IBM Forms Viewer 'fontname' Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Forms Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within a document...

IBM Forms Viewer栈缓冲区溢出漏洞

CVECAN ID: CVE-2013-5447 IBM Forms Viewer是其中的一个客户端程序，它能够打开、填写、签署、提交和保存XFDL表单，可作为独立的应用程序或以嵌入在Web浏览器内的方式显示表单。 IBM Forms Viewer 4.0.0.3之前的4.x版本和8.0.1.1前的8.x版本中存在基于栈的缓冲区溢出漏洞。远程攻击者可借助特制的XFDL表单利用该漏洞执行任意代码。 0 IBM Forms Viewer 4.0 IBM Forms Viewer 4.0.0.1 IBM Forms Viewer 4.0.0.2 IBM Forms Viewer 8.0 IBM...

CVE-2013-5447

Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value...

Stack overflow

Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value...

CVE-2013-5447

The CVE-2013-5447 issue is a stack-based buffer overflow in IBM Forms Viewer (4.0.x prior to 4.0.0.3 and 8.x prior to 8.0.1.1) triggered by XFDL forms with a long fontname value. The IBM security bulletin confirms remote code execution could occur if a crafted XFDL form is opened, affecting IBM F...

CVE-2013-5447

Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value...

WordPress TDO-Mini-Forms Shell Upload

Exploit Title: Wordpress TDO-Mini-Forms Plugin Arbitrary File Upload Vulnerability Author: Ashiyane Digital Security Team Date: 12/09/2013 Vendor Homepage: http://thedeadone.net Software Link : http://cznic.dl.sourceforge.net/project/filip/wordpress/tdo-mini-forms.0.13.9.zip Google dork:...

Palo Alto Networks Pan-OS 5.0.8 - Multiple Vulnerabilities

Exploit for php platform in category web applications A couple of bugs exist in Palo Alto Networks PANOS These issues have been fixed in PANOS 5.0.9 . Example html source code to CSRF POST a rogue cert : 1. PA: 2. 3. 4. 5. 6. ----------------------------- 7. Content-Disposition: form-data;...

Palo Alto Networks Pan-OS 5.0.8 - Multiple Vulnerabilities

Palo Alto Networks Pan-OS 5.0.8 - Multiple Vulnerabilities from http://thomaspollet.blogspot.be/2013/11/Palo-Alto-XSS.html : A couple of bugs exist in Palo Alto Networks PANOS These issues have been fixed in PANOS 5.0.9 . Example html source code to CSRF POST a rogue cert : 1. PA: 2. 3. 4. 5. 6...

Palo Alto Networks PanOS 5.0.8 XSS / CSRF

Palo Alto Networks PANOS , L=Default City, O=Default Company Ltd Validity Not Before: Oct 1 16:28:18 2013 GMT Not After : Oct 1 16:28:18 2014 GMT Subject: C=XX, ST=, L=Default City, O=Default Company Ltd Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: 1024 bit Modulus:...

2: miq_policy/explorer SQL injection

SQL injection vulnerability in the miqpolicy controller in Red Hat CloudForms 2.0 Management Engine CFME 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile parameter in an explorer action...

Google Chrome < 30.0.1599.101 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is a version prior to 30.0.1599.101. It is, therefore, affected by multiple vulnerabilities : - Use-after-free errors exist related to editing, forms, and XmlHttpRequest XHR. CVE-2013-2925, CVE-2013-2926, CVE-2013-2927 - Various, unspecifi...

Google Fixes Three High-Risk Flaws in Chrome

There is a trio of high-risk security vulnerabilities in Google Chrome that have been patched in a new version of the browser released on Tuesday. The vulnerabilities all are use-after-free bugs, and Google paid a total of $5,000 in rewards to researchers who discovered and reported them. Google...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 5 security fixes in this release, including: 292422 High CVE-2013-2925: Use after free in XHR. Credit to Atte Kettunen of OUSPG. 294456 High CVE-2013-2926: Use after free in editing. Credit to cloudfuzzer. 297478 High CVE-2013-2927: Use after free in forms. Credit ...

[RCA-201308-01] HMS Testimonials 2.0.10 WP plugin - Multiple vulnerabilities

Details ======================== Application: HMS Testimonials http://wordpress.org/plugins/hms-testimonials/ Version: 2.0.10 Type: Wordpress Plugin Vendor: Jeff Kreitner http://profiles.wordpress.org/kreitje/ Vulnerability: - Cross-Site Request Forgery CWE-352 - Cross-Site Scripting CWE-79...

Oracle WebCenter Content (July 2013 CPU)

The version of Oracle WebCenter Content installed on the remote host is potentially affected by multiple vulnerabilities in the Content Server, Site Studio, and Web Forms components. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Questions Linger About New Linux 'Hand of Thief' Trojan

It looks like cybercriminals will soon be able to add yet another Trojan to their hacking repertoire, the Hand of Thief banking malware that targets Linux machines. Currently being sold on the Russian black market, Hand of Thief is fetching $2,000 USD €1,500 EUR but could be poised to run a cool...

Design/Logic Flaw

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote attackers to affect integrity via unknown vectors related to Web Forms...

CVE-2013-3772

CVE-2013-3772 affects Oracle WebCenter Content within Oracle Fusion Middleware versions 10.1.3.5.1, 11.1.1.6.0 and 11.1.1.7.0. The vulnerability is described as unspecified and allows remote attackers to affect integrity via unknown vectors related to Web Forms. The connected Nessus record links ...

CVE-2013-3772

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote attackers to affect integrity via unknown vectors related to Web Forms...