1197 matches found
Microsoft VBScript CVE-2014-0271 Remote Code Execution Vulnerability
Description Microsoft VBScript is prone to a remote code-execution vulnerability. Attackers can leverage this issue by enticing unsuspecting users to view a malicious webpage. Successful exploits would allow arbitrary code to run with the privileges of the currently logged-in user. Technologies...
Microsoft Windows multiple security vulnerabilities
XML services information leakage, IPv6 DoS, Direct2D memory corruption, .Net privilege escalation, VBScript code execution...
Update (2/10) - Advance Notification Service for February 2014 Security Bulletin Release
Update as of February 10, 2014 We are adding two updates to the February release. There will be Critical-rated updates for Internet Explorer and VBScript in addition to the previously announced updates scheduled for release on February 11, 2014. These updates have completed testing and will be...
BlackPOS Malware used in TARGET Data Breach developed by 17-Year Old Russian Hacker
The Holiday data breach at TARGET appeared to be part of a broad and highly sophisticated international hacking campaign against multiple retailers, involving the heist of possibly 110 million Credit-Debit cards, and personal information. Target confirmed last weekend that a malicious software wa...
MS13-090 CardSpaceClaimCollection ActiveX Integer Underflow
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "MS13-090 CardSpaceClaimCollection ActiveX Integer Underflow", 'Description' = %q This module exploits a vulnerability on the...
MS13-090 CardSpaceClaimCollection ActiveX Integer Underflow
This Metasploit module exploits a vulnerability on the CardSpaceClaimCollection class from the icardie.dll ActiveX control. The vulnerability exists while the handling of the CardSpaceClaimCollection object. CardSpaceClaimCollections stores a collection of elements on a SafeArray and keeps a size...
MS13-090 CardSpaceClaimCollection ActiveX Integer Underflow
This module exploits a vulnerability on the CardSpaceClaimCollection class from the icardie.dll ActiveX control. The vulnerability exists while the handling of the CardSpaceClaimCollection object. CardSpaceClaimCollections stores a collection of elements on a SafeArray and keeps a size field,...
KingView 6.53 - 'KChartXY' ActiveX File Creation / Overwrite
arg1="..................................\WINDOWS\win.ini" target.SaveToFile arg1...
Information disclosure
Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability."...
CVE-2013-1297
Summary of CVE-2013-1297 details (from connected docs): Microsoft Internet Explorer versions 6–8 contain a data-access restriction flaw in VBScript that allows remote attackers to perform cross-domain reading of JSON files from a crafted site, described as the JSON Array Information Disclosure Vu...
Adobe InDesign Server RunScript Arbitrary Command Execution
The version of Adobe InDesign Server running on the remote host has an arbitrary command execution vulnerability. When the SOAP service is enabled, it processes requests for the RunScript method without requiring authentication. This method can be used to execute arbitrary VBScript on Windows, or...
CVE-2012-6121
Cross-site scripting XSS vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a 1 data:text or 2 vbscript link...
Cross site scripting
Cross-site scripting XSS vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a 1 data:text or 2 vbscript link...
CVE-2012-6121
Cross-site scripting XSS vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a 1 data:text or 2 vbscript link...
UBUNTU-CVE-2012-6121
Cross-site scripting XSS vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a 1 data:text or 2 vbscript link...
CVE-2012-6121
Cross-site scripting XSS vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a 1 data:text or 2 vbscript link...
CVE-2012-6121
Cross-site scripting XSS vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a 1 data:text or 2 vbscript link...
IE generic JSON hijacking vulnerabilities-vulnerability warning-the black bar safety net
Brief description: Due to the certain resource container data improper handling lead to json hijacking vulnerabilities. Detailed description: Since ie supports vbscript,so the script elements may be specified to the vbscript language: script language=vbscript/script When but we specify that a js...
Adobe IndesignServer 5.5 - SOAP Server Arbitrary Script Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Adobe...
Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution
This module abuses the "RunScript" procedure provided by the SOAP interface of Adobe InDesign Server, to execute arbitrary vbscript Windows or applescript OSX. The exploit drops the payload on the server and must be removed manually. This module requires Metasploit: https://metasploit.com/downloa...