Lenovo Slim USB Keyboard 1.09 - Unquoted Service Path Privilege Escalation

Lenovo Slim USB Keyboard 1.09 - Unquoted Service Path Privilege Escalation Exploit Title: Lenovo Slim USB Keyboard - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Version: 1.09 Tested on: Windows 7 Professional The Lenovo Slim USB Keyboard service is...

Zapya Desktop 1.803 - ZapyaService.exe Local Privilege Escalation

Zapya Desktop 1.803 - ZapyaService.exe Local Privilege Escalation Exploit Title: Zapya Desktop Version 'ZapyaService.exe' Privilege Escalation Date: 2016/9/12 Exploit Author: Arash Khazaei Vendor Homepage: http://www.izapya.com/ Software Link:...

Suspicious Webpage JavaScript Downloader

Certain malicious executable files can be hidden using js downloader file. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...

How RTF malware evades static signature-based detection

History Rich Text Format RTF is a document format developed by Microsoft that has been widely used on various platforms for more than 29 years. The RTF format is very flexible and therefore complicated. This makes the development of a safe RTF parsers challenging. Some notorious vulnerabilities...

Suspicious Executable Mail Attachment

Certain malicious executable files can be hidden using a different extension for the file. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute a malicious mail attachment. This method is often used by ransomware such as Locky, Cerber, CryptoXXX, and others...

How Just Opening an MS Word Doc Can Hijack Every File On Your System

If you receive a mail masquerading as a company's invoice and containing a Microsoft Word file, think twice before clicking on it. Doing so could cripple your system and could lead to a catastrophic destruction. Hackers are believed to be carrying out social engineering hoaxes by adopting...

Malicious Mail Payload Containing JavaScript Downloader

Certain malicious executable files can be hidden using js downloader file. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute arbitrary files...

eBay Fixes File Upload and Patch Disclosure Bugs

eBay has fixed a pair of security vulnerabilities in its site that could enable attackers to upload executable files disguised as benign file types, construct full path URLs and then point victims to them through drive-by download attacks. The first bug resulted from the failure of an eBay page t...

Huawei Mobile Partner DLL Hijacking

Title: Huawei Mobile Partner Multiple Vulnerabilities Version: 23.009.05.03.1014 Tested on: Windows XP SP2 en Vendor: http://www.huawei.com/ Software-Link: http://download-c.huawei.com/download/downloadCenter?downloadId=18474&version=16815&siteCode=worldwide E-Mail: osandaatunseen.is Author: Osan...

Apple Patches Shellshock Vulnerability in Bash

Apple tonight released its patch for the Bash vulnerability, updating OS X Lion, Mountain Lion and Mavericks. Late Friday, Apple reassured Mac OS X users that most were protected by default, but nonetheless that it was working on a patch. The vulnerability in Bash, which stands for Bourne Again...

Symantec Norton AntiVirus 2002 Nested File Manual Scan Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10164/info A vulnerability has been reported in Symantec Norton AntiVirus 2002 that may potentially cause deeply nested files with specific names to bypass manual scanning. This could permit malicious executable content t...

Solarwinds Storage Manager 5.1.0 - SQL Injection

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

IBM ACPRunner 1.2.5 ActiveX Control Dangerous Method Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10561/info It is reported that the IBM acpRunner ActiveX control contains dangerous methods that may result in a remote compromise of a system on which the ActiveX control is installed. These methods may be accessed by a...

IBM EGatherer 2.0 ActiveX Control Dangerous Method Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10562/info It is reported that the IBM eGatherer ActiveX control contains dangerous methods that may result in a remote compromise of a system on which the ActiveX control is installed. These methods may be accessed by a...

HP Instant Support 1.0.22 - 'HPISDataManager.dll' 'StartApp' ActiveX Control Insecure Method Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29533/info HP Instant Support 'HPISDataManager.dll' ActiveX control is prone to an insecure-method vulnerability. Successfully exploiting this issue allows remote attackers to launch arbitrary applications with the...

Threat Outbreak Alert: Fake Fax Message Notification Email Messages on May 27, 2014

Medium Alert ID: 34353 First Published: 2014 May 28 17:51 GMT Version: 1 Summary Cisco Security has detected significant activity related to German-language spam email messages that claim to contain a fax message for the recipient. The text in the email message attempts to convince the recipient ...

Threat Outbreak Alert: Email Messages with Malicious Attachment on May 27, 2014

Medium Alert ID: 34370 First Published: 2014 May 27 19:20 GMT Last Updated: 2014 May 29 12:59 GMT Version: 2 Summary Cisco Security has detected significant activity related to German-language spam email messages that contain an attachment for the recipient. The email message attempts to convince...

Threat Outbreak Alert: Fake Invitation Email Messages on May 5, 2014.

Medium Alert ID: 34120 First Published: 2014 May 6 14:52 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an invitation for the recipient. The text in the email message attempts to convince the recipient to open the...

Threat Outbreak Alert: Fake Product Catalog Notification Email Messages on April 28, 2014

Medium Alert ID: 33979 First Published: 2014 April 29 18:36 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages with a blank message body and a catalog attached for the recipient. However, the .zip attachment contains a malicious .exe file that,...

Threat Outbreak Alert: Fake Purchase Order Notification Email Messages on March 16, 2014

Medium Alert ID: 33359 First Published: 2014 March 17 14:14 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a purchase order notification for the recipient. The text in the email message attempts to convince the recipien...