The vulnerability of the Internet Explorer browser, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

A vulnerability that allows for the execution of arbitrary code remotely exists in Internet Explorer due to incorrect access to objects in memory. This vulnerability can cause errors when working with memory and allow attackers to execute arbitrary code in the context of the current user...

The vulnerability of the Internet Explorer browser, which allows a malicious actor to execute arbitrary code

The Internet Explorer browser contains a vulnerability related to the processing of VBScript objects stored in memory. Exploiting this vulnerability allows a malicious individual to execute arbitrary code in the context of the current user. If a user with administrative privileges accesses the...

Microsoft Chakra JavaScript Scripting Engine Memory Corruption Vulnerability (CNVD-2016-03020)

Microsoft Edge is a web browser developed by Microsoft and is the default browser that comes with the Windows 10 operating system.Chakra JScript engine is a JavaScript engine component used by IE and Edge web browser. A memory corruption vulnerability exists in the way the Microsoft Chakra...

Foolav - Pentest Tool For Antivirus Evasion and Running Arbitrary Payload on Target Wintel Host

Executable compiled with this code is useful during penetration tests where there is a need to execute some payload meterpreter maybe? while being certain that it will not be detected by antivirus software. The only requirement is to be able to upload two files: binary executable and payload file...

Microsoft Office Memory Corruption Vulnerability (CNVD-2015-07511)

Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A remote code execution vulnerability exists in Microsoft Office. As the program fails to properly handle...

Microsoft Windows JavaScript Regular Expression Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to search and replac...

Empire: a PowerShell post-exploitation Agent tools-vulnerability warning-the black bar safety net

Empire is a purely PowerShell post-exploitation Agent tools, it is built on cryptography, secure communications and flexible architecture. Empire realize the need to powershell. exe you can run a PowerShell proxy function. Rapid deployment post-exploit module, from the keyboard recorder to...

Oracle Patches VENOM Vulnerability

Oracle, whose virtualization software VirtualBox is among those affected by the VENOM vulnerability, on Saturday joined the litany of VM providers that have patched the bug. Oracle was one of the first vendors notified by Crowdstrike, whose researcher Jason Geffner found the bug and disclosed it...

Microsoft Windows Kernel 'Win32k.sys' local elevation of privilege vulnerability (CNVD-2015-01104)

Microsoft Windows is a popular operating system. A security vulnerability in Microsoft Windows 'Win32k.sys' handling of in-memory objects allows local attackers to exploit the vulnerability to elevate privileges and execute arbitrary code in kernel context...

Skeleton Key Malware Bypasses Active Directory Authentication

Enterprise Active Directory administrators need to be on the lookout for anomalous privileged user activity after the discovery of malware capable of bypassing single-factor authentication on AD that was used as part of a larger cyberespionage campaign against a global company based in London...

Windows Escalate UAC Protection Bypass (In Memory Injection)

This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off. This Metasploit module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead of...

Windows Escalate UAC Protection Bypass (In Memory Injection)

This module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off. This module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead of three separate binari...

CVE-2013-1333

Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."...

SuSE Update for java-1_6_0-openjdk openSUSE-SU-2013:0312-1 (java-1_6_0-openjdk)

Check for the Version of java-160-openjdk OpenVAS Vulnerability Test $Id: gbsuse201303121.nasl 8494 2018-01-23 06:57:55Z teissa $ SuSE Update for java-160-openjdk openSUSE-SU-2013:0312-1 java-160-openjdk Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH,...

SuSE 11.2 Security Update : Java 1.6.0 (SAT Patch Number 7332)

java-160-openjdk based on Icedtea6-1.12.2 was released, fixing various security issues : New in release 1.12.2 2012-02-03 : - Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name ...

IBM solidDB Detection (local check)

The remote Windows host is running IBM solidDB, an in-memory database application. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid53811; scriptversion"1.10"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/12"; scriptnameenglish:"IBM solidDB...

BodgeIt Store : Vulnerable Web Application For Penetration Testing !

BodgeIt Store : Vulnerable Web Application For Penetration Testing ! Features Easy to install – just requires java and a servlet engine, e.g. Tomcat Self contained no additional dependencies other than to 2 in the above line Easy to change on the fly – all the functionality is implemented in JSPs...

Dissecting the ZeroAccess Rootkit

The ZeroAccess rootkit isn’t the most well-known or closely watched piece of malware in recent history, but, as an extremely detailed new analysis of the program shows, it is a perfect example of the kind of sophisticated malware that attack crews are using to maintain persistent, silent access t...

CVE-2010-0910

Unspecified vulnerability in the Data Server component in Oracle TimesTen In-Memory Database 7.0.6.0 and 11.2.1.4.1 allows remote attackers to affect availability via unknown vectors...

Buffer overflow

Unspecified vulnerability in the Data Server component in Oracle TimesTen In-Memory Database 7.0.6.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...