exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Zimbra Desktop 7.1.2 Script Injection
Posted Jan 16, 2012
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

Zimbra Desktop version 7.1.2 suffers from multiple input validation vulnerabilities that allow for malicious script insertion and cross site scripting attacks.

tags | exploit, vulnerability, xss
SHA-256 | f41a8370a742c9ba69d11bec4c115ee6b45a6a6b38c04d12fbfb729803b337e2

Related Files

Microsoft Windows Remote Desktop Code Execution
Posted Aug 17, 2012
Authored by Edward Torkington | Site ngssoftware.com

The NCC Group has discovered a remote code execution vulnerability in Microsoft Windows Remote Desktop. Unfortunately, as usual, they are withholding any details for three months.

tags | advisory, remote, code execution
systems | windows
SHA-256 | 0fa10f8bd72eefcf41477492323bf1a29066a62a63f7c0287de0cac6b2c9a5ef
Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow
Posted Aug 7, 2012
Authored by juan vazquez, Brian Gorenc | Site metasploit.com

This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).

tags | exploit, java, web, overflow, code execution, activex
advisories | CVE-2012-0549, OSVDB-81439
SHA-256 | d858c8b6d6fe0d0ffc9d06afc12e482599a5ca2b027ef372734fa46886a66c4d
Red Hat Security Advisory 2012-1136-01
Posted Aug 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1136-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way OpenOffice.org processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-2665
SHA-256 | b59bd2e586688730a92ac126349c089bef1303f0b4131b5918f5c095da0db017
Red Hat Security Advisory 2012-1135-01
Posted Aug 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1135-01 - LibreOffice is an open source, community-developed office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way LibreOffice processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in a LibreOffice application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-2665
SHA-256 | ef5af1d4129c97a023a0cc2e74caaa7ad86b3ab37d19926858984185cae82c3c
Zero Day Initiative Advisory 12-098
Posted Jun 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-098 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of America Online's Toolbar, Desktop, IM, and winamp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dnUpdater ActiveX Control. When initializing the ActiveX control object, dnu.exe assumes the 5th argument being used for the Init() method, to be a legitimate pointer to a function. This vulnerability can be leveraged to execute code under the context of the user.

tags | advisory, remote, arbitrary, activex
SHA-256 | a43f556f3d5f1fb2f42adb830bd5d07dc569dc14ea9ec83ad846c3de1fe60ccb
MyDesktop SQL Injection
Posted Jun 16, 2012
Authored by Taurus Omar

MyDesktop suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b483fc4a413ecf61218995b5a31ab35d3a76cd27173b00ae7bb801caf250abb5
Red Hat Security Advisory 2012-0705-01
Posted Jun 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0705-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an invalid Escher graphics records length in Microsoft Office PowerPoint documents. An attacker could provide a specially-crafted Microsoft Office PowerPoint document that, when opened, would cause OpenOffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running OpenOffice.org.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-1149, CVE-2012-2334
SHA-256 | 6a657f9b42a90e909284ccc79fb9187564b90245173cbab2a1f6851f0a6a3370
Secunia Security Advisory 48843
Posted Apr 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Hitachi JP1/IT Desktop Management, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability, xss
SHA-256 | e0fdb9f7c33b5703a29340209d510b8b6eead3975c286d792e8c5b0a8a4fe19d
Red Hat Security Advisory 2012-0411-01
Posted Mar 23, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0411-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. OpenOffice.org embeds a copy of Raptor, which provides parsers for Resource Description Framework files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If OpenOffice.org were to open a specially-crafted file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running OpenOffice.org had access to. A bug in the way Raptor handled external entities could cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org.

tags | advisory, remote, arbitrary, local, xxe
systems | linux, redhat
advisories | CVE-2012-0037
SHA-256 | 9a0a4f543457fc7348795ef6b90c507f9cb100611358fcad986b6f701a4bd297
Pakyu Cenloder Microsoft Remote Desktop Denial Of Service
Posted Mar 17, 2012
Authored by BMario

Pakyu Cenloder Microsoft Remote Desktop python denial of service exploit.

tags | exploit, remote, denial of service, python
SHA-256 | 6679e3355cf673033887af137fcccfdd01c59d366258732210ba0294f9b2d753
Microsoft Remote Desktop Use-After-Free
Posted Mar 17, 2012
Authored by Luigi Auriemma | Site aluigi.org

This archive encompasses an advisory about the MS12-020 use-after-free vulnerability in Microsoft Remote Desktop, details about the leaked exploit in relation to this report, and a proof of concept exploit.

tags | exploit, remote, proof of concept
systems | linux
SHA-256 | 9a94d068fd0f6a8f044593bfb8ff8e4f4527cff18adacfeaddb785decdbbaa82
Zero Day Initiative Advisory 12-044
Posted Mar 16, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-044 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft's Remote Desktop Protocol. Authentication is not required to exploit this vulnerability. The specific flaw exists during handling of an error while loading elements into an array. This condition can cause the driver to abort a connection and part of the logic of the abort is to free an object associated with it. This will actually occur twice when each of channels are disconnected. The second time this object is freed, the driver will fetch a virtual pointer from the freed object and call it. This can lead to code execution under the context of the driver.

tags | advisory, remote, arbitrary, code execution, protocol
advisories | CVE-2012-0002
SHA-256 | 10864a15ca77b98406254b2f35007bb2b449eabd2c3ebff0d116a3416159f77e
Red Hat Security Advisory 2012-0349-01
Posted Mar 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0349-01 - On March 01, 2012, all Red Hat Enterprise Linux 4-based products listed transition from the Production Phase to the Extended Life Phase: Red Hat Enterprise Linux AS 4, Red Hat Enterprise Linux ES 4, Red Hat Enterprise Linux WS 4, Red Hat Desktop 4, Red Hat Global File System 4, Red Hat Cluster Suite 4.

tags | advisory
systems | linux, redhat
SHA-256 | e326550afcdeea4064006170ceef17b1544525cfcecf9f031e3dac47bae27ec1
Red Hat Security Advisory 2012-0324-01
Posted Feb 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0324-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.

tags | tool, local
systems | unix
advisories | CVE-2012-0841
SHA-256 | 5523df1edf9b9bf00698149c5299eca8f8b5e0c4b4ab304f7d57cc4905cc9491
Red Hat Security Advisory 2012-0136-01
Posted Feb 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0136-01 - The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis media files. If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of libvorbis should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-0444
SHA-256 | a7c0d3490864f1b414b91819fc65ca0f07506a135da1b6cae025b0ee2e2d093c
Yoono Desktop 1.8.16 Cross Site Scripting
Posted Feb 10, 2012
Authored by r007k17-w

Yoono Desktop add-on version 1.8.16 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a8417c2a0833fd85e7aa35fa63e272e82bb16abb6d03a52d1c45f412dc36d3b1
Red Hat Security Advisory 2012-0104-01
Posted Feb 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0104-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3919
SHA-256 | 9165e3b50d8f4caa9cb36bcfa88ebf90af850df3617220c0b88374cbdcb36f8f
Secunia Security Advisory 47774
Posted Jan 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Hitachi JP1/IT Desktop Management, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 1b2f71e90e48f6606d68d802b26eca7e8d8f8f1cdd148b495ea8d6480cf21c7b
MS12-004 midiOutPlayNextPolyEvent Heap Overflow
Posted Jan 28, 2012
Authored by sinn3r, juan vazquez, Shane Garrett | Site metasploit.com

This Metasploit module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using Windows Media Player's ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causing the offset calculation being higher than how much is available on the heap (0x400 allocated by WINMM!winmmAlloc), and then allowing us to either "inc al" or "dec al" a byte. This can be used to corrupt an array (CImplAry) we setup, and force the browser to confuse types from tagVARIANT objects, which leverages remote code execution under the context of the user. At this time, for IE 8 target, JRE (Java Runtime Environment) is required to bypass DEP (Data Execution Prevention). Note: Based on our testing, the vulnerability does not seem to trigger when the victim machine is operated via rdesktop.

tags | exploit, java, remote, overflow, code execution, activex
systems | windows
advisories | CVE-2012-0003, OSVDB-78210
SHA-256 | 2fdc9c5c7f7d444b003b94e6d9ac9413e9711bc63c367b5bb555b0a3a0fecd1c
Secunia Security Advisory 47553
Posted Jan 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle Virtual Desktop Infrastructure, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.

tags | advisory
SHA-256 | e6408b38d5e784713714d1800fe371c1a8a3a6c6a45c5db98f55841780396832
Citrix XenDesktop, XenServer, Receiver 5.6 SP2 Pass-The-Hash
Posted Dec 15, 2011
Authored by vtek63

Citrix XenDesktop, XenServer, Receiver version 5.6 SP2 suffer from a pass-the-hash attack vulnerability due to not using SSL.

tags | exploit
SHA-256 | 1cdc447222c2b4047d47fb0a65039267225b922c70e82b599759e03fa6d8207b
TCP Scanners Package Using SCAPY
Posted Nov 16, 2011
Authored by infodox | Site compsoc.nuigalway.ie

A small collection of scanners using SCAPY that scan for Remote Desktop, VNC, SSH and Telnet servers on networks. It can be used to build target lists or discover rogue services running on your networks. Written in Python.

tags | tool, remote, scanner, python
systems | linux, unix
SHA-256 | af46bf1f61d6ac25ffe9a21f178bbd9262eb64e48d53371b8aa3e0e2721606b2
Secunia Security Advisory 46850
Posted Nov 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oracle has acknowledged two vulnerabilities in Oracle Secure Global Desktop, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | 2073f14cdfac1a26e0df65e4bbb589a41a00a352d283fbd4a604bda50bf3a0f2
Secunia Security Advisory 46696
Posted Nov 4, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Citrix XenDesktop, which can be exploited by malicious, local users to bypass certain security restrictions.

tags | advisory, local
SHA-256 | e5c70fa37eb5ee4ce9f6e58516221bdb40507893f97fe509ffdc313bd2e4d1a3
Red Hat Security Advisory 2011-1385-01
Posted Oct 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1385-01 - The kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment. An input sanitization flaw was found in the KSSL API. An attacker could supply a specially-crafted SSL certificate to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2011-3365
SHA-256 | 93d3a041d26b448ebf9aa48719ed1b488137fda9ab4c9f89b9db8e97b49be46d
Page 1 of 4
Back1234Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close