A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the MaxInstructionSize from the maxp table to create a heap memory location to store all the Instruction Definition found in the Font Program 'fpgm' table. However, when Java encounters an IDEF opcode (0x89) in the opcode stream it never checks the size of the MaxInstructionSize which can result in a heap buffer overflow. This can lead to remote code execution under the context of the current process.
7d7c2f550994a2e5cd5e28b925d468c48c1d40628d005eac85f1b8d0d1c73513Whitepaper called Return-Oriented Programming Na Unha! Written in Portuguese.
e6b54ef5474c0dde40ebf73da35e14b105441360e400162136a7f59ae1fc1f07The D-Link DSL-2640B ADSL router suffers from a simple authentication bypass vulnerability by spoofing the MAC address of a logged in administrator.
12bc1d6056d32882aa0e9cb89830f0cca2bd54029fb7e936e8201175dcf085f6AlegroCart versions 1.2.7 and below suffer from a remote command execution vulnerability.
8906b8c516eca8beaffa239a56c986b687fe22e0bbea94995dd12db785b413fdAll versions of Snom IP Phone prior to 8.4.35 suffer from a privilege escalation vulnerability.
9e5b6063e0a97f160456f3011fab1f5a1ffe250662f024fd27b0438d6244a154Zero Day Initiative Advisory 12-038 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JavaFX, a downloadable Java extension. The JavaFX Jar file is signed by Oracle and can be installed without user interaction. Once installed it is possible to invoke the main method of any trusted class with arbitrary arguments and with a trusted call stack. This can be leveraged to remote code execution under the context of the user.
e396c40d1238a4b32b4de88a4e7c7a94f996dbe67c411ef01c6eb21bc7741d5aZero Day Initiative Advisory 12-037 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Webstart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within javaws.exe . Java Web Start does not safely handle double quotes that are placed anywhere except the beginning of certain property names in JNLP files. As a result, double quotes can be used to inject arbitrary command-line arguments into a javaw.exe process. Leveraging this would allow a remote attacker to execute code under the context of the user.
a095f2b41c9458ca35fc7a84f9fa435bcb5c3afdd726d804553da5e42524a72cThe Joomla Dtregister component suffers from a remote SQL injection vulnerability.
65e80b3f210c1e73e50e08d5e43c366ea8b27b94dd89264c86eafe5517fcfcecInterspire Shopping Cart forces poor permissions on config.php by design and by doing so leaks information like the database login and password to any local user.
9d05628969bbd9b9924bbbd92def920b91d205c03bda6ef7a31e2cadde891336Zero Day Initiative Advisory 12-036 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the handling of VML element positioning. When appending a VML element to a textArea element a reference to a cDispScroller object can be improperly freed. The object is can be reused, and due to this object being freed, a later allocation can be located in this memory region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
91ba23f83f6adbe244489b8b48522efdcef4f230714e8addb8a8a5a7d593320cSagem F@ST 2604 suffers from a cross site request forgery vulnerability.
74e794395ae33f36ccefae87e8b2d46683cef12874bda5794a7eecaa28e7b141BRIM versions prior to 2.0.0 suffer from a remote SQL injection vulnerability.
ddbf79217d0f6948bdd819e704d1c86657d27f6b2f125021938e1ea3c31e2159Mandriva Linux Security Advisory 2012-023 - It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. The updated packages have been patched to correct this issue.
11f7dad26c9da70df5a6e937277e758f721a83530bf66fef369c67b2ce22242762 bytes small Linux/x86 BackShell-TCP bash[/dev/tcp],execve(/bin/sh) shellcode.
c11501f06303b67afdaf120cb4cec86433c1a1f77db9fe89aaa1c8245ba1b310Zero Day Initiative Advisory 12-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within MSHTML, specifically the handling of an HTML time t:MEDIA element. A t:MEDIA element can be manipulated such that when the page is refreshed a reference to a freed CDispNode object remains allowing the repurpose of this region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
df4f311fcd1579648e5945d76912d846d27da68fbe2df2c21540d95d6a0122e9WordPress Magn WP Drag and Drop suffers from a shell upload vulnerability.
9c3a1e2929d6dfefc684c3c179e12959a1855400cc57101a1fd752e127f2ad57DFLabs PTK versions 1.0.5 and below suffer from a cross site request forgery vulnerability.
d0dd0d5291656beb902ee24cbf78e1bb2167be976fb908dc3778acf0386749d2Philip Abbey suffers from a cross site scripting vulnerability.
83f43bd596126238799a23deb4ecfdc673a48d3b85d4e7a906776a1305cbd030Limesurvey version 1.91+ build 11804 suffers from a remote blind SQL injection vulnerability.
a05a205bc66f62b6b8a8af72b4b06574dbecf005baccaca06cda5243dad8d5a0D-Link DCS Series cross site request forgery proof of concept exploit that changes the administrative password.
f87043c8b0337b923a27ab33b7cd3afaddb37c82e480326ebf22682dff298efaZero Day Initiative Advisory 12-034 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ASX meta files. When the code within wmp.dll attempts to process the version string within a meta file, it copies it to a fixed-length buffer on the stack without checking that the destination can contain the input data. This can be abused remotely by attackers to execute arbitrary code under the context of the user running the media application.
a83c58db30683d599df4aeb59ef7425627e17a94a25da7f227d7ceab7170b361Mandriva Linux Security Advisory 2012-022 - Integer overflow in libpng allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. The updated packages have been patched to correct this issue.
7e81a111ef1b1fb00ad6d1aa3d0f796e2df59993d8ad6ea01b71c9d6e9575d7dTremulous, a team based FPS game with RTS elements, suffers from a large amount of old Quake related vulnerabilities.
957204bc8a1064b5afc2c54e973081970d37c715e0429db6d279810022212fd1OneForum suffers from a remote SQL injection vulnerability.
c6c445fe0a680567ff0ec06f04169fe5710b4d5f846ec9cdde9c5de9f46eea71WebcamXP and Webcam7 suffer from a directory traversal vulnerability.
d8deb6afe4f219e4e760d3a7e556e9078532191fa12d6a586fda9d318e44c4fa
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed