CheckPoint Secure Platform Multiple Buffer Overflows

Hi all, we have published a paper about CheckPoint Firewall-1 vulnerabilities. The platform tested is the Secure Platform R60. We have found many buffer overflows. Most of them are located in command line utilities that can be exploited locally. A very few of them maybe can be exploited remotely,...

Hidden administrator account the three minutes to get-vulnerability warning-the black bar safety net

On the regedit. exe everyone is familiar with, but not to the registry key set permissions, regedt32. exe the biggest advantages is the ability to the registry key set permissions. nt/2 0 0 0/xp account information in the registry HKEYLOCALMACHINE\SAM\SAM key, but in addition to the system user...

Code execution via QuickTime Media-link files — Mozilla

On his blog Petko D. Petkov reported that QuickTime Media-Link files contain a qtnext attribute that could be used on Windows systems to launch the default browser with arbitrary command-line options. When the default browser is Firefox 2.0.0.6 or earlier use of the -chrome option allowed a remot...

mozilla -- code execution via Quicktime media-link files

The Mozilla Foundation reports a vulnerability within the mozilla browser. This vulnerability also affects various other browsers like firefox and seamonkey. The vulnerability is caused by QuickTime Media-Link files that contain a qtnext attribute. This could allow an attacker to start the browse...

Apple QuickTime remote command execution vulnerability

Overview Apple QuickTime contains a vulnerability that may allow an attacker to pass arbitrary commands to other applications. Description Apple QuickTime is a media player that is available for Microsoft Windows and Apple OS X. Apple QuickTime includes browser plugins for Internet Explorer,...

DEBIAN-CVE-2007-4656

backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than...

star security update

CentOS Errata and Security Advisory CESA-2007:0873 An updated star package that fixes a path traversal flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Star is a tar-like archiver. It saves multiple files into a single tap...

Moderate: Red Hat Security Advisory: star security update

An updated star package that fixes a path traversal flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Star is a tar-like archiver. It saves multiple files into a single tape or disk archive, and can restore individual files...

[SECURITY] Fedora Core 6 Update: rpm-4.4.2.1-1.fc6

The RPM Package Manager RPM is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package like its version, a...

Command injection

The Command Line Interface CLI, aka Adonis Administration Console, on the BlueCat Networks Adonis DNS/DHCP appliance 5.0.2.8 allows local admin users to gain root privileges on the underlying operating system via shell metacharacters in a command...

CVE-2007-4390

The CVE-2007-4390 issue affects BlueCat Networks Adonis DNS/DHCP appliance (CLI/Adonis Administration Console) version 5.0.2.8. The vulnerability allows local admin users to gain root privileges on the underlying OS by injecting shell metacharacters in a command. Documents confirm the affected co...

McAfee VirusScan Antivirus for Linux / Unix buffer overflow

Buffer overflow on oversized filename in command line arguments...

[SECURITY] Fedora Core 6 Update: cups-1.2.12-4.fc6

The Common UNIX Printing System provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Easy Software Produc ts to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces...

Cross site scripting

Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handli...

Mozilla protocol abuse

The Mozilla application platform currently has an unpatched input validation flaw which allows you to specify arbitrary command line arguments to any registered URL protocol handler process. Jesper Johansson already detailed parts of this on his blog on July 20,...

For grasping the win2003 system password trick-vulnerability warning-the black bar safety net

The command line to uninstall the win2003 sp1/sp2 %systemroot%$NtServicePackUninstall$\spuninst\spuninst /U Press the unattended mode to remove the service pack. If you use this option, then uninstall SP1, only fatal errors will only display the prompt. /Q Press the quiet mode to remove SP1, this...

Mozilla Foundation Security Advisory 2007-23

Mozilla Foundation Security Advisory 2007-23 Title: Remote code execution by launching Firefox from Internet Explorer Impact: Critical Announced: July 17, 2007 Reporter: Greg MacManus and Billy Rios Products: Firefox and Thunderbird Fixed in: Firefox 2.0.0.5 and Thunderbird 2.0.0.5 Description...

firefox break 0day high-risk vulnerabilities: Cross Browser Scripting-vulnerability warning-the black bar safety net

firefox break high-risk vulnerabilities, perform local program. At the same time using IE and firefox users, please note that bug fixes it! Monyer published temporary workaround: put the following code into the Run box, run, or saved as. bat double-click to run, or in cmd run: reg delete...

[SECURITY] Fedora 7 Update: wireshark-0.99.6-1.fc7

Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package...

[SECURITY] Fedora Core 6 Update: wireshark-0.99.6-1.fc6

Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package...