XnView File Search Path Executable File Injection Vulnerability (Windows)

This host has XnView installed and is prone to executable file injection vulnerability. Vulnerabilities Insight: The flaw is caused by an untrusted search path vulnerability when loading executables. OpenVAS Vulnerabilities Test $Id: gbxnviewcodeexecvulnwin.nasl 7052 2017-09-04 11:50:51Z teissa $...

Amoy Royal Taobao guest security vulnerabilities and fixes-vulnerability warning-the black bar safety net

Official website: http://www.taodisoft.com 1, demo Station background turned out to have a place to upload pictures, does not prohibit the upload. 2, the upload image simple filtration, easy to break, Upload a php file, and can be executed. 3, the servervpsconfiguration severe lower, get a webshe...

Code injection

The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions NT AUTHORITY\INTERACTIVE:F for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exist...

XnView < 1.98.1 Insecure Executable Loading

The version of XnView installed on the remote Windows host is earlier than 1.98.1. As such, it reportedly uses unsafe methods for determining how to load executables. Specifically, there is an issue with the file search path, which could result in the insecure loading of executables when using th...

Cisco VPN client weak permissons

Weak installation permissions allow unprivileged user to overwrite executable...

Cybozu Garoon Cross Site Scripting Vulnerability

This host is running Cybozu Garoon and is prone to cross site scripting vulnerability. OpenVAS Vulnerability Test $Id: secpodcybozugaroonxssvuln.nasl 7052 2017-09-04 11:50:51Z teissa $ Cybozu Garoon Cross Site Scripting Vulnerability Authors: Sooraj KS Copyright: Copyright c 2011 SecPod,...

MS Office 2010 RTF Header Stack Overflow Vulnerability Exploity Exploit

Exploit for windows platform in category local exploits Exploit Title: MS Office 2010 RTF Header Stack Overflow Vulnerability Exploit Date: 7/3/2011 Author: Snake Shahriyar.j gmail Version: MS Office unfortunately msgr3en.dll loads a few seconds after opining office, so just need to open open...

Dig Emperor Management Platform security vulnerabilities-vulnerability warning-the black bar safety net

Official website: 1, demo Station background turned out to have a place to upload pictures, does not prohibit the upload. 2, the upload image simple filtration, easy to break, Upload a php file, and can be executed. 3, the servervpsconfiguration severe lower, get a webshell directly after is a...

PHP Nuke 8.3 MT Shell Upload

Iranian Pentesters Home Title : PHP Nuke 8.3 MT Arbitrary File Upload Vulnerability Author : Pentesters.ir Exploits Coded by : b3hz4d & 4n0nym0us Tested on: PHP Nuke 8.3 Vendor : http://phpnuke.ir Specially Thanks To: Navid, Hossein, Ahmad, vahid, daryoush and all of the pentesters.ir members...

Design/Logic Flaw

The helper application in Cisco AnyConnect Secure Mobility Client formerly AnyConnect VPN Client before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file vpndownloader.exe without verifying its authenticity, which allows remote attackers to execute...

PT-2011-3362 · Red Hat · Systemtap +1

Name of the Vulnerable Software and Affected Versions: SystemTap version 1.4 Description: The issue allows local users to cause a denial of service, resulting in a divide-by-zero error and OOPS, by utilizing a crafted ELF program with DWARF expressions that are not properly handled by a stap scri...

Novell ZENworks Asset Management File Upload Traversal

Added: 05/27/2011 CVE: CVE-2010-4229 BID: 47295 OSVDB: 71872 Background Novell ZENworks is a resource management solution consisting of a management server and management agents. Problem The Asset Management module ZAM of ZENworks version 10.3 prior to 10.3.2 and version 11 fail to validate the...

Inside a Malicious PDF Attack

PDFs are widely used business file format, which makes them a common target for malware attacks. On the surface, PDFs are secure, but because they have so many “features,” hackers have learned how to hide attacks deep under the surface. By using a number of utilities, we are able to reverse...

Win32k. sys keyboard layout file to mention the right vulnerability analysis-vulnerability warning-the black bar safety net

Author: Sebastien Renaud Translator: riusksk（springs brother: the http://riusksk.blogbus.com） This article will give you shed some light on the Stuxnet Virus the technical details, mainly aimed at the about the author is how to use 0day vulnerabilities to achieve code versatility. Discussed below...

kernel: proc: protect mm start_code/end_code in /proc/pid/stat

The dotaskstat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the startcode and endcode fields in the /proc//stat file for a process executing a PIE...

Threat Outbreak Alert: Fake DHL Package Delivery Notification Email Messages on March 20, 2015

Medium Alert ID: 23104 First Published: 2011 May 9 12:53 GMT Last Updated: 2015 March 20 12:50 GMT Version: 13 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a DHL package delivery notification. The text in the email message instructs...

CVE-2011-1732

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message...

EMC Networker weak permissions

Weak permissions for executable file...

OpenText FirstClass Client v 11.005 Code Execution

Exploit Title: OpenText FirstClass Client Delayed Code Executiion Date: Discovered 11/16/2010, Contacted OpenText 2/1/11 and 2/7/11, Released 4/11/2011 Author: Kyle Ossinger www.k0ss.net Email: email protected Software Link:...

CVE-2009-5064

ldd in the GNU C Library aka glibc or libc6 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LDTRACELOADEDOBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion...