ZDI-11-251: Apple QuickTime STSS atom Parsing Remote Code Execution Vulnerability

ZDI-11-251: Apple QuickTime STSS atom Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-251 August 9, 2011 -- CVE ID: CVE-2011-0250 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPointT...

Chrome Stable Release

The Google Chrome team is happy to announce the release of Chrome 12 to the Stable Channel for all platforms. Chrome 12.0.742.91 includes a number of new features and updates, including: Hardware accelerated 3D CSS New Safe Browsing protection against downloading malicious files Ability to delete...

Nmap NSE net: broadcast-dropbox-listener

Listens for the LAN sync information broadcasts that the Dropbox.com client broadcasts every 20 seconds, then prints all the discovered client IP addresses, port numbers, version numbers, display names, and more. If the 'newtargets' script argument is given, all discovered Dropbox clients will be...

Sybase M-Business Anywhere (AvantGo) Sync Server Detection

The remote service is a Sybase M-Business Anywhere formerly AvantGo Sync Server, which handles synchronization requests from a mobile device and determines whether to obtain requested pages from the source web server or from a shared cache on the Sync Server itself. C Tenable Network Security, In...

Steam Software - Denial of Service

Steam Software - Denial of Service Exploit Title: Steam Cloud Denial of Service 0day Date: 06042011 Author: david.r.klein \x0agmail\x0acom Software Link: http://steampowered.com Version: Steam - Latest Tested on: Windows XP/2003, Windows7 CVE : NA Notes: Copy file to C:\Program...

Steam Cloud Denial Of Service

Exploit Title: Steam Cloud Denial of Service 0day Date: 06042011 Author: david.r.klein \x0agmail\x0acom Software Link: http://steampowered.com Version: Steam - Latest Tested on: Windows XP/2003, Windows7 CVE : NA Notes: Copy file to C:\Program Files\Steam\userdata\remote\sharedconfig.vdf Run...

Sybase M-Business Anywhere agd.exe username Parameter Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase M-Business Anywhere. Authentication is not required to exploit this vulnerability. The specific flaw exists within agsync.dll, which listens for SOAP and sync HTTP requests on ports 80 and 4...

Mozilla introduces the "Web Apps" project just before release of release of Firefox 4 final !

Shortly before the release of the final version of Firefox 4, the Mozilla developers have introduced the "Web Apps" project. These apps are expected to play a major role play in future browsers, and in such a future, the browser will not just be for viewing web pages but will be a platform for...

broadcast-dropbox-listener NSE Script

Listens for the LAN sync information broadcasts that the Dropbox.com client broadcasts every 20 seconds, then prints all the discovered client IP addresses, port numbers, version numbers, display names, and more. If the newtargets script argument is given, all discovered Dropbox clients will be...

PolyVision RoomWizard insecurely stores Sync Connector Active Directory credentials and uses default administrative password

Overview The PolyVision RoomWizard web based scheduling system with touch screen display contains two vulnerabilities that allow an unauthorized user to access the device console and Sync Connector Active Directory credentials. Description The PolyVision RoomWizard is a touch screen scheduling...

RoomWizard Credential Disclosure

% Advisory Name: RoomWizard Default Password and Sync Connector Credential Leak % Date: 2010-08-16 % Appliance/SW: RoomWizard Web-based room scheduling system % Versions: Tested on Firmware 3.2.3 Model RW10 % Author: Sean Lam % Vendor Status: Vendor Contacted % CVE Candidate: CVE-2010-0214 %...

CVE-2009-5033

IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a " " argument sequence for a certain tell command, which allows remote authenticated users to obtain access to other users' data via a sync operation, related to storage of the data of multiple users within the same thread...

CVE-2010-4545

IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service resource consumption and sync outage by syncing a large volume of data...

Design/Logic Flaw

traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cause a denial of service daemon crash via a malformed invitation document in a sync operation...

CVE-2009-5034

IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated users to cause a denial of service memory consumption and daemon crash by syncing a large volume of data, related to the launch of a new process to handle the data while the previous process is still operating on the data...

CVE-2009-5036

traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cause a denial of service daemon crash via a malformed invitation document in a sync operation...

CVE-2009-5035

The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communications intended for other recipients by examining appended messages...

Code injection

IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service resource consumption and sync outage by syncing a large volume of data...

Design/Logic Flaw

IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to cause a denial of service sync failure via a malformed document...

CVE-2010-4545

IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service resource consumption and sync outage by syncing a large volume of data...