Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in openMairie openCourrier 2.02 and 2.03 beta, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathom parameter to 1 bible.class.php, 2 dossier.class.php, 3 service.class.php, 4...

CVE-2010-1451

The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain PAGEEXEC4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent...

Foxit Launches 'Safe Mode' to Counter PDF Attacks

Foxit Corp has added new security features to its alternative PDF reader software to help thwart recent malware attacks that exploit the “/launch” feature. With Foxit PDF Reader Version 3.3, the company has added a Safe Mode that blocks external commands from being executed by the software. The...

SuSE9 Security Update : clamav (YOU Patch Number 12610)

Specially crafted CAB archives could crash clamav CVE-2010-1311 or bypass virus detection CVE-2010-0098. clamav has been updated to version 0.96 which fixes those issues. Citing freshmeat.net : This Release introduces new malware detection mechanisms and other significant improvements to the scan...

Unrestricted file upload

Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/...

sudo protection bypass

when a pseudocommand is enabled, it's possible to created an executable file with the same name, it will be executed by relative name with escalated privileges...

[DSecRG-09-053] VMware Remoute Console - format string

Digital Security Research Group DSecRG Advisory DSECRG-09-053 Application: VMware Remoute Console Version: e.x.p build-158248 Vendor URL: http://vmware.com Bugs: Format String Vulnerabilitys Exploits: YES PoC Reported: 07.08.2009 Vendor response: 13.08.2009 Date of Public Advisory: 09.04.2010 CVE...

Mandriva Linux Security Advisory : sudo (MDVSA-2010:078-1)

A vulnerability has been found and corrected in sudo : The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ., which allow...

CVE-2010-1163

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a...

CVE-2010-1163

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a...

JustSystems Ichitaro Products 'RTF' Buffer Overflow Vulnerability

This host is installed with JustSystems Ichitaro products and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: secpodjustsystemsichitaroprdtsbofvuln.nasl 6515 2017-07-04 11:54:15Z cfischer $ JustSystems Ichitaro Products 'RTF' Buffer Overflow Vulnerability Authors: Madhu...

Input validation

The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a...

PT-2010-2247 · Microsoft · Windows Server 2003 +6

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, Server 2008 Gold, SP2, and R2, and Windows 7 Description: A remote code execution issue exists in the Windows Authenticode Signature Verification...

Check accessrights of ps, finger, who, last and /var/log/?tmp*

This plugin uses ssh to Check accessrights of ps, finger, who, last and /var/log/?tmp. Check if ps, finger, who and last is not user executable, check perm 660 for /var/log/?tmp SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability

Description Microsoft Windows Authenticode Signature Verification is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting victim to run or install a specially modified signed Portable Executable PE or cabinet file. Successful exploits can...

CVE-2010-1334

Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory, a different...

CVE-2010-0993

Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified...

Foxit Reader 3.2 执行内嵌可执行程序漏洞

BUGTRAQ ID: 39109 Foxit Reader是一款小型的PDF文档查看器和打印程序。 出于安全考虑Foxit Reader、Adobe Reader等阅读器不允许执行PDF文档中内嵌的可执行程序（如二进制程序和脚本），但攻击者可以使用特殊技术绕过这种安全机制启动命令（/Launch /Action），最终执行内嵌的可执行程序。Adobe Reader在打开这种PDF文档时会弹出安全提示对话框，而Foxit Reader不会给出任何提示。 Foxit Reader 3.2 厂商补丁： Foxit ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Adobe, FoxIt Investigating Way to Mitigate PDF Hack

Security response teams at Adobe and FoxIt are investigating ways to mitigate a new PDF hack that allows the execution of an embedded executable without exploiting any security vulnerabilities. A demo of the PDF hack has been published to show how a hacker could employ social engineering techniqu...

Adobe Reader - Escape From '.PDF' Execute Embedded Executable

Title : Escape From PDF Author : Didier Stevens Date : 03/29/2010 Source : http://blog.didierstevens.com/2010/03/29/escape-from-pdf/ This is a special PDF hack: I managed to make a PoC PDF to execute an embedded executable without exploiting any vulnerability! I use a launch action triggered by t...