exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Citrix Access Gateway Plug-in For Windows nsepacom Buffer Overflow
Posted Aug 1, 2012
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method. This can be exploited to cause a heap-based buffer overflow via an overly long "CSEC" HTTP response header. Successful exploitation allows execution of arbitrary code. Citrix Access Gateway Plug-in for Windows version 9.3.49.5 is affected.

tags | advisory, web, overflow, arbitrary, activex
systems | windows
advisories | CVE-2011-2592
SHA-256 | 88190841a21f5703514230e00d059f52693aa6867752ab05cf5658926bb7ec55

Related Files

Zero Day Initiative Advisory 12-141
Posted Aug 17, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-141 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within Microsoft .NET XAML Browser Application (XBAP) handling of Clipboard object data. It is possible to cause unsafe memory access within System.Windows.Forms.Clipboard, allowing an attacker to control the memory used by an object's native code. This unsafe access allows for control of a function pointer, which can be exploited to remotely execute code. In the case of Internet Explorer, execution of attacker code occurs outside of the Protected Mode sandbox.

tags | advisory, remote, arbitrary
systems | windows
advisories | CVE-2012-1855
SHA-256 | 8a9c280b793fd5689ee6d1eab372451da1a6ddfa522f51fffe5b3eeaf469a90f
Microsoft Windows Remote Desktop Code Execution
Posted Aug 17, 2012
Authored by Edward Torkington | Site ngssoftware.com

The NCC Group has discovered a remote code execution vulnerability in Microsoft Windows Remote Desktop. Unfortunately, as usual, they are withholding any details for three months.

tags | advisory, remote, code execution
systems | windows
SHA-256 | 0fa10f8bd72eefcf41477492323bf1a29066a62a63f7c0287de0cac6b2c9a5ef
Internet Explorer Script Interjection Code Execution
Posted Aug 17, 2012
Authored by Derek Soeder

The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.

tags | advisory, web, arbitrary, code execution, protocol
systems | windows
SHA-256 | 96288d159c287c058009d8e91825a92c22beb920a6169e740a20af44b919357b
Windows Service Trusted Path Privilege Escalation
Posted Aug 15, 2012
Authored by sinn3r | Site metasploit.com

This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths: C:\program.exe, and C:\program files\hello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some softwares such as OpenVPN 2.1.1, or OpenSSH Server 5, etc... all have the same problem.

tags | exploit
systems | windows
SHA-256 | 13ee2928c651d3a5639e180e5f2cafa4d077977aeeeb2da9a34de919ec969a8e
Secunia Security Advisory 50244
Posted Aug 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | windows
SHA-256 | 63491bc1a361b46394d0e770340bc1d62e358ab46fcf9ac1195de71f4c9f6e0e
Secunia Security Advisory 50243
Posted Aug 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | windows
SHA-256 | 3921be400542ad8b66f2ad3a5e76763bec88068d4951e85a0d664844d9ce23ed
Secunia Security Advisory 50236
Posted Aug 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | windows
SHA-256 | 312c2d9673be9c4269e466183c43c773e722f5516f299990ed56c53da2cd58a2
Secunia Security Advisory 50245
Posted Aug 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | windows
SHA-256 | ea724ecfa139cce21a82d519e62f8208e1fc9f237c8b65f59575eb3205065962
PHP IRC Bot pbot eval() Remote Code Execution
Posted Aug 8, 2012
Authored by Evilcry, juan vazquez, bwall, Jay Turla | Site metasploit.com

This Metasploit module allows remote command execution on the PHP IRC bot pbot by abusing the usage of eval() in the implementation of the .php command. In order to work, the data to connect to the IRC server and channel where find pbot must be provided. The module has been successfully tested on the version of pbot analyzed by Jay Turla, and published on Infosec Institute, running over Ubuntu 10.04 and Windows XP SP3.

tags | exploit, remote, php
systems | linux, windows, ubuntu
SHA-256 | af5927c4e9d6a607a05e48844259bb81f722ee9404fcdab77834d99f0a04d614
HP Security Bulletin HPSBMU02781 SSRT100617 2
Posted Aug 8, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02781 SSRT100617 2 - Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running PostgreSQL. The vulnerabilities could be remotely exploited resulting in execution of arbitrary code and Denial of Service (DoS). Revision 2 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows, solaris, hpux
advisories | CVE-2009-0922, CVE-2009-3229, CVE-2009-3230, CVE-2009-3231, CVE-2009-4034, CVE-2009-4136, CVE-2010-1169, CVE-2010-1170, CVE-2010-1975, CVE-2010-3433, CVE-2010-4015
SHA-256 | 969977237cbe019bfcfe019ff2785e5a2cd29b36bd1679c3d115100fcd8f2197
Triggering Windows 7
Posted Aug 8, 2012
Authored by Prateek Shukla

This is a brief whitepaper discussing how to BackTrack 5 and the Social Engineering Toolkit (SET) to generate a malicious java applet in order to gain a reverse shell on Windows 7.

tags | paper, java, shell
systems | windows
SHA-256 | c465ce76e11d434cefe598ce9ad6f6709a3c029e5620d87ca6bb83721ba8d677
HP Security Bulletin HPSBMU02798 SSRT100908
Posted Aug 7, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02798 SSRT100908 - Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). Revision 1 of this advisory.

tags | advisory, vulnerability, xss
systems | linux, windows, solaris, hpux
advisories | CVE-2012-2022
SHA-256 | a885cd01ca8cd93fe66e4e8013b2d793165bb1bcc6b061769b8c443a13f18e3f
Zero Day Initiative Advisory 12-129
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-129 - This vulnerability allows remote attackers to execute arbitrary code from the contact of kernelspace on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the kernel's support for TrueType font parsing of compound glyphs. A sign extension error exists in win32k.sys when processing compound glyphs having a total number of contours above 0x7FFF. This can be exploited to corrupt kernel heap memory placed below the space allocated for the "flags" buffer and potentially execute arbitrary code in kernel space.

tags | advisory, remote, arbitrary, kernel
systems | windows
advisories | CVE-2012-0159
SHA-256 | e75b08b74f32bfc501dc8a86f8d3c57d49f38b38038de8495feb68116308083e
HP Security Bulletin HPSBMU02796 SSRT100594 3
Posted Aug 3, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02796 SSRT100594 3 - Potential security vulnerabilities have been identified with HP Operations Agent and HP Performance Agent for AIX, HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in the execution of arbitrary code. Revision 3 of this advisory.

tags | advisory, arbitrary, vulnerability
systems | linux, windows, solaris, aix, hpux
advisories | CVE-2012-2019, CVE-2012-2020
SHA-256 | 3f6dc4794fecdbb1b3d9d771df74bec69fbc5554fc0f551c124b56e6401a877c
Citrix Access Gateway Plug-in For Windows nsepacom Integer Overflow
Posted Aug 1, 2012
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method. This can be exploited to cause a heap-based buffer overflow via a specially crafted "Content-Length" HTTP response header. Successful exploitation may allow execution of arbitrary code. Citrix Access Gateway Plug-in for Windows version 9.3.49.5 is affected.

tags | advisory, web, overflow, arbitrary, activex
systems | windows
advisories | CVE-2011-2593
SHA-256 | e3fca65bdb01a3b7b24ef54cae23d5e08cd0034667d410d5364cab845d4fe8a7
Arora 0.10.0 Windows Qt 4.5.3 XSS / Denial Of Service
Posted Jul 31, 2012
Authored by Lostmon | Site lostmon.blogspot.com

Arora version 0.10.0 with Windows Qt 4.5.3 suffers from cross site scripting and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
systems | windows
SHA-256 | 418fbd0402132cfbdaaa90d41a9d3c5238d1cebdaed4fc5ee7aecbc4333d37fa
Secunia Security Advisory 45299
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | windows
SHA-256 | 07d58c8854e7f3255cc40544ea9e0bbfc67f592ba11f516d1ed5f2d4697aa452
Microsoft Office SharePoint Server 2007 Remote Code Execution
Posted Jul 30, 2012
Authored by James Burton, juan, Oleksandr Mirosh | Site metasploit.com

This Metasploit module exploits a vulnerability found in SharePoint Server 2007 SP2. The software contains a directory traversal, that allows a remote attacker to write arbitrary files to the filesystem, sending a specially crafted SOAP ConvertFile request to the Office Document Conversions Launcher Service, which results in code execution under the context of 'SYSTEM'. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of SharePoint on Windows 2003 Servers. It has been successfully tested on Office SharePoint Server 2007 SP2 over Windows 2003 SP2.

tags | exploit, remote, arbitrary, code execution
systems | windows
advisories | CVE-2010-3964, OSVDB-69817
SHA-256 | 7ad8e7d26bc7d8213c68e74fdb77fb2a0f223d16965a4e6425e8d2f9797435cd
Photodex ProShow Producer 5.0.3256 Buffer Overflow
Posted Jul 26, 2012
Authored by mr.pr0n, Julien Ahrens, juan | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Photodex ProShow Producer version 5.0.3256 in the handling of the plugins load list file. An attacker must send the crafted "load" file to victim, who must store it in the installation directory. The vulnerability will be triggered the next time ProShow is opened. The module has been tested successfully on Windows XP SP3 and Windows 7 SP1.

tags | exploit, overflow
systems | windows
advisories | OSVDB-83745
SHA-256 | bf2514d474a7b08d3b8119c8f11509c92a1414014f2de791e9a5e94b2b9e0c03
Another File Integrity Checker 3.1
Posted Jul 26, 2012
Authored by Eric Gerbier | Site afick.sourceforge.net

afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.

Changes: This is the first public (stable) release of new 3.x branch. It is a rewrite (partial for now) of afick in object oriented programming, to allow better code and better support. It matches the 2.21 release for features. The two afick branches (2.x and 3.x) will be maintained in parallel for a few versions, to allow users to migrate when they want.
tags | tool, integrity
systems | linux, windows, unix
SHA-256 | 933d4fffd3ddffb6eeb8972b47caf3bce6a24d709209a488ab2ddec8e716842c
Simple Web Server Connection Header Buffer Overflow
Posted Jul 23, 2012
Authored by mr.pr0n, juan | Site metasploit.com

This Metasploit module exploits a vulnerability in Simple Web Server 2.2 rc2. A remote user can send a long string data in the Connection Header to cause an overflow on the stack when function vsprintf() is used, and gain arbitrary code execution. The module has been tested successfully on Windows 7 SP1 and Windows XP SP3.

tags | exploit, remote, web, overflow, arbitrary, code execution
systems | windows
SHA-256 | ef2c81d5811597767d04bfb232a9ea85a237262aae453dc634269ab733bcb34c
CVE-2012-1889: Security Update Analysis
Posted Jul 23, 2012
Authored by Brian Mariani, High-Tech Bridge SA, Frederic Bourla | Site htbridge.com

Since the 30th of May 2012 hackers were abusing the Microsoft XML core services vulnerability. The 10th of July 2012 Microsoft finally published a security advisory which fixes this issue. The present document and video explains the details about this fix. As a lab test they used a Windows XP workstation with Service Pack 3. The Internet explorer version is 6.0.

tags | paper
systems | windows
advisories | CVE-2012-1889
SHA-256 | 0663e2de1f39f4495717f0290d861ffdd11a1fe7f2edc6deba2d85db93bac5bd
Novell ZENworks Configuration Management Preboot Service 0x4c Buffer Overflow
Posted Jul 19, 2012
Authored by Luigi Auriemma, juan | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x4c (PROXY_CMD_PREBOOT_TASK_INFO2) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 / SP3 and Windows Server 2003 SP2 (DEP bypass).

tags | exploit, remote, overflow, tcp
systems | windows
advisories | CVE-2011-3176, OSVDB-80231
SHA-256 | eb8d23c0d1251c7dcb0480044c6de8f7f8d9c2d7e8de5b4a78afffe09b659c78
Novell ZENworks Configuration Management Preboot Service 0x6c Buffer Overflow
Posted Jul 19, 2012
Authored by Luigi Auriemma, juan | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x6c (PROXY_CMD_GET_NEXT_STEP) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 / SP3 and Windows Server 2003 SP2 (DEP bypass).

tags | exploit, remote, overflow, tcp
systems | windows
advisories | CVE-2011-3175, OSVDB-80231
SHA-256 | 7d25707a364b6e8cc80a0819d82a572cf3f8dd0815e6c1b374eaa52379c9f479
Windows Escalate Task Scheduler XML Privilege Escalation
Posted Jul 19, 2012
Authored by jduck | Site metasploit.com

This Metasploit module exploits the Task Scheduler 2.0 XML 0day exploited by Stuxnet. When processing task files, the Windows Task Scheduler only uses a CRC32 checksum to validate that the file has not been tampered with. Also, In a default configuration, normal users can read and write the task files that they have created. By modifying the task file and creating a CRC32 collision, an attacker can execute arbitrary commands with SYSTEM privileges.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2010-3338, OSVDB-68518
SHA-256 | d58b245a3284a4c3a0c953e6cd974d43047680186d9ff32f042bd97e492059fb
Page 1 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close