McAfee Virtual Technician version 6.3.0.1911 suffers from a MVT.MVTControl.6300 GetObject() active-x control security bypass remote code execution vulnerability.
5a476c9c527f6a272b92f731c3096dfabcad22d8aab8943fa6a023e57ce5a5bdTeam Helpdesk Customer Web Service (CWS) and Technician Web Access (TWA) version 8.3.5 credential dump exploits that produce encrypted pairs. Decryption scripts are also included.
b55a0fca18653e17666a9e18f599993836259cbba81d9aa9c67cde5f0dde607bMcAfee Virtual Technician (MVT) 6.5.0.2101 suffers from an exposed unsafe active-x method.
55fc445bc2332b108a292b07dc1275003a836cf017d276122b75dab94844b2a7This Metasploit modules exploits a vulnerability found in McAfee Virtual Technician's MVTControl. This ActiveX control can be abused by using the GetObject() function to load additional unsafe classes such as WScript.Shell, therefore allowing remote code execution under the context of the user.
ec86fdc2f4cc78d676680abb952cb10427dad174e2bed743fc0d8633dd49510aSecunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in McAfee Virtual Technician MVTControl ActiveX Control, which can be exploited by malicious people to compromise a user's system.
06c8fb84243af9fec0d2d61b36a0ff99d4226c6244c406f6966f38cf9df01b38w00w00's operating system. Yes, a joke.
c7c869568d15aee512c973a781e7aacc751b7d434724db343e310154d469a194This little program opens as many sockets with a remote host as can be supported by both. It catches ^C and kill commands to shut down cleanly by closing all open connections before exiting. Often, a remote workstation can be brought to its knees by saturating its process table via multiple invocations of sendmail. That's why port 25 (the sendmail port) is the default. If the target's process table (set when the target kernel was created) is filled, users will be unable to execute any shell commands. Many MUDs also crash when the number of sockets they have open exceeds a certain number. This program will put stress on MUDs by testing their limits. If a limit is reached, the MUD will either crash or will refuse to let new users log in. * The program is incomplete, in that it doesn't check for socket timeouts and subsequently reuse timed out sockets. That means the program can only keep a remote host / mud locked up until it exhausts its own available new sockets, or until it has reached MAX_DESCRIPTORS remote connections as set by the #define statement. * If the local machine starts issuing error messages, then the program has failed to saturate the remote host and has instead reached the limits of the local machine. Use ^C or the kill command to terminate it. If you are knowledgable about rebuilding kernels and have access to the root account, you can build a special kernel that will allow you to reach a much larger number of open sockets.
b17774a047da8f2dda8f5acbd018f5ca39bc608c82b3694b31d3ff473671c675twlc logo
4bda0b4a3fc3c22022e033d7c302b65ce2a5d00d65841e0f1e0ebe6756af3a5dPR09.txt.zip
9996a1594ee69bb668a1744749d3f577ed5deae37acaa60790a092bb44c7594ePR08.txt.zip
36b80c6c10bd2225e2e17e81d9b987f04bf37bea78c18fa4fb6374b3e511b38fPR07.txt.zip
36e8db0e6b74cb9f0375d215491338ca8198e3f7ae0285fadb8acb796e543fd5PR06.txt.zip
a29664967c27b2c474cda8ba345817718e4c6cb0568ae95f11059ae4357c7062PR05.txt.zip
1cef4a1d48902fc90a4be4486a6719ecdcae3b1d1f7b9f45f4c68dc9519156a6PR04.txt.zip
3a85b727313c6cd98b7757560927b10cefa23e57950d2c5f2bb864718e5f90a0PR03.txt.zip
c904099ed19028ed4302a8a950f7498e470268abdd7423fd4c2a0854aaac7263PR02.txt.zip
c7508682ed0b699d6ba7628664c6162bf24fa9ec605baa5b16aa0eb9001a8e01PR01.txt.zip
1fd799081a3722ba2b6a8de69f30c1b9cf3c4cf472fd5a67fa9d54a839eeaa1eThe Netopia R9100 permits a user not authorized with a special security password to neverthless modify the SNMP community strings, including enabling SNMP access that should be disabled.
3168f68634d059aaa9ea3f13c15e52e139e10b5ab83eef2a37fba5ca881c8d62Prevent Current and Future E-Mail Worms.
b1751241071df22894da713215dce7423eeb70171bb6e5eafc67ab315fb54b15Users can access the mailbox's content of anybody on the system. They can also steal their POP passwords since Emurl allows you to fetch your POP email from more than one source.
35e647237c0a38d4a34398da868edd6414f0a0f6309e46a65ff713c97f3e4d78A file called adpassword.txt is world readable as it is assigned the wrong permissions. This will allow a malicious attacker to read the contents of the file, to crack the DES encrypted password it contains (using a common-or-garden password cracker), and to edit banner entries,to add or to remove banners.
6c3ff8a442e1d2635cfd0603a063047b2989029691b11b442d5c9cce20f68a72Remote Denial of Service for CProxy v3.3 - Service Pack 2. This program xploits an overflow vulnerability in CProxy 3.3 SP2 HTTP Service (8080), causing server shutdown.
414890f4eae14551c1d605e97ecea325b12eead335724787e3754a807c6e5230Cisco 760 Series Connection Overflow. Affected Systems: Routers Cisco 760 Series. Others not tested.
49c9851a414a339e8fb03b576ee74281497581f96f35f25c614707a6294d572aRemote users can execute arbitrary commands on the web server with the priviledge level of the httpd process.
7e8843302cd134bdc683267eeed64db268f619dcb7483ba80947f7f20d7713d0A defect in multiple releases of Cisco IOS software will cause a Cisco router or switch to halt and reload if the IOS HTTP service is enabled and browsing to "http://<router-ip>/%%" is attempted. This defect can be exploited to produce a denial of service (DoS) attack. This defect has been discussed on public mailing lists and should be considered public information.
06968d61e8af1b8d044e7641ad890947a953133f8a4264e14082028a3cc839c8A vulnerable secure shell distribution is available from the popular Zedz Consultants FTP site (formally known as replay.com). The RedHat Linux RPM ssh-1.2.27-8i.src.rpm contains a PAM patch which contains faulty logic allowing users to essentially pass through the username/password authentication step and gain shell access.
b57e79520315127b620ca4b51d6c7b231203c8de9f7862f0c36dadb45cea51a3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
