what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Zero Day Initiative Advisory 05-01
Posted Oct 13, 2005
Authored by ZDI, Tipping Point | Site zerodayinitiative.com

ZDI-05-001: VERITAS NetBackup Remote Code Execution - This vulnerability allows remote attackers to execute arbitrary code on vulnerable NetBackup installations.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2005-2715
MD5 | 7a21d85b3b485baad912cd5d2d238a79

Related Files

HPE Security Bulletin HPESBHF03815 1
Posted Jan 29, 2018
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03815 1 - A security vulnerability in HPE Intelligent Management Center (iMC) PLAT can be exploited to allow remote code execution. This is an enhanced fix for ZDI-17-162/CVE-2017-5792. Revision 1 of this advisory.

tags | advisory, remote, code execution
advisories | CVE-2017-5792
MD5 | b10eaa284036f9380d2173f7eaf55928
HPE Security Bulletin HPESBHF03813 1
Posted Jan 29, 2018
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03813 1 - A security vulnerability has been identified in IMC PLAT 7.3 E0506. The vulnerability could be remotely exploited to allow remote code execution. This is an enhanced fix to ZDI-17-484. Revision 1 of this advisory.

tags | advisory, remote, code execution
advisories | CVE-2017-8981
MD5 | 781a30fce34fda7a3de7587902067ae4
Windows Script Host UAC Bypass
Posted Aug 27, 2015
Authored by vozzie

The Windows Script Host executables suffer from a vulnerability due to a missing embedded manifest. Using another exploit, the combination of "wusa.exe" and "makecab.exe" files can be copied to the Windows folder. Copies of a manifest and the script host allow to execute the copied script host and bypass UAC warning messages in case the UAC settings are default. Both ZDI and Microsoft are aware of this issue, expectedly ZDI didn't accept the admission because it's not a remote vulnerability. Surprisingly Microsoft didn't accept the vulnerability because "UAC isn't considered a security boundary". Only Windows 7 is vulnerable, Windows 8 has a embedded manifest and Windows 10 is untested.

tags | exploit, remote
systems | windows, 7
MD5 | 742a0b632607f8b5cd134cce36956c7f
Novell ZENworks Configuration Management Arbitrary File Upload
Posted May 4, 2015
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Novell ZENworks Configuration Management (ZCM, which is part of the ZENworks Suite). The vulnerability exists in the UploadServlet which accepts unauthenticated file uploads and does not check the "uid" parameter for directory traversal characters. This allows an attacker to write anywhere in the file system, and can be abused to deploy a WAR file in the Tomcat webapps directory. ZCM up to (and including) 11.3.1 is vulnerable to this attack. This Metasploit module has been tested successfully with ZCM 11.3.1 on Windows and Linux. Note that this is a similar vulnerability to ZDI-10-078 / OSVDB-63412 which also has a Metasploit exploit, but it abuses a different parameter of the same servlet.

tags | exploit, file upload
systems | linux, windows
advisories | CVE-2015-0779
MD5 | 9f1e5f88703c300444953863de021257
HP Diagnostics Server magentservice.exe Overflow
Posted Jan 28, 2012
Authored by AbdulAziz Hariri, hal | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP Diagnostics Server magentservice.exe service. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by AbdulAziz Harir via ZDI.

tags | exploit, overflow, arbitrary
advisories | CVE-2011-4789, OSVDB-72815
MD5 | e1ffea648751482c32e081239f6df96f
Zero Day Initiative Advisory 11-002
Posted Jan 12, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-02 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. This vulnerability was submitted to the ZDI via at the annual Pwn2Own competition at CanSecWest. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the MSADO component. When handling the a user specified CacheSize property the process uses this value to calculate the 'real' cache size. This value is used without proper validation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0027
MD5 | d7b2641f8c2141163e24a147b0ae8cd4
Secunia Security Advisory 42596
Posted Dec 13, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Aliaksandr Hartsuyeu has reported a vulnerability in BizDir, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 43d1e474a0ac0fc0fc6c145b998e3ded
BizDir 5.10 Cross Site Scripting
Posted Dec 10, 2010
Authored by Aliaksandr Hartsuyeu | Site evuln.com

BizDir version 5.10 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9725d5a197609e387c27755221f9651d
FuzzDiff Crash Analysis Tool
Posted Jul 26, 2010
Authored by Dan Rosenberg | Site vsecurity.com

FuzzDiff is a simple tool created to assist in helping make crash analysis during file format fuzzing a bit easier. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targeted program, FuzzDiff will selectively "un-fuzz" portions of the fuzzed file while re-launching the application to monitor for crashes. This will yield a file that still crashes the target application, but contains a minimum set of changes from the original, un-fuzzed file. This can be useful in pinning down the exact cause of a crash.

tags | fuzzer
MD5 | ec3d8e64642e2cc6539902f9ff72fd1f
HP OmniInet.exe MSG_PROTOCOL Buffer Overflow
Posted Jan 7, 2010
Authored by EgiX, jduck, riaf | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted MSG_PROTOCOL (0x010b) packet, a remote attacker may be able to execute arbitrary code with elevated privileges. This service is installed with HP OpenView Data Protector, HP Application Recovery Manager and potentially other products. This exploit has been tested against versions 6.1, 6.0, and 5.50 of Data Protector. and versions 6.0 and 6.1 of Application Recovery Manager. NOTE: There are actually two consecutive wcscpy() calls in the program (which may be why ZDI considered them two separate issues). However, this module only exploits the first one.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2007-2280
MD5 | 0bcd4a003662b75595c11d89eb98ddba
HP OmniInet.exe MSG_PROTOCOL Buffer Overflow
Posted Jan 7, 2010
Authored by EgiX, jduck, riaf | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted MSG_PROTOCOL (0x010b) packet, a remote attacker may be able to execute arbitrary code with elevated privileges. This service is installed with HP OpenView Data Protector, HP Application Recovery Manager and potentially other products. This exploit has been tested against versions 6.1, 6.0, and 5.50 of Data Protector. and versions 6.0 and 6.1 of Application Recovery Manager. NOTE: There are actually two consecutive wcscpy() calls in the program (which may be why ZDI considered them two separate issues). However, this module only exploits the second one.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2009-3844
MD5 | b3687ed374a55ab5d0525a4d749456b8
bizdir-xss.txt
Posted Sep 3, 2008
Authored by Am!r | Site irist.ir

BizDirectory versions 2.04 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3009b5a94262186a6db1c6f036267833
Zero Day Initiative Advisory 08-05
Posted Feb 11, 2008
Authored by Tipping Point, Avosani Gabriele | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Authentication is not required to exploit this vulnerability. The specific flaw exists in nwspool.dll which is responsible for handling RPC requests through the spoolss named pipe. The EnumPrinters function exposed by this DLL contains a logical flaw allowing an attacker to bypass a patch introduced to prevent the vulnerability described in ZDI-07-045. Exploitation of this vulnerability leads to arbitrary code execution in the context of the SYSTEM user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2008-0639
MD5 | ea09c47183c7cdc55b42a0c3c8a949cd
Zero Day Initiative Advisory 07-025
Posted May 8, 2007
Authored by Tipping Point, Eric DETOISIEN | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SpntSvc.exe daemon, bound by default on TCP port 5168 and exposing the following DCE/RPC interface through TmRpcSrv.dll.

tags | advisory, arbitrary, tcp
advisories | CVE-2007-2508
MD5 | 56194a1cec388cf8c1ce4cf1d2660283
Zero Day Initiative Advisory 07-024
Posted May 8, 2007
Authored by Tipping Point, Eric DETOISIEN | Site zerodayinitiative.com

Multiple vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. The specific flaw exists in the EarthAgent.exe daemon, bound by default on TCP port 3628 and exposing the following DCE/RPC interface through TmRpcSrv.dll.

tags | advisory, arbitrary, tcp, vulnerability
advisories | CVE-2007-2508
MD5 | dd15fef7d5127f9f63901107e860298c
Zero Day Initiative Advisory 07-023
Posted May 3, 2007
Authored by Tipping Point, Dino A. Dai Zovi | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on systems with vulnerable installations of Apple's QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

tags | advisory, arbitrary
systems | apple
advisories | CVE-2007-2175
MD5 | fc419cf943610bda4a6afd95c1c34c08
Zero Day Initiative Advisory 07-022
Posted Apr 25, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Media Server. User interaction is not required to exploit this vulnerability.

tags | advisory, arbitrary
advisories | CVE-2007-2139
MD5 | 2e27e27253c5a55507c1f03fbdf93dad
Zero Day Initiative Advisory 07-021
Posted Apr 23, 2007
Authored by Peter Vreugdenhil, Tipping Point | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of GraceNote's CDDBControl ActiveX Control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

tags | advisory, arbitrary, activex
advisories | CVE-2007-0443
MD5 | bdd2b2d2f6f7aed716c8b315cf37b6a6
Zero Day Initiative Advisory 07-020
Posted Apr 19, 2007
Authored by Tipping Point | Site zerodayinitiative.com

Vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of BMC Performance Manager. User interaction is not required to exploit this vulnerability. The specific flaw exists in the PatrolAgent.exe listening on TCP port 3181. The service allows remote attackers to modify configuration files without authentication. This can be exploited by an attacker by modifying parameters in SNMP communities definitions. By modifying the masterAgentName and masterAgentStartLine parameters, an attacker can execute arbitrary code.

tags | advisory, remote, arbitrary, tcp, vulnerability
advisories | CVE-2007-1972
MD5 | feea720a2860e085bdb160f01c3816ee
Zero Day Initiative Advisory 07-019
Posted Apr 19, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of BMC Patrol. User interaction is not required to exploit this vulnerability. The specific flaw exists due to improper parsing of XDR data sent to the bgs_sdservice.exe process listening by default on TCP port 10128. An attacker can influence a parameter to a memory copy operation and cause corruption of the stack and including SEH pointers. This can be leveraged to execute arbitrary code.

tags | advisory, arbitrary, tcp
advisories | CVE-2007-2136
MD5 | 7dcfd0677f70a6f1389e9e58d34ba113
Zero Day Initiative Advisory 07-018
Posted Apr 19, 2007
Authored by CIRT.DK, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Monitoring Express version 6.1. Authentication is not required to exploit this vulnerability. The specific flaws exist in the Tivoli Universal Agent Primary Service (TCP 10110), Monitoring Agent for Windows OS - Primary (TCP 6014) and Tivoli Enterprise Portal Server (TCP 14206) services. When a long string is sent to these services, it will result in a heap overflow during a call to a vulnerable function in kde.dll resulting in the ability to execute arbitrary code.

tags | advisory, remote, overflow, arbitrary, tcp
systems | windows
advisories | CVE-2007-2137
MD5 | 0e5cfa7de74e7b7129b6f1cf094e201e
Zero Day Initiative Advisory 07-017
Posted Apr 19, 2007
Authored by Joxean Koret, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to download any existing document in the APPS.FND_DOCUMENTS table on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the ADI_BINARY component of the E-Business Suite. The component exposes a parameter that can also be passed to ADI_DISPLAY_REPORT to allow an attacker to view any document in the APPS.FND_DOCUMENTS table. An attacker can cycle through all document IDs to display each document that exists.

tags | advisory, remote
advisories | CVE-2007-2135
MD5 | be349cccba1bb4fa66f12b2b285cc0b8
Zero Day Initiative Advisory 07-016
Posted Apr 19, 2007
Authored by Joxean Koret, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to delete any existing Document Management node on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the APPLSYS.FND_DM_NODES package. The procedure to delete nodes does not check for a valid session thereby allowing an attacker to arbitrarily delete any node registered, including the root node.

tags | advisory, remote, root
advisories | CVE-2007-2170
MD5 | 197d6c1d20d50bda33ff6a94e5ea6f58
Zero Day Initiative Advisory 07-015
Posted Apr 19, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists in the GWINTER.exe process bound by default on TCP ports 7205 and 7211. During the handling of an HTTP Basic authentication request, the process copies user-supplied base64 data into a fixed length stack buffer. Sending at least 336 bytes will trigger a stack based buffer overflow due to a vulnerable base64_decode() call. Exploitation of this issue can result in arbitrary code execution.

tags | advisory, remote, web, overflow, arbitrary, tcp, code execution
advisories | CVE-2007-2171
MD5 | 4e3ce67379b834263e2437fa61773ffb
Zero Day Initiative Advisory 07-014
Posted Apr 7, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to download and remove any file on vulnerable installations of Kaspersky Anti-Virus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

tags | advisory, remote, virus
advisories | CVE-2007-1112
MD5 | 5fb57dc785145ad453c8aab5f3152ad1
Page 1 of 4
Back1234Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close