exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files from Tenable Network Security

First Active2007-04-25
Last Active2018-11-09
Microsoft Windows 10 Build 17134 Local Privilege Escalation
Posted Nov 9, 2018
Authored by Tenable Network Security

Microsoft Windows 10 Build 17134 local privilege escalation exploit with UAC bypass.

tags | exploit, local
systems | windows
MD5 | 5bfd9fbfd023c4f2d5237ed2729d79ad
Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload Vulnerability
Posted Jun 11, 2012
Authored by Tenable Network Security, juan vazquez | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in Symantec Web Gateway's HTTP service. Due to the incorrect use of file extensions in the upload_file() function, this allows us to abuse the spywall/blocked_file.php file in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution.

tags | exploit, web, arbitrary, php, code execution, file upload
advisories | CVE-2012-0299, OSVDB-82025
MD5 | be446e25ec745719bc33f2dda2461791
Symantec Web Gateway 5.0.2.8 ipchange.php Command Injection
Posted Jun 11, 2012
Authored by Tenable Network Security, juan vazquez | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service due to the insecure usage of the exec() function. This Metasploit module abuses the spywall/ipchange.php file to execute arbitrary OS commands without authentication.

tags | exploit, web, arbitrary, php
advisories | CVE-2012-0297
MD5 | 8ce5defd93f1d99d9d00f93ecad020aa
Zero Day Initiative Advisory 08-053
Posted Aug 15, 2008
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows an attacker to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists in the functionality exposed by the Storage Foundation for Windows Scheduler Service, VxSchedService.exe, which listens by default on TCP port 4888. The management console allows NULL NTLMSSP authentication thereby enabling a remote attacker to add, modify, or delete snapshots schedules and consequently run arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
systems | windows
MD5 | 95e5d86646e2ad48b9ff8481f0549ee9
Zero Day Initiative Advisory 08-01
Posted Jan 14, 2008
Authored by Tipping Point, Sebastian Apelt, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express. Authentication is not required to exploit this vulnerability. The specific flaw resides in the TSM Express Backup Server service, dsmsvc.exe, which listens by default on TCP port 1500. The process trusts a user-supplied length value. By supplying a large number, an attacker can overflow a static heap buffer leading to arbitrary code execution in the context of the SYSTEM user. Tivoli Storage Manager Express version 5.3 is affected.

tags | advisory, overflow, arbitrary, tcp, code execution
advisories | CVE-2008-0247
MD5 | 7a0c52554fa38a18476a3e556c03e3d5
Zero Day Initiative Advisory 07-079
Posted Dec 18, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard HP-UX operating system. Authentication is not required to exploit this vulnerability. The specific flaw exists within the function sw_rpc_agent_init (opcode 0x04) defined in swagentd. Specific malformed arguments can cause function pointers to be overwritten and thereby result in arbitrary code execution. HP-UX version 11.11 is affected.

tags | advisory, remote, arbitrary, code execution
systems | hpux
advisories | CVE-2007-6195
MD5 | ad412a33d41e87fe9a61a70ae52818d0
Zero Day Initiative Advisory 07-076
Posted Dec 12, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows with the Message Queuing Service enabled. Authentication is not required to exploit this vulnerability. The specific flaw exists in the RPC interface defined on port 2103 with UUID fdb3a030-065f-11d1-bb9b-00a024ea5525. During the processing of opnum 0x06 the service copies user-supplied information into a fixed length stack buffer. Sending at least 300 bytes will trigger a stack based buffer overflow due to a vulnerable wcscat() call. Exploitation of this issue can result in arbitrary code execution. Affected versions are Windows 2000 SP4 and Windows XP SP2.

tags | advisory, remote, overflow, arbitrary, code execution
systems | windows, 2k, xp
advisories | CVE-2007-3039
MD5 | 1bd474b25aceb117a8378f9633f4f4c3
Zero Day Initiative Advisory 07-072
Posted Dec 11, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

Vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Novell NetMail. User interaction is not required to exploit this vulnerability. The specific flaws exist in the AntiVirus agent which listens on a random high TCP port. The avirus.exe service protocol reads a user-supplied ASCII integer value as an argument to a memory allocation routine. The specified size is added to without any integer overflow checks and can therefore result in an under allocation. A subsequent memory copy operation can then corrupt the heap and eventually result in arbitrary code execution. Novell NetMail version 3.5.2 is affected.

tags | advisory, overflow, arbitrary, tcp, vulnerability, code execution, protocol
advisories | CVE-2007-6302
MD5 | df7e4d6dd1b17c15d1b0b235ca44924c
CAID-brightstor.txt
Posted Dec 8, 2007
Authored by eEye Digital Security, Pedram Amini, cocoruder, Tenable Network Security, Dyon Balding, shirkdog | Site www3.ca.com

CA Security Advisory - Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker to cause a denial of service, execute arbitrary code, or take privileged action.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2007-5326, CVE-2007-5329, CVE-2007-5327, CVE-2007-5325, CVE-2007-5328, CVE-2007-5330, CVE-2007-5331, CVE-2007-5332
MD5 | b570156ca875e160d5434e5fb72b11c5
Zero Day Initiative Advisory 07-071
Posted Dec 8, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

Vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard (HP) OpenView Network Node Manager (NNM). Authentication is not required to exploit these vulnerabilities. The specific flaws exists within the CGI applications that handle the management of the NNM server. Due to lack of bounds checking during a call to sprintf(), sending overly long arguments to the various CGI variables result in a classic stack overflow leading to compromise of the remote server. Exploitation leads to code execution running under the credentials of the web server. Further techniques can be leveraged to gain full SYSTEM access. OpenView Network Node Manager versions 7.51 and below are affected.

tags | advisory, remote, web, overflow, arbitrary, cgi, vulnerability, code execution
advisories | CVE-2007-6204
MD5 | 311ceae015110716c8b40553879d3e45
Zero Day Initiative Advisory 07-069
Posted Nov 27, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows attackers to arbitrarily access and modify the file system and registry of vulnerable installations of Computer Associates BrightStor ARCserve Backup. Authentication is not required to exploit this vulnerability.

tags | advisory, registry
advisories | CVE-2007-5328
MD5 | 5ad9a656249667513fa848639a2a2b7d
Zero Day Initiative Advisory 07-055
Posted Oct 11, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows remote attackers to crash systems with vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RPC runtime library rpcrt4.dll during the parsing of RPC-level authentication messages. When parsing packets with the authentication type of NTLMSSP and the authentication level of PACKET, an invalid memory dereference can occur if the verification trailer signature is initialized to 0 as opposed to the standard NTLM signature. Successful exploitation crashes the RPC service and subsequently the entire operating system.

tags | advisory, remote
systems | windows
advisories | CVE-2007-2228
MD5 | 8bc0b6bda857bf489e188ca6910a1499
Zero Day Initiative Advisory 07-052
Posted Sep 13, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MIT Kerberos. Authentication is not required to exploit this vulnerability. The specific flaw exists in the svcauth_gss_validate() function. By sending a large authentication context over RPC, a stack based buffer overflow occurs, resulting in a situation allowing for remote code execution.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2007-3999
MD5 | 7d48e9a8d7cb0943a3f5dc770d93c13f
Zero Day Initiative Advisory 07-049
Posted Aug 21, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

Multiple vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability.

tags | advisory, remote, arbitrary, vulnerability
advisories | CVE-2007-3618
MD5 | 73df57f0606605ed45fd5cc1e84e1ea6
Zero Day Initiative Advisory 07-044
Posted Jul 26, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of BakBone NetVault Reporter. User interaction is not required to exploit this vulnerability. BakBone NetVault Reporter version 3.5 prior to Update4 is susceptible.

tags | advisory, remote, arbitrary
advisories | CVE-2007-3911
MD5 | 51d457a83d1c128abf33d53e47450e09
Zero Day Initiative Advisory 07-022
Posted Apr 25, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Media Server. User interaction is not required to exploit this vulnerability.

tags | advisory, arbitrary
advisories | CVE-2007-2139
MD5 | 2e27e27253c5a55507c1f03fbdf93dad
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    17 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close