Zero Day Initiative Advisory 12-039 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java Webstart handles the 'java-vm-args' parameter in the j2se tag within a jnlp file. Due to insufficient sanitation it is possible to add additional double quotes to the commandline argument string used to start a new java process. This can lead to remote code execution under the rights of the current user.
651b5441e65bd315cdda098b21e89a94A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the MaxInstructionSize from the maxp table to create a heap memory location to store all the Instruction Definition found in the Font Program 'fpgm' table. However, when Java encounters an IDEF opcode (0x89) in the opcode stream it never checks the size of the MaxInstructionSize which can result in a heap buffer overflow. This can lead to remote code execution under the context of the current process.
6dc4b5f748c872b9f9d63515be17303aWhitepaper called Return-Oriented Programming Na Unha! Written in Portuguese.
a419a2a94db7471d78bcf483922d6890The D-Link DSL-2640B ADSL router suffers from a simple authentication bypass vulnerability by spoofing the MAC address of a logged in administrator.
3851cd4f4e001875aa05cb0f9955a4d4AlegroCart versions 1.2.7 and below suffer from a remote command execution vulnerability.
ff36a9c481655e3e71f4262115e0c0f2All versions of Snop IP Phone prior to 8.4.35 suffer from a privilege escalation vulnerability.
e42919d9432a000bf5f16e7ccf3c9bd0Zero Day Initiative Advisory 12-038 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JavaFX, a downloadable Java extension. The JavaFX Jar file is signed by Oracle and can be installed without user interaction. Once installed it is possible to invoke the main method of any trusted class with arbitrary arguments and with a trusted call stack. This can be leveraged to remote code execution under the context of the user.
231f8aeef31f011725a480c0e021c24dZero Day Initiative Advisory 12-037 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Webstart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within javaws.exe . Java Web Start does not safely handle double quotes that are placed anywhere except the beginning of certain property names in JNLP files. As a result, double quotes can be used to inject arbitrary command-line arguments into a javaw.exe process. Leveraging this would allow a remote attacker to execute code under the context of the user.
77f756182433ac4c10ec79e5fc2dd7e9The Joomla Dtregister component suffers from a remote SQL injection vulnerability.
730b4f55080f3c37c856385cf0fbeb76Interspire Shopping Cart forces poor permissions on config.php by design and by doing so leaks information like the database login and password to any local user.
b3bd0bb7f1cad6b42498db7c4b3e5d61Zero Day Initiative Advisory 12-036 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the handling of VML element positioning. When appending a VML element to a textArea element a reference to a cDispScroller object can be improperly freed. The object is can be reused, and due to this object being freed, a later allocation can be located in this memory region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
d520febd6ac5db41fa8f6c3cee7dd1c7Sagem F@ST 2604 suffers from a cross site request forgery vulnerability.
66af4a69ab36a6f2e6ea1ac40a212cd8BRIM versions prior to 2.0.0 suffer from a remote SQL injection vulnerability.
3c783afd74dd1536e28b68e09e2d8bedMandriva Linux Security Advisory 2012-023 - It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. The updated packages have been patched to correct this issue.
e90ebcfa22533ef068df780bc157e70362 bytes small Linux/x86 BackShell-TCP bash[/dev/tcp],execve(/bin/sh) shellcode.
dd08110ce2074ee6db7bef28f638cd26Zero Day Initiative Advisory 12-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within MSHTML, specifically the handling of an HTML time t:MEDIA element. A t:MEDIA element can be manipulated such that when the page is refreshed a reference to a freed CDispNode object remains allowing the repurpose of this region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
aca7c31cd83717483b28d457d97f425aWordPress Magn WP Drag and Drop suffers from a shell upload vulnerability.
d5c5501535cb0ce6fd79855584335af3DFLabs PTK versions 1.0.5 and below suffer from a cross site request forgery vulnerability.
c6feebc11667693b7609b3a53083ae11Philip Abbey suffers from a cross site scripting vulnerability.
5c88e7dc983188ddac5a349ef40897d7Limesurvey version 1.91+ build 11804 suffers from a remote blind SQL injection vulnerability.
6317dc72d42ebeff7d90905dbe2a250aD-Link DCS Series cross site request forgery proof of concept exploit that changes the administrative password.
462336720342a33c37db14e736a20f89Zero Day Initiative Advisory 12-034 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ASX meta files. When the code within wmp.dll attempts to process the version string within a meta file, it copies it to a fixed-length buffer on the stack without checking that the destination can contain the input data. This can be abused remotely by attackers to execute arbitrary code under the context of the user running the media application.
7f261e288463a8955d67d85374f39877Mandriva Linux Security Advisory 2012-022 - Integer overflow in libpng allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. The updated packages have been patched to correct this issue.
e9834f6300d9f86f6014ae21d754d8c1Tremulous, a team based FPS game with RTS elements, suffers from a large amount of old Quake related vulnerabilities.
03204c6c3ec87dd81acfb566950a6eb7OneForum suffers from a remote SQL injection vulnerability.
2e508cd5cf4163649cf1377bb5ce18c9
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed