what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

SysAid Help Desk 14.4 Code Execution / Denial Of Service / Traversal / SQL Injection
Posted Jun 3, 2015
Authored by Pedro Ribeiro

SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities.

tags | exploit, remote, denial of service, vulnerability, code execution, sql injection, file upload
advisories | CVE-2015-2993, CVE-2015-2994, CVE-2015-2995, CVE-2015-2996, CVE-2015-2997, CVE-2015-2998, CVE-2015-2999, CVE-2015-3000, CVE-2015-3001
SHA-256 | 093017574bd7478707d43e7e2b1e19064b8c055c7cf9ea2fe8f3083b6a50e5cb

Related Files

Microsoft Windows Remote Desktop Code Execution
Posted Aug 17, 2012
Authored by Edward Torkington | Site ngssoftware.com

The NCC Group has discovered a remote code execution vulnerability in Microsoft Windows Remote Desktop. Unfortunately, as usual, they are withholding any details for three months.

tags | advisory, remote, code execution
systems | windows
SHA-256 | 0fa10f8bd72eefcf41477492323bf1a29066a62a63f7c0287de0cac6b2c9a5ef
Secunia Security Advisory 50198
Posted Aug 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - loneferret has discovered a vulnerability in ManageEngine Service Desk Plus, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | 4b576f909e08c470239259f64d977553f3e5fa4e4a72ed165b1d7a788f36a797
Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow
Posted Aug 7, 2012
Authored by juan vazquez, Brian Gorenc | Site metasploit.com

This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).

tags | exploit, java, web, overflow, code execution, activex
advisories | CVE-2012-0549, OSVDB-81439
SHA-256 | d858c8b6d6fe0d0ffc9d06afc12e482599a5ca2b027ef372734fa46886a66c4d
Red Hat Security Advisory 2012-1136-01
Posted Aug 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1136-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way OpenOffice.org processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-2665
SHA-256 | b59bd2e586688730a92ac126349c089bef1303f0b4131b5918f5c095da0db017
Red Hat Security Advisory 2012-1135-01
Posted Aug 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1135-01 - LibreOffice is an open source, community-developed office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way LibreOffice processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in a LibreOffice application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-2665
SHA-256 | ef5af1d4129c97a023a0cc2e74caaa7ad86b3ab37d19926858984185cae82c3c
Zero Day Initiative Advisory 12-098
Posted Jun 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-098 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of America Online's Toolbar, Desktop, IM, and winamp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dnUpdater ActiveX Control. When initializing the ActiveX control object, dnu.exe assumes the 5th argument being used for the Init() method, to be a legitimate pointer to a function. This vulnerability can be leveraged to execute code under the context of the user.

tags | advisory, remote, arbitrary, activex
SHA-256 | a43f556f3d5f1fb2f42adb830bd5d07dc569dc14ea9ec83ad846c3de1fe60ccb
MyDesktop SQL Injection
Posted Jun 16, 2012
Authored by Taurus Omar

MyDesktop suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b483fc4a413ecf61218995b5a31ab35d3a76cd27173b00ae7bb801caf250abb5
Red Hat Security Advisory 2012-0705-01
Posted Jun 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0705-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an invalid Escher graphics records length in Microsoft Office PowerPoint documents. An attacker could provide a specially-crafted Microsoft Office PowerPoint document that, when opened, would cause OpenOffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running OpenOffice.org.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-1149, CVE-2012-2334
SHA-256 | 6a657f9b42a90e909284ccc79fb9187564b90245173cbab2a1f6851f0a6a3370
ExoPHPDesk 1.2.1 SQL Injection
Posted May 2, 2012
Authored by L3b-r1'z

ExoPHPDesk version 1.2.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | bc686aa635201f14247dc246ac28bf215ac17cb4d6b29a73397658378a20ab02
Secunia Security Advisory 48843
Posted Apr 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Hitachi JP1/IT Desktop Management, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability, xss
SHA-256 | e0fdb9f7c33b5703a29340209d510b8b6eead3975c286d792e8c5b0a8a4fe19d
Secunia Security Advisory 48904
Posted Apr 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in ReadyDesk, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | db69da7634774c7d34b6d0f9da83a9ad4c9d93e03f550b057209111e2ea4a086
ReadyDesk Cross Site Scripting
Posted Apr 19, 2012
Authored by Sony

ReadyDesk suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d933cf2d5240cd1b9fef0c9dff0b3afddcab16f19f6a7204ee5c5a9fe6166cd9
LANDesk Lenovo ThinkManagement Console Remote Command Execution
Posted Apr 10, 2012
Authored by Andrea Micalizzi, juan vazquez | Site metasploit.com

This Metasploit module can be used to execute a payload on LANDesk Lenovo ThinkManagement Suite 9.0.2 and 9.0.3. The payload is uploaded as an ASP script by sending a specially crafted SOAP request to "/landesk/managementsuite/core/core.anonymous/ServerSetup.asmx" , via a "RunAMTCommand" operation with the command '-PutUpdateFileCore' as the argument. After execution, the ASP script with the payload is deleted by sending another specially crafted SOAP request to "WSVulnerabilityCore/VulCore.asmx" via a "SetTaskLogByFile" operation.

tags | exploit, asp
advisories | CVE-2012-1195, CVE-2012-1196, OSVDB-79276, OSVDB-79277
SHA-256 | 0f339f9c1af48dbfe9bfacaefebfc2b71162b36ed475e3bea07c0a38fda09f1b
Red Hat Security Advisory 2012-0411-01
Posted Mar 23, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0411-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. OpenOffice.org embeds a copy of Raptor, which provides parsers for Resource Description Framework files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If OpenOffice.org were to open a specially-crafted file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running OpenOffice.org had access to. A bug in the way Raptor handled external entities could cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org.

tags | advisory, remote, arbitrary, local, xxe
systems | linux, redhat
advisories | CVE-2012-0037
SHA-256 | 9a0a4f543457fc7348795ef6b90c507f9cb100611358fcad986b6f701a4bd297
LANDesk Lenovo ThinkManagement Suite 9.0.3 File Deletion
Posted Mar 20, 2012
Authored by rgod | Site retrogod.altervista.org

LANDesk Lenovo ThinkManagement Suite version 9.0.3 suffers from a core server remote arbitrary file deletion vulnerability.

tags | exploit, remote, arbitrary
advisories | CVE-2012-1196
SHA-256 | 0c80de7eb7401e75b9edafdab61c3336a8c7bbaca85898f61b94f2f26254ccd3
LANDesk Lenovo ThinkManagement Suite 9.0.3 Code Execution
Posted Mar 19, 2012
Authored by rgod | Site retrogod.altervista.org

LANDesk Lenovo ThinkManagement Suite version 9.0.3 suffers from a core server remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2012-1195
SHA-256 | fe7e3841d8266a0bdf777c01b95935543a5458d8b05813ac7e4e79d579cbd473
Kayako Fusion Help Desk Cross Site Scripting
Posted Mar 18, 2012
Authored by Sony

Kayako Fusion Help Desk Software suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 565127ad9b187160e79043dbc0756f9abe1cadd29b782f144822a834134e3377
Pakyu Cenloder Microsoft Remote Desktop Denial Of Service
Posted Mar 17, 2012
Authored by BMario

Pakyu Cenloder Microsoft Remote Desktop python denial of service exploit.

tags | exploit, remote, denial of service, python
SHA-256 | 6679e3355cf673033887af137fcccfdd01c59d366258732210ba0294f9b2d753
Microsoft Remote Desktop Use-After-Free
Posted Mar 17, 2012
Authored by Luigi Auriemma | Site aluigi.org

This archive encompasses an advisory about the MS12-020 use-after-free vulnerability in Microsoft Remote Desktop, details about the leaked exploit in relation to this report, and a proof of concept exploit.

tags | exploit, remote, proof of concept
systems | linux
SHA-256 | 9a94d068fd0f6a8f044593bfb8ff8e4f4527cff18adacfeaddb785decdbbaa82
Zero Day Initiative Advisory 12-044
Posted Mar 16, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-044 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft's Remote Desktop Protocol. Authentication is not required to exploit this vulnerability. The specific flaw exists during handling of an error while loading elements into an array. This condition can cause the driver to abort a connection and part of the logic of the abort is to free an object associated with it. This will actually occur twice when each of channels are disconnected. The second time this object is freed, the driver will fetch a virtual pointer from the freed object and call it. This can lead to code execution under the context of the driver.

tags | advisory, remote, arbitrary, code execution, protocol
advisories | CVE-2012-0002
SHA-256 | 10864a15ca77b98406254b2f35007bb2b449eabd2c3ebff0d116a3416159f77e
Red Hat Security Advisory 2012-0349-01
Posted Mar 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0349-01 - On March 01, 2012, all Red Hat Enterprise Linux 4-based products listed transition from the Production Phase to the Extended Life Phase: Red Hat Enterprise Linux AS 4, Red Hat Enterprise Linux ES 4, Red Hat Enterprise Linux WS 4, Red Hat Desktop 4, Red Hat Global File System 4, Red Hat Cluster Suite 4.

tags | advisory
systems | linux, redhat
SHA-256 | e326550afcdeea4064006170ceef17b1544525cfcecf9f031e3dac47bae27ec1
Secunia Security Advisory 48167
Posted Feb 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sony has reported multiple vulnerabilities in WonderDesk SQL, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 7079b5c38c21caaae92f52f361e785a17d6ade637955b191713c7ac2081c3298
WonderDesk Cross Site Scripting
Posted Feb 26, 2012
Authored by Sony

WonderDesk suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | bdd01d5b99c5b3fb619e5cc517a12bfb74b7dcb1c9b1d843a53ddc0a14cedfa7
Red Hat Security Advisory 2012-0324-01
Posted Feb 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0324-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.

tags | tool, local
systems | unix
advisories | CVE-2012-0841
SHA-256 | 5523df1edf9b9bf00698149c5299eca8f8b5e0c4b4ab304f7d57cc4905cc9491
Secunia Security Advisory 47835
Posted Feb 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in swDesk, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | b9a9624b38f1f69785758ca0381fd79a1cb0a4a279a7918cf803c22e2f55f007
Page 1 of 4
Back1234Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close