what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 96 RSS Feed

Files

EE 4GEE Mini Local Privilege Escalation
Posted Sep 25, 2018
Authored by Osanda Malith

EE 4GEE Mini suffers from a unquoted service path local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2018-14327
SHA-256 | c1b7aa39cbec823fe71e2b733e4df2dac3df5252f2e6af9a8594b06b5823418f

Related Files

EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 Hard-Coded Credentails
Posted Oct 31, 2018
Authored by James Hemmings

EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 suffers from having hard-coded root SSH credentials.

tags | exploit, root
advisories | CVE-2018-10532
SHA-256 | 0a9f27f891c98728ab30ea54c81512e9a371e1b5f88b8b9083e0587872a38253
Enterprise Edition Payment Processor Script 3.7 SQL Injection
Posted Sep 14, 2017
Authored by Ihsan Sencan

Enterprise Edition Payment Processor Script version 3.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bb670a612c257a376b24a0c3b905110c33c5b03f5a86fe173a64834e6cad5c7f
EE 4GEE Wireless Router EE60_00_05.00_25 XSS / CSRF / Disclosure
Posted Sep 8, 2017
Authored by James Hemmings

EE 4GEE wireless router version EE60_00_05.00_25 suffers from cross site request forgery, cross site scripting, and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
SHA-256 | df351b407db9242190cf3bbea62bf65f1e04f7a9d97b0fbf8792987089fa564e
Flemish Television Cross Site Scripting
Posted Jul 16, 2012
Authored by Yvan Janssens

The site at http://eenmiljardseconden.frankdeboosere.be/ had a cross site scripting issue and resolved it. What makes this noteworthy is that they took the high road and rickrolled any future attempts. More sites should add humor to their fixes.

tags | advisory, web, xss
SHA-256 | fab0483fa163dbeb5095052167d50d9d23809032c0545626a35845f4b78fa07e
Epson EventManager 2.50 Denial Of Service
Posted Mar 15, 2012
Authored by Luigi Auriemma | Site aluigi.org

Epson EventManager versions 2.50 and below suffer from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
systems | linux
SHA-256 | e9ed7d61f4b3e9141efd05f83faf0bccc4dfb4b5e305505630db6036832c77cd
EEGshop 1.2 SQL Injection
Posted Dec 15, 2009
Authored by Securitylab Security Research | Site securitylab.ir

EEGshop version 1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bac6543fb58354ca0c3f2c619a87dfc1a13456224050e9de6c21c7ef2b8e9725
eebcms-xss.txt
Posted Oct 11, 2008
Authored by d3v1l

EEB-CMS version 0.95 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 57d61a19bac861b8a37c8580653cb38fd90c3d0e72c2ec4014261333d2d1739c
EEYE-bitdefender.txt
Posted Nov 26, 2007
Authored by Greg Linares | Site eeye.com

eEye Digital Security has discovered a critical remote code execution condition within OScan8.ocx and Oscan81.ocx included by default in BitDefender Online Anti-Virus Scanner 8.0 released on May 24th 2006.

tags | advisory, remote, code execution, virus
SHA-256 | fc1814d1cbae3769356bcebcdf2053773a16eac33866492d72627399464648fb
EEYE-flac.txt
Posted Nov 16, 2007
Authored by Greg Linares | Site eeye.com

eEye Digital Security has discovered 14 vulnerabilities in the processing of FLAC (Free-Lossless Audio Codec) files affecting various applications. Processing a malicious FLAC file within a vulnerable application could result in the execution of arbitrary code at the privileges of the application or the current user (depending on OS).

tags | advisory, arbitrary, vulnerability
SHA-256 | fd4435d88053e876b0e64335d16dd5e50c862e15e3ae435c244329d2b41a39f6
EEYE-cabright.txt
Posted Oct 12, 2007
Authored by Greg Linares | Site eeye.com

eEye Digital Security has discovered a remote vulnerability in CA BrightStor ARCserve Backup Server that allows an attacker to execute arbitrary code as SYSTEM without any user interaction. The exploit is extremely reliable and can be successfully delivered either across the Internet or within local networks via a random TCP port that is disclosed by the BrightStor portmapper service on TCP/111.

tags | advisory, remote, arbitrary, local, tcp
SHA-256 | 009d71dfb29f2caa5ca0a43c3b72406ccf8c716bee6628c3e41f5d7cf66f485e
EEYE-ARCserve.txt
Posted Sep 25, 2007
Authored by Yuji Ukai, Andre Derek Protas, Matt Oh | Site eeye.com

eEye Digital Security has discovered multiple vulnerabilities within CA ARCserve for Laptops & Desktops (L&D), an enterprise-level backup software suite designed for workstations. The vulnerabilities can be utilized by an attacker to execute arbitrary code on a remote system anonymously over TCP/1900.

tags | advisory, remote, arbitrary, tcp, vulnerability
SHA-256 | 2c3fbc7b2a14abfd5c6627658fb14d28b20b7c63ec81bf6bcd5dcc180cd1adfc
EEYE-META.txt
Posted Aug 15, 2007
Authored by Yuji Ukai | Site eeye.com

eEye Digital Security has discovered a heap overflow vulnerability in the way the Windows Graphical Device Interface (GDI) processes Windows metafiles. If an application attempts to display a malicious metafile in a particular way, a heap overflow will occur and result in the execution of arbitrary code, with the privileges of the user who ran the application.

tags | advisory, overflow, arbitrary
systems | windows
SHA-256 | 3daffd833b5209c94b6713eeff0438cd5613f4e5ca5821836f028d845c4dc3e8
EEYE-VGX.txt
Posted Aug 15, 2007
Authored by Derek Soeder, Ben Nagy | Site eeye.com

eEye Digital Security has discovered a heap overflow vulnerability in VGX.DLL's processing of compressed content referenced from VML. VGX.DLL is the Microsoft component responsible for rendering VML (Vector Markup Language) within Internet Explorer.

tags | advisory, overflow
SHA-256 | 9b1cfee5014a419ac428eac7004f0bbeb5caae72cf8de6073a0fb45a9a602d41
EEYE-mp2007.txt
Posted Jul 11, 2007
Authored by Greg Linares | Site eeye.com

eEye Digital Security has discovered a critical vulnerability in PUBCONV.DLL (version 12.0.4518.1014) included with Microsoft's Publisher 2007. PUBCONV.DLL is the Publisher conversion library used by Publisher to translate previous Publisher version files to be "properly" rendered in Publisher 2007. However, when attempting to load a malformed legacy Publisher document (i.e. Publisher 98), PUBCONV.DLL can be forced to call an arbitrary function pointer resulting in the execution of attacker supplied code in the context the of logged-in user.

tags | advisory, arbitrary
SHA-256 | 45a807a94697efd0e37c0d7d7a9bd649800af626e2944fe004c61b8ddf4b51f7
EEYE-Java.txt
Posted Jul 10, 2007
Authored by Daniel Soeder | Site eeye.com

eEye Digital Security has discovered a stack buffer overflow in Java WebStart, a utility installed with Java Runtime Environment for the purpose of managing the download of Java applications. By opening a malicious JNLP file, a user's system may be compromised by arbitrary code within the file, which executes with the privileges of that user. Systems affected are Java Runtime Environment 6 update 1 and below and Java Runtime Environment 5 update 11 and below.

tags | advisory, java, overflow, arbitrary
SHA-256 | 4634c67fe886c62ca9877c8e797c11203f134b24b6f4f56bbd706b71a5db40d7
EEYE-Yahoo.txt
Posted Jun 11, 2007
Authored by Greg Linares | Site eeye.com

eEye Digital Security has discovered two critical vulnerabilities in ywcupl.dll (version 2.0.1.4) and ywcvwr.dll (version 2.0.1.4) included by default in all releases of Yahoo! Messenger 8.x.

tags | advisory, vulnerability
SHA-256 | d9613dbb76bafe2f5a875521f8e0028a1306fdcd3e8bbff5b802d3921f26ac89
EEYE-csrss.txt
Posted Apr 11, 2007
Authored by Derek Soeder | Site eeye.com

eEye Digital Security has discovered a local privilege escalation vulnerability in Windows Vista that allows a program executing without privileges to fully compromise an affected system. A malicious user or malware program could exploit this vulnerability to execute arbitrary code with SYSTEM privileges within the CSRSS process, permitting the bypass of Vista's vaunted user privilege limitations and administrator approval mode. By establishing and closing multiple connections to CSRSS's "ApiPort", an application may cause a private data structure within CSRSS that describes its process to be used after it has been freed, creating an exploitable "dangling pointer" condition. This vulnerability is entirely separate from the CSRSS NtRaiseHardError message box flaw publicly disclosed in December 2006, although both affect code within the CSRSS process. It is interesting to note that this vulnerability only affects Windows Vista, due to new, flawed code added to CSRSRV.DLL in support of functionality introduced in Vista.

tags | advisory, arbitrary, local
systems | windows
SHA-256 | 9e3f9423f653ac1b326017f5be448337555ba6f9473c7cb24c27270a9d983e2d
EEYE-vdmzero.txt
Posted Apr 11, 2007
Authored by Derek Soeder | Site eeye.com

eEye Digital Security has discovered a local privilege escalation vulnerability in the Windows kernel that allows an unprivileged user with the ability to execute a program to fully compromise an affected system. All x86 versions of Windows up to and including Windows Server 2003 SP2 are vulnerable. The Windows kernel's Virtual DOS Machine (VDM) implementation features a race condition through which a malicious program can modify the first 4KB page of physical memory (also known as the "zero page"). The data in this region of memory is trusted and may be subsequently used by other Virtual DOS Machines, including a VDM instantiated by the Windows kernel as part of hibernating or effecting a blue-screen crash. Exploitation of this vulnerability therefore allows arbitrary code to run within other users' VDM processes, and even within the kernel if hibernation or a blue-screen can be provoked by any available means.

tags | advisory, arbitrary, x86, kernel, local
systems | windows
SHA-256 | caf6c1119af3dab28ff1f2c0a10db34ba618823144b84c2fc3c5d0c70a778133
EEYE-Intel.txt
Posted Dec 8, 2006
Authored by Derek Soeder | Site eeye.com

eEye Digital Security has discovered a vulnerability in all Intel network adapter drivers ("NDIS miniport drivers") that could allow unprivileged code executing on an affected system to gain unfettered, kernel-level access. For instance, a malicious user, malware, or exploit payload taking advantage of an unrelated vulnerability could additionally exploit this vulnerability in order to completely compromise a system at the kernel level.

tags | advisory, kernel
SHA-256 | 6954f6306f926edd1c4a4b0dcac3b5fd90102d5b9255732d3a228f9efd4ef61a
EEYE-adm21x.txt
Posted Dec 7, 2006
Authored by Derek Soeder | Site research.eeye.com

eEye Digital Security has discovered a stack buffer overflow in Adobe Download Manager, a utility typically installed for the purpose of downloading Adobe software such as Adobe (Acrobat) Reader. By opening a malicious AOM file, a user's system may be compromised by arbitrary code within the file, which executes with the privileges of that user. Adobe Download Manager versions 2.1.x and below are affected.

tags | advisory, overflow, arbitrary
SHA-256 | 5fe805f75d967bc79ae983d8de02831c3dd55807784e321a24b62a1b32608e17
EEYE-MSWS.txt
Posted Nov 16, 2006
Authored by Derek Soeder, JeongWook Matt Oh | Site research.eeye.com

A flaw exists in a default Windows component called the "Workstation Service" that when exploited allows for remote code execution in SYSTEM context, allowing an attacker to take complete control of affected systems. Systems affected include Windows 2000 (Remote Code Execution), Windows XP SP1 (Local Privilege Escalation).

tags | advisory, remote, local, code execution
systems | windows
SHA-256 | 367cc68f34ddc938cf2dcc518afe55cf78d89fa4e11fb54f7de27032d7c6cf8e
EEYEB-20080824.txt
Posted Sep 13, 2006
Authored by Derek Soeder | Site research.eeye.com

eEye Digital Security has discovered a second heap overflow vulnerability in the MS06-042 cumulative Internet Explorer update that would allow an attacker to execute arbitrary code on the system of a victim who attempts to access a malicious URL. Windows 2000, Windows XP SP1, and Windows 2003 SP0 systems running Internet Explorer 5 SP4 or Internet Explorer 6 SP1, with the MS06-042 patch applied, are vulnerable; unpatched and more recent versions of Internet Explorer are not affected.

tags | advisory, overflow, arbitrary
systems | windows
SHA-256 | 69775c157322e3ccfd4e271a49bc2f9a19813713532ec62e509a70315569839c
EEYE-MS06-042-2.txt
Posted Aug 28, 2006
Authored by Derek Soeder | Site eeye.com

eEye Digital Security has discovered a heap overflow vulnerability in the MS06-042 cumulative Internet Explorer update that would allow an attacker to execute arbitrary code on the system of a victim who attempts to access a malicious URL. Only Windows 2000 and Windows XP SP1 systems running Internet Explorer 6 SP1 with the MS06-042 patch applied are vulnerable.

tags | advisory, overflow, arbitrary
systems | windows
SHA-256 | 140740018944f8f8fb1cd1ce93819ababbcebc675a58daa37730a7bec43591c1
EEYE-MS06-042.txt
Posted Aug 27, 2006
Authored by Derek Soeder | Site eeye.com

eEye has confirmed that the Internet Explorer crash vulnerability as described in MS06-042 is indeed exploitable.

tags | advisory
SHA-256 | 25511fcd2687aa34d588259c7d6ccedff89b97a4eb9e6853540042e50efcb196
EEYEB-20060703.txt
Posted Aug 27, 2006
Authored by Andre Derek Protas | Site eeye.com

eEye Digital Security has discovered a security vulnerability in IBM's eGatherer ActiveX control. This is the second vulnerability found in this control by eEye Research, the first being from Drew Copley. This control is typically installed by default on IBM workstations and laptops, and is used by default for auto-finding drivers/updates on IBM's/Lenovo's support site.

tags | advisory, activex
SHA-256 | 9c84908e1b617bcd8bdf8c955b46130747f8f7e108a5d3bf442c32fe17b7a573
Page 1 of 4
Back1234Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close