http://www.coresecurity.com/content/advisories-feed en-us Thursday, 23 Feb 2012 00:30:14 UTC Coresecurity.com http://www.coresecurity.com/content/apple-osx-sandbox-bypass Thu, 10 Nov 2011 16:40:05 +0000 November 10th - Anibal Sacco and Matias Eissler
Several of the default pre-defined sandbox profiles don't properly limit all the available mechanisms and therefore allow exercising part of the restricted functionality.]]> http://www.coresecurity.com/content/adobe-shockwave-textxtra-vulnerability Tue, 08 Nov 2011 17:09:33 +0000 November 8th - Pablo Santamaria
A memory corruption vulnerability in Adobe Shockwave Player can be leveraged to execute arbitrary code on vulnerable systems by enticing users to visit a malicious web site with a specially crafted .dir file.]]> http://www.coresecurity.com/content/e107-cms-script-command-injection Mon, 24 Oct 2011 10:46:11 +0000 October 24th - Matt Bergin and Matias Blanco
When the install script for e107 CMS has not been removed, an attacker can "reinstall" the application using arbitrary parameters. If the attacker puts a valid MySql server followed a semicolon and PHP code, this will be executed when the config file gets requested.]]> http://www.coresecurity.com/content/publisher-pubconv-memory-corruption Wed, 12 Oct 2011 12:57:12 +0000 October 12th - Daniel Kazimirow
A vulnerability has been found in Microsoft Publisher 2007, that can be leveraged by an attacker to execute arbitrary code by enticing users to insert a specially-crafted .pub file into a document.]]> http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp Wed, 14 Sep 2011 17:11:00 +0000 14th September - Matias Blanco
The authentication process of ServiceDesk Plus obfuscates user passwords using a trivial and symmetrical algorithm in Javascript code with no secret. Given that user passwords are locally stored in user cookies and having the Javascript code to encrypt and decrypt passwords in a .js file, the authentication process of SDP can be bypassed allowing an attacker to get usernames+passwords of registered users. Additionally, a cross site scripting vulnerability related to search functions was found. ]]> http://www.coresecurity.com/content/ms-wins-ecommenddlg-input-validation Mon, 12 Sep 2011 14:58:16 +0000 12th September - Nicolas Economou
A security vulnerability was discovered in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user receives a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid logon credentials and be able to log on locally in order to exploit this vulnerability.]]> http://www.coresecurity.com/content/HP-Data-Protector-EXECCMD-Vulnerability Wed, 29 Jun 2011 17:30:25 +0000 29th June - Nahuel C. Riva
A vulnerability in HP Data Protector could allow a remote attacker to execute arbitrary code.]]> http://www.coresecurity.com/content/HP-Data-Protector-multiple-vulnerabilities Wed, 29 Jun 2011 17:23:18 +0000 29th June - Oren Isacson
Multiple vulnerabilities have been found in HP Data Protector that could allow a remote attacker to execute arbitrary code and lead to denial of service conditions.]]> http://www.coresecurity.com/content/IBM-WebSphere-CSRF Wed, 15 Jun 2011 16:50:31 +0000 June 15th - Francisco Falcon y Alejandro Rodriguez
The administrative console of IBM WebSphere Application Server is vulnerable to Cross-Site Request Forgery (CSRF) attacks, which can be exploited by remote attackers to force a logged-in administrator to perform unwanted actions on the IBM WebSphere administrative console.]]> http://www.coresecurity.com/content/hyperv-vmbus-persistent-dos-vulnerability Tue, 14 Jun 2011 17:14:18 +0000 14th June - Nicolas Economou
A security vulnerability was found in the driver vmswitch.sys, associated to the Windows Hypervisor subsystem, allowing an authenticated local DoS. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. The impact is all guests on that host became non-responsive. ]]> http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow Tue, 24 May 2011 16:14:41 +0000 May 24th - Pablo Santamaria, Oren Isacson and Nadia Rodriguez
A memory corruption vulnerability in the Lotus Notes client application can be leveraged to execute arbitrary code on vulnerable systems by enticing users to open specially crafted spreadsheet files with the .XLS extension.]]> http://www.coresecurity.com/content/Adobe-Audition-malformed-SES-file Thu, 12 May 2011 13:43:21 +0000 May 12th - Diego Juárez, Eduardo Koch and Laura Balián
Adobe audition is vulnerable to numerous buffer overflows while parsing several fields inside the TRKM chunk on session (.ses) files. Then, a memory corruption can be leveraged to execute arbitrary code on vulnerable systems by enticing users to open specially crafted session files.]]> http://www.coresecurity.com/content/oracle-glassfish-server-administration-console-authentication-bypass Wed, 11 May 2011 17:51:51 +0000 May 11th - Francisco Falcón
The Administration Console in Oracle GlassFish Server, which is listening by default on port 4848/TCP, is prone to an authentication bypass vulnerability. This vulnerability can be exploited by remote attackers to access sensitive data on the server without being authenticated, by making TRACE requests against the Administration Console.]]> http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files Wed, 23 Mar 2011 16:35:56 +0000 23rd March - Ricardo Narvaja
Two vulnerabilities have been found in VLC media player, when handling .AMV and .NSV file formats. These vulnerabilities can be exploited by a remote attacker to obtain arbitrary code execution with the privileges of the user running VLC.]]> http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities Thu, 10 Feb 2011 16:58:11 +0000 February 10th - Ernesto Alvarez
ZOHO ManageEngine ADSelfService Plus 4.4 is prone to multiple vulnerabilities, including an authentication bypass, due to excessive control granted to the client side. By tampering requests, an attacker can weaken the security question mechanisms in place for password recovery, or skip te mechanism altoghether. Additionally, two cross site scripting vulnerabilities were found related to search functions. ]]>