This Metasploit module exploits a vulnerability found in Windows Media Center. It allows an MCL file to render itself as an HTML document in the local machine zone by Internet Explorer, which can be used to leak files on the target machine. Please be aware that if this exploit is used against a patched Windows, it can cause the computer to be very slow or unresponsive (100% CPU). It seems to be related to how the exploit uses the URL attribute in order to render itself as an HTML file.
4cc19d7d19594e1aacac84e636f4152df754ea6016db3fb75b34857aa8ed4b88Core Security Technologies Advisory - An integer signedness error has been found in the amd64_set_ldt() function in the FreeBSD kernel code (define d in the /sys/amd64/amd64/sys_machdep.c file), which implements the i386_set_ldt system call on the amd64 version of the OS. This integer signedness issue ultimately leads to a heap overflow in the kernel, allowing local unprivileged attackers to crash the system. FreeBSD 10.2 amd64 is affected.
d41fcb2fcfd845b70a122e20b1cbd17e3b183211e307eaf35331480595a9fc22Core Security Technologies Advisory - The 'application' tag in Microsoft Windows Media Center link files (.mcl extension) can include a 'run' parameter, which indicates the path of a file to be launched when opening the MCL file, or a 'url' parameter, which indicates the URL of a web page to be loaded within the Media Center's embedded web browser. A specially crafted MCL file having said 'url' parameter pointing to the MCL file itself can trick Windows Media Center into rendering the very same MCL file as a local HTML file within the Media Center's embedded web browser.
9799e326c07a7ab71d9ef358d6f4d5e6a701d96b2706e59c7ebca20a69575734FreeBSD Security Advisory - SCTP protocol provides reliable, flow-controlled, two-way transmission of data. It is a message oriented protocol and can support the SOCK_STREAM and SOCK_SEQPACKET abstractions. SCTP allows the user to choose between multiple scheduling algorithms to optimize the sending behavior of SCTP in scenarios with different requirements. Due to insufficient validation of the SCTP stream ID, which serves as an array index, a local unprivileged attacker can read or write 16-bits of kernel memory.
94980381572f511b4697b2bf2b6d1b10dee3a0640f849037c8cd995bace01080Core Security Technologies Advisory - Multiple vulnerabilities have been found in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the code that implements SCTP sockets. These vulnerabilities could allow local unprivileged attackers to disclose kernel memory containing sensitive information, crash the system, and execute arbitrary code with superuser privileges.
ab4dd6486f4ee6eea333af5b0238b5e37c79372f03d28ec456d911e6e9c2a2f2This Metasploit module exploits a vulnerability in the 3D Acceleration support for VirtualBox. The vulnerability exists in the remote rendering of OpenGL-based 3D graphics. By sending a sequence of specially crafted of rendering messages, a virtual machine can exploit an out of bounds array access to corrupt memory and escape to the host. This Metasploit module has been tested successfully on Windows 7 SP1 (64 bits) as Host running Virtual Box 4.3.6.
86c260fb68e437881ab16b483c4e49b6bc21fe1b4a46b94f446e6d346cda9ddaCore Security Technologies Advisory - Multiple memory corruption vulnerabilities have been found in the code that implements 3D Acceleration for OpenGL graphics in Oracle VirtualBox. These vulnerabilities could allow an attacker who is already running code within a Guest OS to escape from the virtual machine and execute arbitrary code on the Host OS.
21ec84e64e681dcbf21f5213bd3356433798b0d9e50c61ad3431bb54276c747dThis Metasploit module abuses a command injection on the clear_keys.pl perl script, installed with the Sophos Web Protection Appliance, to escalate privileges from the "spiderman" user to "root". This Metasploit module is useful for post exploitation of vulnerabilities on the Sophos Web Protection Appliance web ui, executed by the "spiderman" user. This Metasploit module has been tested successfully on Sophos Virtual Web Appliance 3.7.0.
7b650af9e32cadfdd3be9e6255740c3a5d42d0ac1627d52bec5e8e35f7e5b29bThis Metasploit module exploits a command injection vulnerability on Sophos Web Protection Appliance 3.7.9, 3.8.0 and 3.8.1. The vulnerability exists on the sblistpack component, reachable from the web interface without authentication. This Metasploit module has been tested successfully on Sophos Virtual Web Appliance 3.7.0.
bcde5e8d8f05d7b1ad0a9daef6977f314f81b4851a6c07b2830229371f0f0838Core Security Technologies Advisory - Sophos Web Protection Appliance versions 3.7.9 and earlier, 3.8.1, and 3.8.0 suffer from multiple OS command injection vulnerabilities.
9b18440c26f1295d0a92ba4d7e6ec1dd5c6560e29f7da1ea8bd466580e248550TP-Link IP cameras suffer from hard-coded credential and remote command execution vulnerabilities.
d96b583866927f2f59a08545c251d956a2dfef2c6512197cefb588c1ac39997bCore Security Technologies Advisory - Zavio IP cameras based on firmware versions 1.6.03 and below suffer from bypass, hard-coded credential, and arbitrary command execution vulnerabilities.
78c356b2ffcb1e25d51e6592b9d5d73b842cdf1d53ab057c2850cde52d3c84c9Core Security Technologies Advisory - D-Link IP Cameras suffer from OS command injection, authentication, information leak, and hard-coded credential vulnerabilities.
c89524253ab599d8622f01400e1599d3a2ca11af0117966d4e4a0fe9ff04ad31Core Security Technologies Advisory - Vivotek IP Cameras suffer from information leak, buffer overflow, authentication, path traversal, and command injection vulnerabilities. Vulnerable are Vivotek PT7135 IP camera with firmware 0300a, Vivotek PT7135 IP camera with firmware 0400a, and possibly others.
fa7660e4a137a97602dd52a3f2f89792f4eba90870562d6329ab58bbcacf03d9Core Security Technologies Advisory - Multiple vulnerabilities have been found in SAP Netweaver that could allow an unauthenticated remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN (being NN the SAP system number) of a host running the 'Message Server' service, part of SAP Netweaver Application Server ABAP. By sending different messages, the different vulnerabilities can be triggered.
287b3598e1016bac4e6bbe89252ab94d7ee5e39ea5592c228fff16f1c08ce946This Metasploit module exploits a buffer overflow in Foxit Reader 3.0 builds 1301 and earlier. Due to the way Foxit Reader handles the input from an "Launch" action, it is possible to cause a stack-based buffer overflow, allowing an attacker to gain arbitrary code execution under the context of the user.
009165bbb7f39c130705ca1779b5bf21f2c3fd6f324d13329ecce60c590e0dccCore Security Technologies Advisory - The administrative console of IBM WebSphere Application Server is vulnerable to Cross-Site Request Forgery (CSRF) attacks, which can be exploited by remote attackers to force a logged-in administrator to perform unwanted actions on the IBM WebSphere administrative console, by enticing him to visit a malicious web page. Versions 7.0.0.11 and 7.0.0.13 are confirmed vulnerable.
c5935cba98df6fe3be07143a413aa1c7d1b1b171f7643b662db9f9dff22ce27eCore Security Technologies Advisory - The Administration Console of Oracle GlassFish Server, which is listening by default on port 4848/TCP, is prone to an authentication bypass vulnerability. This vulnerability can be exploited by remote attackers to access sensitive data on the server without being authenticated, by making 'TRACE' requests against the Administration Console. Oracle GlassFish Server version 3.0.1 and Sun GlassFish Enterprise Server version 2.1.1 are affected.
3069091a5a304083556b231d526f0d1b73792c5176a24a96007d6fd9dee86cb0Core Security Technologies Advisory - Corel Paint Shop Pro Photo X2 is prone to a heap-based buffer overflow when processing malformed FPX files, because it trusts user-controlled data located inside a FPX file and uses it as a loop counter when copying data from a FPX file into a fixed-size buffer located in the heap. This vulnerability can be exploited to overwrite adjacent heap chunks metadata, and possibly to gain arbitrary code execution.
a6f2c88aa2e79b669f40a3e754b153097c2a704191671ee32dc54d20f872330aFoxit Reader versions 3.0 build 1120 and build 1301 suffer from authorization bypass and buffer overflow vulnerabilities.
fbe7a9965a2887b415c01e3fe3490d016b1b5248398aa3b9b36bb9c0f1de6607Core Security Technologies Advisory - Anzio Web Print Object (WePO) is a Windows ActiveX web page component that suffers from a buffer overflow vulnerability.
a318beb516a48eb0fd3989f69c6622849d755284631c5cf5b2afe2b098a5098b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed