CVE-2014-7226

The file comment feature in Rejetto HTTP File Server hfs 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols...

CVE-2014-6298

Unrestricted file upload vulnerability in the mmforum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors...

Apple Patches Shellshock Vulnerability in Bash

Apple tonight released its patch for the Bash vulnerability, updating OS X Lion, Mountain Lion and Mavericks. Late Friday, Apple reassured Mac OS X users that most were protected by default, but nonetheless that it was working on a patch. The vulnerability in Bash, which stands for Bourne Again...

Patching Bash Vulnerability a Challenge for ICS, SCADA

While the most urgent focus where the Bash vulnerability is concerned is around Internet-facing web servers, embedded systems and industrial control systems are not exempt from worry. Experts are concerned about Linux-based industrial control systems and SCADA equipment, in particular, that may b...

CVE-2014-3910

Emurasoft EmFTP allows local users to gain privileges via a Trojan horse executable file that is launched during an attempt to read a similarly named file that lacks a filename extension...

Code injection

Emurasoft EmFTP allows local users to gain privileges via a Trojan horse executable file that is launched during an attempt to read a similarly named file that lacks a filename extension...

CVE-2014-3910

Emurasoft EmFTP allows local users to gain privileges via a Trojan horse executable file that is launched during an attempt to read a similarly named file that lacks a filename extension...

JVN#50367052: EmFTP may insecurely load executable files

EmFTP contains a flaw when loading files, where an unitended executable file may be loaded when attempting to open a file without an extension. For example, if a text file named "exmaple" without an extension and an executable "example.exe" are in the same directory, attemtping to open the file...

Unrestricted file upload

Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors...

CVE-2014-5454

CVE-2014-5454: Unrestricted file upload vulnerability in the image upload module of SAS Visual Analytics 6.4M1 that allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and then accessing it via unspecified vectors. The provided documents co...

NTFSLinksView - View NTFS symbolic links and junction points

Starting from Windows Vista, Microsoft uses symbolic links and junction points of NTFS file system in order to make changes in the folders structure of Windows and keep the compatibility of applications written for older versions of Windows. This utility simply shows you a list of all symbolic...

Shellter v1.7 - Dynamic ShellCode Injector Tool

Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created. It can be used in order to inject shellcode into native Windows applications currently 32-bit apps only. The shellcode can be something yours or something generated through a framework, such a...

DomainHostingView v1.61 - Show domain hosting information

DomainHostingView is a utility for Windows that collects extensive information about a domain by using a series of DNS and WHOIS queries, and generates HTML report that can be displayed in any Web browser. The information displayed by the report of DomainHostingView includes: the hosting company ...

Windows Mail privilege escalation

Insufficient path on executable call...

VulnCheck KEV: CVE-2013-3900

A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files...

CVE-2014-0607

Unrestricted file upload vulnerability in Attachmate Verastream Process Designer VPD before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file...

Windows Mail Rogue Program.exe Execution

Hi @ll, the import function of Windows Mail executes a rogue program C:\Program.exe with the credentials of another account, resulting in a privilege escalation! 1. Fetch and save it as C:\Program.exe 2. Start Windows Mail part of Windows Vista and Windows Server 2008 3. On the File menu, click...

FolderTimeUpdate - Tool that scans all files and folders and updates the Modified Time of every folder according the latest modified time

FolderTimeUpdate is a simple tool for Windows that scans all files and folders under the base folder you choose, and updates the 'Modified Time' of every folder according the latest modified time of the files stored in it. This tool might be useful if, for example, you backup a cluster of folders...

ProcessThreadsView - View process threads information On Windows

ProcessThreadsView is a small utility that displays extensive information about all threads of the process that you choose. The threads information includes the ThreadID, Context Switches Count, Priority, Created Time, User/Kernel Time, Number of Windows, Window Title, Start Address, and more. Wh...

Linux/x86 - Bind TCP (1337/TCP) Shell Shellcode (89 bytes)

Linux/x86 - Bind TCP 1337/TCP Shell Shellcode 89 bytes. Shellcode exploit for Linuxx86 platform / Title: Shell Bind TCP Shellcode Port 1337 - 89 bytes Platform: Linux/x86 Date: 2014-07-13 Author: Julien Ahrens @MrTuxracer Website: http://www.rcesecurity.com Disassembly of section .text: 00000000 ...