|
|
Prev week |
Colapse all |
Post message
CVE-2010-4435 - Multiple Vendor Calendar Manager Remote Code Execution 2011-02-08 Rodrigo Rubira Branco (BSDaemon) (rodrigo kernelhacking com) MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283] 2011-02-08 Tom Yu (tlyu mit edu) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2011-002 MIT krb5 Security Advisory 2011-002 Original release: 2011-02-08 Last update: 2011-02-08 Topic: KDC denial of service attacks CVE-2011-0281: KDC vulnerable to hang when using LDAP back end CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A: [ more ] [ reply ] MITKRB5-SA-2011-001 kpropd denial of service [CVE-2010-4022] 2011-02-08 Tom Yu (tlyu mit edu) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2011-001 MIT krb5 Security Advisory 2011-001 Original release: 2011-02-08 Last update: 2011-02-08 Topic: kpropd denial of service CVE-2010-4022 CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C CVSSv2 Base Score: 5 Access Ve [ more ] [ reply ] [security bulletin] HPSBMA02629 SSRT100381 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Cross Site Request Forgery (CSRF) 2011-02-08 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02711131 Version: 1 HPSBMA02629 SSRT100381 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Cross Site Request Forgery (CSRF) NOTICE: The information in this Security Bulletin shoul [ more ] [ reply ] ZDI-11-062: Multiple Vendor Calendar Manager RPC Service Remote Code Execution Vulnerability 2011-02-08 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-062: Multiple Vendor Calendar Manager RPC Service Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-062 February 8, 2011 -- CVE ID: CVE-2010-4435 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Hewlett-Packard IBM Sun Microsystems -- A [ more ] [ reply ] rPSA-2011-0010-1 kernel 2011-02-07 rPath Update Announcements (announce-noreply rpath com) rPath Security Advisory: 2011-0010-1 Published: 2011-02-07 Products: rPath Appliance Platform Linux Service 2 rPath Linux 2 Rating: Informational Exposure Level Classification: Local User Non-deterministic Updated Versions: kernel=conary.rpath.com@rpl:2/2.6.32_71.7.1.el6-0.11-1 rPa [ more ] [ reply ] ZDI-11-061: EMC Replication Manager Client irccd.exe Remote Code Execution Vulnerability 2011-02-07 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-061: EMC Replication Manager Client irccd.exe Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-061 February 7, 2011 -- CVE ID: CVE-2011-0647 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: EMC -- Affected Products: EMC Replication Man [ more ] [ reply ] iDefense Security Advisory 02.08.11: Microsoft Windows Picture and Fax Viewer Library 2011-02-08 labs-no-reply (labs-no-reply ivcp vrsn com) iDefense Security Advisory 02.08.11 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 08, 2011 I. BACKGROUND The Windows Picture and Fax Viewer "shimgvw.dll" library is used by Windows Explorer to generate thumbnail previews for media files. II. DESCRIPTION Remote exploitation of a buff [ more ] [ reply ] DC4420 - London DEFCON - February meet - Tuesday 22nd February 2011 2011-02-07 Major Malfunction (majormal pirate-radio org) If I said you had a beautiful venue would you hold it against me? OK, so the January social was not only good++ but it also confirmed that we have an awesome new home!!! Place is big, but not too big - room for growth but laid out so we can easily huddle in the meantime. Food is good. Beer is go [ more ] [ reply ] ZDI-11-060: Novell eDirectory Malformed NCP Request Denial of Service Vulnerability 2011-02-07 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-060: Novell eDirectory Malformed NCP Request Denial of Service Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-060 February 7, 2011 -- CVE ID: CVE-2010-4327 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Novell -- Affected Products: Novell eDirectory -- [ more ] [ reply ] HTB22818: Stored XSS vulnerability in WebAsyst Shop-Script 2011-02-08 advisory htbridge ch Vulnerability ID: HTB22818 Reference: http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_webasyst_sho p_script.html Product: WebAsyst Shop-Script Vendor: WebAsyst, LLC ( http://www.shop-script.ru/ ) Vulnerable Version: Current version 2011.01.23 (shop-script.ru/demo/) Vendor Notification: 2 [ more ] [ reply ] ZDI-11-059: CA ETrust Secure Content Manager Common Services Transport Remote Code Execution Vulnerability 2011-02-07 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-059: CA ETrust Secure Content Manager Common Services Transport Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-059 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view m [ more ] [ reply ] ZDI-11-064: Microsoft Windows WmiTraceMessageVa Local Kernel Vulnerability 2011-02-08 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-064: Microsoft Windows WmiTraceMessageVa Local Kernel Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-064 February 8, 2011 -- CVE ID: CVE-2011-0045 -- CVSS: 6.8, (AV:L/AC:L/Au:S/C:C/I:C/A:C) -- Affected Vendors: Microsoft -- Affected Products: Microsoft Windows XP -- V [ more ] [ reply ] ZDI-11-058: SCO Openserver IMAP Daemon Long Verb Parsing Remote Code Execution Vulnerability 2011-02-07 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-058: SCO Openserver IMAP Daemon Long Verb Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-058 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations for [ more ] [ reply ] ZDI-11-063: Microsoft Visio 2007 LZW Stream Decompression Exception Vulnerability 2011-02-08 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-063: Microsoft Visio 2007 LZW Stream Decompression Exception Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-063 February 8, 2011 -- CVE ID: CVE-2011-0092 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Other -- Vulnerability Details: This vulnerability a [ more ] [ reply ] ZDI-11-057: Hewlett-Packard Data Protector Cell Manager Service Authentication Bypass Vulnerability 2011-02-07 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-057: Hewlett-Packard Data Protector Cell Manager Service Authentication Bypass Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-057 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigati [ more ] [ reply ] ZDI-11-056: Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability 2011-02-07 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-056: Hewlett-Packard Data Protector Client EXEC_SETUP Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-056 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations [ more ] [ reply ] ZDI-11-042: Microsoft Office Excel Axis Properties Record Parsing Remote Code Execution Vulnerability 2011-02-07 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-042: Microsoft Office Excel Axis Properties Record Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-042 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitiga [ more ] [ reply ] Data Encryption Systems - DESLock+ - Local Kernel Code Execution/Denial of Service 2011-02-08 Digit Security Research (research digit-security com) ZDI-11-055: Hewlett-Packard Data Protector Client EXEC_CMD Perl Remote Code Execution Vulnerability 2011-02-07 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-055: Hewlett-Packard Data Protector Client EXEC_CMD Perl Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-055 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigati [ more ] [ reply ] [security bulletin] HPSBST02630 SSRT1000385 rev.1 - HP StorageWorks X9000 Network Storage Systems, Remote Unauthenticated Access 2011-02-08 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02712670 Version: 1 HPSBST02630 SSRT1000385 rev.1 - HP StorageWorks X9000 Network Storage Systems, Remote Unauthenticated Access NOTICE: The information in this Security Bulletin should be acted [ more ] [ reply ] ESA-2011-004: EMC Replication Manager remote code execution vulnerability 2011-02-08 Security_Alert emc com VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi 2011-02-08 VMware Security Team (security vmware com) ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability 2011-02-07 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-054 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To vie [ more ] [ reply ] HTB22813: XSS vulnerability in UMI.CMS 2011-02-08 advisory htbridge ch Vulnerability ID: HTB22813 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_umi_cms_1.html Product: UMI.CMS Vendor: umisoft ( http://www.umi-cms.ru/ ) Vulnerable Version: 2.8.1.2 Vendor Notification: 25 January 2011 Vulnerability Type: Stored XSS (Cross Site Scripting) Risk level: M [ more ] [ reply ] ZDI-11-053: Lotus Domino Server diiop getEnvironmentString Remote Code Execution Vulnerability 2011-02-07 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-053: Lotus Domino Server diiop getEnvironmentString Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-053 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations f [ more ] [ reply ] HTB22817: XSS vulnerability in WebAsyst Shop-Script 2011-02-08 advisory htbridge ch Vulnerability ID: HTB22817 Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_webasyst_shop_scrip t.html Product: WebAsyst Shop-Script Vendor: WebAsyst, LLC ( http://www.shop-script.ru/ ) Vulnerable Version: Current version 2011.01.23 (shop-script.ru/demo/) Vendor Notification: 25 Janua [ more ] [ reply ] ZDI-11-052: Lotus Domino Server diiop Client Request Operation Remote Code Execution Vulnerability 2011-02-07 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-052: Lotus Domino Server diiop Client Request Operation Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-052 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigatio [ more ] [ reply ] ZDI-11-051: IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability 2011-02-07 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-051: IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-051 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations for this vulnera [ more ] [ reply ] |
|
Privacy Statement |
So finally all the vendors fixed this critical issue (remote code
execution).
As usual, here it goes the PoC to help in the exploitation. It works
against all the affected vendors, so just adjust your payload and have fun!
http://www.kernelhacking.com/rodrigo/exploits/cmsd_cve2010-443
[ more ] [ reply ]