Lucene search
K

9 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

IBM eGatherer <= 3.20.0284.0 (ActiveX) Remote Code Execution Exploit

No description provided by source. This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artisti...

9.3CVSS6.5AI score0.08407EPSS
Exploits10
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

IBM EGatherer 2.0 ActiveX Control Dangerous Method Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10562/info It is reported that the IBM eGatherer ActiveX control contains dangerous methods that may result in a remote compromise of a system on which the ActiveX control is installed. These methods may be accessed by a...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/11 12:0 a.m.22 views

IBM eGatherer ActiveX代码执行漏洞

IBM eGatherer ActiveX控件是一款自动检测机器类型,序列号等信息,帮助用户快速获得文件和信息的控件。 IBM eGatherer ActiveX控件不正确处理参数数据,远程攻击者可以利用漏洞进行缓冲区溢出攻击,可能以进程权限执行任意指令。 问题存在于ActiveX控件汇总的RunEgatherer函数中,这个方法接收一个函数,使用特定的文件名作为eGatherer日志输出,通过填充超长的字符传作为参数数据,可导致堆栈溢出,精心构建恶意WEB页,诱使用户访问,可导致以进程权限执行任意指令。 IBM eGatherer ActiveX control...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2006/11/05 12:0 a.m.11 views

IBM eGatherer ActiveX控件代码执行漏洞

IBM eGatherer控件是IBM用于自动维护PC的解决方案。 eGatherer控件的RunEgatherer函数实现上存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。 这个函数会接受eGatherer日志输出的指定文件名。即使已经为输出设置了合法的路径参数,ActiveX仍会向SystemDrive写入日志文件。如果攻击者能够发送超长的参数的话,就会触发栈溢出漏洞,导致执行任意代码。 IBM eGatherer 3.20.0284.0 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

6.9AI score
Exploits0
0day.today
0day.today
added 2006/08/29 12:0 a.m.40 views

IBM eGatherer <= 3.20.0284.0 (ActiveX) Remote Code Execution Expl

Exploit for unknown platform in category remote exploits ==================================================================== IBM eGatherer 'IBM eGatherer ActiveX Code Execution Vulnerability', 'Version' = '$Revision: 1 $', 'Authors' = 'Francisco Amato ISR www.infobyte.com.ar', , 'Description' =...

7.1AI score0.08407EPSS
Exploits10
Exploit DB
Exploit DB
added 2006/08/29 12:0 a.m.51 views

IBM eGatherer 3.20.0284.0 - ActiveX Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...

9.3CVSS6.5AI score0.08407EPSS
Exploits10
Saint
Saint
added 2006/08/21 12:0 a.m.36 views

IBM eGatherer ActiveX RunEgatherer buffer overflow

Added: 08/21/2006 CVE: CVE-2006-4221 BID: 19554 OSVDB: 27976 Background The eGatherer ActiveX control is installed with IBM Access Support. Problem A buffer overflow in the eGatherer ActiveX control allows command execution by a web page which sends a long, specially crafted file name to the...

9.3CVSS6.8AI score0.08407EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2006/08/21 12:0 a.m.21 views

IBM eGatherer ActiveX RunEgatherer Function Overflow

The Windows remote host contains the eGatherer ActiveX control, which is typically installed by default on IBM workstations and laptops and used for automatically locating drivers and updates on IBM / Lenovo support sites. The version of this ActiveX control on the remote host reportedly contains...

9.3CVSS6.5AI score0.08407EPSS
Exploits10References3
exploitpack
exploitpack
added 2004/06/01 12:0 a.m.14 views

IBM EGatherer 2.0 - ActiveX Control Dangerous Method

IBM EGatherer 2.0 - ActiveX Control Dangerous Method source: https://www.securityfocus.com/bid/10562/info It is reported that the IBM eGatherer ActiveX control contains dangerous methods that may result in a remote compromise of a system on which the ActiveX control is installed. These methods ma...

0.9AI score
Exploits0
Rows per page
Query Builder