Amaya web editor XML and HTML parser vulnerabilities

Advisory ID Internal CORE-2008-1211 1. Advisory Information Title: Amaya web editor XML and HTML parser vulnerabilities Advisory ID: CORE-2008-1211 Advisory URL:http://www.coresecurity.com/content/amaya-buffer-overflows Date published: 2009-01-28 Date of last update: 2009-01-26 Vendors contacted:...

PDFBuilderX ActiveX控件SaveToFile()方式任意文件覆盖漏洞

BUGTRAQ ID: 33233 PDFBuilderX是用于创建和保存PDF文件的ActiveX控件。 PDFBuilderXTrial.PDFDoc ActiveX控件（PDFBuilderXTrial.ocx）没有正确地验证对SaveToFile方式所提供的输入，如果用户受骗访问了恶意网页并向该方式传送了恶意参数的话，就可能导致向系统上写入任意文件。 Ciansoft PDFBuilderX 2.2.0.1 临时解决方法： 为受影响的ActiveX控件设置kill-bit。 厂商补丁： Ciansoft --------...

Linux Kernel 64 Bit ABI系统调用参数特权提升漏洞

BUGTRAQ ID: 33275 CVE ID：CVE-2009-0029 Linux是一款开放源代码的操作系统。 Linux内核64位ABI系统调用参数处理存在问题，本地攻击者可以利用漏洞提升特权。 部分结构的ABI定义函数调用者必须对每个参数进行符号扩展来填满寄存器宽度，在linux系统调用处理上存在问题。 如在64位上使用这个系统调用： asmlinkage long sysexampleunsigned int index if index 5 return -EINVAL; return examplearrayindex;...

Sun Solaris rpc.metad远程拒绝服务漏洞

BUGTRAQ ID: 28261 CVECAN ID: CVE-2008-1480 Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 如果远程攻击者向Solaris提交了恶意RPC请求的话，就会导致rpc.metad1M崩溃，服务和Solaris卷标管理器（SVM）命令会失效，这是一种拒绝服务。 Sun Solaris 9.0x86 Sun Solaris 9.0 Sun Solaris 10.0x86 Sun Solaris 10.0 Sun OpenSolaris snv01 - snv95 Sun Solstice Disk Suite 4.2.1 厂商补丁：...

Microsoft Internet Explorer NULL Pointer DoS Vulnerability

This host has Internet Explorer installed and is prone to Remote Denial of Service vulnerability. OpenVAS Vulnerability Test $Id: gbmsienullptrdosvuln.nasl 6527 2017-07-05 05:56:34Z cfischer $ Microsoft Internet Explorer NULL Pointer DoS Vulnerability Authors: Sharath S Copyright: Copyright c 200...

NOD32 3.0/ESET Smart Security < 3.0.684 Local Privilege Escalation

NOD32 3.0/ESET Smart Security is installed on the remote host. The installed version is older than 3.0.684. Such versions are reportedly affected by a local privilege escalation issue. By sending a specially crafted request to an IOCTL request handler in 'epfw.sys', a local user may be able to...

RoundCube Webmail 0.2-3 Beta Code Execution

Public Release Date of POC: 2008-12-22 Author: Jacobo Avariento Gimeno Sofistic CVE id: CVE-2008-5619 Bugtraq id: 32799 Severity: Critical Vulnerability reported by: RealMurphy Intro ---- Roundcube Webmail is a browser-based IMAP client that uses "chuggnutt.com HTML to Plain Text Conversion"...

Windows Media Player WAV/MID/SND文件解析整数溢出漏洞

BUGTRAQ ID: 33018 Windows Media Player是Windows操作系统中默认捆绑的媒体播放器。 如果用户使用Windows Media player打开了恶意的WAV、SND或MID文件的话，就可能触发整数溢出，导致在用户系统上执行任意代码。 Microsoft Windows Media Player 9.0 Microsoft Windows Media Player 11 Microsoft Windows Media Player 10.0 厂商补丁： Microsoft ---------...

Core Security Technologies Advisory 2008.1210

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Qemu and KVM VNC server remote DoS 1. Advisory Information Title: Qemu and KVM VNC server remote DoS Advisory ID: CORE-2008-1210 Advisory URL:...

RoundCube Webmail &lt;= 0.2-3 beta Code Execution Vulnerability

No description provided by source. Public Release Date of POC: 2008-12-22 Author: Jacobo Avariento Gimeno Sofistic CVE id: CVE-2008-5619 Bugtraq id: 32799 Severity: Critical Vulnerability reported by: RealMurphy Intro ---- Roundcube Webmail is a browser-based IMAP client that uses "chuggnutt.com...

Fedora 8 : gallery2-2.3-1.fc8 (2008-11230)

New version, multiple security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Fedora 9 : gallery2-2.3-1.fc9 (2008-11258)

New version, multiple fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

eXPert PDF EditorX ActiveX控件任意文件覆盖漏洞

BUGTRAQ ID: 32664 eXPert PDF Viewer是为windows应用开发人员设计的可嵌入式PDF查看器。 VSPDFEditorX.VSPDFEdit ActiveX控件（VSPDFEditorX.ocx）所提供的extractPagesToFile方式没有正确地验证用户所提交的Filename和PagesRange参数，如果用户受骗访问了恶意网页并传送了恶意参数的话，就可能向用户系统保存或覆盖任意文件。 Visagesoft eXPert PDF Viewer ActiveX 1.0.200.0 临时解决方法： 为CLSID...

Microsoft写字板文件转换器远程代码执行漏洞

BUGTRAQ ID: 32718 CVECAN ID: CVE-2008-4841 写字板是Windows操作系统中附件所提供的简单文本编辑工具。 对于没有安装Word的用户，可以使用写字板的文本转换器来打开.doc格式文档。如果用户使用转换器打开了特制的.doc、.wri或.rtf格式文档的话，就可能触发内存破坏，导致执行任意代码。目前这个漏洞正在被积极的利用。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 200...

Microsoft Windows媒体组件ISATAP URL处理信息泄露漏洞（MS08-076）

BUGTRAQ ID: 32654 CVECAN ID: CVE-2008-3010 Windows媒体组件包括Windows Media Player、Windows Media Format Runtime和Windows Media Services等多种服务和应用。...

MS08-070: Vulnerabilities in Visual Basic 6.0 ActiveX Controls Could Allow Remote Code Execution (932349)

The remote host contains a version of the ActiveX control for Visual Basic 6.0 Runtime Extended Files that may allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and enticing a victim to visit it. Note that this control may have been included with...

WebGUI lib/WebGUI/Storage.pm远程脚本代码执行漏洞

BUGTRAQ ID: 32602 WebGUI是一个CMS（内容管理系统）软件，主要用来方便网站内容的发布与维护。 WebGUI没有正确地过滤某些邮件附件。如果用户在使用协作系统的邮件功能的话，就可以向协作系统发送包含有可执行程序（如perl程序、shell脚本或php页面）的附件；如果Web服务器设置可可执行上述类型文件，从协作系统的web视图点击文件就会执行程序。 Plain Black Software WebGUI 7.x 临时解决方法： 编辑lib/WebGUI/Storage.pm并用以下代码替换addFileFromScalar方式： sub...

ClamAV < 0.94.2 cli_check_jpeg_exploit() Malformed JPEG File DoS

According to its version, the clamd antivirus daemon on the remote host is earlier than 0.94.2. There is a recursive stack overflow involving the JPEG parsing code in such versions. A remote attacker may be able to leverage this issue to cause the application to recursively scan a specially craft...

Fedora 8 : wordpress-2.6.5-2.fc8 (2008-10468)

http://wordpress.org/development/2008/11/wordpress-265/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Debian DSA-1672-1 : imlib2 - buffer overflow

Julien Danjou and Peter De Wachter discovered that a buffer overflow in the XPM loader of Imlib2, a powerful image loading and rendering library, might lead to arbitrary code execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...