exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

PDF-XChange Viewer 2.5 (Build 314.0) Code Execution
Posted Aug 24, 2017
Authored by Daniele Votta

PDF-XChange Viewer version 2.5 (Build 314.0) suffers from a javascript API remote code execution vulnerability.

tags | exploit, remote, javascript, code execution
advisories | CVE-2017-13056
MD5 | 95670a27a8d84b139aea1f89f227147b

Related Files

Secunia Security Advisory 50015
Posted Jul 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability with an unknown impact has been reported in TeamViewer.

tags | advisory
MD5 | cb3e762e026801dc5f64845d9b6bc6b2
Secunia Security Advisory 49934
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Three vulnerabilities have been reported in Oracle MapViewer, which can be exploited by malicious people to gain knowledge of sensitive information or manipulate certain data.

tags | advisory, vulnerability
MD5 | 52a09090c675a964dd498f72b3a3d9a6
Microsoft Windows OLE Object File Handling Remote Code Execution
Posted Jun 7, 2012
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a type confusion vulnerability in the OLE32 component of Windows XP SP3. The vulnerability exists in the CPropertyStorage::ReadMultiple function. A Visio document with a specially crafted Summary Information Stream embedded allows to get remote code execution through Internet Explorer, on systems with Visio Viewer installed.

tags | exploit, remote, code execution
systems | windows, xp
advisories | CVE-2011-3400, OSVDB-77663
MD5 | d3c565f4318547e83002b8fd42f13934
Samsung NET-i viewer Multiple ActiveX BackupToAvi() Remote Overflow
Posted Jun 7, 2012
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in the CNC_Ctrl.dll ActiveX installed with the Samsung NET-i viewer 1.37. Specifically, when supplying a long string for the fname parameter to the BackupToAvi method, an integer overflow occurs, which leads to a posterior buffer overflow due to the use of memcpy with an incorrect size, resulting in remote code execution under the context of the user.

tags | exploit, remote, overflow, code execution, activex
advisories | OSVDB-81453
MD5 | 4c5e211b0f08b20529db1ec0b5bdaff9
Secunia Security Advisory 49296
Posted May 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in TopicsViewer, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
MD5 | 2c67574055d13a8b4b479aa750743ffd
Topics Viewer 2.3 Local File Inclusion / SQL Injection
Posted May 28, 2012
Authored by n4ss1m

Topics Viewer version 2.3 suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
MD5 | e3cb67f6722c2461b54f54e15a298b8e
Secunia Security Advisory 49113
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Visio Viewer, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 8d61fded5c8030dbbcccdafa92ca7f43
Ubuntu Security Notice USN-1439-1
Posted May 7, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1439-1 - Matthias Weckbecker discovered a cross-site scripting (XSS) vulnerability in Horizon via the log viewer refresh mechanism. If a user were tricked into viewing a specially crafted log message, a remote attacker could exploit this to modify the contents or steal confidential data within the same domain. Thomas Biege discovered a session fixation vulnerability in Horizon. An attacker could exploit this to potentially allow access to unauthorized information and capabilities. Various other issues were also addressed.

tags | advisory, remote, xss
systems | linux, ubuntu
advisories | CVE-2012-2094, CVE-2012-2144, CVE-2012-2094, CVE-2012-2144
MD5 | 473c664760d6da44034c59cb77b83bf4
Samsung NET-i Viewer Active-X SEH Overwrite
Posted May 2, 2012
Authored by Blake

Samsung NET-i Viewer version 1.37 active-x SEH overwrite exploit.

tags | exploit, activex
MD5 | 0a5d4fc00155f9ae33f867b85aba6045
Secunia Security Advisory 48965
Posted Apr 24, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Luigi Auriemma has discovered two vulnerabilities in NET-i viewer, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | 531ab7bf438b2c2dd18ad3e370796afc
Secunia Security Advisory 48966
Posted Apr 24, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Luigi Auriemma has discovered two vulnerabilities in NET-i viewer, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | 1fd50063453cafb0e1303c3063064481
The Source Is A Lie
Posted Apr 17, 2012
Authored by Andreas Nusser | Site sec-consult.com

Whitepaper called The Source Is A Lie. Backdoors have always been a concern of the security community. In recent years the idea of not trusting the developer has gained momentum and manifested itself in various forms of source code review. For Java, being one of the most popular programming languages, numerous tools and papers have been written to help during reviews. While these tools and techniques are getting developed further, they usually focus on traditional programming paradigms. Modern concepts like Aspect Oriented Programming or the Java Reflection API are left out. Especially the use of Java’s Reflection API in conjunction with the lesser known “string pool” can lead to a new kind of backdoor. This backdoor hides itself from unwary reviewer by disguising its access to critical resources like credential through indirection. To raise the awareness about this particular kind of backdoor, this paper will provide a short introduction to the string pool, show how reflection can be used to manipulate it, demonstrate how a backdoor can abuse this, and discuss how it can be uncovered.

tags | paper, java
MD5 | 95c7b6fb02b2acae134655f38d6826c1
UltraVNC 1.0.2 Client (vncviewer.exe) Buffer Overflow
Posted Mar 26, 2012
Authored by noperand | Site metasploit.com

This Metasploit module exploits a buffer overflow in UltraVNC Viewer 1.0.2 Release. If a malicious server responds to a client connection indicating a minor protocol version of 14 or 16, a 32-bit integer is subsequently read from the TCP stream by the client and directly provided as the trusted size for further reading from the TCP stream into a 1024-byte character array on the stack.

tags | exploit, overflow, tcp, protocol
advisories | CVE-2008-0610, OSVDB-42840
MD5 | 187a1b201d8fc6474c89373387e08e1b
ManageEngine Device Expert 5.6 Directory Traversal
Posted Mar 19, 2012
Authored by rgod | Site retrogod.altervista.org

ManageEngine Device Expert version 5.6 suffers from a Java Server ScheduleResultViewer servlet unauthenticated remote directory traversal vulnerability.

tags | exploit, java, remote, file inclusion
MD5 | 22b3da91562b5553003f5850ffc6944f
Topics Viewer Cross Site Request Forgery
Posted Feb 29, 2012
Authored by The Green Hornet

Topics Viewer suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 714f15b6f203d8a26d9a131aa586ae23
Secunia Security Advisory 47946
Posted Feb 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Visio Viewer, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | 2ec3e8708317867ed51f50ef249e4045
EdrawSoft Office Viewer Component ActiveX 5.6 Buffer Overflow
Posted Jan 31, 2012
Authored by LiquidWorm | Site zeroscience.mk

EdrawSoft Office Viewer Component ActiveX version 5.6.5781 suffers from a buffer overflow vulnerability when parsing large amount of bytes to the FtpUploadFile member in FtpUploadFile() function, resulting memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
MD5 | e540c339e50eef4b81df0e87bc189135
Mandriva Linux Security Advisory 2012-004
Posted Jan 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-004 - Multiple vulnerabilities has been found and corrected in t1lib. A heap-based buffer overflow flaw was found in the way AFM font file parser, used for rendering of DVI files, in GNOME evince document viewer and other products, processed line tokens from the given input stream. A remote attacker could provide a DVI file, with embedded specially-crafted font file, and trick the local user to open it with an application using the AFM font parser, leading to that particular application crash or, potentially, arbitrary code execution with the privileges of the user running the application. Various other issues were also addressed.

tags | advisory, remote, overflow, arbitrary, local, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2011-0433, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554
MD5 | f4d6c3cb08dde11fdb1306e368d59d26
Secunia Security Advisory 47487
Posted Jan 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in IBM Cognos TM1 Executive Viewer, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | a3c746199f81828d955809dc3bbbb1c2
Debian Security Advisory 2357-1
Posted Dec 4, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2357-1 - Jon Larimer from IBM X-Force Advanced Research discovered multiple vulnerabilities in the DVI backend of the evince document viewer.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2010-2640, CVE-2010-2641, CVE-2010-2642, CVE-2010-264320
MD5 | 0149e122832bf9e556b6450149cfec93
Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control
Posted Nov 17, 2011
Authored by Dr_IDE, mr_me, TecR0c | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in the Active control file ImageViewer2.OCX by passing a overly long argument to an insecure TifMergeMultiFiles() method. Exploitation results in code execution with the privileges of the user who browsed to the exploit page. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.

tags | exploit, java, overflow, code execution
MD5 | 4682a02bd6d485a684e4c2af85471375
Ubuntu Security Notice USN-1249-1
Posted Oct 27, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1249-1 - It was discovered that BackupPC did not properly sanitize its input when processing backup browser error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. This issue did not affect Ubuntu 11.10. Jamie Strandboge discovered that BackupPC did not properly sanitize its input when processing log file viewer error messages, resulting in cross-site scripting (XSS) vulnerabilities.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2011-3361
MD5 | 7e111d7cad2365411a96ee7bfdea39f3
RealVNC Authentication Bypass
Posted Aug 26, 2011
Authored by H D Moore, The Light Cosine | Site metasploit.com

This Metasploit module exploits an Authentication Bypass Vulnerability in RealVNC Server version 4.1.0 and 4.1.1. It sets up a proxy listener on LPORT and proxies to the target server The AUTOVNC option requires that vncviewer be installed on the attacking machine. This option should be disabled for Pro.

tags | exploit, bypass
advisories | CVE-2006-2369, OSVDB-25479
MD5 | 8e4490d03f022fde63ac0d43677b774d
Microsoft Report Viewer Cross Site Scripting
Posted Aug 25, 2011
Authored by Adam Bixby | Site gdssecurity.com

Microsoft Report Viewer controls suffer from a cross site scripting vulnerability. Microsoft Report Viewer Redistributable 2005 SP1 and Microsoft Visual Studio 2005 Service Pack 1 are affected.

tags | exploit, xss
advisories | CVE-2011-1976
MD5 | 2127d7df083651d49fe5271549571c9f
Secunia Security Advisory 45514
Posted Aug 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Report Viewer, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 93c1782062d89a7a7a17a537f59944d6
Page 1 of 4
Back1234Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    19 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close