Security Bulletin: iText.jar in Tom Sawyer Perspective is vulnerable to XML External Entity

Summary iText.jar in Tom Sawyer Perspective is vulnerable to XML External Entity used by IBM Tivoli Network Manager ITNM IP Edition. Vulnerability Details CVEID:CVE-2017-9096 DESCRIPTION: iText PDF Library could allow a remote authenticated attacker to obtain sensitive information, caused by an X...

GitLab: Remote Command Execution via Github import

Summary This is very similar to https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/Remote%20Command%20Execution%20via%20Github%20import and allows arbitrary redis commands to be injected when imported a GitHub repository. When importing a GitHub repo the...

GitLab: RCE via github import

Hello, While continuing mining on github import, I found a vulnerability on gitlab.com allowing to execute remotely arbitrary commands. Gitlab uses Octokit to get data from github.com. Octokit uses Sawyer::Resource to represent results. Sawyer is a crazy class that converts a hash to an object...

VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0009) (remote check)

The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Linux Kernel in the doanonymouspage function due to improper separation of the stack and the heap. An attacker can exploit this to execute arbitra...

Tom Sawyer Software GET Extension Factory Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

[SECURITY] Fedora 19 Update: openttd-1.3.3-1.fc19

OpenTTD is modeled after a popular transportation business simulation game by Chris Sawyer and enhances the game experience dramatically. Many features were inspired by TTDPatch while others are original...

[SECURITY] Fedora 18 Update: openttd-1.2.2-1.fc18

OpenTTD is modeled after a popular transportation business simulation game by Chris Sawyer and enhances the game experience dramatically. Many features were inspired by TTDPatch while others are original...

Tom Sawyer Software GET Extension Factory Remote Code Execution

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

Tom Sawyer Software GET Extension Factory - Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3...

Tom Sawyer Software GET Extension Factory Remote Code Execution

This module exploits a remote code execution vulnerability in the tsgetx71ex553.dll ActiveX control installed with Tom Sawyer GET Extension Factory due to an incorrect initialization under Internet Explorer. While the Tom Sawyer GET Extension Factory is installed with some versions of VMware...

Fedora Update for openttd FEDORA-2012-0623

Check for the Version of openttd OpenVAS Vulnerability Test Fedora Update for openttd FEDORA-2012-0623 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 15 Update: openttd-1.1.5-1.fc15

OpenTTD is modeled after a popular transportation business simulation game by Chris Sawyer and enhances the game experience dramatically. Many features were inspired by TTDPatch while others are original...

Tom Sawyer ActiveX Control Memory Corruption (CVE-2011-2217)

A code execution vulnerability has been reported in Tom Sawyer. The vulnerability is due to an error while instantiating the ActiveX control in a browser. A remote attacker may exploit this vulnerability by enticing a user to open a specially crafted web-page. Successful exploitation of this...

[SECURITY] Fedora 16 Update: openttd-1.1.3-1.fc16

OpenTTD is modeled after a popular transportation business simulation game by Chris Sawyer and enhances the game experience dramatically. Many features were inspired by TTDPatch while others are original...

Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption

Added: 06/19/2011 CVE: CVE-2011-2217 BID: 48099 Background Tom Sawyer Software produces a variety of data visualization, layout, and analysis tools. Problem Certain ActiveX controls in tsgetxu71ex552.dll and tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client...

Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption

Added: 06/19/2011 CVE: CVE-2011-2217 BID: 48099 Background Tom Sawyer Software produces a variety of data visualization, layout, and analysis tools. Problem Certain ActiveX controls in tsgetxu71ex552.dll and tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client...

Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption

Added: 06/19/2011 CVE: CVE-2011-2217 BID: 48099 Background Tom Sawyer Software produces a variety of data visualization, layout, and analysis tools. Problem Certain ActiveX controls in tsgetxu71ex552.dll and tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client...

Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption

Added: 06/19/2011 CVE: CVE-2011-2217 BID: 48099 Background Tom Sawyer Software produces a variety of data visualization, layout, and analysis tools. Problem Certain ActiveX controls in tsgetxu71ex552.dll and tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client...

VMWare VirtualCenter ActiveX memory corruption

Tom Sawyer's Default GET Extension Factory ActiveX memory corruption...

Tom Sawyer Software GET Extension Factory COM Object Instantiation Memory Corruption

Tom Sawyer Software's GET Extension Factory, a component used for graph visualization applications, is installed on the remote Windows host. It may have been bundled with a third-party application, such as the VMware Infrastructure Client or Embarcadero ER / Studio XE2. The installed version of...