Next Page >>
remotely
Advisory:
/////////
Multiple Hewlett-Packard notebook series are prone to a remote code execution attack.
The manufacturer's preinstalled software contains a critical flaw within the software
built to support one-touch button quick feature access.
7) Known vulnerabilities:
CVE ID Disclosed Title
CVE-2000-1038 12/11/2000 The web administration interface for IBM AS/400
Firewall allows remote attackers to cause a denial of service via an
empty GET request.
CVE-2002-1731 12/31/2002 The System Request menu in IBM AS/400 allows
local users to list valid user accounts by viewing the object names that
are type USRPRF.
CVE-2005-0868 05/02/2005 AS/400 Telnet 5250 terminal emulation clients,
* Common Gateway Interface (CGI) Command Injection
* Unauthenticated Arbitrary File Upload
* XML-Remote Procedure Call (RPC) Arbitrary File Overwrite
* Cisco Discovery Protocol Remote Code Execution
* Ad Hoc Recording Denial of Service
Document ID: c03689276
Version: 1
HPSBGN02854 SSRT100881 rev.1 - HP Intelligent Management Center (iMC), iMC
TACACS+ Authentication Manager (TAM), and iMC User Access Manager (UAM),
Cross Site Scripting (XSS), Remote Code Execution, Remote Disclosure of
Information
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Multipoint Switch. This security advisory outlines details of the
following vulnerabilities:
* Unauthenticated Java Servlet Access
* Unauthenticated Arbitrary File Upload
* Cisco Discovery Protocol Remote Code Execution
* Unauthorized Servlet Access
* Java RMI Denial of Service
* Real-Time Transport Control Protocol Denial of Service
* XML-Remote Procedure Call (RPC) Denial of Service
1.Vulnerability information
---------------------------
Impact: An unauthenticated remote attacker without any kind of
credentials can access the SMB service under the credentials of an
authorized user. Depending on the privileges of the authorized user, and
the configuration of the remote system, an attacker can gain read/write
access to the remote file system and execute arbitrary code by using
DCE/RPC over SMB.
Reported By: Greg Linares of eEye Digital Security
Impact: A remote attacker can execute arbitrary code or cause a
denial of service condition.
Summary: CA products that implement the DSM gui_cm_ctrls ActiveX
control contain a vulnerability that can allow a remote attacker
December 12, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : webkit
Vulnerability : several
Problem type : remote (local)
Debian-specific: no
CVE Id : CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698
CVE-2009-1711 CVE-2009-1712 CVE-2009-1725 CVE-2009-1714
CVE-2009-1710 CVE-2009-1697 CVE-2009-1695 CVE-2009-1693
CVE-2009-1694 CVE-2009-1681 CVE-2009-1684 CVE-2009-1692
Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH)
ETES GmbH Security Advisory; August 13, 2007 - updated January 18, 2007
BACKGROUND
==========
Dell Remote Access Card 4 (DRAC4) allows customers to effectively manage
servers in remote locations where no administrative IT staff exists. It
provides lights out management with continuous video that provides a
* Unauthenticated Common Gateway Interface (CGI) Access
* CGI Command Injection
* TFTP Information Disclosure
* Malicious IP Address Injection
* XML-Remote Procedure Call (RPC) Command Injection
* Cisco Discovery Protocol Remote Code Execution
Duplicate Issue Identification in Other Cisco TelePresence Advisories
+--------------------------------------------------------------------
Problem Description:
Multiple vulnerabilities has been found and corrected in poppler:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier allow remote attackers to cause a denial of service (crash)
Affected: 2008.0
_______________________________________________________________________
Problem Description:
An out-of-bounds reading flaw in the JBIG2 decoder allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0799).
Multiple input validation flaws in the JBIG2 decoder allows
remote attackers to execute arbitrary code via a crafted PDF file
Advisory:
/////////
There is another remotely exploitable flaw within software preinstalled in HP notebook machines. This time, the culprit is automatic software update tool provided by the vendor.The Potential exploitation may lead to user files loss or altering vital system files (e.g. kernel), thus leaving PC unbootable.
Overview:
/////////
Problem Description:
Multiple security vulnerabilities has been discovered and corrected
in poppler:
An out-of-bounds reading flaw in the JBIG2 decoder allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0799).
Multiple input validation flaws in the JBIG2 decoder allows
remote attackers to execute arbitrary code via a crafted PDF file
1. Local registration. The database's internal process PMON connects via
IPC to the TNS Listener and registers the database's instance name in
the local listener. This can be changed by altering the system parameter
LOCAL_LISTENER (ALTER SYSTEM SET LOCAL_LISTENER='LISTENER_NAME').
2. Remote registration. The database's internal process PMON connects
via TCP (or any other network supported protocol such) to the remote TNS
Listener and registers the database's instance name in the remote
listener. This behavior can be specified by setting the system parameter
REMOTE_LISTENER (ALTER SYSTEM SET
REMOTE_LISTENER='REMOTE_LISTENER_NAME').
Problem Description:
Security vulnerabilities has been identified and fixed in pidgin:
The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL
certificates, which makes it easier for remote attackers to trick
a user into accepting an invalid server certificate for a spoofed
service. (CVE-2008-3532)
Pidgin 2.4.1 allows remote attackers to cause a denial of service
(crash) via a long filename that contains certain characters, as
Security Advisory
-----------------
FlatPress 0.804-0.812.1 Local File Inclusion to Remote Command Execution
Researcher Information
----------------------
Discovered by: Giuseppe `Zmax` Fuggiano
Website: http://www.giusef.net
Contact: giuseppe(dot)fuggiano(at)gmail(dot)com
CA Advisory Date: 2008-03-28
Reported By: Exploit code posted at milw0rm.com
Impact: A remote attacker can cause a denial of service or execute
arbitrary code.
Summary: CA products that implement the DSM ListCtrl ActiveX
control are vulnerable to a buffer overflow condition that can
allow a remote attacker to cause a denial of service or execute
Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH)
ETES GmbH Security Advisory; August 13, 2007
BACKGROUND
==========
Dell Remote Access Card 4 (DRAC4) allows customers to effectively manage
servers in remote locations where no administrative IT staff exists. It
provides lights out management with continuous video that provides a
These vulnerabilities can be exploited using sessions to the Services
Ready Platform Configuration Utility web interface. These
vulnerabilities could be exploited from the local LAN side of the SRP
device by default configuration and the WAN side of the SRP device if
remote management is enabled. Remote management is disabled by
default.
Cisco has released free software updates that address these
vulnerabilities.
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01767394
Version: 1
HPSBMA02438 SSRT090092 rev.1 - HP ProLiant DL/ML 100 Series G5/G6 Servers with ProLiant Onboard Administrator Powered by LO100i, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-07-28
Last Updated: 2009-07-28
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
Dear Tom Neaves,
It still can be exploited from Internet even if "remote management" is
only accessible from local network. If you can trick user to visit Web
page, you can place a form on this page which targets to router and
request to router is issued from victim's browser.
--Tuesday, June 16, 2009, 2:11:27 AM, you wrote to m.elyazghi@gmail.com:
correctly escape email addresses. A local attacker with direct access
to the Moodle database could exploit this to execute arbitrary commands
as the web server user. (CVE-2007-3215)
Nigel McNie discovered that fetching https URLs did not correctly escape
shell meta-characters. An authenticated remote attacker could execute
arbitrary commands as the web server user, if curl was installed and
configured. (CVE-2008-4796, MSA-09-0003)
It was discovered that Smarty (also included in Moodle), did not
correctly filter certain inputs. An authenticated remote attacker could
####################
- Discussion:
####################
1- [Remote Attacker] can login to hosting controller Panel. He can also change all others' passwords.
2- [User] can copy a file to hosting controller web directory which is executed under administrative privilege, so attacker can execute his commands by administrative privilege. e.g. an attacker can gain remote desktop of server using this bug and uploading an ASP file!
3- [Remote Attacker] can make a new user.
4- [Remote Attacker] can change all user's profiles.
5- [User] can see all the database information by a SQL injection.
6- [User] can change his credit amount or increase his discount.
Multiple vulnerabilities exist in the Cisco TelePresence Manager.
This security advisory outlines the details of the following
vulnerabilities:
* Simple Object Access Protocol (SOAP) Authentication Bypass
* Java Remote Method Invocation (RMI) Command Injection
* Cisco Discovery Protocol Remote Code Execution
Duplicate Issue Identification in Other Cisco TelePresence Advisories
+--------------------------------------------------------------------
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab has discovered multiple remote denial of service (DoS) vulnerabilities in FireFly MediaServer, which could be exploited by a malicious person to crash a remote server.
1) Multiple NULL pointer dereference vulnerabilities in Firefly MediaServer: CVE-2012-5875
1.1 The vulnerability exists due to improper handling of the HTTP CONNECTION header within the "firefly.exe" binary file. A remote attacker can send a specially crafted packet to 9999/TCP port (FireFly's server default port) with improper CONNECTION header value, leading to a NULL pointer dereference that will cause vulnerable server to crash immediately.
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab has discovered multiple remote DoS vulnerabilities in Nero Media Home server, which could be exploited by a malicious person to crash the server remotely.
1) Improper Handling of Length Parameter Inconsistency in Nero MediaHome server: CVE-2012-5876
1.1 The vulnerability exists due to improper handling of the URI length within the "NMMediaServer.dll" dynamic-link library. A remote attacker can send a specially crafted HTTP request of at least 500'000 characters long to port 54444/TCP (Nero MediaHome server's default port) and cause a stack-based buffer overrun that will immediately crash the Nero MediaHome server.
Next Page>>
|
