Perl Safe模块对象引用绕过安全限制漏洞

BUGTRAQ ID: 40302 CVECAN ID: CVE-2010-1168,CVE-2010-1974 Perl是一种免费且功能强大的编程语言。 Perl中所使用的Safe模块没有正确地对经过隐式bless处理的对象限制DESTROY和AUTOLOAD等方式的代码，在访问或释放这些对象时 Safe可能未加限制的执行这些方式。在Safe隔离中所执行的特制Perl脚本可以利用这个漏洞绕过预期的Safe模块限制。 Perl 5.12.1 厂商补丁： Larry Wall ---------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Article Friendly Local File Inclusion

======================================================================= Article friendly Insecure direct object Referece Vulnerability ======================================================================= by Pratul Agrawal Vulnerability found in- Admin module email [email protected] company...

Microsoft PowerPoint invalid object reference vulnerability

Added: 04/20/2009 CVE: CVE-2009-0556 BID: 34351 OSVDB: 53182 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A memory corruption vulnerability in Microsoft PowerPoint allows command execution when an invalid object is referenced...

Microsoft PowerPoint invalid object reference vulnerability

Added: 04/20/2009 CVE: CVE-2009-0556 BID: 34351 OSVDB: 53182 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A memory corruption vulnerability in Microsoft PowerPoint allows command execution when an invalid object is referenced...

Adobe Flash Player无效对象引用远程代码执行漏洞

BUGTRAQ ID: 33880 CVECAN ID: CVE-2009-0520 Flash Player是一款非常流行的FLASH播放器。 在处理Shockwave Flash文件时Flash Player会试图创建特定的对象及多个指向该对象的引用，之后会释放对象并删除关联的引用，但引用可能错误的仍保持指向对象。无效的对象位于未初始化的内存中，攻击者可以控制该内存区以获得执行控制权。 Adobe Flash Player 10.x 厂商补丁： Adobe ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

iDefense Security Advisory 02.24.09: Adobe Flash Player Invalid Object Reference Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 02.24.09 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 24, 2009 I. BACKGROUND Adobe Flash Player is a very popular web browser plugin. It is available for multiple web browsers and platforms, including Windows,...

Out-of-bounds

The Shared Trace Service aka OVTrace in HP Performance Agent C.04.70 aka 4.70, HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 aka Report 3.70 allows remote attackers to cause a denial of service via an unspecified series of RPC requests aka Trace...

mozilla: CSS reference counter overflow (ZDI-CAN-349)

Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array aka nsCSSValue:Array data structure, which allows remote attackers to execute arbitrary code vi...

quicksite-multi.txt

www.BugReport.ir AmnPardaz Security Research Team Title: QuickerSite Multiple Vulnerabilities Vendor: www.quickersite.com Vulnerable Version: 1.8.5 Exploit: Available Impact: High Fix: N/A Original Advisory: http://bugreport.ir/index.php?/39 1. Description: QuickerSite is a Content Management...

QuickerSite 1.8.5 Multiple Remote Vulnerabilities

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: QuickerSite Multiple Vulnerabilities Vendor: www.quickersite.com Vulnerable Version: 1.8.5 Exploit: Available Impact: High Fix: N/A Original Advisory: http://bugreport.ir/index.php?/39 1. Description:...

QuickerSite 1.8.5 - Multiple Vulnerabilities

QuickerSite 1.8.5 - Multiple Vulnerabilities www.BugReport.ir AmnPardaz Security Research Team Title: QuickerSite Multiple Vulnerabilities Vendor: www.quickersite.com Vulnerable Version: 1.8.5 Exploit: Available Impact: High Fix: N/A Original Advisory: http://bugreport.ir/index.php?/39 1...

QuickerSite 1.8.5 - Multiple Vulnerabilities

www.BugReport.ir AmnPardaz Security Research Team Title: QuickerSite Multiple Vulnerabilities Vendor: www.quickersite.com Vulnerable Version: 1.8.5 Exploit: Available Impact: High Fix: N/A Original Advisory: http://bugreport.ir/index.php?/39 1. Description: QuickerSite is a Content Management...

FreeBSD : firefox -- denial of service vulnerability (e2476979-da74-11da-a67b-0013d4a4a40e)

A Mozilla Foundation Security Advisory reports for deleted object reference when designMode='on' Martijn Wargers and Nick Mott each described crashes that were discovered to ultimately stem from the same root cause : attempting to use a deleted controller context when designMode was turned on. Th...

Deleted object reference when designMode="on" — Mozilla

Martijn Wargers and Nick Mott each described crashes that were discovered to ultimately stem from the same root cause: attempting to use a deleted controller context when designMode was turned on. This generally results in crashing the browser, but in theory references to deleted objects can be...

Mozilla Firefox designMode deleted object reference

Overview Mozilla Firefox contains a deleted object reference vulnerability. This may allow a remote attacker to execute arbitrary code. Description Mozilla Firefox contains a vulnerability that causes a deleted object to be referenced when designMode is set to "on." When Firefox attempts to use...