jetlib.sec » Tags » code-execution

Feeds

267702 items (579 unread) in 27 feeds

• 0day.today (was: 1337day, Inj3ct0r, 1337db) (573 unread)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines (6 unread)
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

3591 items tagged "code execution"

Related tags: zero day [+], system privileges [+], function [+], day [+], power [+], information disclosure [+], board [+], vulnerability [+], windows [+], mozilla [+], invision power board [+], version 6 [+], sql [+], mozilla firefox [+], module [+], metasploit [+], manager plus [+], manageengine [+], empirecms [+], dom tree [+], dom [+], custom [+], core [+], web applications [+], java runtime environment [+], ektron [+], disclosure of information [+], command execution [+], xcs [+], splunk [+], privileged user [+], perl code [+], network [+], microsoft windows [+], microsoft excel [+], memory corruption [+], maxthon [+], java [+], irfanview [+], inclusion [+], imxcf [+], history [+], excel [+], denial of service [+], cms [+], clansphere [+], bulletin [+], briefcase [+], activex control [+], access [+], code [+], remote [+], xslt [+], wso [+], windows 2003 sp2 [+], websudo [+], webserver user [+], web shell [+], web root directory [+], version [+], vbs [+], valid credentials [+], user [+], uploadify [+], upload [+], turbo [+], thunderbird [+], target system [+], system [+], style [+], sql injection [+], sp5 [+], shell [+], service vulnerability [+], server versions [+], server [+], security vulnerabilities [+], security manager [+], search command [+], scriptrunner [+], runtime [+], reporter code [+], reporter [+], realplayer [+], real networks [+], real [+], python code [+], project [+], privileged classes [+], privileged [+], powershell [+], pier [+], php shell [+], php cgi [+], payload [+], parser [+], networks [+], narcissus [+], nagios [+], monitor [+], microsoft office user [+], memory layout [+], memory [+], malicious user [+], malicious sql query [+], ldapagnt [+], jnlp [+], jira [+], jax ws [+], java version [+], ip board [+], inspector remote [+], injection [+], initiative [+], information [+], image function [+], image [+], hpsbmu [+], graph explorer [+], ftp [+], file upload [+], fields [+], explorer component [+], environment [+], easyphp [+], document [+], dll [+], disclosure [+], csrf [+], configuration function [+], computer [+], code tester [+], buyclassifiedscript [+], buffer overflow vulnerability [+], blogging software [+], argument [+], arcserve [+], applet [+], apple tv [+], apple security [+], apache servers [+], advisory [+], advanced [+], adobe [+], tiki wiki [+], tiki [+], symantec [+], soap security [+], samba [+], proficy historian [+], proficy [+], plugin [+], oracle webcenter [+], optipng [+], opera [+], memory function [+], libfpx [+], kernel [+], integer overflow [+], information disclosure vulnerability [+], ibm [+], historian [+], free [+], flash [+], firefox [+], endpoint [+], cryengine [+], computer associates [+], arbitrary [+], microsoft [+], zero [+], php code [+], xnfs [+], word [+], windows kernel [+], wiki [+], webkit [+], webcenter [+], vbseo [+], use [+], truetype font [+], template [+], sst [+], sssplt [+], src parameter [+], soap [+], sitescope [+], shutdown [+], shockwave [+], seamonkey [+], rpc [+], retired [+], reporter agent [+], repl [+], remote shell [+], regular expression [+], recognition [+], reader [+], read [+], quot [+], qualcomm [+], protection [+], printing system [+], printing [+], plone [+], player [+], phptax [+], perl [+], oracle database [+], oracle business [+], operations [+], opera web browser [+], opera web [+], open [+], novell netware [+], notes [+], nlm [+], network shutdown [+], netware [+], microsoft word [+], microsoft directx [+], method [+], manager [+], management [+], lotus notes [+], lotus [+], local [+], linux [+], latest version of internet explorer [+], keyhelp [+], jboss [+], java applet [+], internet explorer vulnerability [+], imaging [+], image arrays [+], icclib [+], hp linux [+], heap [+], groupware [+], grid control [+], frame size [+], forms [+], ffmpeg [+], enterprise [+], empire [+], eaton [+], downloadupdater [+], directx [+], directplay [+], dce [+], database [+], crawlability [+], business transaction management [+], buffer overflow [+], buffer [+], browser [+], bounds [+], attackers [+], arbitrary code [+], application server [+], application lifecycle management [+], application [+], apple quicktime [+], aol [+], android [+], after [+], adobe shockwave player [+], adobe reader [+], adobe flash player [+], activex [+], ExploitsVulnerabilities [+], php [+], internet [+], explorer [+], internet explorer user [+], execution [+], oracle java [+], internet explorer [+], exploits [+], invision [+], cve [+], novell [+], netiq [+], file [+], oracle [+], web [+], security [+], multiple [+], exploit [+], drupal [+], zone, zingiri, zenworks, zenphoto, zend, zdi, zabbix, xss, xsrvd, xsltresult, xpi, xpdf, xosoft, xoops, xmlsimpleaccessor, xmlcachemgr, xml core, xlsx, xgo, xendesktop, xenapp, x86, x snow, x internet, x extsetowner, x control, x compact, x code, wshom, wrq, wrf, wormable, world writable, works, wordpress plugin, wordpress, word record, wopt, woff, wmp, wmi, witness systems, witness, winlog, winhlp32, winhlp, windows xp sp3, windows versions, windows script, windows multimedia, windows movie maker, windows messenger, windows management instrumentation, windows machines, windows linux, windows internet name service, windows fax, windows common controls, windows com object, window javascript, window, winamp, win, william kimball, wild, wikkawiki, width, wholetext, whatsup, western digital, western, wes brown tags, wes brown, wegame, webware, webstudio, webstart, webscan, webpagetest, webmanager pro, webmanager, webex player, webdav server, webdav, webcalendar, webapps, webappmon, webaccess, web worker, web studio, web server version, web root, web interface, web gateway, web developers, wbr, ware, w activex, vupen, vulnerable version, vulnerability sun, vulnerability research, vulnerability issues, vulnerabilities, vuln, vtiger crm, vtiger, vte, vpn, voxtronic, voxlog, vmware products, vmware, vml, vlc media player, vlc, visual, visio, viscom, virtual technician, virtual method, virtual directory, virtual, viewer, video file, video emulation, video, victim machine, vice city multiplayer, vice city, vgx, vertical, veritas, verifier, vendor, vcenter, vbulletin, vbul, vbscript, vault, variable format, vamcart internetshop, value, validate, usernames passwords, username parameter, username, useresponse, usa, url data, url, uri validation, uri uninitialized, uri handler, uri buffer, uploader, updates, update, untrusted, unspecified, unserialize, universal network, uniopc, uninitialized pointer, uninitialized, unified, unidata, unicode, uni, unexpected values, understand, unauthenticated, ulf harnhammar, ufoalieninvasion, ufo alien invasion, ufo, udhcpc, ubercart, tzname, typo3, typo, typeinfo, type parameter, type mismatch, type checks, type, txt, twsl, tunnel, ttf font, tsac, trun, truetype, true, trouble, trident, trendmicro, trend micro internet security, trend micro, trend, tree node, tree, traq, transaction, tracker, track, tpti, touch, total, tor, tooltalk, toolbar, tool, tom sawyer software, tom sawyer, tnef, tlist, tkhd, tivoli storage manager, tivoli provisioning manager express, tivoli provisioning manager, tivoli endpoint, tivoli, tinymce, tinybrowser, timthumb, timecolorbehaviorcontainer, time2, time user, time element, time component, time, tiff image, tickets, ticket express, ticket, thunderbird web, third party, thinkmanagement, thin client, thin, theft, tgz, tftpd, tftp server, tftp, text parameter, text element, text, tex, termination code, telus, technology of the future, technology microsoft, technology, technician, technical, teamspeak, teaming, tcpdf, tcp, taxonomy, target, tar gz, tar, talk, tags, tag removal, tag, tabular data control, tabular, table layout, table element, table colspan, table, systems, system message, sysax, symantec products, symantec pcanywhere, sybase, sxview, swf player, swf, swapinnode, svq3 codec, svq, svgtextelement, svgpointlist, svgpathseglist, svg, support incident, sunway, sun solaris, sun oracle, sun microsystems, sun jre, sun java runtime, sun java, sun calendar, sun, suite versions, suite 3, suite, suhosin, sugarcrm, suffers, substitution, styling, style object, style element, studio, stubs, stts, stsz, stss, stsc, struts, structure, strongswan, string code, string, stream service, stream, storageworks, storage data, storage, stopmodule, steping stone, step, start, stack overflows, stack overflow, stack buffer, ssl service, ssl, sshd, ssh, srcelement, src, sql commands, spss, sprmcmajority, splayer, spid, sphider, speedy, sp8, sp3, sort code, sort, sorenson video codec, sorenson, soliddb, solaris, software protection, software plugins, social engineering, soapbox, soap request, snow leopard, snmpviewer, smil, smb, smartfilter, smart, slplink, slaed cms, slaed, skin, skill, size, siz, site, sistemi, sipr, sip, simploo, simplewebserver, simplenews, simple web server, simple, silverlight, signedness, signature verification, siemens automation, siemens, sielco, siddharth tags, shortcut, shockwave director, shockwave 3d, shellexecute, shell metacharacters, shell escape, shell command, sharpgrid, sharepoint, sharecenter, sflow, setup, setoutertext, setlanguage, servlet code, servlet, servicedesk, service monitor, service management, service interface, service daemon, service, server x, server queue, server manager, server login, server java, server health, server field, server directory, server configuration files, server code, server client, server backup, server authentication, serv, series, sequenceparametersetnalunit, sentinel, sensitive system, selector, securstar, security vulnerability, security technologies, security research, security bulletin, security appliances, security agent, security advisory, secure desktop, secure content manager, secure, search path, search, sean, seam, sdk, scrutinizer, scrollbars, scripting, script shell, script injection, script execution, script engine, script, scott dunlop, scott, scitools, scheduler service, scheduler, schannel, scanserver, scada hmi, scada, sasl, sapone, saphostcontrol, sapgui, sap netweaver, sap management, sap gui, sap ag, sap, samsung, sampledata, samplecount, sample, same, safer use, safari, saas, s system, rvrender, runin, run in, run, ruby, rtl, rtd, rpc protocol, router, root document, root code, root, rogue server, rocket software, rocket, robnetscanhost, rmd, rle, ring, riff, ricoh, rhino, rhapsody, rgba, reuse, response, research security, research, request username, request code, request, reporter. authentication, reporter engine, report generator, replication manager, replication, replaceitem, rendering, removechild, removal, remote server, remote exploit, remote buffer overflow, relationship, register, reference, redux, record stack, record, rec, reaver, realwin, realtimedata, realplayer user, realplayer application, realplayer activex control, realnetworks realplayer, realnetworks, realnetwork, realgames, real time data, reads, read av, rcsl, rcadcm, rca dcm425, rational, ratemypet, radialgradiant, raac, quicktime player, quicktime pict, quicktime panorama, quicktime media, quicktime apple, quicktime, quickshare, quickr, quest, query string, query analyzer, quality manager, quality, quake engine, quake, qtx, qtplugin, qnap, qemu, qdmc, qdm, qcelp, python wrapper, python versions, python, pypam, pwn, punk, pump, publisher, provisioning services, provisioning, protocol handlers, protocol handler, protector, property, proper bounds, proof of concept, promotic, progressive mesh, proftpd, professional versions, professional, products, procyon, processinstruction, process, pro versions, prl, privilege elevation, private fields, printer, print, preauth, pragyan, powerpoint viewer, powerpoint, port 5631, port 4444, pool overflow, pointer, point, poc, pnpixpat, png format, plus, plugin version, player versions, playbook, platespin, pki client, pki, pixel, pivottable, piix, pidgin, pictureheader, picture, pict images, pict, pickle data, phpscheduleit, phpmyfaq, phpmyadmin, phpids, phpauctionsystem, php nuke, php file upload, php file, php barcode, php 5, phonalisa, pfr, pfilez, perl script, perl module, performance manager, performance, pdf, pcx image, pcvue, pcanywhere, pbot, pattype, path, patch, password disclosure, parsing, parent, parameter value, parameter validation, parameter reference, parameter name, parameter, paper, panorama, page parameter, packet count, packard, package, owncloud, ovpi, ovet, overtake, overflow code, overflow, outlook, order, orchestrator, orchestration, orchestrate, oracle sql, oracle hyperion, oracle fusion middleware, oracle database 11g, oracle 9i, option element, option, optimized functions, operations manager, opera browser, openview, opentype font, opentype, openttd, opentext, openoffice, openldap packages, openldap, openjdk, openedit, opendchub, openaccess, opcode, ooxml, onreadystatechange event, online, onefilecms, onebridge, omegabill, ole, officeartblip, officeart, office excel, office customer, office art, office, ofbiz, oeplaceholderatom, ocx, ocs inventory, ocs, obunmarshal, objects, object memory, object index, object, obj, oaagent, o.s, nwftpd, numberoftiles, null pointer, null byte, nuclear situation, ntr, ntlm authentication, nstreeselection, nstreecontentview, nsopoc, nsoadv, nshtmlselectelement, nsfocus, nsense, novellzenworks, novell zenworks asset management, novell zenworks, novell netware version, novell netware rpc, novell netware 6, novell iprint, novell groupwise webaccess, novell groupwise internet agent, novell groupwise, novell edirectory, notification, nortel, nodeiterator, node movement, node, nnmrptconfig, nnm, nitrosecurity, nipplib, nic, nibe, ngs, newvcommon, new, netxtreme, networker module, networker, network node manager, network access control, netweaver, netstorage, netdecision, netcraft toolbar, netcraft, netcat, net i, net, nested, ndr, ncc group, native library, name, mysqldumper, mysql, mycioscn, mycart, myasutil, mvt, mupdf, multiplayer server, multiplayer, multimedia library, msunicode, mso, msn, ms internet, mpg, mpeg, mpauploader, mp4v, mp4 files, mozff, moving, moviemaker, movie maker, movie file, movie, movement, mouse, mosquito, month, monitoring tool, module versions, modification, modem string, mobility, mobilecartly, mobile safari, mobile data, mobile, moaub, mjpeg, mit kerberos, mit, mismatch, mirroring, minicms, migration agent, migration, midi stream, midi plugin, midi file format, midi, middleware, microsys, microsoft xml, microsoft works 7, microsoft windows versions, microsoft windows media player, microsoft windows media, microsoft windows common controls, microsoft visual studio, microsoft visio viewer, microsoft visio, microsoft vbscript, microsoft silverlight, microsoft sharepoint server, microsoft sharepoint, microsoft publisher, microsoft producer, microsoft powerpoint, microsoft outlook, microsoft office xp, microsoft office word, microsoft office powerpoint, microsoft office 2007, microsoft office, microsoft net framework, microsoft iis, microsoft ie, microsoft gdi, microsoft forefront, microsoft fax, microsoft data analyzer, microsoft cab, microsfot, micro internet, micro control, micro, meta characters, meta, messenger, messagebox, message size, message, meshcms, mergecells, merethis, mercury loadrunner, mercury, memory copy, memory buffer, memory allocation, memory addresses, memory address, memory access, memcpy, mediavideo, media operations, media application, media, mcafee, maxdb, max os, max, matrix structures, matrix, marshaled, marker, mapserver, manager. these, manager. authentication, manager. affected, manager v1, manager remote, manager ovutil, manager nnmrptconfig, manager fastback, manager cve , manager component, manager client, manager casprocessor, manager caslogdirectinserthandler, manager atlcom, manager agent, manager administration, management homepage, management centre, management center, management agent, malicious web, malicious content, malicious code, malicious, malformed, maker, mail security, magnetproc, magneto, mac os x, mac os, mac cve , mac, m business, lzw, lpd, lotus notes user, lotus inotes, lotus domino server, lotus domino, lotus 123, loop condition, loop, logical screen, logic error, logging code, log, loadrunner, loadlibrarya, loading code, lnam, lms, livedisc, live, list, linuxshield, linux security, linux distributions, linkedslideatom, linebox, license server, license, libxslt, libxml, libtiff, librpc, library reference, library code, library, libfontparser, libavcodec, lib, lfi, letter style, letter, lenovo, length, ld library, layout grid, layout code, layer 3, layer, launcher, landesk, krb5, knowledgebase, kleophatra, kiwi, kills, kernel stack, kernel code, kerberos, kdc, kayako, kadmind, justsystems, json, jscript, jruby, jre java, jre, jpeg2000, jpeg, journal, joomlacamp, joomla, jdownloader, jboss seam, jay turla, javascript onload, javascript array, javascript, javafx, java webstart, java web start, java vm args, java sandbox, java extension, java deployment, java code, java class, jar file, jakcms, j integra, ivr, ita, issue, isc dhcp, isc, irc, iran, ipswitch, iprint, ipod, iphone, ip spoofing, ip office, ios, ioquake, inventory, invalid values, invalid pointer, invalid index, invalid hostname, invalid base, invalid addresses, invalid, intrust, intrusion detection system, internetshop, internet security suite, internet name service, internet gateway, internet explorer window, internet explorer versions, internet explorer link, internet explorer code, internet explorer 8, internet agent, interface service, interface code, interface, interbase, intelligent management, intelligent, intel, integrated asset management, integrated, integra 2, integer overflow vulnerability, integer, instrumentation service, instance, insomnia, insight, insertion code, insecure method, insecure, input validation, inode, injection bug, initial creation, inheritance, infosec institute, informix dynamic server, informix database server, informix, information stream, indusoft, indexd, index code, index, incident, improper, impresspages, implementation flaws, impersonation, iml, img, imap server, imap, imanager, imail server, imail, imageshack, imagemap code, imageio, image processing, image manager, image file, iis, ihdataarchiver, ignition, ietf, iepeers, identity, icq, icount, icon, icmpv, icmp, ichitaro, icedtea, ice, icc, ica, ibm rational clearquest, ibm informix, hyperion, http, html time, html tags, html tables, html elements, html, hpsbma, hpopenview, hpediag, hp system, hp storageworks, hp printers, hp power, hp openview nnm, hp openview network node manager, hp openview, hp network, hp mercury, hp digital sender, hp business, hover, hotplug, hosted, host services, host, horde, hook code, honeywell, homepage, homebase, hmi, hijacking, hierarachy, hfs, hfpicture, helix server, helix, heat, heap memory, heap corruption, health packet, header code, header, harvester, handshake, handling, handheld, h 264, gzip, gui, groupwise client, groupwise address book, groupwise, graphical user interface, graniteds, gpgsm, google, gold version, gold, gnupg, gnu gzip, gnu emacs, gnu, glyphs, gluegen, glue, globals, global stream, global content, global, glob, glibc, glassfish, giop, gif, ghostscript, ghost, getserverinfo, getobject function, getnnmdata, getcharnumatposition, get, gentoo linux security, gentoo, genr, genl, gdi, gateway version, gateway security, gateway, gajim, gadu gadu, gadu, fusion, functions, ftp service, ftagent, freewebshop, freetype, freepbx, freebsd security, freebsd, free software updates, free pointer, free error, framework, frame element, frame dimensions, fraise, fragmentation, fpx, fpp, foxit reader, foxit, foundation administrator, forgery, foreignobject, forefront, forcecontrol, fonts, font format, font, fon, fngroupname, floating point, flexnet, flc delta, flc, flashpix, flag field, first class client, first, firmware versions, firefox browser, finder, financial consolidation, financial, filemanager, file extension, file deletion, file corruption, field, feh, fckeditor, fax cover page, fax, fastback, family connections, factory, extsetowner, externname, extension, expression language, expression, express, exporthtml, explorer telnet, exploiter, exploitation techniques, expansion rom, exim, execvp, execution stack, execution environment, execution code, exec statement, exec script, exec cmd, exec cgi, exec, exe component, exe code, exe, exception handling, exception, excel user, excel spreadsheet, evince, event, eval command, etrust, etoken, esm, esignal, escape, escalation, error, eroom, eric, equality, entry, entexu, enterprise server, enterprise portal, ensurecachedattrparamarrays, enging, engines, engine applications, engine, end result, end, encoding, enabled, emulation based, emf, emc smarts, emc documentum, emc, embedding, embarcadero, emacs, elst, elevation, elements, element code, element, elastic, eglibc, efront, editwrx, edition, editable, edgesight, ede component, ede, easy, e107, e remote, e pre , e mail, dynamic, dwgdp, dwa, dvipng, dvi, dunlop, drop, driver stack, drivecrypt, drag drop, drag, download, double, dotnetnuke, dos, domino server, domino, domain, dom range, dom prototype, dom object, dom node, dom modification, dom editing, dom cloning, dom attribute, documentum eroom, documentum, document position, document load, docebo, dnupdater, dns, dmp, dll loading, dll file, dkim, distinct, distiller, display driver, diskpulse, disk image, disk, directx directshow, directshow, directory traversal vulnerability, directory traversal, directory service manager, directory server, directory, director file, director, dirapi, digital tv, dhcp packets, dhcp, dhclient, developer tools, developer, destination buffer, desktop protocol, desktop, deskbar, design flaw, descriptor, depth, denial, demonstration code, demand applications, dell webcam, dell sonicwall, defense, default extensions, default, decompression code, decompression, decoding, decoder, decode, decisiontools, debian security, debian linux, debian, dc dl , dbserver, dbqueryext, dborparamqry, datatype, datadirect, datac, database java, data validation, data protector, data, darknet, dangling pointer, d two, d tiff resource, d texture, d support, d remote, d pict, d pcx, d parsing, d link, d iff, d file, d bmp, d assets, customer, current user, cswv, css styled, csa, cs5, cs code, crystal reports, cross site scripting, cross application, cross, crm, crlf, critical vulnerability, creation vulnerability, creation, createprocess, crazytalk, crafted, cover, counter, couchdb, corruption issues, corruption, correction, correct reference, core server, copy, cooltype, cookie, convincing users, conversion code, controller, control replication, control, contenteditable, content, confirms, configuration management, configuration, conference journal, conference, condition, concrete, computer associates arcserve, compressor, component version, compiler optimization, command, com, col element, col, cognos, codec, coda, cod, coat, cmysqlite, cmsqlite, cmm, cloud, closedctd, cloning, clod, clientless, client response, client pool, client message, client exec, client config, client, clickonce, click, clearquest, class integer, class, cktricky, ckeditor, city, citrix access, citrix, cisco webex, cisco unified, cisco telepresensce, cisco telepresence, cisco security advisory, cisco security, cisco secure, cisco products, cisco ios, cisco icm, cisco catalyst, cisco anyconnect, cisco adaptive, cisco, cinepak, ciframeelement, chroot environment, chrome, chilkatftp, chilkat software, chilkat, child, check, chart, character, channel, cgi, ceserver, certificate request, centreon, centre, center, cell, cdr, cck, care software, care, caption element, caption, canonical, can bite, camp, callmenum, caller name, call, calendar manager, calendar, cache data, cabextract, cab file, cab, ca xosoft, ca arcserve, c remote, c program, bytecode, byte code, bypassing, bypass, button, busybox, business objects, business, burp, bundle, build, bugtraq, bugs microsoft, bug, buffer overflow exploit, buby, btm, broadwin, broadcom netxtreme, broadcom, bridge design, bridge, breeze, box, boundelements, bootstrapped, body element, body, bmp image, bmp, bmc patrol, bluetooth, blue, blog entry, blocks, blob, blink, blazeds, blackberry, black ice, black hat, black, bkpixpat, bitweaver, bit depth, bit, binfile, bind request, bigdecimal, biff, bgra, bga, beehive, bcaaa, bbcode, batch script, based buffer overflow, barcode, balitbang, bad idea, backwpup, backimage, backdoor, babylon online dictionary, babylon, azdgdatingmedium, awhost, avira antivir, avi parsing, avi file, avi, avaya, auxilium, autovue, autostart, automation, automatic updates, automatic, auto, authenticode, authentication mechanisms, authentication mechanism, authentication, authenticate, audit, audio codec, audio, attributechildremoved, attribute, attacking, attacker, atrc, atoms, atom, atlcom, atas, asset, asmx, asmrulebook, aslr, asf, ascii string, art shape, art object, art drawing, array index, array, arender, arbitrary files, arbitrary commands, arbitrary command, aqt, apps, applicationxtender, application loading, application lifecycle, application layer protocol, application installer, application crash, apple webkit, apple safari, apple quicktime player, apple preview, apple os x, apple os, apple mobile, apple lossless, apple iphone, apple colorsync, apple, appenditem, appendchild, app, aphpkb, apache tomcat, apache, aol deskbar, anywhere, annotation, annotatex, anecms, andy, andx, anchor tag, anchor, amf, alloca, alguest, alert management, alert, aladdin etoken, aladdin, ajaxuploadimagefile, ajax, ail, aidicms, agustin azubel, agent management, agent, advantech, advanced audio coding, adserver, adobe image, adobe download manager, adobe acrobat reader, adobe acrobat, admsd, administrator, administrative user, administrative tools, administrative, administration server, administration kit, administration, admin, address, addon, adaptive server enterprise, adaptive server, adaptive security, adaptive, activex version, activex plugin, activex data object, activex control buffer overflow, activex component, activex code, active x control, active x, active template library, acrobat versions, acrobat, acms, ace, accurate reference, account, accessable, abysssec, abu dhabi, abb, abap, aarflash, aac files, aac file, aac, Tools, Support, Software, Public, Community, Bugs

• January 03, 2013
• 3:51

  Microsoft Rushes Out ‘Fix It’ For Internet Explorer 0-day Exploit

   » ‎ Darknet
  Pretty unusual for Microsoft but they’ve rushed out a fast fix for a 0-day Internet Explorer vulnerability which allows remote code execution and malware dropping. It doesn’t effect the latest version of Internet Explorer (9) but it effects all the common previous versions (6, 7 & 8) – which still accounts for the majority...
  
  Read the full post at darknet.org.uk

  Tags:  internet microsoft explorer read internet-explorer-vulnerability latest-version-of-internet-explorer code-execution ExploitsVulnerabilities  

• 0:00

  Vuln: Opera Web Browser Prior to 12.02 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Opera Web Browser Prior to 12.02 Remote Code Execution Vulnerability

  Tags:  web opera browser code-execution opera-web vulnerability  

• 0:00

  Vuln: Tiki Wiki CMS Groupware 'unserialize()' Multiple Remote PHP Code Execution Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Tiki Wiki CMS Groupware 'unserialize()' Multiple Remote PHP Code Execution Vulnerabilities

  Tags:  groupware tiki cms tiki-wiki code-execution php-code  

• January 02, 2013
• 21:43

  WordPress Advanced Custom Fields Remote File Inclusion

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a remote file inclusion flaw in the WordPress blogging software plugin known as Advanced Custom Fields. The vulnerability allows for remote file inclusion and remote code execution via the export.php script. The Advanced Custom Fields plug-in versions 3.5.1 and below are vulnerable. This exploit only works when the php option allow_url_include is set to On (Default Off).

  Tags:  custom fields advanced blogging-software code-execution vulnerability  

• 21:43

  WordPress Advanced Custom Fields Remote File Inclusion

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a remote file inclusion flaw in the WordPress blogging software plugin known as Advanced Custom Fields. The vulnerability allows for remote file inclusion and remote code execution via the export.php script. The Advanced Custom Fields plug-in versions 3.5.1 and below are vulnerable. This exploit only works when the php option allow_url_include is set to On (Default Off).

  Tags:  custom fields advanced blogging-software code-execution vulnerability  

• 21:43

  WordPress Advanced Custom Fields Remote File Inclusion

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a remote file inclusion flaw in the WordPress blogging software plugin known as Advanced Custom Fields. The vulnerability allows for remote file inclusion and remote code execution via the export.php script. The Advanced Custom Fields plug-in versions 3.5.1 and below are vulnerable. This exploit only works when the php option allow_url_include is set to On (Default Off).

  Tags:  custom fields advanced blogging-software code-execution vulnerability  

• 16:00

  AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  AOL Products downloadUpdater2 Plugin SRC Parameter is prone to a remote code execution vulnerability.

  Tags:  plugin aol downloadupdater src-parameter code-execution vulnerability  

• January 01, 2013
• 0:00

  Vuln: Microsoft Internet Explorer 'CDwnBindInfo' Use-After-Free Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Internet Explorer 'CDwnBindInfo' Use-After-Free Remote Code Execution Vulnerability

  Tags:  internet microsoft explorer code-execution internet-explorer vulnerability  

• December 31, 2012
• 0:00

  Vuln: Microsoft Internet Explorer 'CDwnBindInfo' Use-After-Free Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Internet Explorer 'CDwnBindInfo' Use-After-Free Remote Code Execution Vulnerability

  Tags:  internet microsoft explorer code-execution internet-explorer vulnerability  

• 0:00

  Vuln: ICCLIB CVE-2012-4405 Out-of-Bounds Memory Write Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ICCLIB CVE-2012-4405 Out-of-Bounds Memory Write Remote Code Execution Vulnerability

  Tags:  bounds icclib memory code-execution vulnerability  

• December 30, 2012
• 16:00

  Microsoft Internet Explorer Remote Code Execution Exploit (DEP and ASLR Bypass)

   » ‎ SecuriTeam
  Microsoft Internet Explorer prone to remote code execution vulnerability

  Tags:  internet microsoft explorer code-execution internet-explorer vulnerability  

• 16:00

  Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Novell Netware XNFS.NLM STAT Notify suffers from remote code execution vulnerability.

  Tags:  novell netware xnfs novell-netware code-execution nlm  

• 0:00

  Vuln: Microsoft Internet Explorer 'CDwnBindInfo' Use-After-Free Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Internet Explorer 'CDwnBindInfo' Use-After-Free Remote Code Execution Vulnerability

  Tags:  internet microsoft explorer code-execution internet-explorer vulnerability  

• December 28, 2012
• 0:00

  Vuln: IBM Java Multiple Remote Code Execution Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  IBM Java Multiple Remote Code Execution Vulnerabilities

  Tags:  multiple code remote code-execution  

• December 27, 2012
• 16:00

  IrfanView IMXCF PlugIn Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  The IMXCF PlugIn for IrfanView is prone to a remote code-execution vulnerability.

  Tags:  irfanview plugin imxcf code-execution vulnerability  

• December 26, 2012
• 16:00

  Microsoft Internet Explorer Improper Ref Counting Use-After-Free Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

  Tags:  internet microsoft explorer code-execution internet-explorer vulnerability  

• 16:00

  Qualcomm Android kernel Remote Code Execution and Denial of Service Vulnerabilities

   » ‎ SecuriTeam
  Android kernels running on Qualcomm are prone to multiple remote code-execution vulnerabilities and a denial-of-service vulnerability.

  Tags:  qualcomm kernel android service-vulnerability code-execution denial-of-service  

• December 25, 2012
• 0:00

  Vuln: IBM Lotus Notes CVE-2012-2174 URL Handler Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  IBM Lotus Notes CVE-2012-2174 URL Handler Remote Code Execution Vulnerability

  Tags:  lotus ibm notes code-execution lotus-notes vulnerability  

• December 24, 2012
• 15:27

  PHP-CGI Argument Injection Remote Code Execution

   » ‎ Packet Storm Security Exploits
  This exploits abuses an argument injection in the PHP-CGI wrapper to execute code as the PHP user/webserver user.

  Tags:  injection argument php-cgi code-execution exploits  

• 15:27

  PHP-CGI Argument Injection Remote Code Execution

   » ‎ Packet Storm Security Recent Files
  This exploits abuses an argument injection in the PHP-CGI wrapper to execute code as the PHP user/webserver user.

  Tags:  injection argument php-cgi code-execution exploits  

• 15:27

  PHP-CGI Argument Injection Remote Code Execution

   » ‎ Packet Storm Security Misc. Files
  This exploits abuses an argument injection in the PHP-CGI wrapper to execute code as the PHP user/webserver user.

  Tags:  injection argument php-cgi code-execution exploits  

• 14:56

  Uploadify jQuery Generic File Upload

   » ‎ Packet Storm Security Exploits
  This Metasploit module an arbitrary file upload and code execution vulnerability in Uploadify.

  Tags:  upload uploadify file code-execution metasploit file-upload  

• 14:56

  Uploadify jQuery Generic File Upload

   » ‎ Packet Storm Security Recent Files
  This Metasploit module an arbitrary file upload and code execution vulnerability in Uploadify.

  Tags:  upload uploadify file code-execution metasploit file-upload  

• 14:56

  Uploadify jQuery Generic File Upload

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module an arbitrary file upload and code execution vulnerability in Uploadify.

  Tags:  upload uploadify file code-execution metasploit file-upload  

• 10:00

  [web applications] - Jboss Application Server Remote Code Execution 0day

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [web applications] - Jboss Application Server Remote Code Execution 0day

  Tags:  web jboss application code-execution application-server web-applications  

• December 22, 2012
• 7:43

  Zero Day Initiative Advisory 12-197

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-197 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the java.beans.Expression class. Due to unsafe handling of reflection of privileged classes inside the Expression class it is possible for untrusted code to gain access to privileged methods and properties. This can result in remote code execution under the context of the current process.

  Tags:  day zero code oracle-java code-execution privileged-classes  

• 7:43

  Zero Day Initiative Advisory 12-197

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-197 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the java.beans.Expression class. Due to unsafe handling of reflection of privileged classes inside the Expression class it is possible for untrusted code to gain access to privileged methods and properties. This can result in remote code execution under the context of the current process.

  Tags:  day zero code oracle-java code-execution privileged-classes  

• 7:43

  Zero Day Initiative Advisory 12-197

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-197 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the java.beans.Expression class. Due to unsafe handling of reflection of privileged classes inside the Expression class it is possible for untrusted code to gain access to privileged methods and properties. This can result in remote code execution under the context of the current process.

  Tags:  day zero code oracle-java code-execution privileged-classes  

• 7:42

  Zero Day Initiative Advisory 12-194

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-194 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles the onbeforedeactivate callback function for certain elements. During the execution of the onbeforedeactivate callback function it is possible to alter the DOM tree of the page which can lead to a use-after-free vulnerability when the function returns. This can result in remote code execution under the context of the current process.

  Tags:  function zero vulnerability dom internet-explorer-user code-execution dom-tree  

• 7:42

  Zero Day Initiative Advisory 12-194

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-194 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles the onbeforedeactivate callback function for certain elements. During the execution of the onbeforedeactivate callback function it is possible to alter the DOM tree of the page which can lead to a use-after-free vulnerability when the function returns. This can result in remote code execution under the context of the current process.

  Tags:  function zero vulnerability dom internet-explorer-user code-execution dom-tree  

• 7:42

  Zero Day Initiative Advisory 12-194

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-194 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles the onbeforedeactivate callback function for certain elements. During the execution of the onbeforedeactivate callback function it is possible to alter the DOM tree of the page which can lead to a use-after-free vulnerability when the function returns. This can result in remote code execution under the context of the current process.

  Tags:  function zero vulnerability dom internet-explorer-user code-execution dom-tree  

• 7:41

  Zero Day Initiative Advisory 12-193

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-193 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles repeated calls to insertAdjacentText. When the size of the element reaches a certain threshold Internet Explorer fails to correctly relocate key elements. An initialized variable in one of the function can cause memory corruption. This can lead to remote code execution under the context of the program.

  Tags:  internet zero explorer internet-explorer-user memory-corruption code-execution  

• 7:41

  Zero Day Initiative Advisory 12-193

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-193 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles repeated calls to insertAdjacentText. When the size of the element reaches a certain threshold Internet Explorer fails to correctly relocate key elements. An initialized variable in one of the function can cause memory corruption. This can lead to remote code execution under the context of the program.

  Tags:  internet zero explorer internet-explorer-user memory-corruption code-execution  

• 7:41

  Zero Day Initiative Advisory 12-193

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-193 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles repeated calls to insertAdjacentText. When the size of the element reaches a certain threshold Internet Explorer fails to correctly relocate key elements. An initialized variable in one of the function can cause memory corruption. This can lead to remote code execution under the context of the program.

  Tags:  internet zero explorer internet-explorer-user memory-corruption code-execution  

• December 21, 2012
• 15:59

  Zero Day Initiative Advisory 12-192

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-192 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles consecutive calls to insertRow. When the number of rows reaches a certain threshold the program fails to correctly relocate certain key objects. This can lead to a use-after-free vulnerability which can result in remote code execution under the context of the current process.

  Tags:  day zero vulnerability internet-explorer-user code-execution zero-day  

• 15:59

  Zero Day Initiative Advisory 12-192

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-192 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles consecutive calls to insertRow. When the number of rows reaches a certain threshold the program fails to correctly relocate certain key objects. This can lead to a use-after-free vulnerability which can result in remote code execution under the context of the current process.

  Tags:  day zero vulnerability internet-explorer-user code-execution zero-day  

• 15:59

  Zero Day Initiative Advisory 12-192

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-192 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles consecutive calls to insertRow. When the number of rows reaches a certain threshold the program fails to correctly relocate certain key objects. This can lead to a use-after-free vulnerability which can result in remote code execution under the context of the current process.

  Tags:  day zero vulnerability internet-explorer-user code-execution zero-day  

• 15:57

  Zero Day Initiative Advisory 12-190

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-190 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the 'onpropertychange' user callback function for the document.title. If the function changes the document in the callback function by using, for example, a document.write call, this can result in a use-after-free vulnerability. This can lead to remote code execution under the context of the program.

  Tags:  function vulnerability document internet-explorer-user code-execution zero-day  

• 15:57

  Zero Day Initiative Advisory 12-190

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-190 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the 'onpropertychange' user callback function for the document.title. If the function changes the document in the callback function by using, for example, a document.write call, this can result in a use-after-free vulnerability. This can lead to remote code execution under the context of the program.

  Tags:  function vulnerability document internet-explorer-user code-execution zero-day  

• 15:57

  Zero Day Initiative Advisory 12-190

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-190 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the 'onpropertychange' user callback function for the document.title. If the function changes the document in the callback function by using, for example, a document.write call, this can result in a use-after-free vulnerability. This can lead to remote code execution under the context of the program.

  Tags:  function vulnerability document internet-explorer-user code-execution zero-day  

• 15:56

  Zero Day Initiative Advisory 12-189

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-189 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists because it is possible to change system properties through trusted JNLP files. If a JNLP file requests "" and only references signed, trusted JAR files, it can set all System properties. By referencing a trusted JNLP file from an untrusted one it is possible to change System Properties that can lead to remote code execution under the context of the current user.

  Tags:  jnlp zero system oracle-java code-execution zero-day  

• 15:56

  Zero Day Initiative Advisory 12-189

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-189 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists because it is possible to change system properties through trusted JNLP files. If a JNLP file requests "" and only references signed, trusted JAR files, it can set all System properties. By referencing a trusted JNLP file from an untrusted one it is possible to change System Properties that can lead to remote code execution under the context of the current user.

  Tags:  jnlp zero system oracle-java code-execution zero-day  

• 15:56

  Zero Day Initiative Advisory 12-189

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-189 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists because it is possible to change system properties through trusted JNLP files. If a JNLP file requests "" and only references signed, trusted JAR files, it can set all System properties. By referencing a trusted JNLP file from an untrusted one it is possible to change System Properties that can lead to remote code execution under the context of the current user.

  Tags:  jnlp zero system oracle-java code-execution zero-day  

• 15:55

  Zero Day Initiative Advisory 12-188

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-188 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles 'onrowsinserted' callback functions for certain elements. It is possible to alter the document DOM tree in a onrowsinserted callback function which can lead to a use-after-free condition when the function returns. This can result in remote code execution under the context of the current process.

  Tags:  day zero initiative dom internet-explorer-user code-execution dom-tree  

• 15:55

  Zero Day Initiative Advisory 12-188

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-188 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles 'onrowsinserted' callback functions for certain elements. It is possible to alter the document DOM tree in a onrowsinserted callback function which can lead to a use-after-free condition when the function returns. This can result in remote code execution under the context of the current process.

  Tags:  day zero initiative dom internet-explorer-user code-execution dom-tree  

• 15:55

  Zero Day Initiative Advisory 12-188

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-188 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles 'onrowsinserted' callback functions for certain elements. It is possible to alter the document DOM tree in a onrowsinserted callback function which can lead to a use-after-free condition when the function returns. This can result in remote code execution under the context of the current process.

  Tags:  day zero initiative dom internet-explorer-user code-execution dom-tree  

• 0:00

  Vuln: Microsoft Internet Explorer CVE-2012-1877 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Internet Explorer CVE-2012-1877 Remote Code Execution Vulnerability

  Tags:  internet microsoft explorer code-execution internet-explorer cve  

• 0:00

  Vuln: Real Networks RealPlayer Atrac Sample Decoding Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Real Networks RealPlayer Atrac Sample Decoding Remote Code Execution Vulnerability

  Tags:  realplayer networks real code-execution real-networks vulnerability  

• 0:00

  Vuln: Microsoft Internet Explorer CVE-2012-1878 'OnBeforeDeactivate' Event Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Internet Explorer CVE-2012-1878 'OnBeforeDeactivate' Event Code Execution Vulnerability

  Tags:  internet microsoft explorer code-execution cve internet-explorer  

• 0:00

  Vuln: Microsoft Internet Explorer CVE-2012-1879 'insertAdjacentText()' Method Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Internet Explorer CVE-2012-1879 'insertAdjacentText()' Method Code Execution Vulnerability

  Tags:  internet microsoft explorer code-execution internet-explorer cve  

• 0:00

  Vuln: Microsoft Internet Explorer CVE-2012-1880 'insertRow()' Method Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Internet Explorer CVE-2012-1880 'insertRow()' Method Remote Code Execution Vulnerability

  Tags:  internet microsoft explorer code-execution internet-explorer cve  

• December 20, 2012
• 16:00

  Microsoft Word RTF File 'listoverridecount' Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Microsoft Word is prone to a remote code-execution vulnerability.

  Tags:  vulnerability microsoft word code-execution microsoft-word  

• 0:00

  Vuln: Mozilla Firefox CVE-2012-4210 Style Inspector Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mozilla Firefox CVE-2012-4210 Style Inspector Remote Code Execution Vulnerability

  Tags:  code mozilla style inspector-remote code-execution mozilla-firefox vulnerability  

• 0:00

  Vuln: Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities

  Tags:  access drupal core code-execution php-code  

• 0:00

  Vuln: IBM Java Multiple Remote Code Execution Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  IBM Java Multiple Remote Code Execution Vulnerabilities

  Tags:  multiple code remote code-execution  

• December 19, 2012
• 16:18

  Drupal Core 6.x / 7.x Access Bypass / Code Execution

   » ‎ Packet Storm Security Advisories
  Drupal core versions 6.x and 7.x suffer from access bypass and arbitrary PHP code execution vulnerabilities.

  Tags:  access drupal core code-execution php-code  

• 16:18

  Drupal Core 6.x / 7.x Access Bypass / Code Execution

   » ‎ Packet Storm Security Recent Files
  Drupal core versions 6.x and 7.x suffer from access bypass and arbitrary PHP code execution vulnerabilities.

  Tags:  access drupal core code-execution php-code  

• 16:18

  Drupal Core 6.x / 7.x Access Bypass / Code Execution

   » ‎ Packet Storm Security Misc. Files
  Drupal core versions 6.x and 7.x suffer from access bypass and arbitrary PHP code execution vulnerabilities.

  Tags:  access drupal core code-execution php-code  

• 16:00

  Microsoft DirectX DirectPlay Heap Overflow Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Microsoft DirectX is prone to a remote code-execution vulnerability.

  Tags:  directx vulnerability microsoft microsoft-directx code-execution directplay  

• 16:00

  Microsoft Windows OpenType Font (OTF) Driver Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Microsoft Windows is prone to a remote code-execution vulnerability.

  Tags:  vulnerability microsoft windows code-execution microsoft-windows  

• December 18, 2012
• 16:00

  Microsoft Windows TrueType Font Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Microsoft Windows is prone to a remote code-execution vulnerability.

  Tags:  vulnerability microsoft windows code-execution microsoft-windows  

• 16:00

  Symantec Endpoint Protection Manager Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Symantec Endpoint Protection (SEP) Manager is prone to a remote code-execution vulnerability.

  Tags:  endpoint protection symantec code-execution vulnerability  

• 16:00

  Ektron CMS 'XslCompiledTransform' Class Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Ektron CMS is prone to a remote code-execution vulnerability.

  Tags:  ektron vulnerability cms code-execution  

• December 17, 2012
• 17:29

  phpwcms 1.5.4.6 Remote Code Execution

   » ‎ Packet Storm Security Exploits
  phpwcms versions 1.5.4.6 and below preg_replace remote code execution exploit.

  Tags:  code remote execution code-execution  

• 17:29

  phpwcms 1.5.4.6 Remote Code Execution

   » ‎ Packet Storm Security Recent Files
  phpwcms versions 1.5.4.6 and below preg_replace remote code execution exploit.

  Tags:  code remote execution code-execution  

• 17:29

  phpwcms 1.5.4.6 Remote Code Execution

   » ‎ Packet Storm Security Misc. Files
  phpwcms versions 1.5.4.6 and below preg_replace remote code execution exploit.

  Tags:  code remote execution code-execution  

• 0:00

  Vuln: Symantec Endpoint Protection Manager CVE-2012-4348 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Symantec Endpoint Protection Manager CVE-2012-4348 Remote Code Execution Vulnerability

  Tags:  endpoint remote manager code-execution vulnerability symantec  

• December 16, 2012
• 16:00

  Plone and Zope Unspecified Security Bypass and Code Execution Vulnerabilities

   » ‎ SecuriTeam
  Plone and Zope are prone to the following multiple security vulnerabilities: 1. A command-execution vulnerability 2. An HTTP header injection Vulnerability 3. Multiple security-bypass vulnerabilities 4. Multiple cross-site scripting vulnerabilities 5. A denial-of-service vulnerability 6. Multiple information-disclosure vulnerabilities 7. An arbitrary file-download vulnerability 8. Multiple HTML-injection vulnerabilities

  Tags:  plone multiple vulnerability service-vulnerability command-execution code-execution  

• December 13, 2012
• 0:00

  Vuln: HP Linux Imaging and Printing System SNMP Protocol Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  HP Linux Imaging and Printing System SNMP Protocol Remote Code Execution Vulnerability

  Tags:  imaging printing linux hp-linux code-execution printing-system  

• December 12, 2012
• 15:01

  Novell File Reporter Code Execution

   » ‎ Packet Storm Security Exploits
  Novell File Reporter agent XML parsing remote code execution exploit.

  Tags:  novell execution reporter reporter-code code-execution  

• 15:01

  Novell File Reporter Code Execution

   » ‎ Packet Storm Security Recent Files
  Novell File Reporter agent XML parsing remote code execution exploit.

  Tags:  novell execution reporter reporter-code code-execution  

• 15:01

  Novell File Reporter Code Execution

   » ‎ Packet Storm Security Misc. Files
  Novell File Reporter agent XML parsing remote code execution exploit.

  Tags:  novell execution reporter reporter-code code-execution  

• 14:46

  [remote exploits] - Novell File Reporter Agent XML Parsing Remote Code Execution

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [remote exploits] - Novell File Reporter Agent XML Parsing Remote Code Execution

  Tags:  novell exploit remote reporter-agent code-execution exploits  

• 0:00

  Vuln: Mozilla Firefox/Thunderbird CVE-2012-3974 Local Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mozilla Firefox/Thunderbird CVE-2012-3974 Local Code Execution Vulnerability

  Tags:  mozilla thunderbird execution mozilla-firefox code-execution cve  

• December 11, 2012
• 16:00

  Tiki Wiki CMS Groupware 'unserialize()' PHP Code Execution Vulnerability

   » ‎ SecuriTeam
  Tiki Wiki CMS Groupware is prone to a remote PHP code-execution vulnerability.

  Tags:  tiki wiki cms tiki-wiki code-execution php-code  

• 12:22

  IrfanView 4.33 IMXCF.DLL Code Execution

   » ‎ Packet Storm Security Exploits
  IrfanView version 4.33 suffers from a code execution vulnerability in IMXCF.DLL.

  Tags:  irfanview dll imxcf code-execution vulnerability  

• 12:22

  IrfanView 4.33 IMXCF.DLL Code Execution

   » ‎ Packet Storm Security Recent Files
  IrfanView version 4.33 suffers from a code execution vulnerability in IMXCF.DLL.

  Tags:  irfanview dll imxcf code-execution vulnerability  

• 12:22

  IrfanView 4.33 IMXCF.DLL Code Execution

   » ‎ Packet Storm Security Misc. Files
  IrfanView version 4.33 suffers from a code execution vulnerability in IMXCF.DLL.

  Tags:  irfanview dll imxcf code-execution vulnerability  

• December 10, 2012
• 16:00

  Drupal Core Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities

   » ‎ SecuriTeam
  Drupal is prone to an arbitrary PHP code-execution and an information-disclosure vulnerability.

  Tags:  drupal core php information-disclosure-vulnerability code-execution php-code  

• 0:00

  Vuln: IBM Java Multiple Remote Code Execution Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  IBM Java Multiple Remote Code Execution Vulnerabilities

  Tags:  multiple code remote code-execution  

• December 09, 2012
• 16:00

  Empire CMS Template Parser Remote PHP Code Execution Vulnerability

   » ‎ SecuriTeam
  Empire CMS is prone to a remote PHP code-execution vulnerability because it fails to properly sanitize user-supplied input.

  Tags:  empire php cms code-execution php-code vulnerability  

• 11:47

  Nagios XI Network Monitor Graph Explorer Component Command Injection

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a vulnerability found in Nagios XI Network Monitor's component 'Graph Explorer'. An authenticated user can execute system commands by injecting it in several parameters, such as in visApi.php's 'host' parameter, which results in remote code execution.

  Tags:  monitor network nagios graph-explorer explorer-component code-execution  

• 11:47

  Nagios XI Network Monitor Graph Explorer Component Command Injection

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a vulnerability found in Nagios XI Network Monitor's component 'Graph Explorer'. An authenticated user can execute system commands by injecting it in several parameters, such as in visApi.php's 'host' parameter, which results in remote code execution.

  Tags:  monitor network nagios graph-explorer explorer-component code-execution  

• 11:47

  Nagios XI Network Monitor Graph Explorer Component Command Injection

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a vulnerability found in Nagios XI Network Monitor's component 'Graph Explorer'. An authenticated user can execute system commands by injecting it in several parameters, such as in visApi.php's 'host' parameter, which results in remote code execution.

  Tags:  monitor network nagios graph-explorer explorer-component code-execution  

• December 08, 2012
• 0:28

  [remote exploits] - Maxthon3 about:history XCS Trusted Zone Code Execution

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [remote exploits] - Maxthon3 about:history XCS Trusted Zone Code Execution

  Tags:  xcs maxthon history code-execution exploits  

• 0:27

  [remote exploits] - Splunk 5.0 Custom App Remote Code Execution

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [remote exploits] - Splunk 5.0 Custom App Remote Code Execution

  Tags:  exploit remote splunk code-execution exploits  

• December 07, 2012
• 19:52

  Maxthon3 about:history XCS Trusted Zone Code Execution

   » ‎ Packet Storm Security Exploits
  Cross Context Scripting (XCS) is possible in the Maxthon about:history page. Injection in such privileged/trusted browser zone can be used to modify configuration settings and execute arbitrary commands. Please note this module only works against specific versions of XCS. Currently, we've only successfully tested on Maxthon 3.1.7 build 600 up to 3.2.2 build 1000.

  Tags:  xcs maxthon history code-execution  

• 19:52

  Maxthon3 about:history XCS Trusted Zone Code Execution

   » ‎ Packet Storm Security Recent Files
  Cross Context Scripting (XCS) is possible in the Maxthon about:history page. Injection in such privileged/trusted browser zone can be used to modify configuration settings and execute arbitrary commands. Please note this module only works against specific versions of XCS. Currently, we've only successfully tested on Maxthon 3.1.7 build 600 up to 3.2.2 build 1000.

  Tags:  xcs maxthon history code-execution  

• 19:52

  Maxthon3 about:history XCS Trusted Zone Code Execution

   » ‎ Packet Storm Security Misc. Files
  Cross Context Scripting (XCS) is possible in the Maxthon about:history page. Injection in such privileged/trusted browser zone can be used to modify configuration settings and execute arbitrary commands. Please note this module only works against specific versions of XCS. Currently, we've only successfully tested on Maxthon 3.1.7 build 600 up to 3.2.2 build 1000.

  Tags:  xcs maxthon history code-execution  

• 19:51

  Splunk 5.0 Custom App Remote Code Execution

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a feature of Splunk whereby a custom application can be uploaded through the web based interface. Through the 'script' search command a user can call commands defined in their custom application which includes arbitrary perl or python code. To abuse this behavior, a valid Splunk user with the admin role is required. By default, this module uses the credential of "admin:changeme", the default Administrator credential for Splunk. Note that the Splunk web interface runs as SYSTEM on Windows, or as root on Linux by default. This Metasploit module has only been tested successfully against Splunk 5.0.

  Tags:  custom splunk module python-code code-execution search-command  

• 19:51

  Splunk 5.0 Custom App Remote Code Execution

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a feature of Splunk whereby a custom application can be uploaded through the web based interface. Through the 'script' search command a user can call commands defined in their custom application which includes arbitrary perl or python code. To abuse this behavior, a valid Splunk user with the admin role is required. By default, this module uses the credential of "admin:changeme", the default Administrator credential for Splunk. Note that the Splunk web interface runs as SYSTEM on Windows, or as root on Linux by default. This Metasploit module has only been tested successfully against Splunk 5.0.

  Tags:  custom splunk module python-code code-execution search-command  

• 19:51

  Splunk 5.0 Custom App Remote Code Execution

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a feature of Splunk whereby a custom application can be uploaded through the web based interface. Through the 'script' search command a user can call commands defined in their custom application which includes arbitrary perl or python code. To abuse this behavior, a valid Splunk user with the admin role is required. By default, this module uses the credential of "admin:changeme", the default Administrator credential for Splunk. Note that the Splunk web interface runs as SYSTEM on Windows, or as root on Linux by default. This Metasploit module has only been tested successfully against Splunk 5.0.

  Tags:  custom splunk module python-code code-execution search-command  

• December 05, 2012
• 16:00

  Oracle WebCenter Forms Recognition 'Sssplt30.ocx' ActiveX Control Remote Code Execution Vulnerabilty

   » ‎ SecuriTeam
  Oracle WebCenter Forms Recognition is prone to a remote code-execution vulnerability.

  Tags:  webcenter oracle forms code-execution oracle-webcenter activex-control  

• 3:22

  [remote exploits] - Ektron 8.02 XSLT Transform Remote Code Execution

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [remote exploits] - Ektron 8.02 XSLT Transform Remote Code Execution

  Tags:  exploit ektron remote code-execution exploits  

• December 04, 2012
• 19:04

  Ektron 8.02 XSLT Transform Remote Code Execution

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a vulnerability in Ektron CMS 8.02 (before SP5). The vulnerability exists due to the insecure usage of XslCompiledTransform, using a XSLT controlled by the user. The module has been tested successfully on Ektron CMS 8.02 over Windows 2003 SP2, which allows to execute arbitrary code with NETWORK SERVICE privileges.

  Tags:  code ektron xslt code-execution sp5 windows-2003-sp2  

• 19:04

  Ektron 8.02 XSLT Transform Remote Code Execution

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a vulnerability in Ektron CMS 8.02 (before SP5). The vulnerability exists due to the insecure usage of XslCompiledTransform, using a XSLT controlled by the user. The module has been tested successfully on Ektron CMS 8.02 over Windows 2003 SP2, which allows to execute arbitrary code with NETWORK SERVICE privileges.

  Tags:  code ektron xslt code-execution sp5 windows-2003-sp2  

• 19:04

  Ektron 8.02 XSLT Transform Remote Code Execution

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a vulnerability in Ektron CMS 8.02 (before SP5). The vulnerability exists due to the insecure usage of XslCompiledTransform, using a XSLT controlled by the user. The module has been tested successfully on Ektron CMS 8.02 over Windows 2003 SP2, which allows to execute arbitrary code with NETWORK SERVICE privileges.

  Tags:  code ektron xslt code-execution sp5 windows-2003-sp2  

• December 03, 2012
• 0:00

  Vuln: Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability

  Tags:  oracle code remote oracle-java code-execution cve  

• November 30, 2012
• 9:05

  Apple Security Advisory 2012-11-29-1

   » ‎ Packet Storm Security Advisories
  Apple Security Advisory 2012-11-29-1 - Apple TV 5.1.1 is now available and addresses information disclosure and code execution vulnerabilities.

  Tags:  advisory disclosure information apple-security apple-tv code-execution information-disclosure  

• 9:05

  Apple Security Advisory 2012-11-29-1

   » ‎ Packet Storm Security Recent Files
  Apple Security Advisory 2012-11-29-1 - Apple TV 5.1.1 is now available and addresses information disclosure and code execution vulnerabilities.

  Tags:  advisory disclosure information apple-security apple-tv code-execution information-disclosure  

• 9:05

  Apple Security Advisory 2012-11-29-1

   » ‎ Packet Storm Security Misc. Files
  Apple Security Advisory 2012-11-29-1 - Apple TV 5.1.1 is now available and addresses information disclosure and code execution vulnerabilities.

  Tags:  advisory disclosure information apple-security apple-tv code-execution information-disclosure  

• November 29, 2012
• 0:00

  Vuln: Eaton Network Shutdown Module Arbitrary PHP Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Eaton Network Shutdown Module Arbitrary PHP Code Execution Vulnerability

  Tags:  network shutdown eaton network-shutdown code-execution php-code  

• 0:00

  Vuln: Mozilla Firefox CVE-2012-4210 Style Inspector Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mozilla Firefox CVE-2012-4210 Style Inspector Remote Code Execution Vulnerability

  Tags:  code mozilla style inspector-remote code-execution mozilla-firefox vulnerability  

• November 28, 2012
• 16:00

  Adobe Reader Unspecified Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Adobe Reader is prone to an unspecified remote code-execution vulnerability.

  Tags:  vulnerability reader adobe code-execution adobe-reader  

• 16:00

  Apple QuickTime Use-After-Free Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Apple QuickTime is prone to a remote code-execution vulnerability.

  Tags:  after use vulnerability apple-quicktime code-execution  

• November 27, 2012
• 16:00

  IBM Java Multiple Remote Code Execution Vulnerabilities UPDATED

   » ‎ SecuriTeam
  IBM Java is prone to multiple remote code-execution vulnerabilities in the Java Runtime Environment.

  Tags:  java-runtime-environment code-execution  

• 16:00

  Microsoft Windows Briefcase Integer Overflow Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Microsoft Windows Briefcase is prone to a a remote code-execution vulnerability.

  Tags:  microsoft briefcase windows integer-overflow code-execution  

• November 25, 2012
• 9:22

  BuyClassifiedScript PHP Code Injection

   » ‎ Packet Storm Security Exploits
  BuyClassifiedScript suffers from an arbitrary php code execution vulnerability.

  Tags:  code php buyclassifiedscript code-execution php-code vulnerability  

• 9:22

  BuyClassifiedScript PHP Code Injection

   » ‎ Packet Storm Security Recent Files
  BuyClassifiedScript suffers from an arbitrary php code execution vulnerability.

  Tags:  code php buyclassifiedscript code-execution php-code vulnerability  

• 9:22

  BuyClassifiedScript PHP Code Injection

   » ‎ Packet Storm Security Misc. Files
  BuyClassifiedScript suffers from an arbitrary php code execution vulnerability.

  Tags:  code php buyclassifiedscript code-execution php-code vulnerability  

• November 23, 2012
• 0:00

  Vuln: Mozilla Firefox CVE-2012-4210 Style Inspector Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mozilla Firefox CVE-2012-4210 Style Inspector Remote Code Execution Vulnerability

  Tags:  code mozilla style inspector-remote code-execution mozilla-firefox vulnerability  

• November 22, 2012
• 16:00

  Microsoft Excel Memory Corruption Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Microsoft Excel is prone to a remote code-execution vulnerability.

  Tags:  excel vulnerability microsoft memory-corruption code-execution microsoft-excel  

• 2:49

  [remote exploits] - NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [remote exploits] - NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution

  Tags:  exploit remote netiq perl-code code-execution privileged-user  

• 0:00

  Vuln: NetIQ Privileged User Manager 'ldapagnt_eval()' Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  NetIQ Privileged User Manager 'ldapagnt_eval()' Remote Code Execution Vulnerability

  Tags:  netiq privileged user code-execution privileged-user vulnerability  

• November 21, 2012
• 16:00

  Mozilla Firefox Style Inspector Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Mozilla Firefox is prone to a remote-code-execution vulnerability.

  Tags:  vulnerability mozilla firefox code-execution  

• 14:40

  NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution

   » ‎ Packet Storm Security Exploits
  This Metasploit module abuses a lack of authorization in the NetIQ Privileged User Manager service (unifid.exe) to execute arbitrary perl code. The problem exists in the ldapagnt module. The module has been tested successfully on NetIQ PUM 2.3.1 over Windows 2003 SP2, which allows to execute arbitrary code with SYSTEM privileges.

  Tags:  code netiq module system-privileges perl-code code-execution  

• 14:40

  NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution

   » ‎ Packet Storm Security Recent Files
  This Metasploit module abuses a lack of authorization in the NetIQ Privileged User Manager service (unifid.exe) to execute arbitrary perl code. The problem exists in the ldapagnt module. The module has been tested successfully on NetIQ PUM 2.3.1 over Windows 2003 SP2, which allows to execute arbitrary code with SYSTEM privileges.

  Tags:  code netiq module system-privileges perl-code code-execution  

• 14:40

  NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module abuses a lack of authorization in the NetIQ Privileged User Manager service (unifid.exe) to execute arbitrary perl code. The problem exists in the ldapagnt module. The module has been tested successfully on NetIQ PUM 2.3.1 over Windows 2003 SP2, which allows to execute arbitrary code with SYSTEM privileges.

  Tags:  code netiq module system-privileges perl-code code-execution  

• 14:37

  Narcissus Image Configuration Passthru

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a vulnerability found in Narcissus image configuration function. This is due to the backend.php file not handling the $release parameter properly, and then passes it on to the configure_image() function. In this function, the $release parameter can be used to inject system commands for passthru (a PHP function that's meant to be used to run a bash script by the vulnerable application), which allows remote code execution under the context of the web server.

  Tags:  function narcissus image configuration-function code-execution image-function  

• 14:37

  Narcissus Image Configuration Passthru

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a vulnerability found in Narcissus image configuration function. This is due to the backend.php file not handling the $release parameter properly, and then passes it on to the configure_image() function. In this function, the $release parameter can be used to inject system commands for passthru (a PHP function that's meant to be used to run a bash script by the vulnerable application), which allows remote code execution under the context of the web server.

  Tags:  function narcissus image configuration-function code-execution image-function  

• 14:37

  Narcissus Image Configuration Passthru

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a vulnerability found in Narcissus image configuration function. This is due to the backend.php file not handling the $release parameter properly, and then passes it on to the configure_image() function. In this function, the $release parameter can be used to inject system commands for passthru (a PHP function that's meant to be used to run a bash script by the vulnerable application), which allows remote code execution under the context of the web server.

  Tags:  function narcissus image configuration-function code-execution image-function  

• 0:00

  Vuln: Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability

  Tags:  oracle code remote oracle-java code-execution cve  

• November 20, 2012
• 0:00

  Vuln: Microsoft Internet Explorer CFormElement Use-After-Free Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Internet Explorer CFormElement Use-After-Free Remote Code Execution Vulnerability

  Tags:  code microsoft remote code-execution internet-explorer vulnerability  

• 0:00

  Vuln: Microsoft Windows Briefcase CVE-2012-1527 Integer Underflow Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Windows Briefcase CVE-2012-1527 Integer Underflow Remote Code Execution Vulnerability

  Tags:  microsoft briefcase windows code-execution microsoft-windows  

• 0:00

  Vuln: Microsoft Windows Briefcase CVE-2012-1528 Integer Overflow Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Windows Briefcase CVE-2012-1528 Integer Overflow Remote Code Execution Vulnerability

  Tags:  microsoft briefcase windows integer-overflow code-execution  

• November 19, 2012
• 16:00

  Microsoft Internet Explorer CFormElement Use-After-Free Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

  Tags:  internet microsoft explorer code-execution internet-explorer vulnerability  

• 0:00

  Vuln: Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability

  Tags:  oracle code remote oracle-java code-execution cve  

• 0:00

  Vuln: Open Flash Chart 'ofc_upload_image.php' Remote PHP Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Open Flash Chart 'ofc_upload_image.php' Remote PHP Code Execution Vulnerability

  Tags:  php flash open code-execution php-code vulnerability  

• 0:00

  Vuln: Real Networks RealPlayer RV20 Frame Size Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Real Networks RealPlayer RV20 Frame Size Remote Code Execution Vulnerability

  Tags:  realplayer networks real code-execution real-networks frame-size  

• November 18, 2012
• 16:00

  CryENGINE Remote Shell Command Execution Vulnerability

   » ‎ SecuriTeam
  CryENGINE is prone to a remote code-execution vulnerability.

  Tags:  cryengine vulnerability remote remote-shell command-execution code-execution  

• 16:00

  IBM Java Multiple Remote Code Execution Vulnerabilities

   » ‎ SecuriTeam
  IBM Java is prone to multiple remote code-execution vulnerabilities in Java Runtime Environment.

  Tags:  java multiple ibm java-runtime-environment code-execution  

• 16:00

  Invision Power Board 'core.php' PHP Code Execution Vulnerability

   » ‎ SecuriTeam
  Invision Power Board is prone to a vulnerability that lets remote attackers execute arbitrary code.

  Tags:  board power invision code-execution arbitrary-code attackers  

• 16:00

  Microsoft Excel 'SerAuxErrBar' Heap Overflow Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Microsoft Excel is prone to a remote code-execution vulnerability.

  Tags:  excel vulnerability microsoft code-execution microsoft-excel heap  

• 16:00

  Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

  Tags:  internet microsoft explorer code-execution internet-explorer vulnerability  

• 16:00

  Microsoft Windows Briefcase Integer Underflow Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Microsoft Windows Briefcase is prone to a a remote code-execution vulnerability.

  Tags:  microsoft briefcase windows code-execution microsoft-windows  

• 16:00

  Microsoft Windows Kernel 'Win32k.sys' TrueType Font Parsing Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Microsoft Windows is prone to a remote code-execution vulnerability that affects the kernel.

  Tags:  kernel microsoft windows windows-kernel truetype-font code-execution  

• 16:00

  Opera Web Browser Multiple Vulnerabilities

   » ‎ SecuriTeam
  Opera Web Browser is prone to a cross-site scripting vulnerability, a remote code execution vulnerability, a cross-domain information-disclosure vulnerability, and multiple unspecified vulnerabilities.

  Tags:  vulnerability web opera opera-web-browser information-disclosure-vulnerability code-execution  

• November 16, 2012
• 0:00

  Vuln: IBM Java Multiple Remote Code Execution Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  IBM Java Multiple Remote Code Execution Vulnerabilities

  Tags:  multiple code remote code-execution  

• November 15, 2012
• 23:50

  Zero Day Initiative Advisory 12-186

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-186 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of RTF files. The code responsible for lexing control words from the input file does not properly validate that all objects are properly defined. By removing terminating values within an RTF file an attacker can cause the program to re-use a freed object. Combined with basic memory layout control an attacker can abuse this situation to achieve code execution under the context of the user running the application.

  Tags:  zero code file microsoft-office-user memory-layout code-execution  

• 23:50

  Zero Day Initiative Advisory 12-186

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-186 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of RTF files. The code responsible for lexing control words from the input file does not properly validate that all objects are properly defined. By removing terminating values within an RTF file an attacker can cause the program to re-use a freed object. Combined with basic memory layout control an attacker can abuse this situation to achieve code execution under the context of the user running the application.

  Tags:  zero code file microsoft-office-user memory-layout code-execution  

• 23:50

  Zero Day Initiative Advisory 12-186

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-186 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of RTF files. The code responsible for lexing control words from the input file does not properly validate that all objects are properly defined. By removing terminating values within an RTF file an attacker can cause the program to re-use a freed object. Combined with basic memory layout control an attacker can abuse this situation to achieve code execution under the context of the user running the application.

  Tags:  zero code file microsoft-office-user memory-layout code-execution  

• 5:41

  [remote exploits] - Novell NetIQ Privileged User Manager 2.3.1 auth.dll Code Execution

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [remote exploits] - Novell NetIQ Privileged User Manager 2.3.1 auth.dll Code Execution

  Tags:  novell netiq privileged code-execution privileged-user  

• 5:39

  [remote exploits] - Novell NetIQ Privileged User Manager 2.3.1 ldapagnt.dll Code Execution

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [remote exploits] - Novell NetIQ Privileged User Manager 2.3.1 ldapagnt.dll Code Execution

  Tags:  novell netiq privileged code-execution privileged-user  

• 0:00

  Vuln: CryENGINE Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  CryENGINE Remote Code Execution Vulnerability

  Tags:  code cryengine remote code-execution vulnerability  

• 0:00

  Vuln: Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability

  Tags:  oracle database enterprise code-execution oracle-database grid-control  

• 0:00

  Vuln: Real Networks RealPlayer CVE-2012-0925 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Real Networks RealPlayer CVE-2012-0925 Remote Code Execution Vulnerability

  Tags:  realplayer networks real code-execution real-networks cve  

• 0:00

  Vuln: Microsoft Excel CVE-2012-2543 Buffer Overflow Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Excel CVE-2012-2543 Buffer Overflow Remote Code Execution Vulnerability

  Tags:  excel buffer microsoft code-execution buffer-overflow microsoft-excel  

• 0:00

  Vuln: IBM Java Multiple Remote Code Execution Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  IBM Java Multiple Remote Code Execution Vulnerabilities

  Tags:  multiple code remote code-execution  

• November 14, 2012
• 18:51

  Novell NetIQ Privileged User Manager 2.3.1 ldapagnt.dll Code Execution

   » ‎ Packet Storm Security Exploits
  Novell NetIQ Privileged User Manager version 2.3.1 suffers from a perl code evaluation remote command execution vulnerability in ldapagnt_eval() in ldapagnt.dll. The secure web interface contains a flaw which allows, without prior authentication, to execute a Perl script with SYSTEM privileges. This can be done by sending a POST request with well formed data. Full exploit included.

  Tags:  novell ldapagnt netiq system-privileges command-execution code-execution  

• 18:51

  Novell NetIQ Privileged User Manager 2.3.1 ldapagnt.dll Code Execution

   » ‎ Packet Storm Security Recent Files
  Novell NetIQ Privileged User Manager version 2.3.1 suffers from a perl code evaluation remote command execution vulnerability in ldapagnt_eval() in ldapagnt.dll. The secure web interface contains a flaw which allows, without prior authentication, to execute a Perl script with SYSTEM privileges. This can be done by sending a POST request with well formed data. Full exploit included.

  Tags:  novell ldapagnt netiq system-privileges command-execution code-execution  

• 18:51

  Novell NetIQ Privileged User Manager 2.3.1 ldapagnt.dll Code Execution

   » ‎ Packet Storm Security Misc. Files
  Novell NetIQ Privileged User Manager version 2.3.1 suffers from a perl code evaluation remote command execution vulnerability in ldapagnt_eval() in ldapagnt.dll. The secure web interface contains a flaw which allows, without prior authentication, to execute a Perl script with SYSTEM privileges. This can be done by sending a POST request with well formed data. Full exploit included.

  Tags:  novell ldapagnt netiq system-privileges command-execution code-execution  

• 18:46

  Novell NetIQ Privileged User Manager 2.3.1 auth.dll Code Execution

   » ‎ Packet Storm Security Exploits
  Novell NetIQ Privileged User Manager version 2.3.1 suffers from a remote code execution vulnerability in pa_modify_accounts() in auth.dll. The secure web interface contains a flaw which allows, without prior authentication, to change the password of the user 'admin'. A remote attacker then could login to the web interface with full privileges and trigger underlying vulnerabilities to write arbitrary files against the target system with SYSTEM privileges. Full exploit included.

  Tags:  novell netiq user target-system system-privileges code-execution  

• 18:46

  Novell NetIQ Privileged User Manager 2.3.1 auth.dll Code Execution

   » ‎ Packet Storm Security Recent Files
  Novell NetIQ Privileged User Manager version 2.3.1 suffers from a remote code execution vulnerability in pa_modify_accounts() in auth.dll. The secure web interface contains a flaw which allows, without prior authentication, to change the password of the user 'admin'. A remote attacker then could login to the web interface with full privileges and trigger underlying vulnerabilities to write arbitrary files against the target system with SYSTEM privileges. Full exploit included.

  Tags:  target-system system-privileges code-execution  

• 18:46

  Novell NetIQ Privileged User Manager 2.3.1 auth.dll Code Execution

   » ‎ Packet Storm Security Misc. Files
  Novell NetIQ Privileged User Manager version 2.3.1 suffers from a remote code execution vulnerability in pa_modify_accounts() in auth.dll. The secure web interface contains a flaw which allows, without prior authentication, to change the password of the user 'admin'. A remote attacker then could login to the web interface with full privileges and trigger underlying vulnerabilities to write arbitrary files against the target system with SYSTEM privileges. Full exploit included.

  Tags:  novell netiq user target-system system-privileges code-execution  

• 16:00

  Microsoft Excel SST Invalid Length Use After Free Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Microsoft Excel is prone to a remote code-execution vulnerability.

  Tags:  excel vulnerability microsoft code-execution microsoft-excel sst  

• 0:00

  Vuln: Invision Power Board 'core.php' PHP Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Invision Power Board 'core.php' PHP Code Execution Vulnerability

  Tags:  vulnerability php invision code-execution invision-power-board  

• 0:00

  Vuln: IBM Java Multiple Remote Code Execution Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  IBM Java Multiple Remote Code Execution Vulnerabilities

  Tags:  multiple code remote code-execution  

• November 13, 2012
• 15:50

  Invision IP.Board 3.3.4 unserialize() PHP Code Execution

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a php unserialize() vulnerability in Invision IP.Board versions 3.3.4 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the '/admin/sources/base/core.php' script, which is called with user controlled data from the cookie. The exploit abuses the __destruct() method from the dbMain class to write arbitrary PHP code to a file on the Invision IP.Board web directory. The exploit has been tested successfully on Invision IP.Board 3.3.4.

  Tags:  board php invision ip-board webserver-user code-execution  

• 15:50

  Invision IP.Board 3.3.4 unserialize() PHP Code Execution

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a php unserialize() vulnerability in Invision IP.Board versions 3.3.4 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the '/admin/sources/base/core.php' script, which is called with user controlled data from the cookie. The exploit abuses the __destruct() method from the dbMain class to write arbitrary PHP code to a file on the Invision IP.Board web directory. The exploit has been tested successfully on Invision IP.Board 3.3.4.

  Tags:  board php invision ip-board webserver-user code-execution  

• 15:50

  Invision IP.Board 3.3.4 unserialize() PHP Code Execution

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a php unserialize() vulnerability in Invision IP.Board versions 3.3.4 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the '/admin/sources/base/core.php' script, which is called with user controlled data from the cookie. The exploit abuses the __destruct() method from the dbMain class to write arbitrary PHP code to a file on the Invision IP.Board web directory. The exploit has been tested successfully on Invision IP.Board 3.3.4.

  Tags:  board php invision ip-board webserver-user code-execution  

• 15:50

  Jira Scriptrunner 2.0.7 CSRF / Code Execution

   » ‎ Packet Storm Security Exploits
  This is a metasploit exploit for Jira Scriptrunner version 2.0.7. This Jira plugin does not use the built in Jira protections (websudo or CSRF tokens) to protect the page from CSRF. This page is supposed to be used by admins to automate tasks, it will accept java code and by default in a windows environment Jira will be run as system.

  Tags:  scriptrunner csrf jira code-execution websudo  

• 15:50

  Jira Scriptrunner 2.0.7 CSRF / Code Execution

   » ‎ Packet Storm Security Recent Files
  This is a metasploit exploit for Jira Scriptrunner version 2.0.7. This Jira plugin does not use the built in Jira protections (websudo or CSRF tokens) to protect the page from CSRF. This page is supposed to be used by admins to automate tasks, it will accept java code and by default in a windows environment Jira will be run as system.

  Tags:  scriptrunner csrf jira code-execution websudo  

• 15:50

  Jira Scriptrunner 2.0.7 CSRF / Code Execution

   » ‎ Packet Storm Security Misc. Files
  This is a metasploit exploit for Jira Scriptrunner version 2.0.7. This Jira plugin does not use the built in Jira protections (websudo or CSRF tokens) to protect the page from CSRF. This page is supposed to be used by admins to automate tasks, it will accept java code and by default in a windows environment Jira will be run as system.

  Tags:  scriptrunner csrf jira code-execution websudo  

• 10:20

  [remote exploits] - Invision Power Board <= 3.3.4 unserialize() PHP Code Execution (2)

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [remote exploits] - Invision Power Board <= 3.3.4 unserialize() PHP Code Execution (2)

  Tags:  exploit remote board code-execution exploits  

• 10:20

  [web applications] - Invision Power Board <= 3.3.4 unserialize() PHP Code Execution (2)

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [web applications] - Invision Power Board <= 3.3.4 unserialize() PHP Code Execution (2)

  Tags:  web power invision code-execution web-applications  

• 2:59

  [remote exploits] - Java Applet JAX-WS Remote Code Execution Vulnerability

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [remote exploits] - Java Applet JAX-WS Remote Code Execution Vulnerability

  Tags:  exploit code remote code-execution java-applet exploits  

• November 12, 2012
• 17:12

  Java Applet JAX-WS Remote Code Execution

   » ‎ Packet Storm Security Exploits
  This Metasploit module abuses the JAX-WS classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.

  Tags:  java jax-ws applet code-execution metasploit java-version  

• 17:12

  Java Applet JAX-WS Remote Code Execution

   » ‎ Packet Storm Security Recent Files
  This Metasploit module abuses the JAX-WS classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.

  Tags:  java jax-ws applet code-execution metasploit java-version  

• 17:12

  Java Applet JAX-WS Remote Code Execution

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module abuses the JAX-WS classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.

  Tags:  java jax-ws applet code-execution metasploit java-version  

• November 11, 2012
• 16:00

  EmpireCMS Template Parser Remote PHP Code Execution Vulnerability

   » ‎ SecuriTeam
  EmpireCMS is prone to a Remote PHP Code Execution Vulnerability

  Tags:  php remote empirecms code-execution php-code vulnerability  

• November 09, 2012
• 0:00

  Vuln: OptiPNG Use-After-Free Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OptiPNG Use-After-Free Remote Code Execution Vulnerability

  Tags:  free optipng remote code-execution vulnerability  

• November 08, 2012
• 0:00

  Vuln: Invision Power Board 'core.php' PHP Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Invision Power Board 'core.php' PHP Code Execution Vulnerability

  Tags:  php power invision code-execution invision-power-board vulnerability  

• November 07, 2012
• 16:00

  HP SiteScope SOAP Remote Disclosure of Information, Remote Code Execution Vulnerabilities

   » ‎ SecuriTeam
  HP SiteScope SOAP Security Issues, Remote Disclosure of Information, is prone to a Remote denial of service (DoS) and loss of data Vulnerability.

  Tags:  sitescope soap remote soap-security disclosure-of-information code-execution  

• 3:11

  WSO Web Shell 2.5.1

   » ‎ Packet Storm Security Recent Files
  WSO is a PHP shell backdoor that provide an interface for various remote operations. It can perform everything from remote code execution, bruteforcing of servers, provide server information, and more.

  Tags:  shell wso web php-shell web-shell code-execution  

• 3:11

  WSO Web Shell 2.5.1

   » ‎ Packet Storm Security Tools
  WSO is a PHP shell backdoor that provide an interface for various remote operations. It can perform everything from remote code execution, bruteforcing of servers, provide server information, and more.

  Tags:  shell wso web php-shell web-shell code-execution  

• 3:11

  WSO Web Shell 2.5.1

   » ‎ Packet Storm Security Misc. Files
  WSO is a PHP shell backdoor that provide an interface for various remote operations. It can perform everything from remote code execution, bruteforcing of servers, provide server information, and more.

  Tags:  shell wso web php-shell web-shell code-execution  

• 0:00

  Vuln: Oracle WebCenter Forms Recognition 'Sssplt30.ocx' ActiveX Control Remote Code Execution Vulnerabilty

   » ‎ SecurityFocus Vulnerabilities
  Oracle WebCenter Forms Recognition 'Sssplt30.ocx' ActiveX Control Remote Code Execution Vulnerabilty

  Tags:  oracle recognition sssplt code-execution oracle-webcenter activex-control  

• November 06, 2012
• 3:10

  [web applications] - EmpireCMS 6.6 PHP Code Execution Vulnerability

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [web applications] - EmpireCMS 6.6 PHP Code Execution Vulnerability

  Tags:  web php empirecms code-execution php-code web-applications  

• 3:07

  [remote exploits] - WinRM VBS Remote Code Execution Vulnerability

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [remote exploits] - WinRM VBS Remote Code Execution Vulnerability

  Tags:  exploit code remote code-execution exploits vulnerability  

• November 05, 2012
• 21:16

  WinRM VBS Remote Code Execution

   » ‎ Packet Storm Security Exploits
  This Metasploit module uses valid credentials to login to the WinRM service and execute a payload. It has two available methods for payload delivery: Powershell 2.0 and VBS CmdStager. The module will check if Powershell 2.0 is available, and if so uses that method. Otherwise it falls back to the VBS Cmdstager which is less stealthy. IMPORTANT: If targeting an x64 system with the Powershell method you MUST select an x64 payload. An x86 payload will never return.

  Tags:  payload vbs powershell valid-credentials code-execution  

• 21:16

  WinRM VBS Remote Code Execution

   » ‎ Packet Storm Security Recent Files
  This Metasploit module uses valid credentials to login to the WinRM service and execute a payload. It has two available methods for payload delivery: Powershell 2.0 and VBS CmdStager. The module will check if Powershell 2.0 is available, and if so uses that method. Otherwise it falls back to the VBS Cmdstager which is less stealthy. IMPORTANT: If targeting an x64 system with the Powershell method you MUST select an x64 payload. An x86 payload will never return.

  Tags:  payload vbs powershell valid-credentials code-execution  

• 21:16

  WinRM VBS Remote Code Execution

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module uses valid credentials to login to the WinRM service and execute a payload. It has two available methods for payload delivery: Powershell 2.0 and VBS CmdStager. The module will check if Powershell 2.0 is available, and if so uses that method. Otherwise it falls back to the VBS Cmdstager which is less stealthy. IMPORTANT: If targeting an x64 system with the Powershell method you MUST select an x64 payload. An x86 payload will never return.

  Tags:  payload vbs powershell valid-credentials code-execution  

• 20:31

  EmpireCMS 6.6 PHP Code Execution

   » ‎ Packet Storm Security Exploits
  EmpireCMS version 6.6 template parser suffers from a remote PHP code execution vulnerability.

  Tags:  version execution empirecms code-execution version-6 parser  

• 20:31

  EmpireCMS 6.6 PHP Code Execution

   » ‎ Packet Storm Security Recent Files
  EmpireCMS version 6.6 template parser suffers from a remote PHP code execution vulnerability.

  Tags:  version execution empirecms code-execution version-6 parser  

• 20:31

  EmpireCMS 6.6 PHP Code Execution

   » ‎ Packet Storm Security Misc. Files
  EmpireCMS version 6.6 template parser suffers from a remote PHP code execution vulnerability.

  Tags:  version execution empirecms code-execution version-6 parser  

• 9:00

  Bugtraq: [CVE-2012-5777]EmpireCMS Template Parser Remote PHP Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  [CVE-2012-5777]EmpireCMS Template Parser Remote PHP Code Execution Vulnerability

  Tags:  remote empirecms template code-execution php-code cve  

• 0:00

  Vuln: Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability

  Tags:  oracle code remote oracle-java code-execution cve  

• 0:00

  Vuln: Invision Power Board 'core.php' PHP Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Invision Power Board 'core.php' PHP Code Execution Vulnerability

  Tags:  php power invision code-execution invision-power-board vulnerability  

• 0:00

  Vuln: Mesa 'visit_field()' Method CVE-2012-2864 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mesa 'visit_field()' Method CVE-2012-2864 Remote Code Execution Vulnerability

  Tags:  code remote method code-execution vulnerability  

• November 02, 2012
• 15:28

  HP Security Bulletin HPSBMU02815 SSRT100715 4

   » ‎ Packet Storm Security Advisories
  HP Security Bulletin HPSBMU02815 SSRT100715 4 - Potential security vulnerabilities have been identified with HP SiteScope. The vulnerabilities in SiteScope SOAP features could be remotely exploited to allow disclosure of information or code execution. Revision 4 of this advisory.

  Tags:  hpsbmu bulletin security security-vulnerabilities code-execution disclosure-of-information  

• 15:28

  HP Security Bulletin HPSBMU02815 SSRT100715 4

   » ‎ Packet Storm Security Recent Files
  HP Security Bulletin HPSBMU02815 SSRT100715 4 - Potential security vulnerabilities have been identified with HP SiteScope. The vulnerabilities in SiteScope SOAP features could be remotely exploited to allow disclosure of information or code execution. Revision 4 of this advisory.

  Tags:  hpsbmu bulletin security security-vulnerabilities code-execution disclosure-of-information  

• 15:28

  HP Security Bulletin HPSBMU02815 SSRT100715 4

   » ‎ Packet Storm Security Misc. Files
  HP Security Bulletin HPSBMU02815 SSRT100715 4 - Potential security vulnerabilities have been identified with HP SiteScope. The vulnerabilities in SiteScope SOAP features could be remotely exploited to allow disclosure of information or code execution. Revision 4 of this advisory.

  Tags:  hpsbmu bulletin security security-vulnerabilities code-execution disclosure-of-information  

• 6:00

  Bugtraq: [security bulletin] HPSBMU02815 SSRT100715 rev.4 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution

   » ‎ SecurityFocus Vulnerabilities
  [security bulletin] HPSBMU02815 SSRT100715 rev.4 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution

  Tags:  security bulletin remote soap-security code-execution disclosure-of-information  

• 0:00

  Vuln: libfpx 'Free_All_Memory()' Function Double Free Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  libfpx 'Free_All_Memory()' Function Double Free Remote Code Execution Vulnerability

  Tags:  libfpx remote memory code-execution memory-function vulnerability  

• November 01, 2012
• 16:01

  Invision Power Board 3.3.4 Code Execution

   » ‎ Packet Storm Security Exploits
  Invision Power Board versions 3.3.4 and below unserialize() PHP code execution exploit.

  Tags:  board power invision invision-power-board code-execution php-code  

• 16:01

  Invision Power Board 3.3.4 Code Execution

   » ‎ Packet Storm Security Recent Files
  Invision Power Board versions 3.3.4 and below unserialize() PHP code execution exploit.

  Tags:  board power invision invision-power-board code-execution php-code  

• 16:01

  Invision Power Board 3.3.4 Code Execution

   » ‎ Packet Storm Security Misc. Files
  Invision Power Board versions 3.3.4 and below unserialize() PHP code execution exploit.

  Tags:  board power invision invision-power-board code-execution php-code  

• 12:22

  EasyPHP 12.1 Remote Code Execution

   » ‎ Packet Storm Security Exploits
  EasyPHP version 12.1 suffers from a remote code execution vulnerability due to a code tester feature running on a server bound to localhost.

  Tags:  code easyphp execution code-tester code-execution vulnerability  

• 12:22

  EasyPHP 12.1 Remote Code Execution

   » ‎ Packet Storm Security Recent Files
  EasyPHP version 12.1 suffers from a remote code execution vulnerability due to a code tester feature running on a server bound to localhost.

  Tags:  code easyphp execution code-tester code-execution vulnerability  

• 12:22

  EasyPHP 12.1 Remote Code Execution

   » ‎ Packet Storm Security Misc. Files
  EasyPHP version 12.1 suffers from a remote code execution vulnerability due to a code tester feature running on a server bound to localhost.

  Tags:  code easyphp execution code-tester code-execution vulnerability  

• 8:38

  [web applications] - Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [web applications] - Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution

  Tags:  quot web invision code-execution web-applications  

• 0:00

  Vuln: Invision Power Board 'core.php' PHP Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Invision Power Board 'core.php' PHP Code Execution Vulnerability

  Tags:  php power invision code-execution invision-power-board vulnerability  

• 0:00

  Vuln: WebKit CVE-2012-3748 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WebKit CVE-2012-3748 Remote Code Execution Vulnerability

  Tags:  code webkit remote code-execution vulnerability  

• October 31, 2012
• 0:00

  Vuln: OptiPNG Use-After-Free Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  OptiPNG Use-After-Free Remote Code Execution Vulnerability

  Tags:  free optipng remote code-execution vulnerability  

• 0:00

  Vuln: Adobe Flash Player CVE-2012-0768 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Adobe Flash Player CVE-2012-0768 Remote Code Execution Vulnerability

  Tags:  player adobe flash code-execution adobe-flash-player vulnerability  

• 0:00

  Vuln: Mozilla Firefox/Thunderbird CVE-2012-3974 Local Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mozilla Firefox/Thunderbird CVE-2012-3974 Local Code Execution Vulnerability

  Tags:  mozilla thunderbird execution mozilla-firefox code-execution cve  

• October 30, 2012
• 0:00

  Vuln: Drupal Core Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Drupal Core Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities

  Tags:  drupal arbitrary core code-execution information-disclosure php-code  

• 0:00

  Vuln: Computer Associates ARCserve Backup Remote Code Execution and Denial of Service Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Computer Associates ARCserve Backup Remote Code Execution and Denial of Service Vulnerabilities

  Tags:  computer remote arcserve code-execution denial-of-service computer-associates  

• October 29, 2012
• 17:00

  Computer Associates ARCserve Backup Remote Code Execution and Denial of Service Vulnerabilities

   » ‎ SecuriTeam
  Computer Associates ARCserve Backup is prone to a remote code-execution vulnerability and a denial-of-service vulnerability.

  Tags:  vulnerability computer arcserve service-vulnerability code-execution denial-of-service  

• 0:00

  Vuln: Drupal Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Drupal Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities

  Tags:  drupal arbitrary php code-execution information-disclosure php-code  

• 0:00

  Vuln: HP Operations Agent Multiple Remote Code Execution Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  HP Operations Agent Multiple Remote Code Execution Vulnerabilities

  Tags:  multiple remote operations code-execution  

• 0:00

  Vuln: libfpx 'Free_All_Memory()' Function Double Free Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  libfpx 'Free_All_Memory()' Function Double Free Remote Code Execution Vulnerability

  Tags:  libfpx remote memory code-execution memory-function vulnerability  

• October 28, 2012
• 17:00

  GE Proficy Historian 'KeyHelp.ocx' ActiveX Control Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Proficy Historian is prone to a remote code-execution vulnerability.

  Tags:  vulnerability historian proficy proficy-historian code-execution activex-control  

• 11:26

  ManageEngine Security Manager Plus 5.5 build 5505 SQL Injection

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a SQL injection found in ManageEngine Security Manager Plus advanced search page, which results in remote code execution under the context of SYSTEM in Windows; or as the user in Linux. Authentication is not required in order to exploit this vulnerability.

  Tags:  manageengine sql security manager-plus code-execution sql-injection security-manager  

• 11:26

  ManageEngine Security Manager Plus 5.5 build 5505 SQL Injection

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a SQL injection found in ManageEngine Security Manager Plus advanced search page, which results in remote code execution under the context of SYSTEM in Windows; or as the user in Linux. Authentication is not required in order to exploit this vulnerability.

  Tags:  manageengine sql security manager-plus code-execution sql-injection security-manager  

• 11:26

  ManageEngine Security Manager Plus 5.5 build 5505 SQL Injection

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a SQL injection found in ManageEngine Security Manager Plus advanced search page, which results in remote code execution under the context of SYSTEM in Windows; or as the user in Linux. Authentication is not required in order to exploit this vulnerability.

  Tags:  manageengine sql security manager-plus code-execution sql-injection security-manager  

• October 26, 2012
• 0:00

  Vuln: Oracle Java SE CVE-2012-1723 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Java SE CVE-2012-1723 Remote Code Execution Vulnerability

  Tags:  oracle-java code-execution cve  

• October 25, 2012
• 17:00

  Samba 'Perl-Based DCE/RPC IDL' Compiler Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  Samba is prone to a remote-code-execution vulnerability.

  Tags:  perl vulnerability samba code-execution  

• 7:59

  ClanSphere 2011.3 Local File Inclusion / Remote Code Execution

   » ‎ Packet Storm Security Exploits
  ClanSphere version 2011.3 suffers from a local file inclusion vulnerability in the cs_lang cookie parameter. This advisory has two exploits included and one of them uses /proc/self/environ to launch a connect-back shell.

  Tags:  inclusion file clansphere code-execution exploits vulnerability  

• 7:59

  ClanSphere 2011.3 Local File Inclusion / Remote Code Execution

   » ‎ Packet Storm Security Recent Files
  ClanSphere version 2011.3 suffers from a local file inclusion vulnerability in the cs_lang cookie parameter. This advisory has two exploits included and one of them uses /proc/self/environ to launch a connect-back shell.

  Tags:  inclusion file clansphere code-execution exploits vulnerability  

• 7:59

  ClanSphere 2011.3 Local File Inclusion / Remote Code Execution

   » ‎ Packet Storm Security Misc. Files
  ClanSphere version 2011.3 suffers from a local file inclusion vulnerability in the cs_lang cookie parameter. This advisory has two exploits included and one of them uses /proc/self/environ to launch a connect-back shell.

  Tags:  inclusion file clansphere code-execution exploits vulnerability  

• October 24, 2012
• 17:00

  FFmpeg Multiple Remote Code Execution Vulnerabilities

   » ‎ SecuriTeam
  FFmpeg is prone to multiple remote code-execution vulnerabilities.

  Tags:  ffmpeg multiple remote code-execution  

• 14:00

  [web applications] - ClanSphere 2011.3 Local File Inclusion / Remote Code Execution Vulnerabilities

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [web applications] - ClanSphere 2011.3 Local File Inclusion / Remote Code Execution Vulnerabilities

  Tags:  web clansphere local code-execution web-applications inclusion  

• 0:00

  Vuln: RETIRED: Adobe Shockwave Player APSB12-23 Multiple Code Execution Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  RETIRED: Adobe Shockwave Player APSB12-23 Multiple Code Execution Vulnerabilities

  Tags:  shockwave adobe retired adobe-shockwave-player code-execution  

• 0:00

  Vuln: Microsoft Internet Explorer OnMove Use-After-Free Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Internet Explorer OnMove Use-After-Free Remote Code Execution Vulnerability

  Tags:  internet microsoft explorer code-execution internet-explorer vulnerability  

• 0:00

  Vuln: Microsoft Internet Explorer Image Arrays Use-After-Free Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft Internet Explorer Image Arrays Use-After-Free Remote Code Execution Vulnerability

  Tags:  internet microsoft explorer image-arrays code-execution internet-explorer  

• 0:00

  Vuln: Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3968 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3968 Remote Code Execution Vulnerability

  Tags:  mozilla firefox thunderbird mozilla-firefox code-execution seamonkey  

• October 21, 2012
• 18:36

  Turbo FTP Server 1.30.823 PORT Overflow

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a buffer overflow vulnerability found in the PORT command in Turbo FTP Server versions 1.30.823 and 1.30.826, which results in remote code execution under the context of SYSTEM.

  Tags:  server turbo ftp buffer-overflow-vulnerability code-execution server-versions  

• 18:36

  Turbo FTP Server 1.30.823 PORT Overflow

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a buffer overflow vulnerability found in the PORT command in Turbo FTP Server versions 1.30.823 and 1.30.826, which results in remote code execution under the context of SYSTEM.

  Tags:  server turbo ftp buffer-overflow-vulnerability code-execution server-versions  

• 18:36

  Turbo FTP Server 1.30.823 PORT Overflow

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a buffer overflow vulnerability found in the PORT command in Turbo FTP Server versions 1.30.823 and 1.30.826, which results in remote code execution under the context of SYSTEM.

  Tags:  server turbo ftp buffer-overflow-vulnerability code-execution server-versions  

• October 19, 2012
• 17:00

  phptax 0.8 Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  PhpTax 0.8 is prone to remote code execution vulnerability.

  Tags:  execution code phptax code-execution vulnerability  

• 16:23

  ManageEngine Security Manager Plus 5.5 Build 5505 Code Execution

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a SQL injection found in ManageEngine Security Manager Plus advanced search page. It will send a malicious SQL query to create a JSP file under the web root directory, and then let it download and execute our malicious executable under the context of SYSTEM. No authentication is necessary to exploit this.

  Tags:  manageengine sql security manager-plus web-root-directory malicious-sql-query code-execution  

• 16:23

  ManageEngine Security Manager Plus 5.5 Build 5505 Code Execution

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a SQL injection found in ManageEngine Security Manager Plus advanced search page. It will send a malicious SQL query to create a JSP file under the web root directory, and then let it download and execute our malicious executable under the context of SYSTEM. No authentication is necessary to exploit this.

  Tags:  manageengine sql security manager-plus web-root-directory malicious-sql-query code-execution  

• 16:23

  ManageEngine Security Manager Plus 5.5 Build 5505 Code Execution

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a SQL injection found in ManageEngine Security Manager Plus advanced search page. It will send a malicious SQL query to create a JSP file under the web root directory, and then let it download and execute our malicious executable under the context of SYSTEM. No authentication is necessary to exploit this.

  Tags:  manageengine sql security manager-plus web-root-directory malicious-sql-query code-execution  

• 0:00

  Vuln: Computer Associates ARCserve Backup Remote Code Execution and Denial of Service Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  Computer Associates ARCserve Backup Remote Code Execution and Denial of Service Vulnerabilities

  Tags:  computer remote arcserve code-execution denial-of-service computer-associates  

• 0:00

  Vuln: Oracle Java Runtime Environment Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Java Runtime Environment Remote Code Execution Vulnerability

  Tags:  oracle runtime environment java-runtime-environment oracle-java code-execution  

• 0:00

  Vuln: Oracle Java Runtime Environment CVE-2012-1682 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Java Runtime Environment CVE-2012-1682 Remote Code Execution Vulnerability

  Tags:  oracle runtime environment java-runtime-environment oracle-java code-execution  

• 0:00

  Vuln: Oracle Java Runtime Environment CVE-2012-3136 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Oracle Java Runtime Environment CVE-2012-3136 Remote Code Execution Vulnerability

  Tags:  oracle runtime environment java-runtime-environment oracle-java code-execution  

• October 18, 2012
• 14:53

  Drupal 7.x PHP Code Execution / Information Disclosure

   » ‎ Packet Storm Security Advisories
  Drupal versions prior to 7.16 suffer from arbitrary PHP code execution and information disclosure vulnerabilities. Version 6 is not affected.

  Tags:  code drupal php code-execution information-disclosure version-6  

• 14:53

  Drupal 7.x PHP Code Execution / Information Disclosure

   » ‎ Packet Storm Security Recent Files
  Drupal versions prior to 7.16 suffer from arbitrary PHP code execution and information disclosure vulnerabilities. Version 6 is not affected.

  Tags:  code drupal php code-execution information-disclosure version-6  

• 14:53

  Drupal 7.x PHP Code Execution / Information Disclosure

   » ‎ Packet Storm Security Misc. Files
  Drupal versions prior to 7.16 suffer from arbitrary PHP code execution and information disclosure vulnerabilities. Version 6 is not affected.

  Tags:  code drupal php code-execution information-disclosure version-6  

• October 17, 2012
• 0:00

  Vuln: Samba 'Perl-Based DCE/RPC IDL' Compiler Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Samba 'Perl-Based DCE/RPC IDL' Compiler Remote Code Execution Vulnerability

  Tags:  samba dce rpc code-execution vulnerability  

• October 16, 2012
• 17:00

  Crawlability vBSEO 'proc_deutf()' Remote Code Execution Vulnerability

   » ‎ SecuriTeam
  This allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.

  Tags:  crawlability vbseo code code-execution regular-expression repl  

• October 11, 2012
• 23:33

  Project Pier Arbitrary File Upload

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a vulnerability found in Project Pier. The application's uploading tool does not require any authentication, which allows a malicious user to upload an arbitrary file onto the web server, and then cause remote code execution by simply requesting it. This Metasploit module is known to work against Apache servers due to the way it handles an extension name, but the vulnerability may not be exploitable on others.

  Tags:  pier project file apache-servers code-execution malicious-user  

• 23:33

  Project Pier Arbitrary File Upload

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a vulnerability found in Project Pier. The application's uploading tool does not require any authentication, which allows a malicious user to upload an arbitrary file onto the web server, and then cause remote code execution by simply requesting it. This Metasploit module is known to work against Apache servers due to the way it handles an extension name, but the vulnerability may not be exploitable on others.

  Tags:  pier project file apache-servers code-execution malicious-user  

• 23:33

  Project Pier Arbitrary File Upload

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a vulnerability found in Project Pier. The application's uploading tool does not require any authentication, which allows a malicious user to upload an arbitrary file onto the web server, and then cause remote code execution by simply requesting it. This Metasploit module is known to work against Apache servers due to the way it handles an extension name, but the vulnerability may not be exploitable on others.

  Tags:  pier project file apache-servers code-execution malicious-user  

• 14:00

  [Remote exploits] - KeyHelp ActiveX LaunchTriPane Remote Code Execution

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [Remote exploits] - KeyHelp ActiveX LaunchTriPane Remote Code Execution

  Tags:  exploit code remote code-execution exploits  

• 0:00

  Vuln: GE Proficy Historian 'KeyHelp.ocx' ActiveX Control Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  GE Proficy Historian 'KeyHelp.ocx' ActiveX Control Remote Code Execution Vulnerability

  Tags:  historian proficy keyhelp proficy-historian code-execution activex-control  

• October 09, 2012
• 14:00

  [Remote exploits] - HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType() Remote Code Execution

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [Remote exploits] - HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType() Remote Code Execution

  Tags:  exploit management remote application-lifecycle-management code-execution activex  

• 14:00

  [Remote exploits] - Oracle Business Transaction Management FlashTunnelService Remote Code Execution

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [Remote exploits] - Oracle Business Transaction Management FlashTunnelService Remote Code Execution

  Tags:  exploit oracle remote business-transaction-management oracle-business code-execution