Bugzilla versions 2.0 to 3.4.13, 3.5.1 to 3.6.7, 3.7.1 to 4.0.3, and 4.1.1 to 4.2rc1 suffer from account impersonation and cross site request forgery vulnerabilities.
5f18baac37e23f9bb6e5a2f1489a4470Adobe Flash Player MP4 SequenceParameterSetNALUnit remote code execution exploit that works against versions 10.3.181.34 and below on XP SP3.
cf02af1c3dc09483a9ca31549d45ec0bThis Metasploit module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using Windows Media Player's ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causing the offset calculation being higher than how much is available on the heap (0x400 allocated by WINMM!winmmAlloc), and then allowing us to either "inc al" or "dec al" a byte. This can be used to corrupt an array (CImplAry) we setup, and force the browser to confuse types from tagVARIANT objects, which leverages remote code execution under the context of the user. At this time, for IE 8 target, JRE (Java Runtime Environment) is required to bypass DEP (Data Execution Prevention). Note: Based on our testing, the vulnerability does not seem to trigger when the victim machine is operated via rdesktop.
e13897802c519c03ae5164b1d2ecb919EMC NetWorker Server 7.5.x and 7.6.x contain a buffer overflow vulnerability which may possibly be exploited to cause a denial of service or, possibly, arbitrary code execution.
8f138c228e545ad94a699b74ddf8e3d7Register Plus versions 3.5.1 and below for WordPress suffer from code execution, cross site scripting and path disclosure vulnerabilities.
719992bc7507af6bc667c58318c7c250vBadvanced CMPS versions 3.2.2 and below suffer from local file inclusion and remote file inclusion vulnerabilities.
e2be31fe18b36ede34febe2700666d74NX Web Companion suffers from a spoofing vulnerability that may allow for arbitrary code execution.
217d5cb4dac721dbdb33b56bf020535dDebian Linux Security Advisory 2393-1 - Julien Tinnes reported a buffer overflow in the bip multiuser irc proxy which may allow arbitrary code execution by remote users.
37b1895dc25699ccbbbff86aa524f9f1Symantec PCAnywhere version 12.5.x suffers from a code execution vulnerability.
060facd3910ac12a61ed8cab17ba77f1WordPress versions 3.3.1 and below suffer from MySQL username/password disclosure, PHP code execution and cross site scripting vulnerabilities.
2ff8651f912a2170669cc231ffd47fb5miniCMS versions 1.0 and 2.0 suffer from a remote code execution vulnerability through php code injection.
a9083c8800989e739344d6e9e06904efA possible stack buffer overflow in Suhosin extension's transparent cookie encryption that can only be triggered in an uncommon and weakened Suhosin configuration can lead to arbitrary remote code execution, if the FORTIFY_SOURCE compile option was not used when Suhosin was compiled. Versions 0.9.32.1 and below are affected.
606156cd50168f1f52ef5ba71487136dThis Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "CacheDocumentXMLWithId" method from the "XMLCacheMgr" class in the HP Easy Printer HPTicketMgr.dll ActiveX Control (HPTicketMgr.dll 2.7.2.0). Code execution can be achieved by first uploading the payload to the remote machine embedding a vbs file, and then upload another mof file, which enables Windows Management Instrumentation service to execute the vbs. Please note that this module currently only works for Windows before Vista.
b01ade0319dd4987b8285b4f21c4ed2eThis Metasploit module exploits a buffer overflow in BS.Player 2.57. When the playlist import is used to import a specially crafted m3u file, a buffer overflow occurs allowing arbitrary code execution.
7c67522cd28b05fc5d13a63e8a75b419Debian Linux Security Advisory 2388-1 - Several vulnerabilities were discovered in t1lib, a Postscript Type 1 font rasterizer library, some of which might lead to code execution through the opening of files embedding bad fonts.
459eacf876f4aa0d27cd33cdfa2c4e04Zero Day Initiative Advisory 12-016 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Diagnostics server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the HP Diagnostics server handles incoming packets with 0x00000000 as the first 32-bit value. The magentservice.exe process listens on port 23472 by default. It will eventually take that first dword, decrease it by one and use it as a size value to copy data into a stack buffer. The resulting stack-based buffer overflow can result in remote code execution under the system user.
9bf396821847a21563fc931859e050beMandriva Linux Security Advisory 2012-004 - Multiple vulnerabilities has been found and corrected in t1lib. A heap-based buffer overflow flaw was found in the way AFM font file parser, used for rendering of DVI files, in GNOME evince document viewer and other products, processed line tokens from the given input stream. A remote attacker could provide a DVI file, with embedded specially-crafted font file, and trick the local user to open it with an application using the AFM font parser, leading to that particular application crash or, potentially, arbitrary code execution with the privileges of the user running the application. Various other issues were also addressed.
f4d6c3cb08dde11fdb1306e368d59d26Zero Day Initiative Advisory 12-013 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLCacheMgr class ActiveX control (CLSID 6F255F99-6961-48DC-B17E-6E1BCCBC0EE3). The CacheDocumentXMLWithId() method is vulnerable to directory traversal and arbitrary write, which allows an attacker to write malicious content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser.
37c6d04112e9302eb6503a8c143322a0GreenBrowser suffers from a double free vulnerability in an iframe object that can lead to arbitrary code execution. Versions 6.0.1002 and below are affected.
d1d1d8ce817e32c30a433496bc21283eKayako Support Suite versions 3.70.02-stable and below suffer from a PHP code execution vulnerability.
65bcefe68572462a1ca96beb831ff69bNovell Netware XNFS caller_name xdrDecodeString remote code execution exploit. Version 6.5 SP8 is affected.
003d454d67d459d784f5a28fd02254cfSAPID version 1.2.3 Stable suffers from a remote file inclusion vulnerability.
9e24af074298ce81724f7fedef72600cNovell Netware version 6.5 SP8 suffers from a XNFS.NLM NFS Rename remote code execution vulnerability.
932cbf32f536d7915c5001d7b70f4ad7Novell Netware version 6.5 SP8 suffers from a XNFS.NLM STAT Notify remote code execution vulnerability.
e949872ec1d486d378b559f2ae10cbf2Zero Day Initiative Advisory 12-05 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application decodes video samples encoded with the RLE codec. When decompressing the sample, the application will fail to accommodate for the canvas the sample is rendered into. This can cause a buffer overflow and thus can be taken advantage of in order to gain code execution under the context of the application.
e2313aba0e79de102b33fcc75a2e53eb
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed