Advisories
Please read our Vulnerability Disclosure Policy.
Samsung Omnia 7 - RapiConfig.exe Directory Traversal
Nov 10, 2011
An executable was identified which could be used to perform device provisioning functionality in the context of the TCB user from the least privileged chamber (LPC) if the required capability (ID_CAP_INTEROPSERVICES) was provisioned.
HTC Windows Phone 7 - Arbitrary Read/Write of Kernel Memory
Nov 10, 2011
A device driver (HTCUtility.dll) was found on HTC Windows Phone 7 phones which would allow an attacker to read/write arbitrary kernel memory through the use of a specific DeviceIoControl request. No security policies were found to restrict access to this device from the low privileged chamber if the required capability (ID_CAP_INTEROPSERVICES) was provisioned.
MPlayer SAMI Subtitle Parser Buffer Overflow
Aug 12, 2011
A buffer overflow vulnerability was found in MPlayer. Exploitation of this vulnerability allowed the execution of arbitrary code by loading a malicious SAMI subtitle file. Proof of concept exploit code was developed for the Windows XP SP3 platform, bypassing DEP.
Dropbox for Android Authorisation Bypass
Aug 12, 2011
This vulnerability allows an attacker to upload a selected file to the linked Dropbox account without the interaction of the user. This could enable an attacker’s malicious application to gain control of a user’s Dropbox account by uploading the Dropbox settings database, which resides in the Dropbox application’s protected storage area.
Oracle Enterprise Manager Multiple Vulnerabilities
Jul 22, 2011
Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), POST/GET request equivalence and SQL query execution vulnerabilities have been discovered in the latest version of Oracle Enterprise Manager (as of January 2010).
Oracle Enterprise Manager SQL Injection
Jul 22, 2011
The vulnerability exists due to a lack of input validation from external users which will allow a malicious user to attack the Enterprise Manager (EM) application and run arbitrary SQL against the database. This can provide a user the opportunity to modify or glean potentially sensitive information as well as other potential attack scenarios, dependant on the specific customer user and database permissions.
Linux Kernel caiaq USB Drivers Buffer Overflow Vulnerability
Mar 07, 2011
A buffer overflow vulnerability in the caiaq USB drivers was identified. These dirvers are in the kernel tree and installed by default in most Linux distributions. This vulnerability could be exploited in order to execute arbitrary code by an attacker with physical access to the system.
OpenSC - "Get Serial Number" Stack-based Buffer Overflow
Dec 13, 2010
MWR InfoSecurity identified a vulnerability in OpenSC. The vulnerability can be triggered using a malicious smart card. An attacker could use this vulnerability to execute arbitrary code in the target system. To successfully exploit this vulnerability the attacker will be required to insert a specially crafted smart card in the target system.
PCSC-Lite: pcscd ATR Handler Buffer Overflow
Dec 13, 2010
MWR InfoSecurity identified a vulnerability in PCSC-Lite’s pcscd daemon. The vulnerability can be triggered using a malicious smart card. An attacker could use this vulnerability to trigger a denial of service condition or potentially execute arbitrary code in the target system. To successfully exploit this vulnerability the attacker will be required to insert a specially crafted smart card in the target system.
PCSC-Lite: libccid Buffer Overflow
Dec 13, 2010
MWR InfoSecurity identified a vulnerability in PCSC-Lite’s pcscd daemon. The vulnerability can be triggered using a malicious smart card. An attacker could use this vulnerability to execute arbitrary code in the target system. To successfully exploit this vulnerability the attacker will be required to insert a malicious smart card reader in the target system.