Next Page >>
opening
X) References
I) Introduction
On Apr 07, 2008 I spoke with Kuza55 and Wisec about an attack I found some
time before that was a new attack vector for filesystem functions (fopen,
(include|require)[_once]?, file_(put|get)_contents, etc) for the PHP
language. It was a path normalization issue and I asked them to keep it
"secret" [4], this was a good idea cause my analisys was mostly
incomplete and erroneous but the idea was good and the bug was real and
disposable.
Details follow:
It was discovered that xine-lib did not correctly handle certain malformed
Ogg and Windows Media files. If a user or automated system were tricked into
opening a specially crafted Ogg or Windows Media file, an attacker could cause
xine-lib to crash, creating a denial of service. This issue only applied to
Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-3231)
It was discovered that the MNG, MOD, and Real demuxers in xine-lib did not
correctly handle memory allocation failures. If a user or automated system were
MorningStar Security - Advisory
http://www.morningstarsecurity.com/
Multiple security issues in Open Auto Classifieds
1. Advisory Information
----------------------------------------------------------------------------------------------
Title: Multiple security issues in Open Auto Classifieds
attachments are executables (.exe, .com, .cmd & .scr), scripts
(.hta, .js, .vbs & .wsf) and other types of potentially dangerous
files (.cer, .hlp, .inf & .reg). This helps protect unsuspecting
users from running malicious code.
Normally, when a user tries to open an e-mail attachment, the user is
presented an Opening Mail Attachment dialog. If the user chooses to open
the file, the file is saved locally and handed off to Windows. Windows
will try to find a program associated to this specific type of file
(through its extension). If such a program is found, Windows will launch
the file according to its Shell Open Command in the Windows Registry.
Starting Nmap 4.20 ( http://insecure.org ) at 2007-07-09 14:54 CEST
Interesting ports on xxx.xxx.xxx.xxx:
Not shown: 1693 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh Mocanada embedded SSH (protocol 2.0)
80/tcp open http Dell Embedded Remote Access card webserver 1.0
443/tcp open ssl/http Dell Remote Access Controller http interface 2.0
5900/tcp open vnc?
Service Info: Devices: terminal server, remote management
Starting Nmap 4.20 ( http://insecure.org ) at 2007-07-09 14:54 CEST
Interesting ports on xxx.xxx.xxx.xxx:
Not shown: 1693 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh Mocanada embedded SSH (protocol 2.0)
80/tcp open http Dell Embedded Remote Access card webserver 1.0
443/tcp open ssl/http Dell Remote Access Controller http interface 2.0
5900/tcp open vnc?
Service Info: Devices: terminal server, remote management
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Open Query Interface in Cisco Unified
Communications Manager and Cisco Unified Presence Server
Advisory ID: cisco-sa-20110824-cucm-cups
Revision 1.0
CVE-2007-5267, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269
*Vulnerability Description*
Android is project promoted primarily by Google through the Open Handset
Alliance aimed at providing a complete set of software for mobile
devices: an operating system, middleware and key mobile applications
[1]. Although the project is currently in a development phase and has
not made an official release yet, several vendors of mobile chips have
unveiled prototype phones built using development releases of the
Remote Code Execution (978212)
- Security Research & Defense blog: [4] MS10-045: Microsoft Office
Outlook Remote Code Execution vulnerability
- KB978212 [5] MS10-045: Vulnerability in Microsoft Office Outlook could
allow remote code execution
- KB2271150 [6] You cannot open linked file attachments in Outlook:
"Outlook blocked access to the following potentially unsafe
attachments"
- SSD: [7] SecuriTeam Secure Disclosure program
------------------------------------------------------------------------
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Novell iPrint Client. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The flaw exists within the nipplib component which is used by both the
ActiveX and Netscape compatible browser plugins. When handling the uri
parameter from the user specified printer-url the process blindly copies
user supplied data into a fixed-length buffer on the heap. A remote
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Novell iPrint Client. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The flaw exists within the nipplib component which is used by both the
ActiveX and Netscape compatible browser plugins. When handling the
profile-time parameter from the user specified printer-url the process
blindly copies user supplied data into a fixed-length buffer on the
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Novell iPrint Client. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The flaw exists within the nipplib component which is used by both the
ActiveX and Netscape compatible browser plugins. When handling the
profile-name parameter from the user specified printer-url the process
blindly copies user supplied data into a fixed-length buffer on the
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Novell iPrint Client. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The flaw exists within the nipplib component which is used by both the
ActiveX and Netscape compatible browser plugins. When handling the
file-date-time parameter from the user specified printer-url the process
blindly copies user supplied data into a fixed-length buffer on the
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Novell iPrint Client. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The flaw exists within the nipplib component which is used by both the
ActiveX and Netscape compatible browser plugins. When handling the
driver-version parameter from the user specified printer-url the process
blindly copies user supplied data into a fixed-length buffer on the
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Novell iPrint Client. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The flaw exists within the nipplib component which is used by both the
ActiveX and Netscape compatible browser plugins. When handling the
core-package parameter from the user specified printer-url the process
blindly copies user supplied data into a fixed-length buffer on the
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Novell iPrint Client. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The flaw exists within the nipplib component which is used by both the
ActiveX and Netscape compatible browser plugins. When handling the
client-file-name parameter from the user specified printer-url the
process blindly copies user supplied data into a fixed-length buffer on
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Novell iPrint Client. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The flaw exists within the nipplib component which is used by both the
ActiveX and Netscape compatible browser plugins. When handling the
iprint-client-config-info parameter from the user specified printer-url
the process blindly copies user supplied data into a fixed-length buffer
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Novell iPrint Client. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The flaw exists within the nipplib component which is used by both the
ActiveX and Netscape compatible browser plugins. When handling the
op-printer-list-all-jobs parameter from the user specified printer-url
the process blindly copies user supplied data into a fixed-length buffer
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Novell iPrint Client. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The flaw exists within the nipplib component which is used by both the
ActiveX and Netscape compatible browser plugins. When handling the
op-printer-list-all-jobs parameter from the user specified printer-url
the process blindly copies user supplied data into a fixed-length buffer
Positive Research Center has discovered multiple XSS vulnerabilties in Kayako Support Suite.
Application insufficiently verifies subscriberdata incoming parameter in /staff/index.php?_m=news&_a=importexport script.
An attacker with "staff" privileges can use the vulnerabilty to inject and execute arbitrary HTML code and scripts in a user's browser within the trust relationship between the browser and the server.
To use the vulnerability an attacker should convince a user with "staff" privileges to open URL like:
http://example.com/support/staff/index.php?_m=news&_a=managesubscribers&importsub=1&resultdata=YTo0OntzOjEzOiJzdWNjZXNzZW1haWxzIjtpOjA7czoxMjoiZmFpbGVkZW1haWxzIjtpOjE7czoxMToidG90YWxlbWFpbHMiO2k6MTtzOjk6ImVtYWlsbGlzdCI7czo5MDoiPHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD5APHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4uPHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4gIjt9
Application insufficiently verifies subject incoming parameter in /staff/index.php?_m=news&_a=insertnews script.
An attacker with "staff" privileges can use the vulnerabilty to inject and execute arbitrary HTML code and scripts in a user's browser within the trust relationship between the browser and the server.
An attacker should trick a user with "staff" privileges to open URL like:
http://example.com/support/staff/index.php?_m=news&_a=managenews to exploit the vulnerability.
Advisory ID: HTB23079
Product: Open Journal Systems (OJS)
Vendor: Public Knowledge Project
Vulnerable Version(s): 2.3.6 and probably prior
Tested Version: 2.3.6
Vendor Notification: 29 February 2012
Vendor Patch: 16 March 2012
Public Disclosure: 21 March 2012
Vulnerability Type: Arbitrary File Manipulation, Arbitrary File Upload, XSS
CVE Reference(s): CVE-2012-1467, CVE-2012-1468, CVE-2012-1469
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release | |
| | Series | |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.2.x | All versions prior to 1.2.35 |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.4.x | All versions prior to 1.4.26.3 |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.6.0.x | All versions prior to 1.6.0.17 |
|----------------------------+---------+---------------------------------|
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release | |
| | Series | |
|----------------------------+------------+------------------------------|
| Asterisk Open Source | 1.2.x | All versions prior to 1.2.34 |
|----------------------------+------------+------------------------------|
| Asterisk Open Source | 1.4.x | All versions prior to |
| | | 1.4.26.1 |
|----------------------------+------------+------------------------------|
| Asterisk Open Source | 1.6.0.x | All versions prior to |
Summary
=======
Cisco Security Manager contains a vulnerability when it is used with
Cisco IPS Event Viewer (IEV) that results in open TCP ports on both
the Cisco Security Manager server and IEV client. An unauthenticated,
remote attacker could leverage this vulnerability to access the MySQL
databases or IEV server.
Cisco has released free software updates that address this
Impact : Arbitrary code execution
Wherefrom: Local and remote
Original : http://www.rdancer.org/vulnerablevim.html
Improper quoting in some parts of Vim written in the Vim Script can lead to
arbitrary code execution upon opening a crafted file.
2. Overview
``Vim is an almost compatible version of the UNIX editor Vi. Many new features
"Corrected In" section, or apply a patch specified in the
"Patches" section.
Affected Versions
Product Release Series
Asterisk Open Source 1.4.x All Versions
Asterisk Open Source 1.6.2.x All Versions
Asterisk Open Source 1.8.x All Versions
Asterisk Open Source 10.x All Versions
Corrected In
Details follow:
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
Original advisory details:
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|----------------------------------+----------------+--------------------|
| Asterisk Open Source | 1.2.x | All versions |
|----------------------------------+----------------+--------------------|
| Asterisk Open Source | 1.4.x | All versions |
|----------------------------------+----------------+--------------------|
| Asterisk Open Source | 1.6.x | All versions |
|----------------------------------+----------------+--------------------|
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|----------------------------------+----------------+--------------------|
| Asterisk Open Source | 1.2.x | All versions |
|----------------------------------+----------------+--------------------|
| Asterisk Open Source | 1.4.x | All versions |
|----------------------------------+----------------+--------------------|
| Asterisk Open Source | 1.6.x | All versions |
|----------------------------------+----------------+--------------------|
Next Page>>
|
