15 matches found
EUVD-2008-4034
Malware in sbrugna...
CVE-2008-4050
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to 1 create and read arbitrary registry values via the RegistryValue method, and 2 read arbitrary files via the GetTextFile method...
Security feature bypass
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary programs via arguments to the RunApp method...
Design/Logic Flaw
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to 1 create and read arbitrary registry values via the RegistryValue method, and 2 read arbitrary files via the GetTextFile method...
CVE-2008-4048
Heap-based buffer overflow in a certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary code via a long third argument to the CreateURLShortcut method...
CVE-2008-4049
CVE-2008-4049 affects the Friendly Technologies FriendlyPPPoE Client (version 3.0.0.57) via the ActiveX control fwRemoteCfg.dll version 3.3.3.1. The RunApp method accepts arguments that allow remote attackers to execute arbitrary programs. This vulnerability is described across multiple sources i...
CVE-2008-4050
The CVE-2008-4050 entry concerns a flaw in the ActiveX control fwRemoteCfg.dll (version 3.3.3.1) used by Friendly Technologies’ FriendlyPPPoE Client (v3.0.0.57). The vulnerability allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method and (2) read ar...
CVE-2008-4049
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary programs via arguments to the RunApp method...
CVE-2008-4050
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to 1 create and read arbitrary registry values via the RegistryValue method, and 2 read arbitrary files via the GetTextFile method...
Friendly Technologies 'fwRemoteCfg.dll' ActiveX控件信息泄漏漏洞
BUGTRAQ ID: 30939 CNCAN ID:CNCAN-2008090102 Friendly Technologies是一款提供类似L2TP和PPPoE客户端的解决方案。 Friendly Technologies fwRemoteCfg.dll存在输入验证错误,远程攻击者可以利用漏洞获得敏感信息。 fwRemoteCfg.dll用于提供拨号相关功能,由于对RegistryValue, readreg, readme方法缺少充分过滤,可导致攻击者构建恶意WEB页,诱使用户访问可获得敏感信息。 Friendly Technologies fwRemoteCfg.dll...
Friendly Technologies 'fwRemoteCfg.dll' ActiveX控件任意命令执行漏洞
BUGTRAQ ID:30889 CNCAN ID:CNCAN-2008082903 Friendly Technologies是一款提供类似L2TP和PPPoE客户端的解决方案。 Friendly Technologies fwRemoteCfg.dll不正确调用方法,远程攻击者可以利用漏洞以应用程序权限执行任意命令。 fwRemoteCfg.dll用于提供拨号相关功能,由于对"RunApp"方法缺少充分检查,构建恶意WEB页,诱使用户访问,可导致以应用程序权限执行任意命令。 Friendly Technologies fwRemoteCfg.dll 目前没有解决方案提供:...
Friendly Technologies 'fwRemoteCfg.dll' ActiveX控件远程缓冲区溢出漏洞
BUGTRAQ ID:30891 CNCAN ID:CNCAN-2008082904 Friendly Technologies是一款提供类似L2TP和PPPoE客户端的解决方案。 Friendly Technologies fwRemoteCfg.dll存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 fwRemoteCfg.dll用于提供拨号相关功能,由于对其他参数缺少充分边界检查,构建恶意WEB页,诱使用户访问,可导致触发缓冲区溢出以应用程序权限执行任意指令。 Friendly Technologies fwRemoteCfg.dll 目前没有解决方案提供:...
Friendly Technologies - fwRemoteCfg.dll ActiveX Remote Buffer Overflow
Friendly Technologies - fwRemoteCfg.dll ActiveX Remote Buffer Overflow Friendly Technologies - wayyy too friendly... function exploit var Evil = ""; // Our Evil Buffer var DamnIE = "\x0C\x0C\x0C\x0C"; // Damn IE changes address when not in the 0x00 - 0x7F range : // Need to use heap spray rather...
Friendly Technologies - 'fwRemoteCfg.dll' ActiveX Command Execution
lamers.RunApp "cmd" ,"cmd /k echo So Simple, So Lame -- Somebody should get fired." ,0 milw0rm.com 2008-08-28...
Friendly Technologies - 'fwRemoteCfg.dll' ActiveX Remote Buffer Overflow
Friendly Technologies - wayyy too friendly... function exploit var Evil = ""; // Our Evil Buffer var DamnIE = "\x0C\x0C\x0C\x0C"; // Damn IE changes address when not in the 0x00 - 0x7F range : // Need to use heap spray rather than overwrite EIP ... // Skyland win32 bindshell 28876/tcp shellcode v...