![]() This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. ![]() This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.įlash Player < 9.0.260 / 10.0.42.34 Multiple Vulnerabilities (APSB09-19)įix DoS. (CVE-2009-3800) - A Windows-only local file name access vulnerability could lead to information disclosure. Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location. (CVE-2009-3799) - Multiple crash vulnerabilities could lead to code execution. (CVE-2009-3798) - An integer overflow vulnerability could lead to code execution. The idea of dopewars is to deal in drugs on the streets of New York, amassing a huge fortune and paying off the loan shark, while avoiding the ever-annoying police. (CVE-2009-3797) - A memory corruption vulnerability could lead to code execution. dopewars is a free Unix/Win32 rewrite of a game originally based on 'Drug Wars' by John E. (CVE-2009-3796) - A memory corruption vulnerability could lead to code execution. (CVE-2009-3794) - A data injection vulnerability could lead to code execution. Such versions are potentially affected by multiple vulnerabilities : - A vulnerability in the parsing of JPEG data could lead to code execution. The remote Windows host contains a version of Adobe Flash Player that is earlier than 9.0.260 or 10.0.42.34. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. This is a privilege elevation attack targeted at zone-based web-browser security. ![]() An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |