«
Expand/Collapse
263 items tagged "zdi"
Related tags:
management [+],
day [+],
txt [+],
openview [+],
ibm [+],
atom [+],
suite [+],
autostart [+],
adobe reader [+],
parsing [+],
oracle [+],
office [+],
memory corruption [+],
integer overflow [+],
emc [+],
data protector [+],
client [+],
apple webkit [+],
bugtraq [+],
webkit [+],
target [+],
player [+],
novell netware [+],
nnm [+],
ftagent [+],
element [+],
apple safari [+],
sun java runtime [+],
soap [+],
sitescope [+],
protector [+],
multiple [+],
manager [+],
internet explorer [+],
internet [+],
informix dynamic server [+],
indusoft [+],
icc [+],
hp openview [+],
heap memory [+],
excel [+],
data [+],
arbitrary code [+],
adobe flash player [+],
adobe acrobat reader [+],
administration [+],
acrobat [+],
windows [+],
total [+],
sun [+],
style [+],
sql [+],
shockwave [+],
sample [+],
rhapsody [+],
realnetworks realplayer [+],
rational [+],
pwn [+],
printing [+],
oracle java [+],
novell zenworks [+],
novell iprint [+],
novell groupwise [+],
netware [+],
mozilla firefox [+],
mail messages [+],
lotus [+],
java runtime environment [+],
invalid [+],
intelligent management [+],
intelligent [+],
heap corruption [+],
gwia [+],
flash [+],
explorer [+],
easy [+],
dll [+],
defense [+],
control [+],
remote [+],
code [+],
vulnerability [+],
apple quicktime [+],
zero [+],
zenworks [+],
word [+],
webstudio [+],
website [+],
vulnerabilities [+],
visio [+],
vendor [+],
thin client [+],
thin [+],
symantec [+],
sybase [+],
svg [+],
size [+],
showmodaldialog javascript [+],
service [+],
sap [+],
reporter [+],
rendering [+],
port 443 [+],
pict [+],
packard [+],
office excel [+],
microsoft office word [+],
mercury loadrunner [+],
mcafee [+],
management web [+],
m business [+],
librpc [+],
lack of sanity [+],
java [+],
iprint [+],
invalid values [+],
hp mercury [+],
h 263 [+],
glyphs [+],
font [+],
firefox [+],
file [+],
execution [+],
domain policy [+],
configuration [+],
cognos [+],
coda [+],
child index [+],
cgi parameters [+],
buffer overflows [+],
bmp [+],
based buffer overflow [+],
audio streams [+],
arbitrary code execution [+],
application [+],
apple preview [+],
anywhere [+],
activex [+],
access [+],
zone [+],
xsrvd [+],
xnfs [+],
x. user [+],
wmitracemessageva [+],
witness systems [+],
witness [+],
width [+],
webware [+],
webaccess [+],
web gateway [+],
web [+],
wbr [+],
veritas [+],
validate [+],
valid credentials [+],
username field [+],
uri buffer [+],
uri [+],
uninitialized pointer [+],
uninitialized [+],
type mismatch [+],
tsm [+],
trun [+],
trendmicro [+],
trend [+],
tree [+],
track [+],
tomcat servlets [+],
tftpd [+],
text element [+],
text [+],
tag removal [+],
table [+],
systems [+],
swf [+],
swapinnode [+],
svgtextelement [+],
svgpointlist [+],
svgpathseglist [+],
substitution [+],
style element [+],
stts [+],
stsz [+],
stss [+],
stsc [+],
storage [+],
static web [+],
static [+],
ssl [+],
sshd [+],
sql injection [+],
spss [+],
sourcefire [+],
sort [+],
snmpviewer [+],
smartfilter [+],
setlanguage [+],
service vulnerability [+],
service database [+],
server [+],
series [+],
sequenceparametersetnalunit [+],
sentinel [+],
selector [+],
secure [+],
sean [+],
sap netweaver [+],
sampledata [+],
samplecount [+],
safari [+],
rvrender [+],
runtime [+],
runin [+],
run in [+],
rtl [+],
robnetscanhost [+],
rle [+],
request [+],
reporter generalutilities [+],
replaceitem [+],
removal [+],
relationship [+],
referenced data [+],
realnetwork [+],
radialgradiant [+],
quickr [+],
qtplugin [+],
qdmc [+],
qdm [+],
punk [+],
proper credentials [+],
program variables [+],
processinstruction [+],
pnpixpat [+],
pictureheader [+],
picture [+],
performance manager [+],
performance [+],
pattype [+],
overflow [+],
orchestration [+],
operations [+],
openaccess [+],
ooxml [+],
officeartblip [+],
office customer [+],
obunmarshal [+],
object [+],
nshtmlselectelement [+],
novell zenworks asset management [+],
novell groupwise webaccess [+],
notes [+],
nortel [+],
nodeiterator [+],
nnmrptconfig [+],
nlm [+],
nipplib [+],
netweaver [+],
netstorage [+],
net [+],
name [+],
mpg [+],
mpeg [+],
mpauploader [+],
movie [+],
mobile data [+],
mjpeg [+],
microsoft windows [+],
microsoft visio 2007 [+],
microsoft visio [+],
microsoft net framework [+],
micro control [+],
micro [+],
mergecells [+],
mediavideo [+],
media application [+],
media [+],
marshaled [+],
marker [+],
manager. authentication [+],
manager caslogdirectinserthandler [+],
manager atlcom [+],
management center [+],
malicious applets [+],
malicious applet [+],
lzw [+],
lpd [+],
lotus domino server [+],
log [+],
linebox [+],
letter style [+],
letter [+],
length [+],
layer 3 [+],
launcher [+],
jpeg [+],
jobdelivery [+],
ivr [+],
isvalidclient [+],
interbase [+],
inode [+],
information disclosure vulnerability [+],
img [+],
ibm informix [+],
hierarachy [+],
groupwise [+],
giop [+],
getnnmdata [+],
getcharnumatposition [+],
get [+],
genr [+],
genl [+],
gateway [+],
framework [+],
flv [+],
firewall [+],
file upload [+],
fastback [+],
exporthtml [+],
exploit [+],
exe [+],
error [+],
encoding [+],
embarcadero [+],
edgesight [+],
e remote [+],
dwgdp [+],
download [+],
domino server [+],
domain [+],
dom attribute [+],
document [+],
dnupdater [+],
dmp [+],
directory traversal vulnerability [+],
descriptor [+],
depth [+],
denial of service [+],
datadirect [+],
d pict [+],
customer [+],
crystal reports [+],
counter [+],
console [+],
compressor [+],
com [+],
codec [+],
cmm [+],
cloud [+],
cloning [+],
citrix [+],
cisco webex [+],
cinepak [+],
ceserver [+],
call [+],
calendar manager [+],
calendar [+],
c remote [+],
button [+],
body [+],
bkpixpat [+],
bit depth [+],
bit [+],
avaya [+],
authentication [+],
attributechildremoved [+],
atlcom [+],
atas [+],
asset [+],
argument [+],
arender [+],
applet [+],
apple mac os x [+],
apple mac os [+],
apple imageio [+],
appenditem [+],
aol [+],
advisory [+],
advanced audio coding [+],
advanced [+],
adobe shockwave player [+],
adobe download manager [+],
admsd [+],
administration server [+],
acrobat reader user [+],
abb [+],
abap [+],
Public [+],
code execution [+],
adobe [+],
microsoft [+],
novell [+],
realplayer [+],
realnetworks [+],
zero day [+],
user [+],
reader [+],
mozilla [+],
url,
table layout,
system compromise,
system,
smil,
sipr,
shellexecute,
reuse,
performance monitor,
microsoft windows system,
internet explorer user,
gif,
dom objects,
dom,
ciscoworks,
cisco ciscoworks
-
-
19:02
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-241 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwia.exe module responsible for parsing e-mail messages received by the server. When the code encounters a Content-Type header it proceeds to parse out the numbers within its contents. The process does not properly check for signed integers and if it encounters one, it loops excessively while writing to the stack. This can be abused by a remote attacker to execute arbitrary code under the context of the SYSTEM user.
-
19:01
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-238 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwia.exe module responsible for parsing e-mail messages received by the server. When the code encounters a Content-Type header it proceeds to parse out string data from within it. The process does not properly check the length of these values before copying them to a fixed-length buffer. This can be abused by a remote attacker to execute arbitrary code under the context of the SYSTEM user.
-
19:01
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-241 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwia.exe module responsible for parsing e-mail messages received by the server. When the code encounters a Content-Type header it proceeds to parse out the numbers within its contents. The process does not properly check for signed integers and if it encounters one, it loops excessively while writing to the stack. This can be abused by a remote attacker to execute arbitrary code under the context of the SYSTEM user.
-
-
22:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-215 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Informix Dynamic Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RPC protocol parsing library, librpc.dll, utilized by the ISM Portmapper service (portmap.exe) bound by default to TCP port 36890. A lack of sanity checking on supplied parameter sizes can result in an integer overflow and subsequent heap buffer under allocation which can finally lead to an exploitable memory corruption.
-
22:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-216 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Informix Dynamic Server. Authentication is required in that an attacker must have valid credentials to connect to the database. The specific flaw exists within the oninit.exe process bound by default to TCP port 9088 or 1526. A lack of sanity checking within a logging function can result in a stack based buffer overflow leading to arbitrary code execution under the context of the SYSTEM user.
-
22:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-215 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Informix Dynamic Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RPC protocol parsing library, librpc.dll, utilized by the ISM Portmapper service (portmap.exe) bound by default to TCP port 36890. A lack of sanity checking on supplied parameter sizes can result in an integer overflow and subsequent heap buffer under allocation which can finally lead to an exploitable memory corruption.
-
22:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-216 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Informix Dynamic Server. Authentication is required in that an attacker must have valid credentials to connect to the database. The specific flaw exists within the oninit.exe process bound by default to TCP port 9088 or 1526. A lack of sanity checking within a logging function can result in a stack based buffer overflow leading to arbitrary code execution under the context of the SYSTEM user.
-
-
21:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-202 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Sun Java Runtime. User interaction is required in that a target must visit a malicious page. The specific flaw exists within the com.sun.jnlp.BasicServiceImpl class. By abusing how Web Start retrieves security policies, an attacker can forge their own and force the removal of sandbox restrictions. Successful exploitation leads to code execution under the context of the user running the browser.
-
21:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-205 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of JPEG image dimensions. When specifying large values to the dimensions of a subsample an integer overflow occurs leading to memory corruption. Successful exploitation of this vulnerability can lead to remote compromise under the credentials of the currently logged in user.
-
21:01
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-202 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Sun Java Runtime. User interaction is required in that a target must visit a malicious page. The specific flaw exists within the com.sun.jnlp.BasicServiceImpl class. By abusing how Web Start retrieves security policies, an attacker can forge their own and force the removal of sandbox restrictions. Successful exploitation leads to code execution under the context of the user running the browser.
-
21:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-205 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of JPEG image dimensions. When specifying large values to the dimensions of a subsample an integer overflow occurs leading to memory corruption. Successful exploitation of this vulnerability can lead to remote compromise under the credentials of the currently logged in user.
-
-
19:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-176 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the normalizeDocument function defined within nsDocument.cpp. When handling children nodes the code does not account for a varying number of children during normalization. An attacker can abuse this problem along with the fact that the code does not validate the child index is within bounds to access an invalid object and execute arbitrary code under the context of the browser.
-
19:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-176 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the normalizeDocument function defined within nsDocument.cpp. When handling children nodes the code does not account for a varying number of children during normalization. An attacker can abuse this problem along with the fact that the code does not validate the child index is within bounds to access an invalid object and execute arbitrary code under the context of the browser.
-
1:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-147 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a target must open a malicious media file or visit a malicious page. The specific flaw exists within the codec responsible for parsing layer 3 MPEG audio streams. By providing invalid values within the stream, heap memory can be easily corrupted. This could be leveraged by an attacker to execute remote code under the context of the user running the application.
-
1:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-147 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a target must open a malicious media file or visit a malicious page. The specific flaw exists within the codec responsible for parsing layer 3 MPEG audio streams. By providing invalid values within the stream, heap memory can be easily corrupted. This could be leveraged by an attacker to execute remote code under the context of the user running the application.
-
0:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-143 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Log Manager. Authentication is not required to exploit this vulnerability. The specific flaws exist within the fileDownload and reportPluginUpload Tomcat servlets which do not require authentication to make privileged requests to. Due to the nature of the functionality provided by these servlets, successful exploitation can lead to code execution under the context of the application.
-
-
22:50
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-124 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit these vulnerabilities. The specific flaws exist due to how the application passes CGI parameters to the internal obtool binary running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service.
-
22:48
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-123 - This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. The specific flaw exists within the register globals emulation layer which allows attackers to specify values for arbitrary program variables. When specific parameters are specified via the URI it is possible for an attacker to bypass the authentication mechanism and reach functionality otherwise inaccessible without proper credentials. This can be leveraged by remote attackers to trigger what were post-auth vulnerabilities without valid credentials.
-
22:47
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-124 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit these vulnerabilities. The specific flaws exist due to how the application passes CGI parameters to the internal obtool binary running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service.
-
22:47
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-125 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the solid.exe process which listens by default on TCP port 1315. The code responsible for parsing the first handshake packet does not properly validate the length of the username field. By crafting an overly long value in the request an attacker can exploit this to execute arbitrary code under the context of the SYSTEM user.
-
-
19:41
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-080 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Mercury LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the process magentproc.exe that binds to TCP port 54345. A specially crafted packet will allow unauthenticated users to execute local commands. When a state of 0 or 4 is passed after the parameters, mchan.dll will process the commands on the host. This allows for remote code execution under the context of the SYSTEM user.
-
19:40
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-080 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Mercury LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the process magentproc.exe that binds to TCP port 54345. A specially crafted packet will allow unauthenticated users to execute local commands. When a state of 0 or 4 is passed after the parameters, mchan.dll will process the commands on the host. This allows for remote code execution under the context of the SYSTEM user.
-
-
20:00
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-076 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Preview. User interaction is required in that a target must open a malicious file or visit a malicious page. The specific flaw exists within the routine TType1ParsingContext::SpecialEncoding() defined in libFontParser.dylib. While parsing glyphs from a PDF document, a malformed offset greater than 0x400 can result in a heap corruption which can be leveraged by an attacker to execute arbitrary code under the context of the current user.
-
20:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-076 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Preview. User interaction is required in that a target must open a malicious file or visit a malicious page. The specific flaw exists within the routine TType1ParsingContext::SpecialEncoding() defined in libFontParser.dylib. While parsing glyphs from a PDF document, a malformed offset greater than 0x400 can result in a heap corruption which can be leveraged by an attacker to execute arbitrary code under the context of the current user.
-
-
1:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-071 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe's Acrobat Reader. User interaction is required in that the victim must be coerced into opening a malicious document or visiting a malicious URL. The specific flaw exists within the parsing of embedded fonts inside a PDF document. Upon parsing particular tables out of a font file the application will miscalculate an index used for seeking into a buffer. Later the application will begin to copy data into the calculated pointer corrupting the referenced data structure. Successful exploitation will lead to code execution under the context of the application.
-
-
15:06
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-068 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required in that a target must open a malicious media file or visit a malicious page. The specific flaw exists within the parsing of H.263 media files. The code within QuickTime trusts various values from MDAT structures and uses them during operations on heap memory. By crafting specific values the corruption can be leveraged to execute remote code under the context of the user running the application.
-
15:06
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-068 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required in that a target must open a malicious media file or visit a malicious page. The specific flaw exists within the parsing of H.263 media files. The code within QuickTime trusts various values from MDAT structures and uses them during operations on heap memory. By crafting specific values the corruption can be leveraged to execute remote code under the context of the user running the application.
-
-
19:52
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-062 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware NWFTPD daemon. Authentication or default anonymous access is required to exploit this vulnerability. The specific flaw exists when parsing malformed arguments to the verbs RMD, RNFR, and DELE. Overly long parameters will result in stack based buffer overflows which can be leveraged to execute arbitrary code.
-
19:52
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-054 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of JPEG image dimensions. When specifying large values to the dimensions of a subsample an integer overflow occurs leading to memory corruption. Successful exploitation of this vulnerability can lead to a compromise under the credentials of the currently logged in user.
-
19:52
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-055 - This vulnerability allows remote attackers to violate security policies on vulnerable installations of Sun Java Runtime. User interaction is required to exploit this vulnerability in that the target must run a malicious applet. The specific flaw allows malicious applets to connect to network addresses other than the originating applet and client IPs. A handcrafted applet can override compile time checks to prevent compilation of a mutable InetAddress subclass. This results in the ability to circumvent the Applet SecurityManager restrictions.
-
19:52
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-058 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Apple ImageIO framework during the parsing of malformed JPEG2000 files. The function CGImageReadGetBytesAtOffset can utilize miscalculated values during a memmove operation that will result in an exploitable heap corruption allowing attackers to execute arbitrary code under the context of the current user.
-
19:52
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-062 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware NWFTPD daemon. Authentication or default anonymous access is required to exploit this vulnerability. The specific flaw exists when parsing malformed arguments to the verbs RMD, RNFR, and DELE. Overly long parameters will result in stack based buffer overflows which can be leveraged to execute arbitrary code.
-
-
12:00
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-019 - This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the lack of cross domain policy enforcement. Through usage of the showModalDialog() JavaScript method an attacker can gather sensitive information from another website. This vulnerability can be exploited to obtain website credentials not originating from the attacking site.
-
12:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-019 - This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the lack of cross domain policy enforcement. Through usage of the showModalDialog() JavaScript method an attacker can gather sensitive information from another website. This vulnerability can be exploited to obtain website credentials not originating from the attacking site.