Code injection

The 1 VBScript VBScript.dll and 2 JScript JScript.dll scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors...

CVE-2008-0083

The 1 VBScript VBScript.dll and 2 JScript JScript.dll scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors...

CVE-2008-0083

CVE-2008-0083 affects Microsoft VBScript/JScript scripting engines (VBScript.dll and JScript.dll) version 5.1 and 5.6 used in Windows 2000 SP4, XP SP2, and Server 2003 SP1/SP2. A vulnerability in decoding scripts in Web pages and in memory loading could allow remote code execution through unknown...

Microsoft Windows VBScript / JScript buffer overflow

Buffer overflow on scripts parsing...

Microsoft Windows Scripting Engines Script Encoding Code Execution (MS08-022; CVE-2008-0083)

VBScript stands for Microsoft Visual Basic Scripting Edition that includes Web client scripting in Microsoft Internet Explorer and Web server scripting in Microsoft Internet Information Service. JScript is the Microsoft implementation of the ECMA 262 language specification ECMAScript Edition 3. T...

Microsoft Security Bulletin MS08-022 – Critical Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)

Microsoft Security Bulletin MS08-022 – Critical Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution 944338 Published: April 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in the...

Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability

Description Microsoft VBScript and JScript are prone to a remote code-execution vulnerability because they fail to adequately handle user-supplied input. Attackers can leverage this issue by enticing an unsuspecting user to view a malicious web document. Successful exploits would allow arbitrary...

MS08-022: Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)

The remote host is running a version of Windows that contains a flaw in JScript. An attacker may be able to execute arbitrary code on the remote host by constructing a malicious JScript and enticing a victim to visit a web site or view a specially crafted email message. C Tenable Network Security...

[SECURITY] Fedora 7 Update: kdelibs-3.5.8-7.fc7

Libraries for the K Desktop Environment: KDE Libraries included: kdecore KDE core library, kdeui user interface, kfm file manager, khtmlw HTML widget, kio Input/Output, networking, kspell spelling checker, jscript javascript, kab addressbook, kimgio image manipulation...

openSUSE 10 Security Update : bytefx-data-mysql (bytefx-data-mysql-4597)

This update fixes a buffer overflow in Mono's BigInteger implementation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update bytefx-data-mysql-4597. The text description of this plugin is C SUSE...

openSUSE 10 Security Update : mono-core (mono-core-2373)

By appending spaces to URLs and attackers could download the source code of scripts that normally get executed by the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update mono-core-2373...

[SECURITY] Fedora Core 6 Update: kdelibs-3.5.7-1.fc6

Libraries for the K Desktop Environment: KDE Libraries included: kdecore KDE core library, kdeui user interface, kfm file manager, khtmlw HTML widget, kio Input/Output, networking, kspell spelling checker, jscript javascript, kab addressbook, kimgio image manipulation...

[SECURITY] Fedora 7 Update: kdelibs-3.5.7-20.fc7

Libraries for the K Desktop Environment: KDE Libraries included: kdecore KDE core library, kdeui user interface, kfm file manager, khtmlw HTML widget, kio Input/Output, networking, kspell spelling checker, jscript javascript, kab addressbook, kimgio image manipulation...

ms07-009-sploit.txt

//------------------Replace with your code-----------------------// var Shellcode =...

MS Internet Explorer Recordset Double Free Memory Exploit (MS07-009)

Exploit for unknown platform in category remote exploits ==================================================================== MS Internet Explorer Recordset Double Free Memory Exploit MS07-009 ==================================================================== //------------------Replace with yo...

Fedora Core 5 : mono-1.1.13.7-2.fc5.1 (2006-1012)

CVE-2006-5072 Mono insecure temporary file usage Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Microsoft XML核心服务XMLHTTP控件内存破坏漏洞（MS06-071）

Microsoft XML核心服务（MSXML）允许使用JScript、VBScript和Microsoft Visual Studio 6.0的用户构建可与其他符合XML 1.0标准的应用程序相互操作的XML应用。 在Microsoft XML Core Services的XMLHTTP 4.0...

Microsoft XML核心服务XMLHTTP控件代码执行漏洞

Microsoft XML核心服务（MSXML）允许使用JScript、VBScript和Microsoft Visual Studio 6.0的用户构建可与其他符合XML 1.0标准的应用程序相互操作的XML应用。 在Microsoft XML Core Services 4.0的XMLHTTP 4.0 ActiveX控件中，setRequestHeader函数没有正确地处理HTTP请求，允许攻击者诱骗用户访问恶意的站点导致执行任意指令。 Microsoft XML Core Services 4.0 - Microsoft Windows XP SP2 - Microsoft...

Microsoft JScript内存破坏漏洞（MS06-023）

Microsoft Windows是微软发布的非常流行的操作系统。JScript是一个基于对象的解释脚本语言。 JScript解释引擎的实现上存在漏洞，成功利用此漏洞的攻击者可以完全控制受影响的系统。 在某些情况下Microsoft JScript会导致内存对象的损坏。攻击者可以通过构建特制的JScript来利用此漏洞，如果用户访问了恶意网站或查看了特制的电子邮件，此漏洞就可能允许远程执行恶意代码。 Microsoft Windows XP SP2 Microsoft Windows XP SP1 Microsoft Windows Server 2003 SP1 Microsoft...

XSec-06-05.txt

Advisory ID: XSec-06-05 Advisory Name: VMware 5.5.1 for Windows arbitrary partition table delete issue. Release Date: 08/16/2006 Tested on: VMware 5.5.1 build-19175 on Windows Server 2000/2003 Affected version: VMware 5.5.1 Author: nop http://www.xsec.org Overview: On running windows system, you...