«
Expand/Collapse
111 items tagged "activex control"
Related tags:
zero [+],
oracle [+],
ntr [+],
microsoft [+],
insecure method [+],
day [+],
arbitrary code execution [+],
secure desktop [+],
cisco secure [+],
buffer overflow [+],
autovue [+],
teechart [+],
remote [+],
micalizzi [+],
integer overflow [+],
exploit [+],
client [+],
based buffer overflow [+],
zero day [+],
vpn client [+],
vpn [+],
txt [+],
trendnet [+],
stopmodule [+],
stack buffer [+],
silverlight [+],
securview [+],
proficy historian [+],
proficy [+],
oracle webcenter [+],
microsoft silverlight [+],
microsoft data analyzer [+],
method [+],
memory corruption [+],
max [+],
malicious web [+],
magneto [+],
internet security suite [+],
internet [+],
integer [+],
initiative [+],
icmp [+],
ibm [+],
historian [+],
ftp [+],
file [+],
exploits [+],
easewe [+],
dvrobot [+],
desktop user [+],
cisco signed [+],
cisco anyconnect [+],
buffer overflows [+],
buffer overflow vulnerability [+],
buffer overflow condition [+],
attacker [+],
arithmetic operation [+],
arbitrary code [+],
activex [+],
webcenter [+],
ssl vpn [+],
sonicwall [+],
research [+],
rational [+],
poc [+],
overflow [+],
multiple [+],
messenger [+],
keyhelp [+],
ibm rational clearquest [+],
hp software [+],
heap [+],
gigabyte [+],
forms [+],
format string [+],
e class [+],
dldrv [+],
disclosure of information [+],
csd [+],
code [+],
clearquest [+],
cisco security advisory [+],
cisco security [+],
care software [+],
andrea micalizzi [+],
secunia [+],
s system [+],
code execution [+],
advisory [+],
wellintech [+],
webscan [+],
vulnerabilities [+],
vuln [+],
url [+],
uri uninitialized [+],
update [+],
uninitialized pointer [+],
tlist [+],
tivoli provisioning manager express [+],
tivoli [+],
tec [+],
surl [+],
string argument [+],
sssplt [+],
ssrt [+],
sony vaio [+],
sigplus [+],
sharpgrid [+],
setsource [+],
setmarkupmode [+],
security advisory [+],
scanserver [+],
safer use [+],
retired [+],
reporttree [+],
record [+],
recognition [+],
realplayer [+],
realnetworks [+],
rce [+],
quot [+],
quest [+],
provisioning [+],
promotic [+],
professional [+],
pro [+],
photo [+],
parvez [+],
office [+],
novell zenworks [+],
novell iprint [+],
novell [+],
luigi auriemma [+],
lotus inotes [+],
kvwebsvr [+],
knowledge system [+],
knowledge [+],
kingview [+],
iprint [+],
intrust [+],
installation [+],
input validation [+],
icosetserver [+],
iconics [+],
hpsbgn [+],
hpediag [+],
hp photo [+],
honeywell [+],
gamehouse [+],
g. henrique [+],
easy [+],
dvbsexecall [+],
dll [+],
dell dellsystemlite [+],
decisiontools [+],
datev base [+],
control stack [+],
control array [+],
computer associates [+],
command execution [+],
cisco [+],
camera stream [+],
buffer overflow vulnerabilities [+],
bigant [+],
bennet [+],
bdl [+],
auriemma [+],
alexander gavrun [+],
aladdin knowledge [+],
aladdin [+],
Software [+],
vulnerability [+],
security [+],
control [+]
-
-
16:00
»
SecuriTeam
Oracle WebCenter Forms Recognition is prone to a remote code-execution vulnerability.
-
-
17:00
»
SecuriTeam
Proficy Historian is prone to a remote code-execution vulnerability.
-
-
23:43
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in the NTR ActiveX 1.1.8. The vulnerability exists in the StopModule() method, where the lModule parameter is used to dereference memory to get a function pointer, which leads to code execution under the context of the user visiting a malicious web page.
-
23:43
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in the NTR ActiveX 1.1.8. The vulnerability exists in the StopModule() method, where the lModule parameter is used to dereference memory to get a function pointer, which leads to code execution under the context of the user visiting a malicious web page.
-
23:43
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in the NTR ActiveX 1.1.8. The vulnerability exists in the StopModule() method, where the lModule parameter is used to dereference memory to get a function pointer, which leads to code execution under the context of the user visiting a malicious web page.
-
-
23:29
»
Packet Storm Security Advisories
Secunia Security Advisory - A vulnerability has been reported in Honeywell HMIWeb Browser ActiveX Control, which can be exploited by malicious people to compromise a user's system.
-
-
20:42
»
Packet Storm Security Advisories
Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in CyberLink KoanBox ActiveX Control, which can be exploited by malicious people to compromise a user's system.
-
8:15
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).
-
8:15
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).
-
8:15
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).
-
-
4:32
»
Packet Storm Security Advisories
Secunia Security Advisory - A vulnerability has been reported in AOL dnUpdater ActiveX Control, which can be exploited by malicious people to compromise a user's system.
-
-
18:00
»
Packet Storm Security Advisories
Secunia Security Advisory - A vulnerability has been reported in IBM Lotus iNotes Upload Module ActiveX Control, which can be exploited by malicious people to compromise a user's system.
-
-
2:14
»
Packet Storm Security Advisories
Secunia Security Advisory - High-Tech Bridge SA has reported two vulnerabilities in Sony VAIO WifiMan ActiveX Control, which can be exploited by malicious people to compromise a user's system.
-
-
18:03
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in TRENDnet SecurView Internet Camera's ActiveX control. By supplying a long string of data as the sFilter argument of the OpenFileDlg() function, it is possible to trigger a buffer overflow condition due to WideCharToMultiByte (which converts unicode back to) overwriting the stack more than it should, which results arbitrary code execution under the context of the user.
-
18:03
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in TRENDnet SecurView Internet Camera's ActiveX control. By supplying a long string of data as the sFilter argument of the OpenFileDlg() function, it is possible to trigger a buffer overflow condition due to WideCharToMultiByte (which converts unicode back to) overwriting the stack more than it should, which results arbitrary code execution under the context of the user.
-
18:03
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in TRENDnet SecurView Internet Camera's ActiveX control. By supplying a long string of data as the sFilter argument of the OpenFileDlg() function, it is possible to trigger a buffer overflow condition due to WideCharToMultiByte (which converts unicode back to) overwriting the stack more than it should, which results arbitrary code execution under the context of the user.
-
-
21:58
»
Packet Storm Security Advisories
Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in Quest Explain Plan Display ActiveX Control, which can be exploited by malicious people to manipulate certain data.
-
21:58
»
Packet Storm Security Advisories
Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in Quest Connection Broker Client ActiveX Control, which can be exploited by malicious people to manipulate certain data.
-
-
2:50
»
Packet Storm Security Advisories
Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in TRENDnet UltraMJCam ActiveX Control, which can be exploited by malicious people to compromise a user's system.
-
-
18:49
»
Packet Storm Security Advisories
Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in Camera Stream Client ActiveX Control, which can be exploited by malicious people to compromise a user's system.
-
-
19:33
»
Packet Storm Security Advisories
Secunia Research has discovered four buffer overflows in the NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. NTR ActiveX Control version 1.1.8 is affected.
-
19:33
»
Packet Storm Security Recent Files
Secunia Research has discovered four buffer overflows in the NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. NTR ActiveX Control version 1.1.8 is affected.
-
19:33
»
Packet Storm Security Misc. Files
Secunia Research has discovered four buffer overflows in the NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. NTR ActiveX Control version 1.1.8 is affected.
-
-
0:27
»
Packet Storm Security Advisories
Secunia Security Advisory - Secunia Research has discovered a vulnerability in DVR Remote ActiveX Control, which can be exploited by malicious people to compromise a user's system.
-
-
7:48
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in DVR Remote ActiveX Control version 2.1.0.39, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by the ActiveX control during instantiation automatically downloading and loading DVRobot.dll from the "manifest" folder of the web server invoking the ActiveX control. Successful exploitation allows execution of arbitrary code via a specially crafted web page and hosted DVRobot.dll file.
-
7:48
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in DVR Remote ActiveX Control version 2.1.0.39, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by the ActiveX control during instantiation automatically downloading and loading DVRobot.dll from the "manifest" folder of the web server invoking the ActiveX control. Successful exploitation allows execution of arbitrary code via a specially crafted web page and hosted DVRobot.dll file.
-
7:48
»
Packet Storm Security Misc. Files
Secunia Research has discovered a vulnerability in DVR Remote ActiveX Control version 2.1.0.39, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by the ActiveX control during instantiation automatically downloading and loading DVRobot.dll from the "manifest" folder of the web server invoking the ActiveX control. Successful exploitation allows execution of arbitrary code via a specially crafted web page and hosted DVRobot.dll file.
-
-
2:03
»
Packet Storm Security Advisories
Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in InduSoft ISSymbol ActiveX control, which can be exploited by malicious people to compromise a user's system.
-
-
20:58
»
Packet Storm Security Advisories
Secunia Security Advisory - Anil Aphale has reported a vulnerability in the F-Secure Gadget Resource Handler ActiveX Control, which can be exploited by malicious people to compromise a user's system.
-
-
13:18
»
Packet Storm Security Exploits
This Metasploit module exploits a integer overflow in TeeChart Pro ActiveX control. When sending an overly large/negative integer value to the AddSeries() property of TeeChart2010.ocx, the code will perform an arithmetic operation that wraps the value and is later directly trusted and called upon. This Metasploit module has been designed to bypass DEP only under IE8 with Java support.
-
13:18
»
Packet Storm Security Recent Files
This Metasploit module exploits a integer overflow in TeeChart Pro ActiveX control. When sending an overly large/negative integer value to the AddSeries() property of TeeChart2010.ocx, the code will perform an arithmetic operation that wraps the value and is later directly trusted and called upon. This Metasploit module has been designed to bypass DEP only under IE8 with Java support.
-
13:18
»
Packet Storm Security Misc. Files
This Metasploit module exploits a integer overflow in TeeChart Pro ActiveX control. When sending an overly large/negative integer value to the AddSeries() property of TeeChart2010.ocx, the code will perform an arithmetic operation that wraps the value and is later directly trusted and called upon. This Metasploit module has been designed to bypass DEP only under IE8 with Java support.
-
5:14
»
Packet Storm Security Advisories
Secunia Security Advisory - A vulnerability has been discovered in the TeeChart Pro ActiveX control, which can be exploited by malicious people to compromise a user's system.
-
-
20:06
»
Packet Storm Security Advisories
Secunia Security Advisory - Luigi Auriemma has discovered a vulnerability in Ubisoft CoGSManager ActiveX control, which can be exploited by malicious people to compromise a user's system.
-
-
8:38
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in the Cisco AnyConnect VPN client vpnweb.ocx ActiveX control. This control is typically used to install the VPN client. An attacker can set the 'url' property which is where the control tries to locate the files needed to install the client. The control tries to download two files from the site specified within the 'url' property. One of these files it will be stored in a temporary directory and executed.
-
8:38
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in the Cisco AnyConnect VPN client vpnweb.ocx ActiveX control. This control is typically used to install the VPN client. An attacker can set the 'url' property which is where the control tries to locate the files needed to install the client. The control tries to download two files from the site specified within the 'url' property. One of these files it will be stored in a temporary directory and executed.
-
8:38
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in the Cisco AnyConnect VPN client vpnweb.ocx ActiveX control. This control is typically used to install the VPN client. An attacker can set the 'url' property which is where the control tries to locate the files needed to install the client. The control tries to download two files from the site specified within the 'url' property. One of these files it will be stored in a temporary directory and executed.
-
-
23:57
»
Packet Storm Security Advisories
Secunia Security Advisory - A vulnerability has been discovered in ICONICS VersionInfo ActiveX control, which can be exploited by malicious people to compromise a user's system.
-
-
0:09
»
Packet Storm Security Advisories
Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in InduSoft ISSymbol ActiveX control, which can be exploited by malicious people to compromise a user's system.
-
-
5:00
»
Packet Storm Security Advisories
Secunia Security Advisory - Secunia Research has discovered a vulnerability in Honeywell ScanServer ActiveX Control, which can be exploited by malicious people to compromise a user's system.
-
-
4:37
»
Packet Storm Security Advisories
Secunia Security Advisory - Alexander Gavrun has discovered a vulnerability in Edraw Office Viewer Component ActiveX control, which can be exploited by malicious people to compromise a user's system.
-
-
17:23
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-093 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Internet Security Suite 2010. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the XMLSecDB ActiveX control which is installed with HIPSEngine component. SetXml and Save methods are implemented insecurely and can allow creation of an arbitrary file on the victim's system. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.
-
17:23
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-093 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Internet Security Suite 2010. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the XMLSecDB ActiveX control which is installed with HIPSEngine component. SetXml and Save methods are implemented insecurely and can allow creation of an arbitrary file on the victim's system. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.
-
17:23
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-093 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Internet Security Suite 2010. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the XMLSecDB ActiveX control which is installed with HIPSEngine component. SetXml and Save methods are implemented insecurely and can allow creation of an arbitrary file on the victim's system. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.
-
17:23
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-092 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CSDWebInstaller.ocx. The CSDWebInstallerCtrl ActiveX control allows downloading and executing any Cisco-signed executable files. By renaming a Cisco-signed executable file to inst.exe and putting it on a webserver, an attacker can subsequently exploit vulnerabilities in the Cisco-signed executable file remotely.
-
17:23
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-092 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CSDWebInstaller.ocx. The CSDWebInstallerCtrl ActiveX control allows downloading and executing any Cisco-signed executable files. By renaming a Cisco-signed executable file to inst.exe and putting it on a webserver, an attacker can subsequently exploit vulnerabilities in the Cisco-signed executable file remotely.
-
17:23
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-092 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CSDWebInstaller.ocx. The CSDWebInstallerCtrl ActiveX control allows downloading and executing any Cisco-signed executable files. By renaming a Cisco-signed executable file to inst.exe and putting it on a webserver, an attacker can subsequently exploit vulnerabilities in the Cisco-signed executable file remotely.
-
-
19:41
»
Packet Storm Security Advisories
Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in Dell DellSystemLite.Scanner ActiveX control, which can be exploited by malicious people to disclose various information.
-
-
21:24
»
Packet Storm Security Advisories
Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in SigPlus Pro ActiveX control, which can be exploited by malicious people to compromise a user's system.
-
-
16:50
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-290 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver Business Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Load and LoadTheme methods of the SapThemeRepository ActiveX control (sapwdpcd.dll) implemented by SAP NetWeaver Business Client. Due to a failure in bounds checking, a user-supplied parameter supplied to the vulnerable methods can overflow a stack buffer resulting in arbitrary code execution under the context of the user running the browser.
-
16:50
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-290 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver Business Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Load and LoadTheme methods of the SapThemeRepository ActiveX control (sapwdpcd.dll) implemented by SAP NetWeaver Business Client. Due to a failure in bounds checking, a user-supplied parameter supplied to the vulnerable methods can overflow a stack buffer resulting in arbitrary code execution under the context of the user running the browser.
-
16:50
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 10-290 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver Business Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Load and LoadTheme methods of the SapThemeRepository ActiveX control (sapwdpcd.dll) implemented by SAP NetWeaver Business Client. Due to a failure in bounds checking, a user-supplied parameter supplied to the vulnerable methods can overflow a stack buffer resulting in arbitrary code execution under the context of the user running the browser.
-
-
12:45
»
SecuriTeam
Potential vulnerabilities have been identified with the HPeDiag ActiveX control which is a component of HP Software Update running under windows.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
20:41
»
Packet Storm Security Advisories
Secunia Security Advisory - Wendel G. Henrique has reported a vulnerability in the TVSLiveControl ActiveX Control, which can be exploited by malicious people to compromise a user's system.
-
-
20:01
»
Packet Storm Security Advisories
HP Security Bulletin HPSBGN02333 SSRT080031 2 - A potential vulnerability has been identified with the HPeDiag ActiveX control which is a component of HP Software Update running under windows. The vulnerability could be exploited to allow remote disclosure of information and execution of arbitrary code. Revision 2 of this advisory.
-
-
22:02
»
Packet Storm Security Advisories
Secunia Research has discovered some vulnerabilities in GIGABYTE Dldrv2 ActiveX Control, which can be exploited by malicious people to compromise a user's system. The unsafe method dl() allows automatically downloading and executing an arbitrary file. Combined usage of the unsafe methods SetDLInfo() and Bdl() allows automatically downloading an arbitrary file to an arbitrary location on the user's system. GIGABYTE Dldrv2 ActiveX Control version 1.4.206.11 is affected.
-
22:02
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in GIGABYTE Dldrv2 ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation of the item argument passed to the SetDLInfo() method and can be exploited via array-indexing errors to corrupt memory. Successful exploitation allows execution of arbitrary code. GIGABYTE Dldrv2 ActiveX Control version 1.4.206.11 is affected.
-
-
3:01
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Creative Software AutoUpdate Engine 2 ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in a callback function used when handling the BrowseFolder() method. This can be exploited to cause a stack-based buffer overflow via an overly long string argument. Successful exploitation allows execution of arbitrary code.
-
-
17:00
»
Packet Storm Security Recent Files
Cisco Security Advisory - Cisco Secure Desktop contains a vulnerable ActiveX control that could allow an attacker to execute arbitrary code with the privileges of the user who is currently logged into the affected system. Cisco has released a free software update that addresses this vulnerability.
-
17:00
»
Packet Storm Security Advisories
Cisco Security Advisory - Cisco Secure Desktop contains a vulnerable ActiveX control that could allow an attacker to execute arbitrary code with the privileges of the user who is currently logged into the affected system. Cisco has released a free software update that addresses this vulnerability.
-
-
17:45
»
SecuriTeam
During the installation of the DATEV Base System (Grundpaket Basis) an ActiveX Control will be installed (DVBSExeCall.ocx), in which the function "ExecuteExe" is vulnerable to a command execution bug.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!