Next Page >>
user interface
To determine which version of the Cisco VPN Client is running on a
Microsoft Windows machine, follow the following steps:
1. Select "Programs->Cisco Systems VPN Client->VPN Client" from the Start
menu. This action will open the Cisco VPN Client graphical user
interface.
2. Select the option "About VPN Client..." from the "Help" menu. This
menu option will display a dialog box that contains text similar to
"Cisco Systems VPN Client Version 4.8.01.0300."
Note: By default, the "Cisco Systems VPN Client" folder is located in the
Trustwave's SpiderLabs Security Advisory TWSL2011-018:
Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-018.txt
Published: 2011-12-20
Version: 1.0
Vendor: IBM (http://www.ibm.com)
Product: TS3100/TS3200 Tape Library
+---------------------------------------
Unprivileged users can elevate their privileges to those of the
LocalSystem account by enabling the Start Before Logon (SBL) feature
and interacting with the Cisco AnyConnect Secure Mobility Client
graphical user interface in the Windows logon screen.
To prevent this issue, fixed versions of the Cisco AnyConnect Secure
Mobility Client limit the amount of interaction that is possible in
the client's graphical user interface when it is displayed on the
Windows logon screen.
Example #1
Within the SugarCRM User Interface (UI) go to the Documents List. Click
on the one just created. This will execute the script. You will see the
script right in the document list- very obvious to most users that
something doesn't look right. The next example is slighly more covert.
I. BACKGROUND
---------------------
"Microsoft Office Excel is a powerful tool you can use to create and format
spreadsheets, and analyze and share information to make more informed
decisions. With the Microsoft Office Fluent user interface, rich data
visualization, and PivotTable views, professional-looking charts are easier
to create and use." (microsoft.com)
II. DESCRIPTION
Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash
and Remote Denial of Service.
*Version Tested:*
Mozilla 3.0.3 - 1.9.0 Branch /(Specifically for Latest Version)/
*Severity:*
High
---------------------
Microsoft Office Word, included in the Microsoft Office suite,
is a powerful authoring program that gives the ability to create
and share documents by combining a comprehensive set of writing
tools with the easy-to-use Microsoft Office Fluent user interface.
II. DESCRIPTION
---------------------
3) Vendor's Description of Software
"Microsoft Office PowerPoint 2007 enables users to quickly create
high-impact, dynamic presentations, while integrating workflow and
ways to easily share information. From the Microsoft Office Fluent
user interface to the new graphics and formatting capabilities, Office
PowerPoint 2007 puts the control in your hands to create great-looking
presentations.".
Product Link:
http://office.microsoft.com/powerpoint
---------------------
Microsoft Office Word, included in the Microsoft Office suite,
is a powerful authoring program that gives the ability to create
and share documents by combining a comprehensive set of writing
tools with the easy-to-use Microsoft Office Fluent user interface.
II. DESCRIPTION
---------------------
URI/URL Spoofing when displaying the content of a NDEF Smart Poster
and plain URI tag. Web browser does not display full hostname when
loading a web page.
Crash of the parser for various parts of NDEF records, reboots
graphical user interface (GUI) of phone.
-----------------------------
Reporter: Collin Mulliner <collin.mulliner[AT]sit.fraunhofer.de>
independent bytecode format. This code has restricted access to
functionality provided by the engine. It should not be allowed access to
data outside the VM context.
Over the course of gameplay, the quake3 engine may dynamically load DLL
files in certain configurations. For instance, if vm_ui is set to "0" quake3
tries to open a DLL file to load the game logic behind the user interface.
Part of the functionality offered to VM logic is the possibility to write to
files within the quake3 directory. By writing a malicious DLL file, a
program residing in the VM could trigger the execution of code outside the VM
context.
On Sep 13, 2007, at 04:16 AM, Tim Brown wrote:
> A paper has just been released on the Windows Vista's gadget API. The
> abstract is as follows:
>
> Windows has had the ability to embed HTML into it's user interface
> for many
> years. Right back to and including Windows NT 4.0, it has been
> possible to
> embed HTML into the task bar, but the OS has always maintained a
> sandbox,
Security Console (Admin Console)
--------------------------------
* Persistent XSS: parameter setconf-neworg of /exec/admin_orgs resource allows an attacker to inject malicious HTML and JavaScript code which is persistently stored as part of a sub-organization name (ORGS and USERS>Orgs>Add Sub-Org).
Additionally, an effective DoS attack can be mounted against the organization's administrators by injecting malicious code which prevents the Web user interface to render properly.
* Reflected XSS: multiple parameters of /exec/admin_list resource
* Reflected XSS: multiple parameters of /exec/admin_auth resource.
Message Center Classic
Summary
=======
Cisco Unified Communications Manager is vulnerable to a SQL Injection
attack in the parameter key of the admin and user interface pages. A
successful attack could allow an authenticated attacker to access
information such as usernames and password hashes that are stored in
the database.
Cisco has released free software updates that address this
I. BACKGROUND
---------------------
Microsoft Office Excel is a powerful tool you can use to create and
format spreadsheets, and analyze and share information to make more
informed decisions. With the Microsoft Office Fluent user interface,
rich data visualization, and PivotTable views, professional-looking
charts are easier to create and use.
II. DESCRIPTION
Vulnerability : format string vulnerability
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-0364
Wilfried Goesgens discovered that WebCit, the web-based user interface
for the Citadel groupware system, contains a format string
vulnerability in the mini_calendar component, possibly allowing
arbitrary code execution (CVE-2009-0364).
For the stable distribution (lenny), this problem has been fixed in
I. BACKGROUND
---------------------
Microsoft Office Excel is a powerful tool you can use to create and
format spreadsheets, and analyze and share information to make more
informed decisions. With the Microsoft Office Fluent user interface,
rich data visualization, and PivotTable views, professional-looking
charts are easier to create and use.
II. DESCRIPTION
Subject: Next generation malware: Windows Vista's gadget API
A paper has just been released on the Windows Vista's gadget API. The
abstract is as follows:
Windows has had the ability to embed HTML into it's user interface for
many years. Right back to and including Windows NT 4.0, it has been
possible to embed HTML into the task bar, but the OS has always
maintained a sandbox, from which the HTML has been unable to escape. All
this changes with Windows Vista. This paper seeks to inform system
administrators, users and the wider community on both potential attack
! (Apply the access-list to the http server)
ip http access-class 20
For additional information on configuring the Cisco IOS HTTP server,
consult Using the Cisco Web Browser User Interface.
For additional information on cross-site scripting attacks and the
methods used to exploit these vulnerabilities, please refer to the
Cisco Applied Mitigation Bulletin "Understanding Cross-Site Scripting
(XSS) Threat Vectors", which is available at the following link:
[Product Description]
- ----------------------------------------------------------------------
"From creating new solutions for print, photography, scientific
visualization, and film post-production to enhancing your application's
user interface with innovative and effortless visual effects, Core Image
performs the heavy lifting that enables the next generation of imaging
applications."
- -- http://developer.apple.com/macosx/coreimage.html --
On 28 sept. 08, at 20:27, Aditya K Sood wrote:
>
> Mozilla Firefox User Interface Null Pointer Dereference Dispatcher
> Crash
> and Remote Denial of Service.
>
> *Version Tested:*
> Mozilla 3.0.3 - 1.9.0 Branch /(Specifically for Latest Version)/
>
Having access to any user on the target system (including guest user),
it is possible to get full OS root access by injection in ping/traceroute/dns lookup
functionalities.
User interface prohibits such injections, but viewing / modifying http
requests in raw form allows to bypass that restriction.
More datailed information - including screenshots:
http://www.securitum.pl/dh/cisco_sa500_hacking
Jan Fry of ProCheckUp Ltd (www.procheckup.com)
Description
Mitel Audio and Web Conferencing (AWC) is a simple, cost-effective and
scalable audio and web conferencing solution supporting upto 200 ports.
http://www.mitel.com/DocController?documentId=26451
ProCheckUp has discovered that the AWC web user interface is vulnerable
to an unauthenticated command execution attack.
Proof of concept
The following demonstrate the command execution flaw:
1) Vulnerable to command execution
This vulnerability affects the Cisco AVS 3110, 3120, 3180, and 3180A
Management Station appliances that are running software versions prior
to AVS 5.1.0. Administrators can determine the software version of the
AVS appliances by logging in to the Management Station web-based user
interface or from the command-line interface (CLI) of the appliance
operating system.
Customers who use the AVS 3180 or 3180A Management Station can determine
their node software versions by navigating to the Cluster Information
Page. Each registered node will display the corresponding software
I. BACKGROUND
---------------------
"Microsoft Office Excel is a powerful tool you can use to create and
format spreadsheets, and analyze and share information to make more
informed decisions. With the Microsoft Office Fluent user interface,
rich data visualization, and PivotTable views, professional-looking
charts are easier to create and use." (microsoft.com)
II. DESCRIPTION
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-0930 CVE-2008-0931
Steve Kemp from the Debian Security Audit project discovered several local
vulnerabilities have been discovered in xwine, a graphical user interface
for the WINE emulator.
The Common Vulnerabilities and Exposures project identifies the following
problems:
---------------------
Microsoft Office Word, included in the Microsoft Office suite,
is a powerful authoring program that gives the ability to create
and share documents by combining a comprehensive set of writing
tools with the easy-to-use Microsoft Office Fluent user interface.
II. DESCRIPTION
---------------------
Carsten Book and "Taral" discovered crashes in the layout engine,
which might allow the execution of arbitrary code.
CVE-2009-3076
Jesse Ruderman discovered that the user interface for installing/
removing PCKS #11 securiy modules wasn't informative enough, which
might allow social engineering attacks.
CVE-2009-3077
I've just posted a new paper some of you may be interested in:
http://www.vsecurity.com/download/papers/WeaningTheWebOffOfSessionCookies.pdf
While it's primarily an argument for fixing HTTP authentication, it
does contain information on a few weaknesses common in browsers,
including password manager issues and user interface vulnerabilities.
Feedback is more than welcome.
Enjoy,
tim
I. BACKGROUND
---------------------
"Microsoft Office Excel is a powerful tool you can use to create and
format spreadsheets, and analyze and share information to make more
informed decisions. With the Microsoft Office Fluent user interface,
rich data visualization, and PivotTable views, professional-looking
charts are easier to create and use." (microsoft.com)
II. DESCRIPTION
Next Page>>
|
