Microsoft Office Web Components Arbitrary Code Execution (CVE-2009-1136)

A code execution vulnerability has been reported in Microsoft office web components. The vulnerability is due to insecure design of certain methods within ActiveX controls. A remote attacker may exploit this vulnerability by enticing a target user to open a malicious web-page. Successful...

Joomla! 1.7.0 Cross Site Scripting

Joomla! 1.7.0 | Multiple Cross Site Scripting XSS Vulnerabilities 1. OVERVIEW Joomla! 1.7.0 stable version is vulnerable to multiple Cross Site Scripting issues. 2. BACKGROUND Joomla is a free and open source content management system CMS for publishing content on the World Wide Web and intranets...

Military Contractor Mitsubishi hacked

Military Contractor Mitsubishi hacked Mitsubishi Heavy Industries Ltd said on Monday that its computers had been hacked into, with one newspaper saying the target was Japan's biggest defence contractor's factories for submarines, missiles and nuclear power plant components. "There is no possibili...

Ramnit Worm Evolves Into Financial Malware

The Ramnit worm, known by researchers for its use of somewhat old-school malicious techniques, has now changed some of its tactics and morphed into financial malware, researchers say. As of now, researchers at Trusteer say they have no way of determining whether Ramnit has actually changed, or if...

A Miner Botnet: Bitcoin Mining Goes Peer-to-Peer

Identifying a botnet is not an easy task sometimes, especially when one gets lost in different components like droppers, infectors and other bad stuff. Some two weeks ago, Jose Nazario from Arbor Networks pointed me to a new varmint that appears to be another peer-to-peer bot. When executed, the...

Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)

This host is missing an important security update according to Microsoft Bulletin MS11-059. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)

This host is missing an important security update according to Microsoft Bulletin MS11-059. OpenVAS Vulnerability Test $Id: secpodms11-059.nasl 5362 2017-02-20 12:46:39Z cfi $ Microsoft Data Access Components Remote Code Execution Vulnerabilities 2560656 Authors: Veerendra GG Copyright: Copyright...

Design/Logic Flaw

Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components Windows DAC 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as...

CVE-2011-1975

The CVE-2011-1975 entry describes an Untrusted search path vulnerability in the Data Access Tracing component of Windows Data Access Components (MDAC) 6.0. A local attacker could gain privileges by placing a Trojan horse DLL in the current working directory, demonstrated via a crafted Excel (.xls...

Patch Tuesday: Microsoft Releases 13 Bulletins, 2 Critical

Microsoft shipped 13 bulletins in the August edition of Patch Tuesday, including two critical fixes for the Internet Explorer Browser and for Windows DNS Server that the company warns could enable remote attacks. The scheduled monthly update includes a a cumulative security update for Internet...

MS11-059: Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2560656)

The version of Microsoft Data Access Components MDAC installed on the remote Windows host is affected by a code execution vulnerability. By tricking a user into opening a legitimate Excel file that is in the same directory as a specially crafted library file, a remote, unauthenticated user could...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to the comcontact component, as demonstrated by the Itemid parameter to index.php; 2 the query string to the comcontent component, as...

Outdated Assumptions

The term “targeted attack” gets thrown around an awful lot nowadays. In fact I’m guessing you’ll be hard pressed to find many public breach disclosures that make it to the news that aren’t labeled as having been “targeted”. It reminds me of an important quote from the character Inigo Montoya in T...

DHS Official Warns of Security Risks in Supply Chain

In a House committee hearing on cybersecurity threats Thursday, a DHS official said he was aware of some cases in which software and hardware manufactured overseas had arrived in the U.S. pre-loaded with security bugs. However, the official did not say that those cases involved vulnerabilities or...

Buffer overflow

Buffer overflow in International Components for Unicode ICU in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service application crash via vectors involving uppercase strings...

Joomla Free Consultation Shell Upload

Exploit Title :Joomla comfreeconsulation component shell Upload Vulnerability + Author : Egyptian.H4x0rz + Contact : SpYatHotmail.Com + Date : 18-06-2011 + category: Web Apps Dork: "index.php?option=comfreeconsulation" Vulnerability: Shell Upload Vulnerability...

OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.231 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availabili...

What is Zeus - Technical paper Zeus by SophosLabs !

What is Zeus - Technical paper Zeus by SophosLabs ! Zeus or Zbot is one of the most notorious and widely-spread information stealing Trojans in existence. Zeus is primarily targeted at financial data theft; its effectiveness has lead to the loss of millions worldwide. The spectrum of those...

VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0007 Synopsis: VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console Iss...

Joostina (Multiple Components) - SQL Injection

Joostina Multiple Components - SQL Injection source: https://www.securityfocus.com/bid/47595/info Multiple Joostina components are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could all...