Secunia Research: Garmin Communicator Plug-In Domain Locking Security Bypass

====================================================================== Secunia Research 07/05/2009 - Garmin Communicator Plug-In Domain Locking Security Bypass - ====================================================================== Table of Contents Affected...

Symantec Norton Ghost Symantec.EasySetup.1 ActiveX控件拒绝服务漏洞

BUGTRAQ ID: 34696 CVECAN ID: CVE-2009-1517 Symantec Norton Ghost是一个备份恢复系统，允许用户将系统恢复到之前的快照状态。 Norton Ghost的EasySetup安装向导的EasySetupInt.dll库提供了名为Symantec.EasySetup.1的ActiveX控件，该控件没有正确地验证对GetBackupLocationPath、CallUninstall、SetupDeleteVolume、...

kernel: exit_notify: kill the wrong capable(CAP_KILL) check

The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...

Microsoft Whale Intelligent Application Gateway Whale Client Components ActiveX control stack buffer overflows

Overview The Microsoft Whale Intelligent Application Gateway Whale Client Components ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Whale Communications Intelligent...

IntraLaunch ActiveX控件多个方式不安全调用漏洞

BUGTRAQ ID: 34395 CVECAN ID: CVE-2009-0218 IntraLaunch ActiveX控件允许网页链接本地或跨网络执行Word或PDF等文档所关联的应用程序。 IntraLaunch ActiveX控件（由IntraLaunch.ocx提供）没有限定到特定的域或Internet Explorer区，这允许任何站点都可以在安装了该控件的系统上通过调用该控件导致运行任意代码。 Particle Software IntraLaunch Particle Software -----------------...

Particle Software IntraLaunch Application Launcher ActiveX control fails to restrict access to dangerous methods

Overview The Particle Software IntraLaunch Application Launcher ActiveX control allows arbitrary code execution. Description Particle Software IntraLaunch is an ActiveX control that "... allows web page links to execute anything from applications to associations such as Word or Acrobat PDF...

SAP AG WebViewer3D ActiveX控件栈溢出漏洞

BUGTRAQ ID: 34310 CVECAN ID: CVE-2007-4475,CVE-2009-1205 SAPgui是SAP软件的图形用户界面客户端。 SAPgui提供了一个名为EAI WebViewer3D的ActiveX控件（webviewer3d.dll），该控件没有正确地验证对 SaveViewToSessionFile方式所传送的参数。如果用户受骗访问了恶意网页并向该方式传送了超长参数的话，就可以触发栈溢出，导致执行任意代码。 SAP Sapgui 7.10 Patch Level 8 临时解决方法： 在IE中禁用EAI WebViewer3D...

kernel security and bug fix update

2.6.18-128.1.6.0.1.el5 - NET Add entropy support to e1000 and bnx2 John Sobecki,Guru Anbalagane orabug 6045759 - MM shrink zone patch John Sobecki,Chris Mason orabug 6086839 - NET Add xen pv/bonding netconsole support Tina yang orabug 6993043 bz 7258 - nfs convert ENETUNREACH to ENOTCONN Guru...

Symantec AppStream Client LaunchObj ActiveX Control installAppMgr vulnerability

Added: 03/31/2009 CVE: CVE-2008-4388 BID: 33247 OSVDB: 51410 Background Symantec AppStream is an application deployment framework. Problem The LaunchObj ActiveX control exposes the installAppMgr method, which can be used to download and execute arbitrary code. This could allow command execution...

Symantec AppStream Client LaunchObj ActiveX Control installAppMgr vulnerability

Added: 03/31/2009 CVE: CVE-2008-4388 BID: 33247 OSVDB: 51410 Background Symantec AppStream is an application deployment framework. Problem The LaunchObj ActiveX control exposes the installAppMgr method, which can be used to download and execute arbitrary code. This could allow command execution...

GeoVision LiveAudio ActiveX控件GetAudioPlayingTime()方式代码执行漏洞

BUGTRAQ ID: 34115 GeoVision LiveAudio ActiveX控件是GeoVision监控软件中用于同步音频的工具。 GeoVision LiveAudio ActiveX控件（CLSID：814A3C52-B6F7-4AEA-A9BC-7849B9B0ECA8，Progid：LIVEAUDIO.LiveAudioCtrl.1）没有正确地验证对GetAudioPlayingTime方式所提供的输入参数。如果用户受骗访问了恶意网页的话，就可能导致访问已经释放的内存。成功利用这个漏洞的攻击者可以在用户系统上执行任意代码。 GeoVision LiveAudio...

Analyze page Trojan how to encrypt code to evade kill-vulnerability warning-the black bar safety net

As the web hang horse popular, the virus also began to keep tabs on various web hang horse way, this let many hackers very annoyed. But hackers soon found a coping method, this method iswill hang horse web page code to be encrypted, disrupting the original code looks like, let the antivirus...

Imera ImeraIEPlugin ActiveX控件任意文件下载漏洞

Imera TeamLinks是桌面客户端软件，允许物理分不断组成员之间进行协作。 TeamLinks客户端的ImeraIEPlugin.dll库所提供的ImeraIEPlugin.Pilot.1 ActiveX控件没有正地的处理DownloadHost属性参数，如果用户受骗访问了恶意站点并向该属性传送了恶意参数的话，就可能导致向用户系统下载并执行任意文件。 Imera ImeraIEPlugin.dll 1.0.2.54 临时解决方法： 为CLSID 75CC8584-86D4-4A50-B976-AA72618322C6设置kill-bit。 厂商补丁： Imera -----...

FreeBSD/x86 - kill all processes - 12 bytes

No description provided by source. CoDed bY suN8Hclf DaRk-CodeRs Group productions, kid FreeBSD x86 kill all procesess 12 bytes shellcode Compile: nasm -f elf code.asm ld -e start -o code code.o Assembly code: ---------------------code.asm------------------- section .text global start start: xor...

Linux/x86 - Kill service apache2 + pure-ftpd + sshd - 81 bytes

No description provided by source. / Linux x86 | Kill Service - Apache2 - Pure-Ftpd - sshd Shellcode 81 bytes Auhtor: Jonathan Salwan js.rac.projet AT gmail.com Web: http://www.shell-storm.org Disassembly of section .text: 08048060 start: 8048060: 6a 0b push $0xb 8048062: 58 pop %eax 8048063: 99...

Enomaly ECP多个安全漏洞

BUGTRAQ ID: 33544 CVECAN ID: CVE-2008-4990,CVE-2009-0390 Enomaly ECP（之前名为Enomalism）是用于管理虚拟机的软件。 ECP的enomalism2.sh中存在多个安全漏洞，本地攻击者可以通过符号链接攻击以root用户权限覆盖任意系统文件、向kill命令注入参数以终止任意进程或向进程发送信号，或导致虚拟机无法启动。 Enomaly Elastic Computing Platform 2.1 临时解决方法： 将PIDFILE从/tmp/enomalism2.pid更改为/var/run/enomalism2.pid。...

Nokia Phoenix Service Software ActiveX控件多个缓冲区溢出漏洞

BUGTRAQ ID: 33726 Nokia Phoenix Service Software是用于刷机诺基亚手机的软件。 Nokia Phoenix Service...

Use the split function perfectly free to kill the marine to the top such as asp Trojan-vulnerability warning-the black bar safety net

We all know the“marine top”of the asp Trojan is very famous. But in fact really use it, but not much. The main reason is because it is too well known to be mollusc stare very tight, the feature code also many, so doingfree killis very difficult. A few days ago, in the Black anti-of on see hack214...

Design/Logic Flaw

Argument injection vulnerability in Enomaly Elastic Computing Platform ECP, formerly Enomalism, before 2.1.1 allows local users to send signals to arbitrary processes by populating the /tmp/enomalism2.pid file with command-line arguments for the kill program...

CVE-2009-0390

Argument injection vulnerability in Enomaly Elastic Computing Platform ECP, formerly Enomalism, before 2.1.1 allows local users to send signals to arbitrary processes by populating the /tmp/enomalism2.pid file with command-line arguments for the kill program...