Microsoft VBScript and JScript Scripting Engine Memory Corruption Vulnerability

Microsoft Internet Explorer IE is a web browser developed by Microsoft, and is the default browser that comes with the Windows operating system.Microsoft VBScript known as Visual Basic Script is a scripting language, and is also the default programming language for ASP dynamic web pages. JScript ...

Siemens SIMATIC HMI Basic, SINUMERIK, and Ruggedcom APE GHOST Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-064-01 Siemens SIMATIC HMI Basic, SINUMERIK, and Ruggedcom APE GHOST Vulnerability that was published March 5, 2015, on the NCCIC/ICS-CERT web site. The “GHOST”Further information about the GHOST vulnerability:...

Siemens SIMATIC Communication Processor Vulnerability (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Communication Processor Vulnerability: Authentication Bypass Issues 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-15-335-03...

Sam Spade 1.14 - Browse URL Buffer Overflow PoC

Exploit for windows platform in category dos / poc !/usr/bin/env python Exploit Title : Sam Spade 1.14 Browse URL Buffer Overflow PoC Discovery by : Nipun Jaswal Email : email protected Discovery Date : 14/11/2015 Vendor Homepage : http://samspade.org Software Link :...

CVE-2007-3144

Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication...

Powercat - Netcat: The Powershell Version

Installation powercat is a powershell function. First you need to load the function before you can execute it. You can put one of the below commands into your powershell profile so powercat is automatically loaded when powershell starts. Load The Function From Downloaded .ps1 File: . .\powercat.p...

The vulnerability of the Kaspersky Anti-Virus antivirus protection allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of Kaspersky Anti-Virus lies in a numerical overflow condition. Exploiting this vulnerability allows an attacker to cause service interruptions or execute arbitrary code using VB6 files during the antivirus system’s scanning process...

Rubocop - A Ruby Static Code Analyzer, Based On The Community Ruby Style Guide

RuboCop is a Ruby static code analyzer. Out of the box it will enforce many of the guidelines outlined in the community Ruby Style Guide . Most aspects of its behavior can be tweaked via various configuration options. Installation RuboCop 's installation is pretty standard: $ gem install rubocop ...

Microsoft VBScript and JScript Engine Memory Corruption Vulnerability

Microsoft Internet Explorer IE is a Web browser developed by Microsoft, and is the default browser that comes with the Windows operating system.Microsoft VBScript known as Visual Basic Script is a scripting language, and is also the default programming language for ASP dynamic Web pages. JScript ...

Microsoft IE VBScript/JScript ASLR Bypass Vulnerability

Internet Explorer is a web browser from Microsoft. A security vulnerability exists in the implementation of Internet Explorer 8-11 and other products, VBScript 5.7/5.8, and JScript 5.7/5.8 engines. A remote attacker could bypass the ASLR protection mechanism by exploiting this vulnerability via a...

CentOS Update for openldap CESA-2015:1840 centos6

Check the version of openldap SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882292";...

DEBIAN-CVE-2015-6908

The bergetnext function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd...

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. A remote code execution vulnerability exists in the VBScript and JScript engines in Microsoft IE version 8. An attacker exploiting...

Endian Firewall Proxy Password Change Command Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall Proxy Password Change Command Injection', 'Description' = %q This module exploits an OS command injection...

Endian Firewall Proxy Password Change Command Injection Exploit

This Metasploit module exploits an OS command injection vulnerability in a web-accessible CGI script used to change passwords for locally-defined proxy user accounts. Valid credentials for such an account are required. Command execution will be in the context of the "nobody" account, but this...

Endian Firewall - Password Change Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall Proxy Password Change Command Injection', 'Description' = %q This module exploits an OS command injection...

VLC Media Player Detection (HTTP)

Detects the installed version of VLC Media Player. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Researchers Outline New Italian RAT uWarrior

Details have come to light about a new remote access Trojan called uWarrior that arrives embedded in a rigged .RTF document. Researchers with Palo Alto Networks’ research division, Unit 42, described the malware and how it appears to have emanated from an “unknown actor of Italian origin,” in a...

The vulnerability of the OpenSSL library, which allows a hacker to bypass the standard procedures for verifying certificate chains

The vulnerability of the X509verifycert function in the OpenSSL library is related to insufficient handling of the X.509 Basic Constraints cA value during the identification of an alternative certificate chain. Exploiting this vulnerability allows a malicious actor to bypass the standard...

Microsoft VBScript Denial of Service Vulnerability

Microsoft VBScript is the United States Microsoft Microsoft company developed a scripting language, can be seen as a simplified version of the VB language. A denial of service vulnerability exists in Microsoft VBScript versions 5.6 through 5.8 that could allow a remote attacker to execute arbitra...