CVE-2015-5663

The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user...

CVE-2015-5663

The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user...

CVE-2015-5663

CVE-2015-5663 affects WinRAR prior to 5.30 beta 5. The issue is in file-execution/registry-handling: when a user opens a file without an extension, WinRAR may execute a similarly named file with an extension in the same folder or load a registry setting file, enabling local privilege escalation. ...

WinRAR may insecurely load executable files

Overview WinRAR contains a function where user specified files on the local disk can be executed. When this file does not have a file extension, a file of the same name with a file extension contained in the same folder may be executed by WinRAR instead of the user specified file. WinRAR also...

appRain 4.0.3 - Multiple Vulnerabilities

Exploit for php platform in category web applications appRain 4.0.3 Code Execution , XSS, CSRF , Path Traversal Vulnerabilities appRain is described as a Content Management Framework written in PHP. There are various components of appRain 4.0.3 that should not provide the possibility of code...

Microsoft Windows Library Loading CVE-2015-6132 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Microsoft...

CVE-2015-7815

The CVE-2015-7815 entry is supported by multiple connected documents describing a Directory Traversal (Local File Inclusion) in Piwik prior to 2.15.0. The vulnerability occurs in core/ViewDataTable/Factory.php where the viewDataTable parameter is used to include local files, due to insufficient s...

Idera Up.Time Monitoring Station 7.0 post2file.php Arbitrary File Upload Version 1

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Idera Up.Time Monitoring Station 7.0 post2file.php Arbitrary File Upload', 'Description' = %q This module exploits an arbitrary file...

Gold MP4 Player - '.swf' Local Overflow

!/usr/bin/python EXPLOIT TITLE: GOLD PLAYER Local Exploit AUTHOR: Vivek Mahajan - C3p70r Credits: Gabor Seljan Date of Testing: 30 October 2015 Download Link : http://download.cnet.com/GoldMP4Player/3000-21394-10967424.html Tested On : Windows 8.1 Pro and Windows 7 Ultimate Steps to Exploit Step ...

The vulnerability of the SolarWinds Storage Manager data management software allows a hacker to upload and execute arbitrary files.

The vulnerability of the ProcessFileUpload.jsp component in the SolarWinds Storage Manager data management software exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to remotely upload and execute arbitrary files...

FreeBSD : Joomla! -- Core - Remote File Execution/Denial of Service vulnerabilities (cec4d01a-7ac5-11e5-b35a-002590263bf5)

The JSST and the Joomla! Security Center report : 20140903 - Core - Remote File Inclusion Inadequate checking allowed the potential for remote files to be executed. 20140904 - Core - Denial of Service Inadequate checking allowed the potential for a denial of service attack. %NASLMINLEVEL 70300 C...

Zblog 2.0 /zb_install/index.php 本地文件包含漏洞

问题出现在zbinstall/index.php中 $zbloglang=&$zbp-option'ZCBLOGLANGUAGEPACK'; //首先定义zbloglang ifisset$POST'zbloglang'$zbloglang=$POST'zbloglang';//如果设置了post的 就用post传递来的做这变量了。 因为zblog防止sql注入都是通过在查询函数的时候 不采用拼接 所以他们也没对post转义 这样是注入少了 但是也造成了这里的漏洞。 $zbp-LoadLanguage'system','',$zbloglang;//跟跟跟...

Fedora 23 : ipython-3.2.1-3.fc23 (2015-16128)

Add upstream patch to fix file execution vulnerability bug 1264067 ---- Add upstream patch to fix XSS vulnerability bug 1259405 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean...

Total Commander 8.52 (Windows 10) - Local Buffer Overflow

Total Commander 8.52 Windows 10 - Local Buffer Overflow !/usr/bin/python EXPLOIT TITLE: Total Commander 8.52 Buffer Overflow AUTHOR: VIKRAMADITYA "-OPTIMUS" Credits: UnN0n Date of Testing: 19th September 2015 Download Link : http://tcmd852.s3-us-west-1.amazonaws.com/tc852x32b1.exe Tested On :...

Schneider Electric StruxureWare Building Expert Security Patch

Industrial control manufacturer Schneider Electric has published new firmware for its StruxureWare Building Expert building automation system that patches a remotely exploitable vulnerability. Researcher Artyom Kurbatov discovered that the system transmits user credentials in plaintext between th...

Malicious Mail Payload Containing JavaScript Downloader

Certain malicious executable files can be hidden using js downloader file. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...

Design/Logic Flaw

The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object...

WordPress ThemePunch Slider Revolution plugin and Showbiz Pro plugin have multiple vulnerabilities

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports in PHP and MySQL server set up a personal blog site.ThemePunch Slider Revolution revslider is one of the slideshow plugin.Showbiz Pro is one of the scrolling display...

Epignosis eFront has multiple vulnerabilities

Epignosis eFront is an online learning system with an Ajax interface from Epignosis USA. The system allows you to create and manage courses with tools such as a content editor, file manager, and digital library. A security vulnerability exists in Epignosis eFront. An attacker can exploit the...

CVE-2015-2995

CVE-2015-2995 affects SysAid Help Desk prior to 15.2, in the RdsLogsEntry servlet, where improper file-extension checking allows remote upload and execution of arbitrary files via a NULL byte after the extension (e.g., .war%00). Connected sources confirm a concrete exploit surface, including a Me...