| Email address | private |
|---|---|
| Website | hyp3rlinx.altervista.org |
| First Active | 2015-04-28 |
| Last Active | 2018-09-10 |
Microsoft Baseline Security Analyzer version 2.3 suffers from an XML external entity injection vulnerability.
7224f7e70a591fdfca03428610d0453cThis whitepaper analyzes a privilege escalation vulnerability in the Microsoft .NET framework as noted in MS15-118.
4a014224fc35bfb528ae5d4ebe710d2dFsPro Labs Event Log Explorer version 4.6.1.2115 suffers from an XML external entity injection vulnerability.
fad943a0c32935b55f0eee3696caaca4Argus Surveillance DVR version 4.0.0.0 suffers from a SYSTEM privilege escalation vulnerability.
568a5ca14ccf6b72d34900efe6809bceArgus Surveillance DVR version 4.0.0.0 suffers from file disclosure and traversal vulnerabilities.
236a5ef23b5453a2a50a23ab72a165afThe Microsoft DirectX SDK "Xact3.exe" cross-platform tool allows for arbitrary code execution via a trojan horse file "xbdm.dll" in the current working directory, upon opening a ".xap" project file from the same location.
d7f1056ce3aa140ad0e115c7bf50b3c0Microsoft's dnslint.exe tool does not verify domain names when parsing DNS text-files using the "/ql" switch making it prone to forced drive-by downloads, providing an end user is tricked into using a server text-file containing a script/binary reference instead of a normally expected domain name.
eb14060a0091ba68f6b96c6e9ef2fb25Microsoft Windows Enterprise Mode Site List Manager versions 1 and 2 suffer from an XML external entity injection vulnerability.
adb95485a2175dc841aa24d2a530ed72Library description files are XML files that define libraries. Libraries aggregate items from local and remote storage locations into a single view in Windows Explorer. Library description files follow the Library Description schema and are saved as *.library-ms files. The .library-ms filetype triggers forced authentication when a user/client accesses a remote share that houses an attacker supplied ".library-ms" file, disclosing credential hashes and other identifiable computer informations.
3efbbbe3394fffedf1bbcf55f304effbEnhanced Mitigation Experience Toolkit (EMET) suffers from an XML external entity injection vulnerability.
da2c5fe7a5b5d3b441f02c18e2d7ca7aPolaris Office 2017 version 8.1 allows attackers to execute arbitrary code via a trojan horse "puiframeworkproresenu.dll" file in the current working directory, due to a search order flaw vulnerability.
cb627d3986c07f094a3e4282ca8924deOfficeScan XG version 11.0 suffers from an unauthorized change prevention bypass vulnerability.
e3ce9faee8d067f82b6d929d3dff7cdaMicrosoft FxCop versions 10 through 12 are vulnerable to XML injection attacks allowing local file ex-filtration and or NTLM hash theft. Tested in Windows 7 and Windows 10 download SDK it works in both.
e4970e9fdb7dbc2ea52471b6d0a8c531Easy Hosting Control Panel version 0.37.12.b suffers from an unverified password change vulnerability.
791e45e8fcd14b89a834a308b18cccdeEasy Hosting Control Panel version 0.37.12.b suffers from a clear-text password storage vulnerability.
6e7d491189d0efa9d471a5da0de2a069Easy Hosting Control Panel version 0.37.12.b suffers from an insecure cryptography vulnerability.
2956ee490bcd7d4912aa51b2ecb60372Easy Hosting Control Panel version 0.37.12.b suffers from multiple cross site request forgery vulnerabilities.
0a8f15401bb9cce8379d7f12c69069b1Easy Hosting Control Panel version 0.37.12.b suffers from a cross site scripting vulnerability that allows you to steal the cookie.
f74bbe3371ad692d1039c540fe5a5060Easy Hosting Control Panel version 0.37.12.b suffers from a cross site scripting vulnerability that allows you to add a backdoor FTP account.
966a2022afa674527a1084c1d9a1eedfDeviceLock Plug and Play Auditor version 5.72 suffers from a unicode buffer overflow vulnerability.
e1efa280720a5cbabeff9a9ab68b5ae1Microsoft Internet Explorer version 11.371.16299.0 suffers from a denial of service vulnerability.
b95fe4c66578b78c338a2d385f6635b6Sophos Endpoint Protection version 10.7 control panel authentication uses a weak unsalted unicoded cryptographic hash (SHA1) function. Not using a salt allows attackers that gain access to hash ability to conduct faster cracking attacks using pre-computed dictionaries, e.g. rainbow tables. This can potentially result in unauthorized access that could allow for changing of settings, whitelist or unquarantine files.
17d6f74a89bfb18403ee901bf2ed270dSophos Endpoint Protection version 10.7 suffers from a tamper protection bypass vulnerability.
81f02a8434690f8501645852069a7be1Microsoft Exchange suffers from an open redirect vulnerability.
50d79a092d794c779a0fa7f12fdb4853DEWESoft X3 suffers from a remote internal command access vulnerability.
45f984eff3502fa768d2b3fbeb988e12
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed