what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Zero Day Initiative Advisory 05-01
Posted Oct 13, 2005
Authored by ZDI, Tipping Point | Site zerodayinitiative.com

ZDI-05-001: VERITAS NetBackup Remote Code Execution - This vulnerability allows remote attackers to execute arbitrary code on vulnerable NetBackup installations.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2005-2715
SHA-256 | d5b278979fe2d177d5056d8919b4e0cd4ad1a78f4ac275fd64b33349cf7f0bc3

Related Files

HPE Security Bulletin HPESBHF03815 1
Posted Jan 29, 2018
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03815 1 - A security vulnerability in HPE Intelligent Management Center (iMC) PLAT can be exploited to allow remote code execution. This is an enhanced fix for ZDI-17-162/CVE-2017-5792. Revision 1 of this advisory.

tags | advisory, remote, code execution
advisories | CVE-2017-5792
SHA-256 | 7c9c60346f128d908e95b82bfe7b2a197508e3a45b159d72a5ce83498d7ddd09
HPE Security Bulletin HPESBHF03813 1
Posted Jan 29, 2018
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03813 1 - A security vulnerability has been identified in IMC PLAT 7.3 E0506. The vulnerability could be remotely exploited to allow remote code execution. This is an enhanced fix to ZDI-17-484. Revision 1 of this advisory.

tags | advisory, remote, code execution
advisories | CVE-2017-8981
SHA-256 | 6311b03abd387f26560eb82c1d2c2e9d9c0e4ee89e2e18a2241bdfaf9b8458eb
Windows Script Host UAC Bypass
Posted Aug 27, 2015
Authored by vozzie

The Windows Script Host executables suffer from a vulnerability due to a missing embedded manifest. Using another exploit, the combination of "wusa.exe" and "makecab.exe" files can be copied to the Windows folder. Copies of a manifest and the script host allow to execute the copied script host and bypass UAC warning messages in case the UAC settings are default. Both ZDI and Microsoft are aware of this issue, expectedly ZDI didn't accept the admission because it's not a remote vulnerability. Surprisingly Microsoft didn't accept the vulnerability because "UAC isn't considered a security boundary". Only Windows 7 is vulnerable, Windows 8 has a embedded manifest and Windows 10 is untested.

tags | exploit, remote
systems | windows
SHA-256 | 221d3bbec1c5df5426bf707aa9ebcf83deb62a5dcff3e0f43a1161f218d916e7
Novell ZENworks Configuration Management Arbitrary File Upload
Posted May 4, 2015
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Novell ZENworks Configuration Management (ZCM, which is part of the ZENworks Suite). The vulnerability exists in the UploadServlet which accepts unauthenticated file uploads and does not check the "uid" parameter for directory traversal characters. This allows an attacker to write anywhere in the file system, and can be abused to deploy a WAR file in the Tomcat webapps directory. ZCM up to (and including) 11.3.1 is vulnerable to this attack. This Metasploit module has been tested successfully with ZCM 11.3.1 on Windows and Linux. Note that this is a similar vulnerability to ZDI-10-078 / OSVDB-63412 which also has a Metasploit exploit, but it abuses a different parameter of the same servlet.

tags | exploit, file upload
systems | linux, windows
advisories | CVE-2015-0779
SHA-256 | 15f84d28ce1e05b5772eda5c8a707f10298f591215c96328ff2bf9f777e5ccf4
HP Diagnostics Server magentservice.exe Overflow
Posted Jan 28, 2012
Authored by AbdulAziz Hariri, hal | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP Diagnostics Server magentservice.exe service. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by AbdulAziz Harir via ZDI.

tags | exploit, overflow, arbitrary
advisories | CVE-2011-4789, OSVDB-72815
SHA-256 | c6a14560edab2b9d9defb11e36b12526fd6aaa6d5fa8fa8faa2534b45739ade1
Zero Day Initiative Advisory 11-002
Posted Jan 12, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-02 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. This vulnerability was submitted to the ZDI via at the annual Pwn2Own competition at CanSecWest. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the MSADO component. When handling the a user specified CacheSize property the process uses this value to calculate the 'real' cache size. This value is used without proper validation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0027
SHA-256 | 1a6549c84e710f01cda4dae179001588323300fd3952633a8f9c9cae93493c7a
Secunia Security Advisory 42596
Posted Dec 13, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Aliaksandr Hartsuyeu has reported a vulnerability in BizDir, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 0393690a77c9bc77d9c534061a70ad79a543e805c083fe5a0d134d8b3bd5d101
BizDir 5.10 Cross Site Scripting
Posted Dec 10, 2010
Authored by Aliaksandr Hartsuyeu | Site evuln.com

BizDir version 5.10 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d846d7b63465d18d943007a50e20c237dea459e54e488848145dc85a72ebecfa
FuzzDiff Crash Analysis Tool
Posted Jul 26, 2010
Authored by Dan Rosenberg | Site vsecurity.com

FuzzDiff is a simple tool created to assist in helping make crash analysis during file format fuzzing a bit easier. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targeted program, FuzzDiff will selectively "un-fuzz" portions of the fuzzed file while re-launching the application to monitor for crashes. This will yield a file that still crashes the target application, but contains a minimum set of changes from the original, un-fuzzed file. This can be useful in pinning down the exact cause of a crash.

tags | fuzzer
SHA-256 | 64a2478b6758505b56ea79a765292e926f190b7255790d538d7a95e688fd16bb
HP OmniInet.exe MSG_PROTOCOL Buffer Overflow
Posted Jan 7, 2010
Authored by EgiX, jduck, riaf | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted MSG_PROTOCOL (0x010b) packet, a remote attacker may be able to execute arbitrary code with elevated privileges. This service is installed with HP OpenView Data Protector, HP Application Recovery Manager and potentially other products. This exploit has been tested against versions 6.1, 6.0, and 5.50 of Data Protector. and versions 6.0 and 6.1 of Application Recovery Manager. NOTE: There are actually two consecutive wcscpy() calls in the program (which may be why ZDI considered them two separate issues). However, this module only exploits the first one.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2007-2280
SHA-256 | 098a37312c7769272d53b6747df73473c2997a18bf5130110137953613125b72
HP OmniInet.exe MSG_PROTOCOL Buffer Overflow
Posted Jan 7, 2010
Authored by EgiX, jduck, riaf | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted MSG_PROTOCOL (0x010b) packet, a remote attacker may be able to execute arbitrary code with elevated privileges. This service is installed with HP OpenView Data Protector, HP Application Recovery Manager and potentially other products. This exploit has been tested against versions 6.1, 6.0, and 5.50 of Data Protector. and versions 6.0 and 6.1 of Application Recovery Manager. NOTE: There are actually two consecutive wcscpy() calls in the program (which may be why ZDI considered them two separate issues). However, this module only exploits the second one.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2009-3844
SHA-256 | 6077abc4561b8bb88f893fcbc753edd3a1b15ac32e3ac4ebcdc7446ce7360c3c
bizdir-xss.txt
Posted Sep 3, 2008
Authored by Am!r | Site irist.ir

BizDirectory versions 2.04 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4aaab9425f330a9a505492e0efe74debe0361f837d4e414275b6ab76190c5af7
Zero Day Initiative Advisory 08-05
Posted Feb 11, 2008
Authored by Tipping Point, Avosani Gabriele | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Authentication is not required to exploit this vulnerability. The specific flaw exists in nwspool.dll which is responsible for handling RPC requests through the spoolss named pipe. The EnumPrinters function exposed by this DLL contains a logical flaw allowing an attacker to bypass a patch introduced to prevent the vulnerability described in ZDI-07-045. Exploitation of this vulnerability leads to arbitrary code execution in the context of the SYSTEM user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2008-0639
SHA-256 | 9eadef5756316b7c3b14ecba25151f26f79529325cbe41c1ec59c1c2b7484bc9
Zero Day Initiative Advisory 07-025
Posted May 8, 2007
Authored by Tipping Point, Eric DETOISIEN | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SpntSvc.exe daemon, bound by default on TCP port 5168 and exposing the following DCE/RPC interface through TmRpcSrv.dll.

tags | advisory, arbitrary, tcp
advisories | CVE-2007-2508
SHA-256 | edeeae669ef34c8fd542888a7411599d8a70dd4b5ac67a4fc6023990c2d7b1f0
Zero Day Initiative Advisory 07-024
Posted May 8, 2007
Authored by Tipping Point, Eric DETOISIEN | Site zerodayinitiative.com

Multiple vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. The specific flaw exists in the EarthAgent.exe daemon, bound by default on TCP port 3628 and exposing the following DCE/RPC interface through TmRpcSrv.dll.

tags | advisory, arbitrary, tcp, vulnerability
advisories | CVE-2007-2508
SHA-256 | a78892500902758ec7a684ba6cd4b9f96dd206ee6c0566b624005f095690cb14
Zero Day Initiative Advisory 07-023
Posted May 3, 2007
Authored by Tipping Point, Dino A. Dai Zovi | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on systems with vulnerable installations of Apple's QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

tags | advisory, arbitrary
systems | apple
advisories | CVE-2007-2175
SHA-256 | ba713c314baf1496080cf8a7f18d2fc09ea9f48434abc1007d75e1a4358968f5
Zero Day Initiative Advisory 07-022
Posted Apr 25, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Media Server. User interaction is not required to exploit this vulnerability.

tags | advisory, arbitrary
advisories | CVE-2007-2139
SHA-256 | 5f051d451b1cb655c302560bb76e182d99aa01278266b8298e9a10f46856cb50
Zero Day Initiative Advisory 07-021
Posted Apr 23, 2007
Authored by Peter Vreugdenhil, Tipping Point | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of GraceNote's CDDBControl ActiveX Control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

tags | advisory, arbitrary, activex
advisories | CVE-2007-0443
SHA-256 | 05e34559f4666d4770ca80dbb1b470429e352be29c9dd3ab6c092f4e48abe151
Zero Day Initiative Advisory 07-020
Posted Apr 19, 2007
Authored by Tipping Point | Site zerodayinitiative.com

Vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of BMC Performance Manager. User interaction is not required to exploit this vulnerability. The specific flaw exists in the PatrolAgent.exe listening on TCP port 3181. The service allows remote attackers to modify configuration files without authentication. This can be exploited by an attacker by modifying parameters in SNMP communities definitions. By modifying the masterAgentName and masterAgentStartLine parameters, an attacker can execute arbitrary code.

tags | advisory, remote, arbitrary, tcp, vulnerability
advisories | CVE-2007-1972
SHA-256 | af821d60c5943917a00431dbce91939ec5641db70437f462bbc64ff57193d46c
Zero Day Initiative Advisory 07-019
Posted Apr 19, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of BMC Patrol. User interaction is not required to exploit this vulnerability. The specific flaw exists due to improper parsing of XDR data sent to the bgs_sdservice.exe process listening by default on TCP port 10128. An attacker can influence a parameter to a memory copy operation and cause corruption of the stack and including SEH pointers. This can be leveraged to execute arbitrary code.

tags | advisory, arbitrary, tcp
advisories | CVE-2007-2136
SHA-256 | c68d1abda193e0c11f283735950b98df7c0f02cde1ca790898b0e4241dba539e
Zero Day Initiative Advisory 07-018
Posted Apr 19, 2007
Authored by CIRT.DK, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Monitoring Express version 6.1. Authentication is not required to exploit this vulnerability. The specific flaws exist in the Tivoli Universal Agent Primary Service (TCP 10110), Monitoring Agent for Windows OS - Primary (TCP 6014) and Tivoli Enterprise Portal Server (TCP 14206) services. When a long string is sent to these services, it will result in a heap overflow during a call to a vulnerable function in kde.dll resulting in the ability to execute arbitrary code.

tags | advisory, remote, overflow, arbitrary, tcp
systems | windows
advisories | CVE-2007-2137
SHA-256 | 0086b2a823788d685ea92d803990861bcded3e23445dacfce850f58fe17c0922
Zero Day Initiative Advisory 07-017
Posted Apr 19, 2007
Authored by Joxean Koret, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to download any existing document in the APPS.FND_DOCUMENTS table on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the ADI_BINARY component of the E-Business Suite. The component exposes a parameter that can also be passed to ADI_DISPLAY_REPORT to allow an attacker to view any document in the APPS.FND_DOCUMENTS table. An attacker can cycle through all document IDs to display each document that exists.

tags | advisory, remote
advisories | CVE-2007-2135
SHA-256 | 7695b29a5b73a990141587afaad7025ba20336a322848f36046e521d84262f61
Zero Day Initiative Advisory 07-016
Posted Apr 19, 2007
Authored by Joxean Koret, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to delete any existing Document Management node on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the APPLSYS.FND_DM_NODES package. The procedure to delete nodes does not check for a valid session thereby allowing an attacker to arbitrarily delete any node registered, including the root node.

tags | advisory, remote, root
advisories | CVE-2007-2170
SHA-256 | a56905b28f18536776787ff58703784ae3030dd3b225c7e8a7e6187e035b3646
Zero Day Initiative Advisory 07-015
Posted Apr 19, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists in the GWINTER.exe process bound by default on TCP ports 7205 and 7211. During the handling of an HTTP Basic authentication request, the process copies user-supplied base64 data into a fixed length stack buffer. Sending at least 336 bytes will trigger a stack based buffer overflow due to a vulnerable base64_decode() call. Exploitation of this issue can result in arbitrary code execution.

tags | advisory, remote, web, overflow, arbitrary, tcp, code execution
advisories | CVE-2007-2171
SHA-256 | 90a41cead20143889d6a2f43dfaa84ad08429adb0c36d1b17c84c1dfcf42c1ae
Zero Day Initiative Advisory 07-014
Posted Apr 7, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to download and remove any file on vulnerable installations of Kaspersky Anti-Virus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

tags | advisory, remote, virus
advisories | CVE-2007-1112
SHA-256 | d6bb18bdef611cc75bb8bcb64cec567ef86195f55b8b59f97ea8d5b5549aeb83
Page 1 of 4
Back1234Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close