282 matches found
XML Entity Cheatsheet
An XML Entity testing cheatsheet. Testing was done using an older vulnerable version of nokogiri. In IRB you can require previous versions of gems. Certain techniques e.g. XInclude may require additional settings in Nokogiri. XML Headers: 1 2 | ---|--- Vanilla entity test: 1 | ---|--- SYSTEM enti...
Transmit.app <= 3.5.5 ftps:// URL Handler Heap Buffer Overflow PoC
No description provided by source. !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.1//EN http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd html head titleMOAB-19-01-2007/title script function boom var recipient = document.getElementById'testbox'; var str = ''; for var i = 0; i 408; i++ str = str + 'A' str =...
Microsoft Outlook Express 5/6 MHTML URL Handler File Rendering Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5473/info Microsoft Outlook Express introduced a URL handler called MHTML MIME Encapsulation of Aggregate HTML. This allows Internet Explorer to pass MHTML files to Outlook Express for rendering. The MHTML URL handler doe...
Apple iChat 3.1.6 441 - aim:// URL Handler Format String Exploit PoC
No description provided by source. !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.1//EN http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd html head titleMOAB-20-01-2007/title script function boom var str = ''; for var i = 0; i 20; i++ str = str + escape'A%n'; str = 'aim:gochat?roomname=' + str;...
IBM Lotus Notes URL Command Injection RCE Vulnerability (Windows)
This host is installed with IBM Lotus Notes and is prone to remote code execution vulnerability. OpenVAS Vulnerability Test $Id: gbibmlotusnotesurlcmdinjrcevulnwin.nasl 6074 2017-05-05 09:03:14Z teissa $ IBM Lotus Notes URL Command Injection RCE Vulnerability Windows Authors: Rachana Shetty...
IBM Lotus Notes Client URL Handler Command Injection Vulnerability
Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...
IBM Lotus Notes Client URL Handler - Command Injection (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "IBM Lotus Notes...
IBM Lotus Notes Client URL Handler Command Injection
This module exploits a command injection vulnerability in the URL handler for for the IBM Lotus Notes Client "IBM Lotus Notes Client URL Handler Command Injection", 'Description' = %q This module exploits a command injection vulnerability in the URL handler for for the IBM Lotus Notes Client...
IBM Lotus Notes Client URL Handler Command Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "IBM Lotus Notes...
IBM Lotus Notes URL Handler Command Execution
Added: 09/07/2012 CVE: CVE-2012-2174 BID: 54070 OSVDB: 83063 Background Lotus Notes is the client for Lotus Domino servers. Problem Lotus Notes 8.5.3 and earlier is vulnerable to remote code execution when handling a specially crafted URL. A remote attacker can pass the -RPARAMS command line...
IBM Lotus Notes URL Handler Command Execution
Added: 09/07/2012 CVE: CVE-2012-2174 BID: 54070 OSVDB: 83063 Background Lotus Notes is the client for Lotus Domino servers. Problem Lotus Notes 8.5.3 and earlier is vulnerable to remote code execution when handling a specially crafted URL. A remote attacker can pass the -RPARAMS command line...
IBM Lotus Notes URL Handler Command Execution
Added: 09/07/2012 CVE: CVE-2012-2174 BID: 54070 OSVDB: 83063 Background Lotus Notes is the client for Lotus Domino servers. Problem Lotus Notes 8.5.3 and earlier is vulnerable to remote code execution when handling a specially crafted URL. A remote attacker can pass the -RPARAMS command line...
IBM Lotus Notes < 8.5.3 FP2 URL Handler Unspecified Remote Code Execution
The remote host has a version of Lotus Notes prior to 8.5.3 Fix Pack 2 installed. It is, therefore, reportedly affected by a remote code execution vulnerability that an attacker can exploit by tricking a victim into clicking a specially crafted 'notes://' URL. Note that this vulnerability can onl...
CVE-2012-2174
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL...
Code injection
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL...
CVE-2012-2174
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL...
CVE-2012-2174
CVE-2012-2174 affects IBM Lotus Notes 8.x, where the URL handler for notes:// URLs is vulnerable to remote code execution. The vulnerability exists in the Lotus Notes URL handler prior to 8.5.3 FP2, allowing an attacker to execute arbitrary commands by convincing a user to open a crafted notes://...
Google Apps googleapps.url.mailto handler command injection
Added: 10/13/2009 BID: 36581 Background Google Apps is a web-based productivity suite hosted by Google. Problem Google Apps handles googleapps.url.mailto URLs by passing the URL as a command-line argument to the googleapps.exe program without sufficiently validating the URL. This allows command...
Google Apps googleapps.url.mailto handler command injection
Added: 10/13/2009 BID: 36581 Background Google Apps is a web-based productivity suite hosted by Google. Problem Google Apps handles googleapps.url.mailto URLs by passing the URL as a command-line argument to the googleapps.exe program without sufficiently validating the URL. This allows command...
google apps googleapps.url.mailto:// uri handler cross-browser
No description provided by source. google apps googleapps.url.mailto:// uri handler cross-browser remote command \ execution exploit Internet Explorer by nine:situations:group::pyrokinesis site: http://retrogod.altervista.org/ software site: http://pack.google.com/intl/it/packinstaller.html teste...