GHSA-37VQ-HR2F-G7H7 HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL

Summary HtmlUnit 3.8.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage Details Vulnerability code location: org.htmlunit.activex.javascript.msxml.XSLProcessortransformorg.htmlunit.activex.javascript.msxml.XMLDOMNode The reason for the vulnerability is th...

HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL

Summary HtmlUnit 3.8.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage Details Vulnerability code location: org.htmlunit.activex.javascript.msxml.XSLProcessortransformorg.htmlunit.activex.javascript.msxml.XMLDOMNode The reason for the vulnerability is th...

7-Zip 21.07 Code Execution / Privilege Escalation

Exploit Title: 7-zip - Code Execution / Local Privilege Escalation Exploit Author: Kagan Capar Date: 2020-04-12 Vendor homepage: https://www.7-zip.org/ Software link: https://www.7-zip.org/a/7z2107-x64.msi Version: 21.07 and all versions Tested On: Windows 10 Pro x64 References:...

Exploit for Out-of-bounds Write in 7-Zip

INFORMATION I haven't posted any poc code anywhere for privil...

WinDBG and JavaScript Analysis

This blog was authored by Paul Rascagneres.IntroductionJavaScript is frequently used by malware authors to execute malicious code on Windows systems because it is powerful, natively available and rarely disabled. Our previous article on .NET analysis generated much interest relating to how to use...

Microsoft Internet Explorer Elevation of Privilege Vulnerability (CVE-2017-0154)

Original link: a Broken Browser Original author: Manuel Caballero Translation: Holic know Chong Yu 404 security lab Today we know from Internet Explorer since the birth there has been function. This feature allows the Web Developer instance of the external object, and therefore be the attacker to...

MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure

This module will use the Microsoft XMLDOM object to enumerate a remote machine's filenames. It will try to do so against Internet Explorer 8 and Internet Explorer 9. To use it, you must supply your own list of file paths. Each file path should look like this: c:\\windows\\system32\\calc.exe This...

Norton Antivirus < 2005 Remote Stack Overflow Exploit

No description provided by source. !-- Tested on Corp Edition and didn't work / str0ke -- head title/title /head body script...

Microsoft Internet Explorer 6.0 Shell.Application Object Script Execution Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10652/info Microsoft Internet Explorer is reported prone to a security weakness that may permit malicious HTML documents the ability to execute script code. This script code has the ability to alter registry settings that...

Microsoft Internet Explorer 6.0 DataSourceControl Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19069/info Internet Explorer is prone to a denial-of-service vulnerability. An attacker can exploit this vulnerability to crash Internet Explorer and deny service to users. Internet Explorer 6 SP2 is prone to this issue;...

Microsoft Internet Explorer 6.0 String To Binary Function Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19102/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to properly bounds-check user-supplied input. Remote attackers can exploit this issue to crash the...

Zeus Web Server 4.x Admin Interface VS_Diag.CGI Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7751/info The Zeus Web Server contains a web based administration interface that is vulnerable to cross site scripting attacks. Due to insufficient sanitization of user-supplied input, it is possible for an attacker to...

iisCart2000 Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7765/info A vulnerability has been reported for iisCart2000 that may result in an attacker uploading arbitrary files to a vulnerable server. The vulnerability exists in the upload.asp script. This will allow an attacker t...

Microsoft Internet Explorer 7.0 Combined JavaScript and XML Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28143/info Microsoft Internet Explorer is prone to a remote information-disclosure vulnerability because of a flaw in the interaction between JavaScript and XML processing in Internet Explorer. To exploit this issue, an...

Apache OFBiz - FULLADMIN Creator PoC Payload

No description provided by source. / Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var username = 'bonsaiUser'; var password = 'bonsaiPass'; var nodes =...

Autodesk Softimage 7.0 Scene TOC File Remote Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36637/info Autodesk Softimage is prone to a remote code-execution vulnerability. Successful exploits will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts...

Microsoft Internet Explorer 5 ShowHelp Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6780/info Microsoft Internet Explorer implements the showHelp function as a means of displaying help content contained in HTML pages. However, this function is capable of performing too many other actions outside of its...

Ultimate PHP Board <= 2.2.1 (log inj) Privilege Escalation Exploit

No description provided by source. !/usr/bin/perl -w ------------------------------------------------------------------ Ultimate PHP Board = 2.2.1 log inj Privilege Escalation Exploit ------------------------------------------------------------------ by athos - stakerathotmaildotit download on...

Microsoft Internet Explorer 5 NavigateAndFind() Cross-Zone Policy Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9568/info A vulnerability has been reported in Microsoft Internet Explorer. Because of this, an attacker may be able to violate cross-zone policy. It has been reported that the issue presents itself due to a failure by...

Microsoft Internet Explorer 6.0 Object.Microsoft.DXTFilter Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18903/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue is triggered when an attacker convinces a victim user to visit a malicious website. Remote attackers may exploit this issue ...