«
Expand/Collapse
481 items tagged "execution"
Related tags:
arbitrary command [+],
vulnerability [+],
phptax [+],
command execution [+],
wordpress [+],
windows [+],
vulnerabilities [+],
version [+],
php [+],
management [+],
malware [+],
internet explorer [+],
gitorious [+],
exploitation techniques [+],
apple mac os [+],
command [+],
zenphoto [+],
sap [+],
register [+],
directory traversal [+],
arbitrary [+],
webapps [+],
web [+],
vsa [+],
script [+],
mozilla firefox [+],
mozilla [+],
heap [+],
day [+],
cisco wag [+],
buffer overflow vulnerability [+],
apache [+],
zabbix [+],
xoops [+],
x lion [+],
x code [+],
wireshark [+],
windows management instrumentation [+],
windows 2003 sp2 [+],
western [+],
websense [+],
webcalendar [+],
vulnerable version [+],
victim machine [+],
version 6 [+],
valid username [+],
uri [+],
typo [+],
twiki [+],
triton [+],
traq [+],
the [+],
target host [+],
soap [+],
sitescope [+],
sharpgrid [+],
session management [+],
security issue [+],
samba [+],
router function [+],
root privileges [+],
root privilege [+],
reporter code [+],
reporter [+],
python wrapper [+],
python [+],
proficy [+],
privileged user [+],
privilege escalation vulnerability [+],
phpmyfaq [+],
phpfox [+],
php code [+],
phonalisa [+],
payload [+],
password disclosure [+],
parser [+],
page parameter [+],
page [+],
owncloud [+],
overflow vulnerability [+],
osx [+],
optimized functions [+],
o driver [+],
novell [+],
network server [+],
narcissus [+],
mysqldumper [+],
mybb [+],
monitor [+],
mobilecartly [+],
minicms [+],
messenger version [+],
messenger [+],
mac os x [+],
lua [+],
live [+],
lifestyle management [+],
libavcodec [+],
lan [+],
jpegsnoop [+],
java runtime environment [+],
instrumentation service [+],
information disclosure [+],
information [+],
inclusion [+],
implementation flaws [+],
image builder [+],
gimp [+],
freewebshop [+],
freepbx [+],
free software updates [+],
ffmpeg [+],
fckeditor [+],
extreme caution [+],
exploitation [+],
executable file [+],
eval [+],
empirecms [+],
eglibc [+],
easyphp [+],
dosu [+],
decisiontools [+],
data execution prevention [+],
cve [+],
console [+],
collection [+],
code tester [+],
ckeditor [+],
cisco telepresence [+],
cisco security advisory [+],
cisco security [+],
cisco discovery [+],
cisco [+],
bypass [+],
apple safari [+],
apple os x [+],
apple os [+],
apple mac os x [+],
antivirus [+],
anfibia [+],
andy davis [+],
alegrocart [+],
aidicms [+],
active x [+],
Software [+],
x cve [+],
windows multimedia [+],
tinywebgallery [+],
thunderbird [+],
splunk [+],
net [+],
multimedia library [+],
midi [+],
kernel memory [+],
kernel [+],
disclosure issues [+],
directory traversal vulnerability [+],
bit [+],
apple quicktime [+],
remote [+],
arbitrary code execution [+],
zdi [+],
xsltresult [+],
x prior [+],
writable [+],
webkit [+],
web applications [+],
virginia [+],
videolan [+],
usa [+],
uri buffer [+],
upload [+],
unauthenticated [+],
typo3 [+],
tunnel [+],
trusted [+],
tftp [+],
technology protection [+],
technology [+],
svg [+],
struts [+],
simon game [+],
simon [+],
server manager [+],
script file [+],
safer use [+],
race [+],
proof of concept [+],
portsmouth virginia [+],
portsmouth [+],
poc [+],
php 5 [+],
patch [+],
open [+],
null [+],
north street [+],
netdecision [+],
maynor [+],
manager remote [+],
manager [+],
malicious code [+],
malicious [+],
lua script [+],
license server [+],
java execution [+],
java code execution [+],
java [+],
impresspages [+],
heap corruption [+],
hackerspace [+],
glsa [+],
game [+],
functions [+],
firefox [+],
file upload [+],
file [+],
family connections [+],
exploit [+],
expansion rom [+],
execution technology [+],
esri [+],
drupal [+],
downloader [+],
dolphin [+],
disclosure [+],
demultiplexer [+],
david maynor [+],
contests [+],
com [+],
cms [+],
cisco products [+],
bugtraq [+],
blick [+],
black hat [+],
bibliography server [+],
basilic [+],
authors [+],
attacker [+],
application [+],
apple webkit [+],
ajax [+],
cross site scripting [+],
code execution [+],
code [+],
exploits [+],
zip,
zero day,
zach hoffmann,
xpdf,
xine,
x86,
wmp,
wmitools,
windows machines,
winamp versions,
winamp,
win,
whitepaper,
web configurator,
vmware,
viscom,
version v1,
vbseo,
user assisted,
user,
uploadservlet,
txt,
trust issue,
toolbar,
tinymce,
temp directory,
system,
store,
sql,
spring framework,
spring,
spreecommerce,
smarterstats,
slimpdf,
shortcut,
shellcode,
shell commands,
shell,
security,
secure,
secunia,
sdk,
script execution,
safari,
ruby,
root certificate,
root,
rogue server,
roberto suggi,
rmi server,
retired,
research,
realplayer,
realnetworks,
realgames,
reader,
quot,
protocol handler,
protection mechanisms,
proof,
professional,
pro versions,
privilege elevation,
privilege,
prevention,
postgresql,
plugin,
pls file,
phpmyadmin,
php scripts,
php barcode,
performance,
pdf,
pcvue,
package,
overflows,
overflow,
opera,
opentext,
openedit,
onefilecms,
ofbiz,
novell zenworks,
novell iprint,
new,
netcraft toolbar,
netcraft,
multiple,
modacom,
mobility,
mitel,
midi parser,
microsoft windows,
microsoft,
meta characters,
meshcms,
mcafee,
malicious website,
magneto,
mac app,
lucent,
lotus domino,
lomtec,
local privilege escalation,
library path,
ld library,
layout engine,
krb5,
kdc,
jtiny,
jdownloader,
javascript engine,
java rmi,
jakcms,
jaf cms,
jaf,
j integra,
interface code,
interface,
integra 2,
instance,
insight,
ignition,
icq,
html tables,
hp performance,
graphical user interface,
gold version,
gold,
gadu gadu,
gadu,
framework,
flexdb,
flag,
file corruption,
exec,
esignal,
engine,
elevation,
element,
editable,
e pre ,
dsa,
download,
dotnetnuke,
dos command,
domino,
dom node,
document position,
dhclient,
detection,
denial of service,
debug,
database login,
database,
data protector,
data,
credentials,
context variables,
contacts,
configuration management,
concept,
code security,
christian holler,
can bite,
bug,
buffer overflows,
browser,
black ice,
bind request,
barcode,
awstats,
awc,
avira antivir,
automation,
attackers,
aslr,
arbitrary commands,
arbitrary code,
apps,
application execution,
apple security,
aphpkb,
apache struts,
android,
amp,
alice,
alguest,
akamai download,
administration kit,
administration,
activex version,
activeweb,
active x control,
ARM
-
-
17:03
»
Packet Storm Security Exploits
TWiki versions 4.x and 5.1.0 through 5.1.2 suffers from a remote command execution vulnerability due to an underlying security issue in the Locale::Maketext CPAN module.
-
17:03
»
Packet Storm Security Recent Files
TWiki versions 4.x and 5.1.0 through 5.1.2 suffers from a remote command execution vulnerability due to an underlying security issue in the Locale::Maketext CPAN module.
-
17:03
»
Packet Storm Security Misc. Files
TWiki versions 4.x and 5.1.0 through 5.1.2 suffers from a remote command execution vulnerability due to an underlying security issue in the Locale::Maketext CPAN module.
-
-
12:22
»
Packet Storm Security Exploits
EasyPHP version 12.1 suffers from a remote code execution vulnerability due to a code tester feature running on a server bound to localhost.
-
-
17:00
»
SecuriTeam
PhpTax 0.8 is prone to remote code execution vulnerability.
-
-
23:59
»
Packet Storm Security Exploits
This Metasploit module exploits a code execution vulnerability in the KeyScript ActiveX control from keyhelp.ocx. It is packaged in several products or GE, such as Proficy Historian 4.5, 4.0, 3.5, and 3.1, Proficy HMI/SCADA 5.1 and 5.0, Proficy Pulse 1.0, Proficy Batch Execution 5.6, and SI7 I/O Driver between 7.20 and 7.42. When the control is installed with these products, the function "LaunchTriPane" will use ShellExecute to launch "hh.exe", with user controlled data as parameters. Because of this, the "-decompile" option can be abused to write arbitrary files on the remote system. Code execution can be achieved by first uploading the payload to the remote machine, and then upload another mof file, which enables Windows Management Instrumentation service to execute it. Please note that this module currently only works for Windows before Vista. On the other hand, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. It is enabled and automatically started by default on Windows XP SP3
-
23:59
»
Packet Storm Security Recent Files
This Metasploit module exploits a code execution vulnerability in the KeyScript ActiveX control from keyhelp.ocx. It is packaged in several products or GE, such as Proficy Historian 4.5, 4.0, 3.5, and 3.1, Proficy HMI/SCADA 5.1 and 5.0, Proficy Pulse 1.0, Proficy Batch Execution 5.6, and SI7 I/O Driver between 7.20 and 7.42. When the control is installed with these products, the function "LaunchTriPane" will use ShellExecute to launch "hh.exe", with user controlled data as parameters. Because of this, the "-decompile" option can be abused to write arbitrary files on the remote system. Code execution can be achieved by first uploading the payload to the remote machine, and then upload another mof file, which enables Windows Management Instrumentation service to execute it. Please note that this module currently only works for Windows before Vista. On the other hand, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. It is enabled and automatically started by default on Windows XP SP3
-
23:59
»
Packet Storm Security Misc. Files
This Metasploit module exploits a code execution vulnerability in the KeyScript ActiveX control from keyhelp.ocx. It is packaged in several products or GE, such as Proficy Historian 4.5, 4.0, 3.5, and 3.1, Proficy HMI/SCADA 5.1 and 5.0, Proficy Pulse 1.0, Proficy Batch Execution 5.6, and SI7 I/O Driver between 7.20 and 7.42. When the control is installed with these products, the function "LaunchTriPane" will use ShellExecute to launch "hh.exe", with user controlled data as parameters. Because of this, the "-decompile" option can be abused to write arbitrary files on the remote system. Code execution can be achieved by first uploading the payload to the remote machine, and then upload another mof file, which enables Windows Management Instrumentation service to execute it. Please note that this module currently only works for Windows before Vista. On the other hand, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. It is enabled and automatically started by default on Windows XP SP3
-
17:00
»
SecuriTeam
This allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors.
-
-
9:26
»
Packet Storm Security Recent Files
This archive contains web malware recovered from honeypots and other places. It includes various backdoors, bots, exploits, and more. Please note that many of the files ARE backdoored so you should exercise extreme caution and analyze them before any execution.
-
9:26
»
Packet Storm Security Tools
This archive contains web malware recovered from honeypots and other places. It includes various backdoors, bots, exploits, and more. Please note that many of the files ARE backdoored so you should exercise extreme caution and analyze them before any execution.
-
9:26
»
Packet Storm Security Misc. Files
This archive contains web malware recovered from honeypots and other places. It includes various backdoors, bots, exploits, and more. Please note that many of the files ARE backdoored so you should exercise extreme caution and analyze them before any execution.
-
-
17:04
»
Packet Storm Security Advisories
Andy Davis of NCC Group has discovered an arbitrary code execution vulnerability in Apple OS X Lion versions 10.7 to 10.7.4 and OS X Lion Server versions 10.7 to 10.7.4.
-
17:04
»
Packet Storm Security Recent Files
Andy Davis of NCC Group has discovered an arbitrary code execution vulnerability in Apple OS X Lion versions 10.7 to 10.7.4 and OS X Lion Server versions 10.7 to 10.7.4.
-
17:04
»
Packet Storm Security Misc. Files
Andy Davis of NCC Group has discovered an arbitrary code execution vulnerability in Apple OS X Lion versions 10.7 to 10.7.4 and OS X Lion Server versions 10.7 to 10.7.4.
-
-
8:22
»
Packet Storm Security Exploits
This Metasploit module exploits a command execution vulnerability in WAN Emulator version 2.3 which can be abused to allow unauthenticated users to execute arbitrary commands under the context of the 'www-data' user. The 'result.php' script calls shell_exec() with user controlled data from the 'pc' parameter. This Metasploit module also exploits a command execution vulnerability to gain root privileges. The 'dosu' binary is suid 'root' and vulnerable to command execution in argument one.
-
8:22
»
Packet Storm Security Recent Files
This Metasploit module exploits a command execution vulnerability in WAN Emulator version 2.3 which can be abused to allow unauthenticated users to execute arbitrary commands under the context of the 'www-data' user. The 'result.php' script calls shell_exec() with user controlled data from the 'pc' parameter. This Metasploit module also exploits a command execution vulnerability to gain root privileges. The 'dosu' binary is suid 'root' and vulnerable to command execution in argument one.
-
8:22
»
Packet Storm Security Misc. Files
This Metasploit module exploits a command execution vulnerability in WAN Emulator version 2.3 which can be abused to allow unauthenticated users to execute arbitrary commands under the context of the 'www-data' user. The 'result.php' script calls shell_exec() with user controlled data from the 'pc' parameter. This Metasploit module also exploits a command execution vulnerability to gain root privileges. The 'dosu' binary is suid 'root' and vulnerable to command execution in argument one.
-
-
20:22
»
Packet Storm Security Advisories
The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.
-
20:22
»
Packet Storm Security Recent Files
The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.
-
20:22
»
Packet Storm Security Misc. Files
The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.
-
-
19:03
»
Packet Storm Security Exploits
This Metasploit module exploits a code execution flaw in HP SiteScope. It exploits two vulnerabilities in order to get its objective. An authentication bypass in the getSiteScopeConfiguration operation, available through the APISiteScopeImpl AXIS service, to retrieve the administrator credentials and subsequently abuses the UploadManagerServlet to upload an arbitrary payload embedded in a JSP. The module has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2.
-
19:03
»
Packet Storm Security Recent Files
This Metasploit module exploits a code execution flaw in HP SiteScope. It exploits two vulnerabilities in order to get its objective. An authentication bypass in the getSiteScopeConfiguration operation, available through the APISiteScopeImpl AXIS service, to retrieve the administrator credentials and subsequently abuses the UploadManagerServlet to upload an arbitrary payload embedded in a JSP. The module has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2.
-
19:03
»
Packet Storm Security Misc. Files
This Metasploit module exploits a code execution flaw in HP SiteScope. It exploits two vulnerabilities in order to get its objective. An authentication bypass in the getSiteScopeConfiguration operation, available through the APISiteScopeImpl AXIS service, to retrieve the administrator credentials and subsequently abuses the UploadManagerServlet to upload an arbitrary payload embedded in a JSP. The module has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2.
-
-
15:22
»
Packet Storm Security Advisories
The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.
-
15:22
»
Packet Storm Security Recent Files
The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.
-
15:22
»
Packet Storm Security Misc. Files
The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.
-
-
20:16
»
Packet Storm Security Advisories
There is an arbitrary command execution vulnerability in the scriptfu network server console in the GIMP 2.6 branch. It is possible to use a python scriptfu command to run arbitrary operating-system commands and potentially take full control of the host.
-
20:16
»
Packet Storm Security Recent Files
There is an arbitrary command execution vulnerability in the scriptfu network server console in the GIMP 2.6 branch. It is possible to use a python scriptfu command to run arbitrary operating-system commands and potentially take full control of the host.
-
20:16
»
Packet Storm Security Misc. Files
There is an arbitrary command execution vulnerability in the scriptfu network server console in the GIMP 2.6 branch. It is possible to use a python scriptfu command to run arbitrary operating-system commands and potentially take full control of the host.
-
-
17:00
»
SecuriTeam
The Finder module for Drupal is prone to a cross-site-scripting vulnerability and an arbitrary-code execution vulnerability because the application fails to sufficiently sanitize user-supplied data..
-
-
3:22
»
Packet Storm Security Exploits
A patch introduced a signedness bug causing any program compiled against the vulnerable version of eglibc and using optimized functions such as memcpy_ssse3 and memcpy-ssse3-back to be potentially vulnerable to unexpected code execution.
-
3:22
»
Packet Storm Security Recent Files
A patch introduced a signedness bug causing any program compiled against the vulnerable version of eglibc and using optimized functions such as memcpy_ssse3 and memcpy-ssse3-back to be potentially vulnerable to unexpected code execution.
-
3:22
»
Packet Storm Security Misc. Files
A patch introduced a signedness bug causing any program compiled against the vulnerable version of eglibc and using optimized functions such as memcpy_ssse3 and memcpy-ssse3-back to be potentially vulnerable to unexpected code execution.
-
-
18:59
»
Packet Storm Security Advisories
Cisco Security Advisory - Cisco TelePresence Endpoint devices contain multiple vulnerabilities. Exploitation of the API Remote Command Execution vulnerability could allow an unauthenticated, adjacent attacker to inject commands into API requests. The injected commands will be executed by the underlying operating system in an elevated context. Exploitation of the Remote Command Execution vulnerability could allow an authenticated, remote attacker to inject commands into requests made to the Administrative Web interface. The injected commands will be executed by the underlying operating system in an elevated context. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
-
18:59
»
Packet Storm Security Recent Files
Cisco Security Advisory - Cisco TelePresence Endpoint devices contain multiple vulnerabilities. Exploitation of the API Remote Command Execution vulnerability could allow an unauthenticated, adjacent attacker to inject commands into API requests. The injected commands will be executed by the underlying operating system in an elevated context. Exploitation of the Remote Command Execution vulnerability could allow an authenticated, remote attacker to inject commands into requests made to the Administrative Web interface. The injected commands will be executed by the underlying operating system in an elevated context. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
-
18:59
»
Packet Storm Security Misc. Files
Cisco Security Advisory - Cisco TelePresence Endpoint devices contain multiple vulnerabilities. Exploitation of the API Remote Command Execution vulnerability could allow an unauthenticated, adjacent attacker to inject commands into API requests. The injected commands will be executed by the underlying operating system in an elevated context. Exploitation of the Remote Command Execution vulnerability could allow an authenticated, remote attacker to inject commands into requests made to the Administrative Web interface. The injected commands will be executed by the underlying operating system in an elevated context. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
-
-
11:01
»
Hack a Day
How does one take a game of Simon and make it extremely awesome? The folks at the North Street Labs — a Hackerspace in Portsmouth, Virginia — have found the secret and it’s all in the execution. They turned this chair-desk into a coin-operated Simon game that hides a huge surprise. We suppose you should [...]
-
-
16:42
»
Packet Storm Security Exploits
Python-wrapper executes any test.py script within the current working directory, when supplied with help('modules'). A non-privileged user may gain code execution by tricking root to help('modules') or help() and then modules from within python-wrapper while within a non-privileged user's work directory.
-
16:42
»
Packet Storm Security Recent Files
Python-wrapper executes any test.py script within the current working directory, when supplied with help('modules'). A non-privileged user may gain code execution by tricking root to help('modules') or help() and then modules from within python-wrapper while within a non-privileged user's work directory.
-
16:42
»
Packet Storm Security Misc. Files
Python-wrapper executes any test.py script within the current working directory, when supplied with help('modules'). A non-privileged user may gain code execution by tricking root to help('modules') or help() and then modules from within python-wrapper while within a non-privileged user's work directory.
-
-
12:33
»
Packet Storm Security Exploits
The WD TV Live Streaming Media Player suffers from two implementation flaws that together allow for remote command execution as root.
-
-
17:00
»
SecuriTeam
ImpressPages CMS is prone to a remote-code execution vulnerability.
-
-
17:00
»
SecuriTeam
Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
-
-
16:56
»
Packet Storm Security Exploits
MySQLDumper version 1.24.4 suffers from code execution, cross site request forgery, cross site scripting, local file inclusion, and directory traversal vulnerabilities.
-
16:56
»
Packet Storm Security Recent Files
MySQLDumper version 1.24.4 suffers from code execution, cross site request forgery, cross site scripting, local file inclusion, and directory traversal vulnerabilities.
-
16:56
»
Packet Storm Security Misc. Files
MySQLDumper version 1.24.4 suffers from code execution, cross site request forgery, cross site scripting, local file inclusion, and directory traversal vulnerabilities.
-
-
17:00
»
SecuriTeam
If successful, it is unknown whether a malicious third party might be able to trigger execution of arbitrary code. Successful exploitation of this bug can crash the process of the media player.
-
-
18:16
»
Packet Storm Security Exploits
FreePBX versions 2.10.0, 2.9.0, and perhaps earlier versions suffer from cross site scripting and remote code execution vulnerabilities.
-
-
18:03
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Lotus CMS 3.0's Router() function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call, therefore allowing remote code execution. The module can either automatically pick up a 'page' parameter from the default page, or manually specify one in the URI option.
-
18:03
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in Lotus CMS 3.0's Router() function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call, therefore allowing remote code execution. The module can either automatically pick up a 'page' parameter from the default page, or manually specify one in the URI option.
-
18:03
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in Lotus CMS 3.0's Router() function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call, therefore allowing remote code execution. The module can either automatically pick up a 'page' parameter from the default page, or manually specify one in the URI option.
-
16:45
»
Packet Storm Security Exploits
This Metasploit module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using Windows Media Player's ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causing the offset calculation being higher than how much is available on the heap (0x400 allocated by WINMM!winmmAlloc), and then allowing us to either "inc al" or "dec al" a byte. This can be used to corrupt an array (CImplAry) we setup, and force the browser to confuse types from tagVARIANT objects, which leverages remote code execution under the context of the user. At this time, for IE 8 target, JRE (Java Runtime Environment) is required to bypass DEP (Data Execution Prevention). Note: Based on our testing, the vulnerability does not seem to trigger when the victim machine is operated via rdesktop.
-
16:45
»
Packet Storm Security Recent Files
This Metasploit module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using Windows Media Player's ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causing the offset calculation being higher than how much is available on the heap (0x400 allocated by WINMM!winmmAlloc), and then allowing us to either "inc al" or "dec al" a byte. This can be used to corrupt an array (CImplAry) we setup, and force the browser to confuse types from tagVARIANT objects, which leverages remote code execution under the context of the user. At this time, for IE 8 target, JRE (Java Runtime Environment) is required to bypass DEP (Data Execution Prevention). Note: Based on our testing, the vulnerability does not seem to trigger when the victim machine is operated via rdesktop.
-
16:45
»
Packet Storm Security Misc. Files
This Metasploit module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using Windows Media Player's ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causing the offset calculation being higher than how much is available on the heap (0x400 allocated by WINMM!winmmAlloc), and then allowing us to either "inc al" or "dec al" a byte. This can be used to corrupt an array (CImplAry) we setup, and force the browser to confuse types from tagVARIANT objects, which leverages remote code execution under the context of the user. At this time, for IE 8 target, JRE (Java Runtime Environment) is required to bypass DEP (Data Execution Prevention). Note: Based on our testing, the vulnerability does not seem to trigger when the victim machine is operated via rdesktop.
-
-
16:08
»
Packet Storm Security Exploits
WordPress versions 3.3.1 and below suffer from MySQL username/password disclosure, PHP code execution and cross site scripting vulnerabilities.
-
16:08
»
Packet Storm Security Misc. Files
WordPress versions 3.3.1 and below suffer from MySQL username/password disclosure, PHP code execution and cross site scripting vulnerabilities.
-
-
20:50
»
Packet Storm Security Exploits
This Metasploit module exploits an arbitrary command execution vulnerability in the in gitorious. Unvalidated input is send to the shell allowing command execution.
-
20:50
»
Packet Storm Security Recent Files
This Metasploit module exploits an arbitrary command execution vulnerability in the in gitorious. Unvalidated input is send to the shell allowing command execution.
-
20:50
»
Packet Storm Security Misc. Files
This Metasploit module exploits an arbitrary command execution vulnerability in the in gitorious. Unvalidated input is send to the shell allowing command execution.
-
-
22:39
»
Packet Storm Security Exploits
This Metasploit module exploits an arbitrary root command execution vulnerability in OP5 Monitor welcome. Ekelow AB has confirmed that OP5 Monitor versions 5.3.5, 5.4.0, 5.4.2, 5.5.0, 5.5.1 are vulnerable.
-
22:39
»
Packet Storm Security Recent Files
This Metasploit module exploits an arbitrary root command execution vulnerability in OP5 Monitor welcome. Ekelow AB has confirmed that OP5 Monitor versions 5.3.5, 5.4.0, 5.4.2, 5.5.0, 5.5.1 are vulnerable.
-
22:39
»
Packet Storm Security Misc. Files
This Metasploit module exploits an arbitrary root command execution vulnerability in OP5 Monitor welcome. Ekelow AB has confirmed that OP5 Monitor versions 5.3.5, 5.4.0, 5.4.2, 5.5.0, 5.5.1 are vulnerable.
-
-
16:02
»
Packet Storm Security Exploits
Apache Struts2 versions 2.2.1.1 and below suffer from an ExceptionDelegator remote command execution vulnerability. Versions 2.3.1 and below suffer from remote command execution vulnerabilities related to CookieInterceptor and DebuggingInterceptor. Versions 2.3.1 and below suffer from a file overwrite vulnerability in ParametersInterceptor.
-
16:02
»
Packet Storm Security Recent Files
Apache Struts2 versions 2.2.1.1 and below suffer from an ExceptionDelegator remote command execution vulnerability. Versions 2.3.1 and below suffer from remote command execution vulnerabilities related to CookieInterceptor and DebuggingInterceptor. Versions 2.3.1 and below suffer from a file overwrite vulnerability in ParametersInterceptor.
-
16:02
»
Packet Storm Security Misc. Files
Apache Struts2 versions 2.2.1.1 and below suffer from an ExceptionDelegator remote command execution vulnerability. Versions 2.3.1 and below suffer from remote command execution vulnerabilities related to CookieInterceptor and DebuggingInterceptor. Versions 2.3.1 and below suffer from a file overwrite vulnerability in ParametersInterceptor.
-
-
14:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Webkit Library.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
8:36
»
Packet Storm Security Recent Files
Sec-1 Labs performed a product security analysis of Splunk and discovered remote command execution as a privileged user, a directory traversal vulnerability, failure to protect itself from brute force attacks and information disclosure issues. Versions 4.2.2, 4.2.3 and 4.2.4 were tested. This archive contains an advisory and an exploit.
-
8:36
»
Packet Storm Security Misc. Files
Sec-1 Labs performed a product security analysis of Splunk and discovered remote command execution as a privileged user, a directory traversal vulnerability, failure to protect itself from brute force attacks and information disclosure issues. Versions 4.2.2, 4.2.3 and 4.2.4 were tested. This archive contains an advisory and an exploit.
-
-
7:57
»
Packet Storm Security Exploits
This Metasploit module exploits an arbitrary command execution vulnerability in Traq 2.0 to 2.3. It's in the admincp/common.php script. This function is called in each script located into /admicp/ directory to make sure the user has admin rights, but this is a broken authorization schema due to the header() function not stopping the execution flow.
-
7:57
»
Packet Storm Security Recent Files
This Metasploit module exploits an arbitrary command execution vulnerability in Traq 2.0 to 2.3. It's in the admincp/common.php script. This function is called in each script located into /admicp/ directory to make sure the user has admin rights, but this is a broken authorization schema due to the header() function not stopping the execution flow.
-
7:57
»
Packet Storm Security Misc. Files
This Metasploit module exploits an arbitrary command execution vulnerability in Traq 2.0 to 2.3. It's in the admincp/common.php script. This function is called in each script located into /admicp/ directory to make sure the user has admin rights, but this is a broken authorization schema due to the header() function not stopping the execution flow.
-
-
21:37
»
Packet Storm Security Exploits
This Metasploit modules exploits a vulnerability in Wireshark 1.6 or less. When opening a pcap file, Wireshark will actually check if there's a 'console.lua' file in the same directory, and then parse/execute the script if found. Versions affected by this vulnerability: 1.6.0 to 1.6.1, 1.4.0 to 1.4.8
-
21:37
»
Packet Storm Security Recent Files
This Metasploit modules exploits a vulnerability in Wireshark 1.6 or less. When opening a pcap file, Wireshark will actually check if there's a 'console.lua' file in the same directory, and then parse/execute the script if found. Versions affected by this vulnerability: 1.6.0 to 1.6.1, 1.4.0 to 1.4.8
-
21:37
»
Packet Storm Security Misc. Files
This Metasploit modules exploits a vulnerability in Wireshark 1.6 or less. When opening a pcap file, Wireshark will actually check if there's a 'console.lua' file in the same directory, and then parse/execute the script if found. Versions affected by this vulnerability: 1.6.0 to 1.6.1, 1.4.0 to 1.4.8
-
-
7:27
»
Packet Storm Security Advisories
Various antivirus software on Windows fails to detect, block and/or move malware if the executable file has only execution permission and no read, write, or other bits set.
-
7:27
»
Packet Storm Security Recent Files
Various antivirus software on Windows fails to detect, block and/or move malware if the executable file has only execution permission and no read, write, or other bits set.
-
7:27
»
Packet Storm Security Misc. Files
Various antivirus software on Windows fails to detect, block and/or move malware if the executable file has only execution permission and no read, write, or other bits set.
-
-
11:15
»
Packet Storm Security Exploits
This Metasploit module executes an arbitrary payload through the SAP Management Console SOAP Interface. A valid username and password must be provided.
-
11:15
»
Packet Storm Security Recent Files
This Metasploit module executes an arbitrary payload through the SAP Management Console SOAP Interface. A valid username and password must be provided.
-
11:15
»
Packet Storm Security Misc. Files
This Metasploit module executes an arbitrary payload through the SAP Management Console SOAP Interface. A valid username and password must be provided.
-
-
7:58
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Apple Safari on OSX platform. A policy issue in the handling of file:// URLs may allow arbitrary remote code execution under the context of the user. In order to trigger arbitrary remote code execution, the best way seems to be opening a share on the victim machine first (this can be SMB/WebDav/FTP, or a fileformat that OSX might automount), and then execute it in /Volumes/[share]. If there's some kind of bug that leaks the victim machine's current username, then it's also possible to execute the payload in /Users/[username]/Downloads/, or else bruteforce your way to getting that information. Please note that non-java payloads (*.sh extension) might get launched by Xcode instead of executing it, in that case please try the Java ones instead.
-
7:58
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Apple Safari on OSX platform. A policy issue in the handling of file:// URLs may allow arbitrary remote code execution under the context of the user. In order to trigger arbitrary remote code execution, the best way seems to be opening a share on the victim machine first (this can be SMB/WebDav/FTP, or a fileformat that OSX might automount), and then execute it in /Volumes/[share]. If there's some kind of bug that leaks the victim machine's current username, then it's also possible to execute the payload in /Users/[username]/Downloads/, or else bruteforce your way to getting that information. Please note that non-java payloads (*.sh extension) might get launched by Xcode instead of executing it, in that case please try the Java ones instead.
-
7:58
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in Apple Safari on OSX platform. A policy issue in the handling of file:// URLs may allow arbitrary remote code execution under the context of the user. In order to trigger arbitrary remote code execution, the best way seems to be opening a share on the victim machine first (this can be SMB/WebDav/FTP, or a fileformat that OSX might automount), and then execute it in /Volumes/[share]. If there's some kind of bug that leaks the victim machine's current username, then it's also possible to execute the payload in /Users/[username]/Downloads/, or else bruteforce your way to getting that information. Please note that non-java payloads (*.sh extension) might get launched by Xcode instead of executing it, in that case please try the Java ones instead.
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution