what you don't know can hurt you
Showing 1 - 25 of 77 RSS Feed

Files

microsoft.netmeeting.txt
Posted Aug 17, 1999

Severe security vulnerabilities in Microsoft Netmeeting for Windows 9x/NT allow local users to gain root privileges, open up machines running Netmeeting to Denial of Service attacks, much more. No fix or vendor response.

tags | exploit, denial of service, local, root, vulnerability
systems | windows, 9x
MD5 | 83f2f8afd42e0807ab919ada926cd970

Related Files

Microsoft Windows Net Use Insufficent Authentication
Posted Apr 6, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

The Windows "net use" network logon type-3 command does not prompt for authentication when the built-in Administrator account is enabled and both remote and originating systems suffer from password reuse. This also works as "standard" user but unfortunately we do not gain high integrity privileges. However, it opens the door and increases the attack surface if the box we laterally move to has other vulnerabilities present.

tags | exploit, remote, vulnerability
systems | windows
MD5 | 1cbbf18780d337b8641e53ba2ce0d1e4
Microsoft .diagcab Directory Traversal / Code Execution
Posted Jan 18, 2020
Authored by Imre Rad

A flaw in the implementation of Microsoft's Troubleshooter technology could lead to remote code execution if a crafted .diagcab file is opened by the victim. The exploit leverages a rogue webdav server to trick MSDT to drop files to attacker controller locations on the file system.

tags | exploit, remote, code execution
MD5 | b8326808b53e39ccbf0e5710fae5f1af
Microsoft Windows VCF Denial Of Service
Posted Jan 4, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows VCF cards do not properly sanitize email addresses allowing for HTML injection. A corrupt VCF card can cause all the users currently opened files and applications to be closed and their session to be terminated without requiring any accompanying attacker supplied code.

tags | exploit
systems | windows
MD5 | a8bf3c22b7586fb9aed156a323afff1c
Microsoft Windows .Group File URL Field Code Execution
Posted Jan 1, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows suffers from a .group file code execution vulnerability that leverages the URL field.

tags | exploit, code execution
systems | windows
MD5 | c14d7dd530c485214547e0c84c47d3fd
Microsoft Visual Studio 2008 Express IDE XML Injection
Posted Dec 2, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Visual Studio 2008 Express IDE suffers from an XML external entity injection vulnerability.

tags | exploit
MD5 | 789e0a22b8214672e24e1c11ee00b829
Microsoft Excel 2016 1901 Import Error XML Injection
Posted Nov 30, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Excel 2016 version 1901 suffers from an XML external entity injection vulnerability.

tags | exploit
MD5 | 38a897cf183daf4eab6b217fc70232f7
Microsoft Windows NTFS Privileged File Access Enumeration
Posted Sep 6, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows suffers from an NTFS privileged file access enumeration vulnerability. Attackers possessing user-only rights can gather intelligence or profile other user account activities by brute forcing a correct file name due to inconsistent error messaging.

tags | exploit
systems | windows
MD5 | 8f8a5a6cf1cf40cfec6b841ca09e2618
Microsoft Outlook Web Access 14.3.224.2 Header Injection
Posted Sep 3, 2019
Authored by Todor Donev

Microsoft Outlook Web Access version 14.3.224.2 remote host header injection exploit.

tags | exploit, remote, web
MD5 | 738d54f00f2797e0ac5db6ac6d2d1ef7
Microsoft Outlook Web Access Build 15.1.1591 Header Injection
Posted Sep 2, 2019
Authored by Todor Donev

Microsoft Outlook Web Access build 15.1.1591 suffers from a remote host header injection vulnerability.

tags | exploit, remote, web
MD5 | 83e1a1d05799abc8fa7716f9dca9a040
Microsoft Windows PowerShell Command Execution
Posted Aug 2, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows suffers from a PowerShell unsanitized filename command execution vulnerability.

tags | exploit
systems | windows
MD5 | 4059533a64c2c0436da56ba2b23fecdc
Microsoft Compiled HTML Help / Uncompiled .chm File XML External Entity Injection
Posted Jul 16, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft compiled HTML Help and uncompiled .chm files can be leveraged for XML external entity injection attacks.

tags | exploit
MD5 | 58644216083e140438ff9e4523e0bb5b
Microsoft File Checksum Verifier 2.05 DLL Hijacking
Posted Jul 4, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft File Checksum Verifier version 2.05 suffers from a dll hijacking vulnerability.

tags | exploit
MD5 | d2cee35ac2dbc3bc9ea6be0bce939d6e
Microsoft Word (2016) Deceptive File Reference
Posted Jun 17, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

When a Microsoft Word ".docx" File contains a hyperlink to another file, it will run the first file it finds in that directory with a valid extension. But will present to the end user an extension-less file in its Security warning dialog box without showing the extension type. If another "empty" file of the same name as the target executable exists but has no file extension. Because the extension is suppressed it makes the file seem harmless and the file can be masked to appear as just a folder etc. This can potentially trick user into running unexpected code, but will only work when you have an additional file of same name with NO extension on it.

tags | exploit
MD5 | c758f8435e2134b135cb043389ffe683
Go Cryptography Libraries Cleartext Message Spoofing
Posted May 13, 2019
Authored by Aida Mynzhasova | Site sec-consult.com

During a short security test, SEC Consult found a severe security vulnerability in the clearsign package of supplementary Go cryptography libraries.

tags | exploit
advisories | CVE-2019-11841
MD5 | 59bca6acae6ad68908a50cb4c0847104
Microsoft Windows Contact File Format Arbitary Code Execution
Posted Apr 11, 2019
Authored by hyp3rlinx, Brenner Little | Site metasploit.com

This Metasploit module allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to processing of contact files.

tags | exploit, remote, arbitrary
systems | windows
MD5 | 6ee12bdb2b9701fe2b95191dbd4279bd
Microsoft Internet Explorer 11 XML Injection
Posted Apr 11, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Internet Explorer 11 suffers from an XML external entity injection vulnerability.

tags | exploit
MD5 | 1bd0be320e4cc74b22614b72b93629bd
Microsoft Windows .Reg File / Dialog Box Message Spoofing
Posted Mar 11, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

The Windows registry editor allows specially crafted .reg filenames to spoof the default registry dialog warning box presented to an end user. This can potentially trick unsavvy users into choosing the wrong selection shown on the dialog box. Furthermore, we can deny the registry editor its ability to show the default secondary status dialog box (Win 10), thereby hiding the fact that our attack was successful.

tags | exploit, spoof, registry
systems | windows
MD5 | 105ff93a7fefdb9d6ae572f2070820c3
Microsoft Windows Contact File HTML Link Injection Remote Code Execution
Posted Jan 23, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows has a flaw where a contact file can be leveraged with a malicious mailto: link to achieve code execution.

tags | exploit, code execution
systems | windows
MD5 | 8da8aed6efa36cf9b75b407094e89ecd
Microsoft Windows .contact Arbitrary Code Execution
Posted Jan 16, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to the processing of ".contact" files <c:Url> node param which takes an expected website value, however if an attacker references an executable file it will run that instead without warning instead of performing expected web navigation. This is dangerous and would be unexpected to an end user.

tags | exploit, remote, web, arbitrary
systems | windows
MD5 | 400f7619bf34f3975072761dde4b36b7
Microsoft Windows VCF Remote Code Execution
Posted Jan 11, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of VCard files. Crafted data in a VCard file can cause Windows to display a dangerous hyperlink. The user interface fails to provide any indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of the current user.

tags | exploit, remote, arbitrary
systems | windows
MD5 | b357f9ac49a1d5e1b09b2def64c183cf
Microsoft Edge 44.17763.1.0 Null Pointer Dereference
Posted Jan 6, 2019
Authored by Bogdan Kurinnoy

Microsoft Edge version 44.17763.1.0 suffers from a null pointer dereference vulnerability.

tags | exploit
MD5 | 0a65b587f31d643082ffba442fb6edfd
Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 XML Injection
Posted Oct 11, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft SQL Server Management Studio versions 17.9 and 18.0 Preview 4 suffer from an xmla filetype XML external entity injection vulnerability.

tags | exploit, sql injection
advisories | CVE-2018-8532
MD5 | f8fb22312550cc368dc913351a5406a8
Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 XML Injection
Posted Oct 11, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft SQL Server Management Studio versions 17.9 and 18.0 Preview 4 suffer from a xel filetype XML external entity injection vulnerability.

tags | exploit, sql injection
advisories | CVE-2018-8527
MD5 | 0fb594060e86354cefaa3a12ba2181d5
Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 XML Injection
Posted Oct 11, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft SQL Server Management Studio versions 17.9 and 18.0 Preview 4 suffer from a REGSRVR filehandling XML external entity injection vulnerability.

tags | exploit, sql injection
advisories | CVE-2018-8533
MD5 | bc7e26312d98457aeac3779548aee6d7
Microsoft Baseline Security Analyzer 2.3 XML Injection
Posted Sep 10, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Baseline Security Analyzer version 2.3 suffers from an XML external entity injection vulnerability.

tags | exploit
MD5 | 7224f7e70a591fdfca03428610d0453c
Page 1 of 4
Back1234Next

File Archive:

June 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    10 Files
  • 2
    Jun 2nd
    9 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close