Ctek SkyRouter 4200 and 4300 Series Routers Remote Arbitrary Command Execution Vulnerability

Ctek SkyRouter 4200 and 4300 series routers are prone to a remote arbitrary command-execution vulnerability because it fails to adequately sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright...

MacControl Trojan Being Used in Targeted Attacks Against OS X Users

Welcome to the age of targeted attacks, Mac users. Perhaps having grown tired of owning Windows machines around the world for the last few years, attackers in China now have taken up the challenge of going after Macs with the same kind of targeted attack tactics that have served them so well in t...

Newchemistry SQL Injection

|=----=----=----=----=----=--------=| | | | /\ /\ \ /\ /\ \ | | //\ /\ \ \L\ \ \ \ \ Turki$ hackers | | \ \ \ \ \ '\ \ \ | | \ \ \ \ \ \L\ \ \ \ \ \ | | \ \ \ / \ \ \ | | // // //// | | | | | |=----=----=----=----=----=--------=|...

Adobe Acrobat and Reader JPEG DCT Dequantizer Memory Corruption (APSB12-01; CVE-2011-4370)

A memory corruption vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to a buffer overflow while loading specially crafted JPEG image resources from a PDF file. A remote attacker may exploit this issue by enticing a target user to open a malicious PDF file with...

MS12-003: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)

The Windows Client/Server Run-time Subsystem CSRSS on the remote host has a privilege escalation vulnerability that can be triggered when processing a sequence of specially crafted Unicode characters and trying to access the contents of a memory buffer that has not been properly initialized. If t...

Websense 7.6 Triton - ws_irpt.exe Remote Command Execution

Websense 7.6 Triton - wsirpt.exe Remote Command Execution source: https://www.securityfocus.com/bid/51086/info Websense Triton is prone to a remote command-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands with SYSTEM-level privileges. Successfully exploiti...

Microsoft Pinyin IME (CVE-2011-2010) Local Privilege Escalation Vulnerability

Description Microsoft Pinyin IME is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts may...

Trend Micro InterScan Web Security Suite Local Privilege Escalation

Added: 12/09/2011 BID: 50380 OSVDB: 76637 Background Trend Micro InterScan Web Security Suite is an application which dynamically defends against web-based attacks at the Internet gateway. Problem Trend Micro InterScan Web Security Suite is vulnerable to local privilege escalation vulnerability...

Adobe Flash Player Malformed ShapeRecords Memory Corruption (APSB11-28; CVE-2011-2452)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to null pointer dereference while processing malformed ShapeRecords line segments. A remote attacker could exploit this vulnerability by enticing a user to open an HTML document containing an...

Adobe Flash Player Ambiguous Namespace Memory Corruption (APSB11-28; CVE-2011-2455)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to null pointer dereference during type lookup by the AVM2. A remote attacker could exploit this vulnerability by enticing a user to open a web page containing an embedded malformed SWF file...

Adobe Flash Player Embedded Flash Object Code Execution (APSB11-28; CVE-2011-2459)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to null pointer dereference in the Flash plugin while handling string values. A remote attacker could exploit this vulnerability by enticing a user to open an HTML document containing an embedd...

Microsoft Active Accessibility DLL Loading Remote Code Execution (MS11-075; CVE-2011-1247)

A remote code execution vulnerability has been reported in Microsoft Windows Active Accessibility component. The vulnerability is due to an error in the way certain applications using OleAut32.dll handle the loading of DLL files. A remote attacker may exploit this vulnerability by enticing a user...

Microsoft Forefront UAG Poisoned Cup of Code Execution (MS11-079; CVE-2011-1969)

The vulnerability is due to a vulnerable Java applet that is installed on a browser by the Forefront Unified Access Gateway UAG server. A remote attacker may exploit this vulnerability by enticing a target user to open a malicious web-page using a Java-enabled Web-browser. Successful exploitation...

Multiple Products .DLL Insecure Library Loading (CVE-2011-0029; CVE-2011-1980)

A remote code execution vulnerability exists in the way that certain products handle the loading of DLL files. Certain applications improperly restrict the path used for loading external libraries. A remote attacker could exploit this vulnerability by manipulating a user to open a legitimate file...

Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680)

This host is missing a critical security update according to Microsoft Bulletin MS11-063. OpenVAS Vulnerability Test $Id: secpodms11-063.nasl 8724 2018-02-08 15:02:56Z cfischer $ Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability 2567680 Authors: Antu Sanadi...

Microsoft Windows NDISTAPI Code Execution (MS11-062; CVE-2011-1974)

This is a code execution vulnerability. The vulnerability is due to improper validation of user input by NDISTAPI. A remote attacker could trigger this flaw by convincing an unsuspecting victim to open a malicious file. Successful exploitation of this vulnerability may allow an attacker to gain...

Microsoft Data Access Components (MDAC) Insecure Library Loading (MS11-059; CVE-2011-1975)

This is a remote code execution vulnerability. The vulnerability is due to the improper way in which the MDAC handles the loading of library files DLL. A remote attacker could trigger this vulnerability by enticing a victim to accept and open an excel related file on a remote folder SMB or Webdav...

Microsoft Internet Explorer Telnet Handler Remote Code Execution (MS11-057; CVE-2011-1961)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer telnet handler. A remote attacker could trigger this flaw by enticing an unsuspecting user to open a web page containing malicious content. Successful exploitation may enable an attacker to take complete contro...

WLAN Security Megaprimer DVD Released - 10+ hours of Wi-Fi Hacking and Pwnage !

WLAN Security Megaprimer DVD Released - 10+ hours of Wi-Fi Hacking and Pwnage ! With over 40+ HD videos containing 12+ hours of Wireless Ownage, this DVD weighs in at around 4.2 Gigabytes! SecurityTube.net just released a 4.2 GB DVD containing over 40+ HD quality videos of their WLAN Security...

Spring Source OXM Remote OS Command Injection when XStream and IBM JRE are used

Reference: http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/oxm.htmld0e26722 Product: Spring Source OXM Object/XML Mapping Vendor: VMware Vulnerable Version: 3.0.4 only when XStream and IBM JRE are used Status: Fixed Vendor Notification: 12 October 2010 Vendor Fix:...