Next Page >>
graphical user interface
======================================================================
Secunia Research 15/04/2009
- SAP GUI KWEdit ActiveX Control "SaveDocumentAs()" Insecure Method -
======================================================================
Table of Contents
Affected Software....................................................1
Title: TFTPUtil GUI TFTP Directory Traversal
Product: TFTPUtil GUI
Discovered: November 26, 2008
Discovered by: Rob Kraus, princeofnigeria (PoN)
Vendor: k23productions
Vendor URL: http://sourceforge.net/projects/tftputil
Vendor notification date: December 1, 2008
Vendor response date: December 8, 2008
[--Vulnerability Summary--]
Title: TFTPUtil GUI TFTP Server Denial of Service Vulnerability
Product: TFTPUtil GUI
Discovered: November 26, 2008
Discovered by: Rob Kraus, princeofnigeria (PoN)
Vendor: k23productions (as per various download sites)
Vendor URL: http://sourceforge.net/projects/tftputil
Application: SAP GUI VSFlexGrid.VSFlexGridL (Part of SAP GUI, SAP BO 2005, SAP BO 2007 )
Versions Affected: SAP GUI VSFlexGrid Activex Control sp<=14
Vendor URL: http://SAP.com
Bugs: Buffer Overflovw
Exploits: YES
Reported: 26.11.2008
Vendor response: 27.11.208
Public Advisory: 06.10.2009
Originaly found by: Elazar Broad
Author: Alexander Polyakov from Digital Security Research Group [DSecRG]
URI/URL Spoofing when displaying the content of a NDEF Smart Poster
and plain URI tag. Web browser does not display full hostname when
loading a web page.
Crash of the parser for various parts of NDEF records, reboots
graphical user interface (GUI) of phone.
-----------------------------
Reporter: Collin Mulliner <collin.mulliner[AT]sit.fraunhofer.de>
>>> does not need to be termianted in order to active the call.
>>>
>>> Finally, we discovered a second bug that can be used to perform
>>> malicious phone calls that cannot be prevented or canceled by the
>>> victim. This bug allows the attacker to freez the GUI (graphical user
>>> interface) for a number of seconds. While the GUI is frozen the call
>>> progresses in the background and cannot be stopped by the victim user.
>>> Freezing the GUI is achieved by passing a "very long" phone number to
>>> the SMS application. The SMS application, immediately after being
>>> started, freezes the iPhone GUI. Also switching off the iPhone cannot
>>> be performed fast enough in order to prevent the malicious call.
===========
By default, Telnet is configured on the Management port. Telnet
services can be disabled to mitigate this vulnerability.
Administrators can disable Telnet by using the administration
graphical user interface (GUI) or by using the "interfaceconfig"
command in the command-line interface (CLI). As a security best
practice, customers should use Secure Shell (SSH) instead of Telnet.
Complete the following steps to disable Telnet via the GUI:
After almost a year of intensive development and internal use, we are
pleased to announce the public release of Immunity Debugger v1.0.
When we started developing Immunity Debugger our main objective was to
combine the best of the commandline based and GUI based debugger worlds.
The commandline because most of us come from a UNIX background, and it
just ends up being more efficient than clicking your way around. The GUI
because we understand that we are visual beings that often can
grasp more from a single look at a graphical layout than from two days
of x/x-ing memory pages.
> part of the signed document.
> [...]
Agreed, the area is labelled like that, but if this would
be freely editable data, why is Office 2007 not allowing
editing this data through the GUI?
All GUI edits to the MetaData are prohibited,
once a document is signed.
I also agree, that the severity of this is open to discussion, and
All versions of system software prior to the first fixed, which is
indicated in the Software Version and Fixes Table, are affected.
To view the version of system software that is currently running on
Cisco Unified Videoconferencing 5100 Series Products, access the
Cisco UVC device via the web GUI interface. On the status screen, the
"Software Version" field below the "Product Information" section
indicates the current system software.
Details for Reported Vulnerabilities
====================================
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-064
Application: SAP GUI
Versions Affected: SAP GUI (SAP GUI 7.1)
Vendor URL: http://SAP.com
Bugs: Insecure method. Code Execution.
Exploits: YES
Reported: 16.10.2009
Vendor response: 27.10.2009
Date of Public Advisory: 23.03.2010
> does not need to be termianted in order to active the call.
>
> Finally, we discovered a second bug that can be used to perform
> malicious phone calls that cannot be prevented or canceled by the
> victim. This bug allows the attacker to freez the GUI (graphical user
> interface) for a number of seconds. While the GUI is frozen the call
> progresses in the background and cannot be stopped by the victim user.
> Freezing the GUI is achieved by passing a "very long" phone number to
> the SMS application. The SMS application, immediately after being
> started, freezes the iPhone GUI. Also switching off the iPhone cannot
> be performed fast enough in order to prevent the malicious call.
>> does not need to be termianted in order to active the call.
>>
>> Finally, we discovered a second bug that can be used to perform
>> malicious phone calls that cannot be prevented or canceled by the
>> victim. This bug allows the attacker to freez the GUI (graphical user
>> interface) for a number of seconds. While the GUI is frozen the call
>> progresses in the background and cannot be stopped by the victim user.
>> Freezing the GUI is achieved by passing a "very long" phone number to
>> the SMS application. The SMS application, immediately after being
>> started, freezes the iPhone GUI. Also switching off the iPhone cannot
>> be performed fast enough in order to prevent the malicious call.
does not need to be termianted in order to active the call.
Finally, we discovered a second bug that can be used to perform
malicious phone calls that cannot be prevented or canceled by the
victim. This bug allows the attacker to freez the GUI (graphical user
interface) for a number of seconds. While the GUI is frozen the call
progresses in the background and cannot be stopped by the victim user.
Freezing the GUI is achieved by passing a "very long" phone number to
the SMS application. The SMS application, immediately after being
started, freezes the iPhone GUI. Also switching off the iPhone cannot
be performed fast enough in order to prevent the malicious call.
After almost a year of intensive development and internal use, we are
pleased to announce the public release of Immunity Debugger v1.0.
When we started developing Immunity Debugger our main objective was to
combine the best of the commandline based and GUI based debugger worlds.
The commandline because most of us come from a UNIX background, and it
just ends up being more efficient than clicking your way around. The GUI
because we understand that we are visual beings that often can
grasp more from a single look at a graphical layout than from two days
of x/x-ing memory pages.
---[ Package Structure ]
The package consists of two main components: the crawler utility and a XUL-based GUI. To display the GUI, one can use the Firefox browser or a specialized application (e.g. xulrunner or prism).
The application root directory contains the utility binary files and the XUL configuration file (application.ini). The nested-directories structure is defined by the rules of formation of applications based on XUL. A user may be interested in the chrome/skin directory, which contains files describing the application appearance. The package offers several pre-installed themes. To change the appearance, it is sufficiently to replace the contents of the chrome/skin/classic directory with the chosen theme. A new theme can be created on the basis of an existing one or by modifying themes from the site http://jqueryui.com/themeroller/. The themes downloaded from this site should be supplemented with some images and CSS descriptions by analogy with the existing ones.
---[ ToDo ]
According to SAP this vulnerability also affects the program SAPSprint versions < 1018.
Currently there is a patch available for SAPlpd
SAP GUI for Windows 6.20 - patch level 72
SAP GUI for Windows 6.40 - patch level 30
SAP Gui for Windows 7.00 - patch level 6
A seperate patch will be available for SAPSprint.
Further information can be found in
HICP, is intented to configure HMS's products that include ethernet/
capabilities, since they need a method for configuring Internal
IP,DCHP,NetworkMask,DNS,gateway.... In 2004 HMS released a free tool
named "Anybus IPconfig" which can be used to scan a network where the
devices are connected, then proceeding to configure them. The components
of this application are a simple MFC based GUI and a dll (hicp.dll). So
let's take a look at the exports:
Code (asm)
.text:100027AF ; int __cdecl HICP_SendModuleScan()
full disk encryption to prevent someone from mounting a virtual disk outside
the guest OS. Besides, I concede that point in my article, emphasizing that
an automated attack increases the seriousness of the problem.
> Furthermore, this attack only works if you are running the vmware guest
> utilities *and* you are currently logged into a GUI desktop running the
> vmware userland process.
VMWare constantly reminds you that you don't have the vmware guest tools
installed. I'd say that most people do install them. But that doesn't matter
anyway because you can just use the VIX API function VixVM_InstallTools to
To determine which version of the Cisco VPN Client is running on a
Microsoft Windows machine, follow the following steps:
1. Select "Programs->Cisco Systems VPN Client->VPN Client" from the Start
menu. This action will open the Cisco VPN Client graphical user
interface.
2. Select the option "About VPN Client..." from the "Help" menu. This
menu option will display a dialog box that contains text similar to
"Cisco Systems VPN Client Version 4.8.01.0300."
Note: By default, the "Cisco Systems VPN Client" folder is located in the
_______________
Details
_______________
The main windows of the AClient GUI has a hidden button that
can be seen using a resource viewer such as MS Spy++. The
button has a caption of "command prompt".
Clicking this button causes the GUI to attempt to call
CreateProcess() with the following CommandLine parameter.
[DSECRG-11-014] SAP GUI (sapgui) - DLL hijacking
SAP Front End applications (SAPGui.exe) are vulnerable to DLL hijacking attacks. It makes possible to remote code execution
Digital Security Research Group [DSecRG] Advisory DSecRG-11-014 (Internal DSecRG-00183)
Application: SAP GUI
Versions Affected: 6.4 - 7.2
Vendor URL: http://www.sap.com
New Version of Attack Framework Ready to Pwn
Austin, Texas, January 28th, 2008 -- The Metasploit Project
announced today the free, world-wide availability of version 3.1 of
their exploit development and attack framework. The latest version
features a graphical user interface, full support for the Windows
platform, and over 450 modules, including 265 remote exploits.
"Metasploit 3.1 consolidates a year of research and development,
integrating ideas and code from some of the sharpest and most innovative
folks in the security research community" said H D Moore, project
URL Spoofing when displaying the content of a NDEF
URI tag. Web browser does not display full hostname when
loading a web page.
Crash of the parser for parts of a NDEF record, reboots
graphical user interface (GUI) of phone.
-----------------------------
Reporter: Collin Mulliner <collin[AT]mulliner.org>
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-015
Original Advisory: http://dsecrg.com/pages/vul/show.php?id=115
Application: SAP GUI for Windows, EnjoySAP
Versions Affected: Version 6.4
Vendor URL: http://SAP.com
Bugs: Buffer Overflow
Exploits: YES
Reported: 13.11.2008
Luigi Auriemma
Application: SAPlpd
http://www.sap.com
Versions: <= 6.28 (included in SAP GUI 7.10)
Platforms: Windows
Bugs: various vulnerabilities
Exploitation: remote
Date: 04 Feb 2008
Author: Luigi Auriemma
Vendor: FreePBX (http://www.freepbx.org/)
Product: FreePBX and VOIP solutions (AsteriskNOW, TrixBox, etc) using it
Version(s) affected: 2.8.0 and below
Product Description:
FreePBX is an easy to use GUI (graphical user interface) that controls and
manages Asterisk, the world's most popular open source telephony engine
software. FreePBX has been developed and hardened by thousands of
volunteers,has been downloaded over 5,000,000 times, and is utilized in an
estimated 500,000 active phone systems.
* 64-bit Support:
Intensive work on 64-bit cleanliness has been undertaken. OpenVAS 2.0.0
is expected be fully 64-bit compatible.
* Improved GUI Client:
The OpenVAS-Client has seen a number of improvements and is now able to
display NVT signature information in the GUI and in the various reports.
Reporting has been improved as well as localization for various languages
(best support in this order: German, Spanish/French, Swedish, Hebrew,
Croatian).
ACE(config)# username admin password 0 my_super_secret_88312
Note: This process can also be followed to change the www user
account credentials. The dm user is for accessing the Device Manager
GUI and cannot be modified or deleted. The dm user is an internal
user required by the Device Manager GUI; it is hidden on the ACE CLI.
For more information refer to:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/virtualization/guide/config.html
Privilege Escalation Vulnerability
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-044
Application: EnjoySAP, SAP GUI for Windows 6.4 and 7.1
Versions Affected: Tested on 7100.2.7.1038 PL 7
Vendor URL: http://SAP.com
Bugs: insecure method, File owervriting
Exploits: YES
Reported: 02.07.2009
Next Page>>
|
