Zero Day Initiative Advisory 12-039 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java Webstart handles the 'java-vm-args' parameter in the j2se tag within a jnlp file. Due to insufficient sanitation it is possible to add additional double quotes to the commandline argument string used to start a new java process. This can lead to remote code execution under the rights of the current user.
651b5441e65bd315cdda098b21e89a94A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the MaxInstructionSize from the maxp table to create a heap memory location to store all the Instruction Definition found in the Font Program 'fpgm' table. However, when Java encounters an IDEF opcode (0x89) in the opcode stream it never checks the size of the MaxInstructionSize which can result in a heap buffer overflow. This can lead to remote code execution under the context of the current process.
6dc4b5f748c872b9f9d63515be17303aZero Day Initiative Advisory 12-038 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JavaFX, a downloadable Java extension. The JavaFX Jar file is signed by Oracle and can be installed without user interaction. Once installed it is possible to invoke the main method of any trusted class with arbitrary arguments and with a trusted call stack. This can be leveraged to remote code execution under the context of the user.
231f8aeef31f011725a480c0e021c24dZero Day Initiative Advisory 12-032 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses structures for a specific tag descriptor with a specific ICC color profile. When handling a field from this structure, the application will incorrectly check for signedness and then perform an operation on it. This will then get passed to an allocation. Immediately following this, the application will use a different size to initialize the allocation. This can lead to a controllable memory corruption which can be leveraged to achieve code execution under the context of the application.
e918e5f728fffc6e2f50af6885efd54eVOXTRONIC Voxlog Professional versions 3.7.2.729 and below suffer from file disclosure, remote code execution, and remote SQL injection vulnerabilities.
dd44dc935826ca881de1db178bf05065SAP AG Netweaver version 7.02 suffers from a stack based buffer overflow vulnerability in the SAPHostControl service. Exploitation can lead to code execution.
7770f88651d7fc27d8a77eaf76d6713aPHP versions 5.2.0 through 5.2.17 suffers from an information disclosure and possible code execution vulnerability due to the filter_globals struct not being clean up during the shutdown stage.
f61de804e9c30d44825cfedbd7339101This Metasploit module exploits an arbitrary PHP code execution vulnerability introduced as a backdoor into Horde 3.3.12 and Horde Groupware 1.2.10.
c67d692d4c351361a41b41a368ecd76dEditWRX CMS suffers from a remote code execution vulnerability due to a mishandling of data passed to open().
699f214ce4bd4c490dad7a30ed840a34Nova CMS suffers from multiple remote file inclusion vulnerabilities.
7673269678b7edecc49fee9a237e9f22MachForm version 2.4 suffers from multiple remote file inclusion vulnerabilities.
b7a49f1630617a94570e00015b7b8553BASE version 1.4.5 suffers from multiple remote file inclusion vulnerabilities and a shell creation vulnerability.
7d80722404bccd99e5ce683c4622eeebGocart version 1.0.2 suffers from multiple remote file inclusion vulnerabilities.
e28f24434f6cdde0816a0739dd3023a6GLPI versions 0.80.61 and below suffer from local file inclusion and remote file inclusion vulnerabilities.
5d7b5ba621c47f937f6a39efa475c467This Metasploit module exploits a vulnerability found in Adobe Flash Player's Flash10u.ocx component. When processing a MP4 file (specifically the Sequence Parameter Set), Flash will see if pic_order_cnt_type is equal to 1, which sets the num_ref_frames_in_pic_order_cnt_cycle field, and then blindly copies data in offset_for_ref_frame on the stack, which allows arbitrary remote code execution under the context of the user. Numerous reports also indicate that this vulnerability has been exploited in the wild. Please note that the exploit requires a SWF media player in order to trigger the bug, which currently isn't included in the framework. However, software such as Longtail SWF Player is free for non-commercial use, and is easily obtainable.
fa4f5d5aff50cce0a0d0d58669a8f81aDrupal version 6.22 with Finder version 6.x-1.9 suffers from code execution and cross site scripting vulnerabilities.
b36e1fc1306459154d4d482543e851b3Zero Day Initiative Advisory 12-028 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within BB FlashBack Recorder.dll. The Filename property is vulnerable to directory traversal via the Start() method. PauseAndSave() is also vulnerable to directory traversal via its nextfilename parameter. InsertMarker() and InsertSoundToFBRAtMarker() have parameters that are vulnerable to script injection and can be combined with the previously mentioned vulnerabilities to achieve remote arbitrary code execution.
ab2f7e23daaff43cef442980f87b3425ZENphoto version 1.4.2 suffers from PHP code execution, cross site scripting and remote SQL injection vulnerabilities.
556b7125d5ca6e0fb7f7fe25475f1001Zero Day Initiative Advisory 12-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the indexd.exe handles rpc calls with opcode 0x1 for program 0x0005F3D9. While processing this message a user supplied string is copied into a fixed size stack buffer. This can result in a buffer overflow which can lead to remote code execution under the context of the current process.
9b34f7521bd7a85d83bd30660d02e0b3Zero Day Initiative Advisory 12-024 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uncsp_ViewReportsHomepage stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the uncsp_ViewReportsHomepage stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request--which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
713c9a82e50b5c3ca55c179d2b90cbfcZero Day Initiative Advisory 12-022 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ExportReport stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the ExportReport stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request--which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
95a591ab4f65de73f3ce0359786675beThis whitepaper analyzes the MIDI remote code execution vulnerability found in the Windows Multimedia Library. Written in Turkish.
86b73a0bd44eecf2f0ae4fc449aeb170This Metasploit module exploits a stack buffer overflow in Wireshark versions 1.4.4 and below. When opening a malicious .pcap file in Wireshark, a stack buffer overflow occurs, resulting in arbitrary code execution.
db004e8e710819d322cb853734c2336aBugzilla versions 2.0 to 3.4.13, 3.5.1 to 3.6.7, 3.7.1 to 4.0.3, and 4.1.1 to 4.2rc1 suffer from account impersonation and cross site request forgery vulnerabilities.
5f18baac37e23f9bb6e5a2f1489a4470Adobe Flash Player MP4 SequenceParameterSetNALUnit remote code execution exploit that works against versions 10.3.181.34 and below on XP SP3.
cf02af1c3dc09483a9ca31549d45ec0b
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed