what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

UltraVNC Viewer 1.2.2.4 Denial Of Service
Posted Apr 15, 2019
Authored by Victor Mondragon

UltraVNC Viewer version 1.2.2.4 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | a8874d60ff75aa07455e18736ef6dc77ad3acf55b4e019d5ea21ab2f399f86fc

Related Files

Secunia Security Advisory 50015
Posted Jul 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability with an unknown impact has been reported in TeamViewer.

tags | advisory
SHA-256 | 009cf31aed01a4c1fecb832dc5182eb58f9ab74b6b4c73bea48845fd6f17c2e5
Secunia Security Advisory 49934
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Three vulnerabilities have been reported in Oracle MapViewer, which can be exploited by malicious people to gain knowledge of sensitive information or manipulate certain data.

tags | advisory, vulnerability
SHA-256 | 7df3e084cc8e53f6c3b836bb46049f6848587771b59eec7b4c879664dee7dcb2
Microsoft Windows OLE Object File Handling Remote Code Execution
Posted Jun 7, 2012
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a type confusion vulnerability in the OLE32 component of Windows XP SP3. The vulnerability exists in the CPropertyStorage::ReadMultiple function. A Visio document with a specially crafted Summary Information Stream embedded allows to get remote code execution through Internet Explorer, on systems with Visio Viewer installed.

tags | exploit, remote, code execution
systems | windows
advisories | CVE-2011-3400, OSVDB-77663
SHA-256 | 38a04eb9235c0ff6ef85f3b9bba40470be0f95a7efe95b58a475e3f84a0afc55
Samsung NET-i viewer Multiple ActiveX BackupToAvi() Remote Overflow
Posted Jun 7, 2012
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in the CNC_Ctrl.dll ActiveX installed with the Samsung NET-i viewer 1.37. Specifically, when supplying a long string for the fname parameter to the BackupToAvi method, an integer overflow occurs, which leads to a posterior buffer overflow due to the use of memcpy with an incorrect size, resulting in remote code execution under the context of the user.

tags | exploit, remote, overflow, code execution, activex
advisories | OSVDB-81453
SHA-256 | 03a28d9b585a04552b2af08e30b7a0771b1cda34693418914dcb8507b373570a
Secunia Security Advisory 49296
Posted May 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in TopicsViewer, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 666f2e73e93190b7aba8403149d57b407f3ff9098cd705cef8beadd772706b16
Topics Viewer 2.3 Local File Inclusion / SQL Injection
Posted May 28, 2012
Authored by n4ss1m

Topics Viewer version 2.3 suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
SHA-256 | 240295b4314ae057413639f66d3ca5596b799d870b2492f4e019413946b893f4
Secunia Security Advisory 49113
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Visio Viewer, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 10318aa6c588be6ee964bbffd912ec767dd6c14269c063fec7133da827d5c6f2
Ubuntu Security Notice USN-1439-1
Posted May 7, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1439-1 - Matthias Weckbecker discovered a cross-site scripting (XSS) vulnerability in Horizon via the log viewer refresh mechanism. If a user were tricked into viewing a specially crafted log message, a remote attacker could exploit this to modify the contents or steal confidential data within the same domain. Thomas Biege discovered a session fixation vulnerability in Horizon. An attacker could exploit this to potentially allow access to unauthorized information and capabilities. Various other issues were also addressed.

tags | advisory, remote, xss
systems | linux, ubuntu
advisories | CVE-2012-2094, CVE-2012-2144, CVE-2012-2094, CVE-2012-2144
SHA-256 | 7b70699a65f9988c4c343caffced00dfe13277d783584ab531944622f4ea9fba
Samsung NET-i Viewer Active-X SEH Overwrite
Posted May 2, 2012
Authored by Blake

Samsung NET-i Viewer version 1.37 active-x SEH overwrite exploit.

tags | exploit, activex
SHA-256 | 89a65827884b5491e386120caa8f2acc5d2507db952b044c4deacb9cceae7d5d
Secunia Security Advisory 48965
Posted Apr 24, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Luigi Auriemma has discovered two vulnerabilities in NET-i viewer, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 39628b1413f9c66ec4f1e39705ee7f7edff117e41382fe957c83915d9733dd27
Secunia Security Advisory 48966
Posted Apr 24, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Luigi Auriemma has discovered two vulnerabilities in NET-i viewer, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 3f0a95568a66cf67da9a171c977af5bcd18c6a1cf4289c8a53ee43d880420655
The Source Is A Lie
Posted Apr 17, 2012
Authored by Andreas Nusser | Site sec-consult.com

Whitepaper called The Source Is A Lie. Backdoors have always been a concern of the security community. In recent years the idea of not trusting the developer has gained momentum and manifested itself in various forms of source code review. For Java, being one of the most popular programming languages, numerous tools and papers have been written to help during reviews. While these tools and techniques are getting developed further, they usually focus on traditional programming paradigms. Modern concepts like Aspect Oriented Programming or the Java Reflection API are left out. Especially the use of Java’s Reflection API in conjunction with the lesser known “string pool” can lead to a new kind of backdoor. This backdoor hides itself from unwary reviewer by disguising its access to critical resources like credential through indirection. To raise the awareness about this particular kind of backdoor, this paper will provide a short introduction to the string pool, show how reflection can be used to manipulate it, demonstrate how a backdoor can abuse this, and discuss how it can be uncovered.

tags | paper, java
SHA-256 | 2a07f7ba8590b6f096b40e0241279121aa6cb6cc3400db03bb9062a53afd7af0
UltraVNC 1.0.2 Client (vncviewer.exe) Buffer Overflow
Posted Mar 26, 2012
Authored by noperand | Site metasploit.com

This Metasploit module exploits a buffer overflow in UltraVNC Viewer 1.0.2 Release. If a malicious server responds to a client connection indicating a minor protocol version of 14 or 16, a 32-bit integer is subsequently read from the TCP stream by the client and directly provided as the trusted size for further reading from the TCP stream into a 1024-byte character array on the stack.

tags | exploit, overflow, tcp, protocol
advisories | CVE-2008-0610, OSVDB-42840
SHA-256 | b357e9030ba561108d1415577377c438445c6d1ccdf5a6b60eef2ab3f927b9c6
ManageEngine Device Expert 5.6 Directory Traversal
Posted Mar 19, 2012
Authored by rgod | Site retrogod.altervista.org

ManageEngine Device Expert version 5.6 suffers from a Java Server ScheduleResultViewer servlet unauthenticated remote directory traversal vulnerability.

tags | exploit, java, remote, file inclusion
SHA-256 | ac9ce0ef47d738091d599b3ea17bfa50dae411a0fcf3d690ac1f2757cfe3424d
Topics Viewer Cross Site Request Forgery
Posted Feb 29, 2012
Authored by The Green Hornet

Topics Viewer suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 4aedd9119d03bf833a70528ca35e61259571bb87e96ca763e711b23712486f98
Secunia Security Advisory 47946
Posted Feb 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Visio Viewer, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 969006847fe3134c2eb4f078f8cb4dcf5fa75fe5bc356de8dfc9d8721c51302f
EdrawSoft Office Viewer Component ActiveX 5.6 Buffer Overflow
Posted Jan 31, 2012
Authored by LiquidWorm | Site zeroscience.mk

EdrawSoft Office Viewer Component ActiveX version 5.6.5781 suffers from a buffer overflow vulnerability when parsing large amount of bytes to the FtpUploadFile member in FtpUploadFile() function, resulting memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
SHA-256 | aa458d428c88b317e3d19885fabb2292797100d9c42881cb18343f476bfa04eb
Mandriva Linux Security Advisory 2012-004
Posted Jan 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-004 - Multiple vulnerabilities has been found and corrected in t1lib. A heap-based buffer overflow flaw was found in the way AFM font file parser, used for rendering of DVI files, in GNOME evince document viewer and other products, processed line tokens from the given input stream. A remote attacker could provide a DVI file, with embedded specially-crafted font file, and trick the local user to open it with an application using the AFM font parser, leading to that particular application crash or, potentially, arbitrary code execution with the privileges of the user running the application. Various other issues were also addressed.

tags | advisory, remote, overflow, arbitrary, local, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2011-0433, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554
SHA-256 | f9a48e9ae40316e20b4d213e0862b9dee1e34ba82c1cf80d054005a9862897ce
Secunia Security Advisory 47487
Posted Jan 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in IBM Cognos TM1 Executive Viewer, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 121d4bf954ac3855eac9e4201cf0bbbf643678cf0c124b0bf4433d44115537c1
Debian Security Advisory 2357-1
Posted Dec 4, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2357-1 - Jon Larimer from IBM X-Force Advanced Research discovered multiple vulnerabilities in the DVI backend of the evince document viewer.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2010-2640, CVE-2010-2641, CVE-2010-2642, CVE-2010-264320
SHA-256 | 088bf1eb17fbe3e4dd8c9598fa2c61f2c3610609affe9540961885e186473e9e
Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control
Posted Nov 17, 2011
Authored by Dr_IDE, mr_me, TecR0c | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in the Active control file ImageViewer2.OCX by passing a overly long argument to an insecure TifMergeMultiFiles() method. Exploitation results in code execution with the privileges of the user who browsed to the exploit page. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.

tags | exploit, java, overflow, code execution
SHA-256 | ff98b933de5295139e90a1985be85c50e19987cebb121f5874c995e6d229d3ee
Ubuntu Security Notice USN-1249-1
Posted Oct 27, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1249-1 - It was discovered that BackupPC did not properly sanitize its input when processing backup browser error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. This issue did not affect Ubuntu 11.10. Jamie Strandboge discovered that BackupPC did not properly sanitize its input when processing log file viewer error messages, resulting in cross-site scripting (XSS) vulnerabilities.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2011-3361
SHA-256 | 063eb8c6038da815c5d6dad43a7a7e358f343c718e57b60617c8012eaf8fd1eb
RealVNC Authentication Bypass
Posted Aug 26, 2011
Authored by H D Moore, The Light Cosine | Site metasploit.com

This Metasploit module exploits an Authentication Bypass Vulnerability in RealVNC Server version 4.1.0 and 4.1.1. It sets up a proxy listener on LPORT and proxies to the target server The AUTOVNC option requires that vncviewer be installed on the attacking machine. This option should be disabled for Pro.

tags | exploit, bypass
advisories | CVE-2006-2369, OSVDB-25479
SHA-256 | e04dfdae1c144c55bf3ae60b0db55de39d6d8b5d1ffc4b3506d87fa3c3c8e7c6
Microsoft Report Viewer Cross Site Scripting
Posted Aug 25, 2011
Authored by Adam Bixby | Site gdssecurity.com

Microsoft Report Viewer controls suffer from a cross site scripting vulnerability. Microsoft Report Viewer Redistributable 2005 SP1 and Microsoft Visual Studio 2005 Service Pack 1 are affected.

tags | exploit, xss
advisories | CVE-2011-1976
SHA-256 | 4d9788bddcd51301180727fdb8f1bfb7d0282f2267bc50035868014db7f5b3e7
Secunia Security Advisory 45514
Posted Aug 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Report Viewer, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 71114d7e21adf8be64f8982d2e7f00c45e50bd58443f5e64e2ce481d9d06bf3d
Page 1 of 4
Back1234Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close