Windows Mail Rogue Program.exe Execution

Hi @ll, the import function of Windows Mail executes a rogue program C:\Program.exe with the credentials of another account, resulting in a privilege escalation! 1. Fetch and save it as C:\Program.exe 2. Start Windows Mail part of Windows Vista and Windows Server 2008 3. On the File menu, click...

Debian DSA-2975-1 : phpmyadmin - security update

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-4995 Authenticated users could inject arbitrary web script or HTML via a crafted SQL query. -...

Debian: Security Advisory (DSA-2975-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SureThing CD Labeler (m3u/pls) - Unicode Stack Overflow PoC Exploit

No description provided by source. / surethingcdlabelerbofpoc.c SureThing cd labeler m3u/pls - unicode stack overflow PoC exploit Found by: Ruben Alejandro - chap0 Author: Steven Seeley - mrme http://net-ninja.net/ Greetz to: Corelan Security Team...

MS IE 4.0.1/5.0 Import/Export Favorites Vulnerability

No description provided by source. Microsoft Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0,Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4 Import/Export Favorites Vulnerability source: http://www.securityfocus.com/bid/627/info The ImportExportFavorites...

Destiny Media Player 1.61 - (lst File) Local Buffer Overflow Exploit

No description provided by source. Destiny Media Player 1.61 lst File Local Buffer overflow Exploit By:Encrypt3d.M!nd i was so stupid when i wrote the poc coz i didn't realize somethings :p well this is workin exploit tested on windows xp sp3 don't double click the file,import it from the program...

Oracle Outside-In FPX File Parsing Heap Overflow

No description provided by source. Application: Oracle Outside-In FPX File Parsing Heap Overflow Version: he vulnerabilities are reported in versions 8.3.5 and 8.3.7. Exploitation: Remote code execution Secunia Number: SA49936 PRL: 2012-26 Author: Francis Provencher Protek Research Lab's Website:...

Real-DRAW PRO 5.2.4 Import File Crash

No description provided by source. Real-DRAW PRO 5.2.4 Import File Crash =================================================================================== Exploit Title:Real-DRAW PRO 5.2.4 Malicious PNG File Denial of service Vendor : http://www.mediachance.com/ Author: Ahmed Elhady Mohamed Ema...

Zoner Photo Studio 15 b3 - Buffer Overflow Vulnerabilities

No description provided by source. Title: ====== Zoner Photo Studio v15 b3 - Buffer Overflow Vulnerabilities Date: ===== 2012-11-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=759 VL-ID: ===== 759 Common Vulnerability Scoring System:...

phpBB Import Tools Mod <= 0.1.4 - Remote File Include Vulnerability

No description provided by source. Title: phpBB Import Tools Mod = 0.1.4 phpbbrootpath Remote File Inclusion Author/Discovery: boecke Vulnerability Type: Remote File Inclusion Risk: High Risk Software Affected: phpBB Import Tools Mod = 0.1.4 Literally shouts to: str0ke and henrik Don't promote...

Kwik Pay Payroll 4.10.3 - (.mdb) Crash PoC

No description provided by source. Exploit Title: Kwik Pay Payroll .mdb Crash PoC Date: April 1, 2010 Version: 4.10.3 Tested on: Windows XP SP3 Cost: 100.00 AU Author: anonymous Site: http://www.setfreesecurity.com Usage: Run Script, Open the program File - Import Payroll Data Select From Data...

Mozilla Thunderbird 1.5 Address Book Import Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16716/info Mozilla Thunderbird is prone to a remote denial-of-service vulnerability. The issue presents itself when the application handles a specially crafted address book file. Mozilla Thunderbird 1.5 is reportedly...

DESTOON 20140625版本站内信XSS

简要描述： 只测试了ie6，弹了个框框。 详细说明： function dsafe$string ifisarray$string return arraymap'dsafe', $string; else $string = pregreplace"//", "", $string; $string = pregreplace"//\s\S?\//", "", $string; $string = pregreplace"/&a-z0-9+;/i", "", $string; ifpregmatch"/&a-z0-9+;/i", $string return...

HP Enterprise Maps 1.00 Authenticated XXE Injection

HP Enterprise Maps 1.00 Authenticated XXE vulnerability http://www8.hp.com/us/en/software/enterprise-software.html Any user that has the ability to import a file to create an artifact most, if not all authed users? can upload a specially crafted WSDL that will read files such as /etc/passwd. If y...

openSUSE Security Update : OpenOffice_org (openSUSE-SU-2011:0336-1)

Maintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOfficeorg packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the...

openSUSE Security Update : phpMyAdmin (openSUSE-2012-135)

update to 3.4.10.1 fix for bnc747841 - security XSS in replication setup, see PMASA-2012-1 - 3.4.10.0 2012-02-14 - bug 3460090 interface TextareaAutoSelect feature broken - patch 3375984 export PHP Array export might generate invalid php code - bug 3049209 import Import from ODS ignores cell that...

openSUSE Security Update : libreoffice (openSUSE-SU-2012:0428-1)

updated to libreoffice-3.4.5.5 SUSE 3.4.5-rc3 : - extras - add SUSE color palette fate312645 - filters - crash when loading embedded elements bnc693238 - crash when importing an empty paragraph rh667082 - writer - do not use an invalidated iterator fdo46337 - updated to libreoffice-3.4.5.4 SUSE...

openSUSE Security Update : libreoffice (openSUSE-SU-2012:1686-1)

LibreOffice was updated to 3.5.4.13 3.5.6rc2 based, fixing a security issue and lots of bugs : - NULL pointer dereference bnc778669, CVE-2012-4233 - bullet-color-pptx-import.diff: bullets should have same color as following text by default; missing part of the fix bnc734733 - update to...

openSUSE Security Update : pcp (openSUSE-SU-2012:1081-1)

Update to pcp-3.6.5. + Fixes for security advisory CVE-2012-3418; bnc775009. + Workaround for security advisory CVE-2012-3419; bnc775010. + Fixes for security advisory CVE-2012-3420; bnc775011. + Fixes for security advisory CVE-2012-3421; bnc775013. %NASLMINLEVEL 70300 C Tenable Network Security,...

openSUSE Security Update : LibreOffice (openSUSE-SU-2012:1523-1)

LibreOffice was updated to 3.5.4.13 to fix various bugs and security issues : - NULL pointer dereference bnc778669, CVE-2012-4233 - bullet-color-pptx-import.diff: bullets should have same color as following text by default; missing part of the fix bnc734733 - update to suse-3.5.4.13 SUSE 3.5 bugf...