Player Remote Display
Unauthorized Content Injection Vulnerability
Advisory ID: cisco-sa-20100303-dmp
http://www.cisco.com/warp/public/707/cisco-sa-20100303-dmp.shtml
Next Page>>
|
