1153 matches found
Mambo Hestar SQL Injection
comhestar 1.0.0 Author : M3NW5 M3NW5athackermaildotcom Homepage : http://www.indonesiancoder.com Date : Monday, Semptember 07, 2009 ------------------------------------------------------------------------------------------------------- | |.-----..--| |.-----..-----..-----..-----.||.---.-..-----. ...
Mambo Component com_hestar Remote SQL Injection Vulnerability
No description provided by source. comhestar 1.0.0 Author : M3NW5 M3NW5athackermaildotcom Homepage : http://www.indonesiancoder.com Date : Monday, Semptember 07, 2009 ------------------------------------------------------------------------------------------------------- | |.-----..--|...
Mambo Component com_hestar Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ============================================================= Mambo Component comhestar Remote SQL Injection Vulnerability =============================================================...
About free kill Webshell little experience of talk-vulnerability warning-the black bar safety net
About thefree to killWebshell little experience, go from the network, original author unknown The following is quoted fragment: dim tStream set tStream = Server. CreateObject"adodb. stream" Into the following form: dim tStream set tStream = Server. CreateObject"ado" & "db. stre" & "am" If the...
Mambo Component Hestar - SQL Injection
comhestar 1.0.0 Author : M3NW5 M3NW5athackermaildotcom Homepage : http://www.indonesiancoder.com Date : Monday, Semptember 07, 2009 ------------------------------------------------------------------------------------------------------- | |.-----..--| |.-----..-----..-----..-----.||.---.-..-----. ...
MundiMail 0.8.2 - Remote Code Execution
Reference: http://www.ccat.edu.mx/advisors/advisor5/advisor5.html Credits: Ccat Research Labs - México - Coatepec, Ver. www.ccat.edu.mx Software Link: http://sourceforge.net/projects/mundimail/ Tested on: Debian, Centos & Windows Server 2000 Preview: Code uses System and Exec without good practic...
Alex Howard on Compliance, Breach Notification and the Rockefeller Bill
Dennis Fisher talks with Alex Howard, associate editor of Searchcompliance.com, about the burden compliance places on security staffs, the growing tide of breach notification laws and the misunderstandings surrounding the Rockefeller bill and the Internet kill switch. Download Subscribe to the...
Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706)
This host is missing a critical security update according to Microsoft Bulletin MS09-035. OpenVAS Vulnerability Test $Id: secpodms09-035.nasl 6517 2017-07-04 13:34:20Z cfischer $ Microsoft Visual Studio ATL Remote Code Execution Vulnerability 969706 Authors: Sharath S Copyright: Copyright c 2009...
Microsoft Visual Studio ATL COM对象远程代码执行漏洞
Bugraq ID: 35828 CVE ID:CVE-2009-2493 Microsoft Visual Studio是一款微软公司的开发工具套件系列产品。 Microsoft活动模版库ATL处理数据流对象实例化时ATL头存在错误,远程攻击者可以利用漏洞绕过IE等Kill-bits安全策略,并导致任意代码执行。 此漏洞只影响安装了使用Visual Studio ATL的组件和控件的系统。如果组件或控件使用ATL,不安全使用OleLoadFromStream允许任意对象实例化,可绕过相关的安全策略,如 Internet Explorer的Kill...
Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability
Added: 07/14/2009 CVE: CVE-2009-1136 BID: 35642 OSVDB: 55806 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A memory corruption vulnerability allows command execution when a web page passes a specially crafted parameter to the...
Microsoft Security Bulletin MS09-032 - Critical Cumulative Security Update of ActiveX Kill Bits (973346)
Microsoft Security Bulletin MS09-032 - Critical Cumulative Security Update of ActiveX Kill Bits 973346 Published: July 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability ...
Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability
Added: 07/14/2009 CVE: CVE-2009-1136 BID: 35642 OSVDB: 55806 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A memory corruption vulnerability allows command execution when a web page passes a specially crafted parameter to the...
Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability
Added: 07/14/2009 CVE: CVE-2009-1136 BID: 35642 OSVDB: 55806 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A memory corruption vulnerability allows command execution when a web page passes a specially crafted parameter to the...
Winds3D Viewer GetURL()函数远程代码执行漏洞
BUGTRAQ ID: 35595 CVECAN ID: CVE-2009-2386 Awakening是一个功能强大的实时3D解决方案,Winds3D Viewer是Awakening的浏览器插件。 Winds3D Viewer以不安全的方式实现了GetURL函数: /----------- GetURLstring URL Description: Open browser to visit assigned URL returns: None - -----------/ 调用GetURL最终会执行相当于“ShellExecuteNULL, "open", URL, 0, 0,...
How to Protect Against the MSVidCtl Vulnerability
The ongoing exploitation of the vulnerability in an ActiveX control used by Internet Explorer has created a dangerous situation, as there is no patch yet for the MSVidCtl.dll vulnerability. However, there are several steps you can take to protect yourself against attacks. Microsoft has released a...
MS09-032: Cumulative Security Update of ActiveX Kill Bits (973346)
The remote host is missing a list of kill bits for ActiveX controls that are known to contain vulnerabilities. If these ActiveX controls are ever installed on the remote host, either now or in the future, they would expose it to various security issues. %NASLMINLEVEL 70300 C Tenable Network...
NetBSD x86 Kill All Processes Shellcode
/ netbsd/x86 kill all processes shellcode author REMOVED AT REQUEST OF AUTHOR contact REMOVED AT REQUEST OF AUTHOR this shellcode is using syscall number 37 or 0x25 37 STD int syskillint pid, int signum; here is assembler code using intel syntaxe and NASM --------------begin----------- section...
netbsd/x86 kill all processes shellcode 23 bytes
No description provided by source. / netbsd/x86 kill all processes shellcode this shellcode is using syscall number 37 or 0x25 37 STD int syskillint pid, int signum; here is assembler code using intel syntaxe and NASM --------------begin----------- section .note.netbsd.ident dd 0x07,0x04,0x01 db...
IBM AIX rpc.ttdbserver远程溢出漏洞
BUGTRAQ ID: 35419 IBM AIX是一款商业性质的UNIX操作系统。 AIX的ToolTalk库libtt.a中存在缓冲区溢出漏洞。如果/etc/inetd.conf中启用了rpc.ttdbserver的话,远程攻击者就可以通过提交恶意RPC请求触发这个溢出,导致以root用户权限执行任意指令。 IBM AIX 6.1 IBM AIX 5.3 IBM AIX 5.2 临时解决方法: 从/etc/inetd.conf中删除rpc.ttdbserver项并刷新inetd: chsubserver -r inetd -C /etc/inetd.conf -d -v...
netbsd/x86 kill all processes shellcode 23 bytes
netbsd/x86 kill all processes shellcode 23 bytes. Shellcode exploit for netbsdx86 platform / netbsd/x86 kill all processes shellcode author Anonymous this shellcode is using syscall number 37 or 0x25 37 STD int syskillint pid, int signum; here is assembler code using intel syntaxe and NASM...