HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL

Summary HtmlUnit 3.8.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage Details Vulnerability code location: org.htmlunit.activex.javascript.msxml.XSLProcessortransformorg.htmlunit.activex.javascript.msxml.XMLDOMNode The reason for the vulnerability is th...

GHSA-37VQ-HR2F-G7H7 HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL

Summary HtmlUnit 3.8.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage Details Vulnerability code location: org.htmlunit.activex.javascript.msxml.XSLProcessortransformorg.htmlunit.activex.javascript.msxml.XMLDOMNode The reason for the vulnerability is th...

7-Zip 21.07 Code Execution / Privilege Escalation

Exploit Title: 7-zip - Code Execution / Local Privilege Escalation Exploit Author: Kagan Capar Date: 2020-04-12 Vendor homepage: https://www.7-zip.org/ Software link: https://www.7-zip.org/a/7z2107-x64.msi Version: 21.07 and all versions Tested On: Windows 10 Pro x64 References:...

Exploit for Out-of-bounds Write in 7-Zip

INFORMATION I haven't posted any poc code anywhere for privil...

WinDBG and JavaScript Analysis

This blog was authored by Paul Rascagneres.IntroductionJavaScript is frequently used by malware authors to execute malicious code on Windows systems because it is powerful, natively available and rarely disabled. Our previous article on .NET analysis generated much interest relating to how to use...

Microsoft Internet Explorer Elevation of Privilege Vulnerability (CVE-2017-0154)

Original link: a Broken Browser Original author: Manuel Caballero Translation: Holic know Chong Yu 404 security lab Today we know from Internet Explorer since the birth there has been function. This feature allows the Web Developer instance of the external object, and therefore be the attacker to...

MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure

This module will use the Microsoft XMLDOM object to enumerate a remote machine's filenames. It will try to do so against Internet Explorer 8 and Internet Explorer 9. To use it, you must supply your own list of file paths. Each file path should look like this: c:\\windows\\system32\\calc.exe This...

Microsoft Internet Explorer 6.0 DataSourceControl Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19069/info Internet Explorer is prone to a denial-of-service vulnerability. An attacker can exploit this vulnerability to crash Internet Explorer and deny service to users. Internet Explorer 6 SP2 is prone to this issue;...

iisCart2000 Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7765/info A vulnerability has been reported for iisCart2000 that may result in an attacker uploading arbitrary files to a vulnerable server. The vulnerability exists in the upload.asp script. This will allow an attacker t...

PHP 5.4 (5.4.3) Code Execution (Win32)

No description provided by source. // Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched Polish...

Zeus Web Server 4.x Admin Interface VS_Diag.CGI Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7751/info The Zeus Web Server contains a web based administration interface that is vulnerable to cross site scripting attacks. Due to insufficient sanitization of user-supplied input, it is possible for an attacker to...

Microsoft Outlook 5.5/2000 Web Access HTML Attachment Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8113/info OWA contains a vulnerability that may result in attacker-supplied script code executing within the context of the mail interface when processing e-mail containing HTML message attachments. It is possible to...

Microsoft Internet Explorer 5 NavigateAndFind() Cross-Zone Policy Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9568/info A vulnerability has been reported in Microsoft Internet Explorer. Because of this, an attacker may be able to violate cross-zone policy. It has been reported that the issue presents itself due to a failure by...

Microsoft Internet Explorer 6.0 Object.Microsoft.DXTFilter Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18903/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue is triggered when an attacker convinces a victim user to visit a malicious website. Remote attackers may exploit this issue ...

Norton Antivirus < 2005 Remote Stack Overflow Exploit

No description provided by source. !-- Tested on Corp Edition and didn't work / str0ke -- head title/title /head body script...

Vivvo CMS <= 3.4 (index.php) Remote BLIND SQL Injection Exploit

No description provided by source. html head titleVivvo CMS = 3.4 index.php Remote BLIND SQL Injection Exploit/title script type=text/javascript //'=============================================================================================== //'Script Name: Vivvo CMS = 3.4 index.php Remote BLIN...

Ultimate PHP Board <= 2.2.1 (log inj) Privilege Escalation Exploit

No description provided by source. !/usr/bin/perl -w ------------------------------------------------------------------ Ultimate PHP Board = 2.2.1 log inj Privilege Escalation Exploit ------------------------------------------------------------------ by athos - stakerathotmaildotit download on...

Microsoft Internet Explorer 7.0 Combined JavaScript and XML Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28143/info Microsoft Internet Explorer is prone to a remote information-disclosure vulnerability because of a flaw in the interaction between JavaScript and XML processing in Internet Explorer. To exploit this issue, an...

Microsoft Internet Explorer 6.0 Shell.Application Object Script Execution Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10652/info Microsoft Internet Explorer is reported prone to a security weakness that may permit malicious HTML documents the ability to execute script code. This script code has the ability to alter registry settings that...

Apache OFBiz - FULLADMIN Creator PoC Payload

No description provided by source. / Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var username = 'bonsaiUser'; var password = 'bonsaiPass'; var nodes =...