what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files from Tenable Network Security

First Active2007-04-25
Last Active2018-11-09
Microsoft Windows 10 Build 17134 Local Privilege Escalation
Posted Nov 9, 2018
Authored by Tenable Network Security

Microsoft Windows 10 Build 17134 local privilege escalation exploit with UAC bypass.

tags | exploit, local
systems | windows
SHA-256 | e3dd973532e4f2d060b4d0b153971e8ddc2cc77a366635af649f3f1227c276e5
Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload Vulnerability
Posted Jun 11, 2012
Authored by Tenable Network Security, juan vazquez | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in Symantec Web Gateway's HTTP service. Due to the incorrect use of file extensions in the upload_file() function, this allows us to abuse the spywall/blocked_file.php file in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution.

tags | exploit, web, arbitrary, php, code execution, file upload
advisories | CVE-2012-0299, OSVDB-82025
SHA-256 | cf93b4b95c23f5407ba012edff8b93021d9cf2a529de505d5f968bbc6cf64f26
Symantec Web Gateway 5.0.2.8 ipchange.php Command Injection
Posted Jun 11, 2012
Authored by Tenable Network Security, juan vazquez | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service due to the insecure usage of the exec() function. This Metasploit module abuses the spywall/ipchange.php file to execute arbitrary OS commands without authentication.

tags | exploit, web, arbitrary, php
advisories | CVE-2012-0297
SHA-256 | b0b67649c40ca029b22826b4a8885851ba50ca7ed212e036f2e5e4e0db93816f
Zero Day Initiative Advisory 08-053
Posted Aug 15, 2008
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows an attacker to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists in the functionality exposed by the Storage Foundation for Windows Scheduler Service, VxSchedService.exe, which listens by default on TCP port 4888. The management console allows NULL NTLMSSP authentication thereby enabling a remote attacker to add, modify, or delete snapshots schedules and consequently run arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
systems | windows
SHA-256 | 3652171caf78ee8bd5e8d4dffd1352e18b45cce0e160d428be5706660113a647
Zero Day Initiative Advisory 08-01
Posted Jan 14, 2008
Authored by Tipping Point, Sebastian Apelt, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express. Authentication is not required to exploit this vulnerability. The specific flaw resides in the TSM Express Backup Server service, dsmsvc.exe, which listens by default on TCP port 1500. The process trusts a user-supplied length value. By supplying a large number, an attacker can overflow a static heap buffer leading to arbitrary code execution in the context of the SYSTEM user. Tivoli Storage Manager Express version 5.3 is affected.

tags | advisory, overflow, arbitrary, tcp, code execution
advisories | CVE-2008-0247
SHA-256 | d3505a1cd6fd799ea1c25183890de56f606ba71453077a7b318259b08b71a0a0
Zero Day Initiative Advisory 07-079
Posted Dec 18, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard HP-UX operating system. Authentication is not required to exploit this vulnerability. The specific flaw exists within the function sw_rpc_agent_init (opcode 0x04) defined in swagentd. Specific malformed arguments can cause function pointers to be overwritten and thereby result in arbitrary code execution. HP-UX version 11.11 is affected.

tags | advisory, remote, arbitrary, code execution
systems | hpux
advisories | CVE-2007-6195
SHA-256 | 1abafcb5cb1fcc5bbd807612d35e37e220db81abb0400e3292c7281a2cc6fb90
Zero Day Initiative Advisory 07-076
Posted Dec 12, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows with the Message Queuing Service enabled. Authentication is not required to exploit this vulnerability. The specific flaw exists in the RPC interface defined on port 2103 with UUID fdb3a030-065f-11d1-bb9b-00a024ea5525. During the processing of opnum 0x06 the service copies user-supplied information into a fixed length stack buffer. Sending at least 300 bytes will trigger a stack based buffer overflow due to a vulnerable wcscat() call. Exploitation of this issue can result in arbitrary code execution. Affected versions are Windows 2000 SP4 and Windows XP SP2.

tags | advisory, remote, overflow, arbitrary, code execution
systems | windows
advisories | CVE-2007-3039
SHA-256 | 7ad73b80c43474accf67595197f54a090063d04177565333581b8946b1c2a6f3
Zero Day Initiative Advisory 07-072
Posted Dec 11, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

Vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Novell NetMail. User interaction is not required to exploit this vulnerability. The specific flaws exist in the AntiVirus agent which listens on a random high TCP port. The avirus.exe service protocol reads a user-supplied ASCII integer value as an argument to a memory allocation routine. The specified size is added to without any integer overflow checks and can therefore result in an under allocation. A subsequent memory copy operation can then corrupt the heap and eventually result in arbitrary code execution. Novell NetMail version 3.5.2 is affected.

tags | advisory, overflow, arbitrary, tcp, vulnerability, code execution, protocol
advisories | CVE-2007-6302
SHA-256 | 2ef213b576dde799161a7dca2bb9007bbc157e7e6026f89a655e0f020974aebd
CAID-brightstor.txt
Posted Dec 8, 2007
Authored by eEye Digital Security, Pedram Amini, cocoruder, Tenable Network Security, Dyon Balding, shirkdog | Site www3.ca.com

CA Security Advisory - Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker to cause a denial of service, execute arbitrary code, or take privileged action.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2007-5326, CVE-2007-5329, CVE-2007-5327, CVE-2007-5325, CVE-2007-5328, CVE-2007-5330, CVE-2007-5331, CVE-2007-5332
SHA-256 | eeb6c53417ccc26b912aa3b7ee71b7c4d770d635ec4f613ec8a5036d63014596
Zero Day Initiative Advisory 07-071
Posted Dec 8, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

Vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard (HP) OpenView Network Node Manager (NNM). Authentication is not required to exploit these vulnerabilities. The specific flaws exists within the CGI applications that handle the management of the NNM server. Due to lack of bounds checking during a call to sprintf(), sending overly long arguments to the various CGI variables result in a classic stack overflow leading to compromise of the remote server. Exploitation leads to code execution running under the credentials of the web server. Further techniques can be leveraged to gain full SYSTEM access. OpenView Network Node Manager versions 7.51 and below are affected.

tags | advisory, remote, web, overflow, arbitrary, cgi, vulnerability, code execution
advisories | CVE-2007-6204
SHA-256 | af2e7b4fea5306f492b6105526815249c897430e2fe51c525fc855c05e67e2ab
Zero Day Initiative Advisory 07-069
Posted Nov 27, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows attackers to arbitrarily access and modify the file system and registry of vulnerable installations of Computer Associates BrightStor ARCserve Backup. Authentication is not required to exploit this vulnerability.

tags | advisory, registry
advisories | CVE-2007-5328
SHA-256 | 89357d202a32023d98793264bbd1c28ee69a7876f29b486362f1a58bd9882ed5
Zero Day Initiative Advisory 07-055
Posted Oct 11, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows remote attackers to crash systems with vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RPC runtime library rpcrt4.dll during the parsing of RPC-level authentication messages. When parsing packets with the authentication type of NTLMSSP and the authentication level of PACKET, an invalid memory dereference can occur if the verification trailer signature is initialized to 0 as opposed to the standard NTLM signature. Successful exploitation crashes the RPC service and subsequently the entire operating system.

tags | advisory, remote
systems | windows
advisories | CVE-2007-2228
SHA-256 | 81c3eb66a83ea337ccd5a2db389db399942be188bee24be99a592d845a95a2b3
Zero Day Initiative Advisory 07-052
Posted Sep 13, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MIT Kerberos. Authentication is not required to exploit this vulnerability. The specific flaw exists in the svcauth_gss_validate() function. By sending a large authentication context over RPC, a stack based buffer overflow occurs, resulting in a situation allowing for remote code execution.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2007-3999
SHA-256 | 4f27736766dd291c21626e29d205e6321ce49701a70947701679ef544a592165
Zero Day Initiative Advisory 07-049
Posted Aug 21, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

Multiple vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability.

tags | advisory, remote, arbitrary, vulnerability
advisories | CVE-2007-3618
SHA-256 | 4fabf17e8a6037fcebff9801b177d7995d77e164d24c51c3be60700274a2dd29
Zero Day Initiative Advisory 07-044
Posted Jul 26, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of BakBone NetVault Reporter. User interaction is not required to exploit this vulnerability. BakBone NetVault Reporter version 3.5 prior to Update4 is susceptible.

tags | advisory, remote, arbitrary
advisories | CVE-2007-3911
SHA-256 | c3eba9e3a239ceea1a75f4975440e4f47f2979ceeb1fcddc729b4d6201491bbc
Zero Day Initiative Advisory 07-022
Posted Apr 25, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Media Server. User interaction is not required to exploit this vulnerability.

tags | advisory, arbitrary
advisories | CVE-2007-2139
SHA-256 | 5f051d451b1cb655c302560bb76e182d99aa01278266b8298e9a10f46856cb50
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close