AwingSoft Winds3D Player 3.5 SceneURL Download and Execute

$Id: awingsoftwinds3dsceneurl.rb 7724 2009-12-06 05:50:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Firefox Image File Dragging Malformed Extension (CVE-2005-0230)

The Mozilla web browser and its derivatives, Firefox, Netscape, and K-Meleon are applications designed for tasks related to browsing the web, such as displaying HTML encoded pages and downloading files. The Mozilla web browser allows the user to quickly save images displayed on web pages by...

Microsoft Windows Media Player Arbitrary File Download (MS03-017; CVE-2003-0228)

Microsoft Windows Media Player is an application that is used to play various media files, such as those compressed with AVI, MP3, MPG formats and so on. Windows Media Player runs on the Microsoft Windows operating system. Windows Media Player has the ability to change its user interface and...

Microsoft IIS Filename Extension Parsing Security Bypass (CVE-2009-4444)

A security bypass vulnerability has been discovered in Microsoft Internet Information Services IIS. The vulnerability is due to an error in the IIS service that incorrectly parses filenames that contain a semicolon character when determining the MIME type based on the filename extension. An...

CVE-2009-4412

Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of...

CVE-2009-4412

Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of...

CVE-2009-4140

Unrestricted file upload vulnerability in ofcuploadimage.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when registerglobals is enabled, allows remote authenticated users to...

CVE-2009-4373

Unrestricted file upload vulnerability in repository/repositoryattachment.php in AlienVault Open Source Security Information Management OSSIM 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then...

phpshell written to the startup items to mention right-vulnerability warning-the black bar safety net

The actual operation can be in webshell with the udf. dll mention to the right,with the function to upload file function to upload the file to the startup directory,then shut the function re-starting the system. Currently not successful,the opportunity of the local test,the first record on this. ...

Yahoo! Messenger File Transfer Filename Spoofing (CVE-2005-0243)

Yahoo Messenger is a service providing instant messages, similar to MSN Messenger and ICQ. Yahoo! Messenger allows users to see when their friends come online, send instant messages, join chat rooms, and exchange files. There exists a vulnerability in the way Yahoo! Messenger displays file names ...

Serenity/Mplay Player Version Detection

This script detects the installed version of Serenity/Mplay Audio Player. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Altap Salamander 2.5 PE Viewer Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Altap...

Netcat v1.10 NT Stack Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Netcat v1.10...

COWON Media Center JetAudio Version Detection

This script detects the installed version of COWON Media Center JetAudio. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

Internet Explorer execCommand File Type Spoofing (CVE-2004-1331)

Internet Explorer is a popular web-browser released by the Microsoft Corporation. It supports various content available on the web including HTML documents, images, dynamic scripting, and so on. Internet Explorer also provides the Dynamic Hypertext Markup Language DHTML application programming...

Oracle Database Server ctxsys.driload Access Validation (CVE-2004-0637)

Stored procedures are a powerful feature of an Oracle database server. They are essentially a set of SQL statements that are stored server-side, which are called by name and optionally passed a set of parameters. Stored procedures provide improved performance, because only data specific to the...

SystemTap Version Detection

This script detects the installed version of SystemTap and sets the result in KB. OpenVAS Vulnerability Test $Id: secpodsystemtapdetect.nasl 7823 2017-11-20 08:54:04Z cfischer $ SystemTap Version Detection Authors: Antu Sanadi Copyright: Copyright c 2009 SecPod, http://www.secpod.com This program...

CVE-2009-3376

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override aka RLO or U+202E Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displayin...

Rising Multiple Products Local Privilege Escalation Vulnerability

ShineShadow Security Report 28102009-13 TITLE Rising Multiple Products Local Privilege Escalation Vulnerability BACKGROUND RISING has introduced a variety of operating system based antivirus software, firewall software and enterprise antivirus wall, firewall, network security warning system and...

Facebook Password-Reset Spam is Botnet Attack

Virus hunters are raising the alarm for a large-scale spam attack that uses fake Facebook password-reset messages to trick PC users into downloading a dangerous piece of malware. The malicious executable is linked to the Bredolab botnet, which has been linked to massive spam runs and identity-the...