Oracle Database Server SQL QName Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Database. Authentication is not required to exploit this vulnerability. The specific flaw exists in the LpxFSMDom function. This function is responsible for parsing SQL commands through XML....

[SECURITY] Fedora 18 Update: ReviewBoard-1.7.12-1.fc18

Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It scales well from small projects to large companies and offers a variety of tools to take much of the stress and time out of the code review process...

CVE-2013-0581

Multiple cross-site scripting XSS vulnerabilities in IBM Business Process Manager BPM 7.5.1.x, 8.0.0.x, and 8.0.1 before FP1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving 1 ProcessPortal/jsp/socialPortal/dashboard.jsp, 2...

Windows Manage Reflective DLL Injection Module

This module will inject a specified reflective DLL into the memory of a process, new or existing. If arguments are specified, they are passed to the DllMain entry point as the lpvReserved 3rd parameter. To read output from the injected process, set PID to zero and WAIT to non-zero. Make sure the...

FreeBSD 9 Address Space Manipulation Privilege Escalation

This Metasploit module exploits a vulnerability that can be used to modify portions of a process's address space, which may lead to privilege escalation. Systems such as FreeBSD 9.0 and 9.1 are known to be vulnerable. This file is part of the Metasploit Framework and may be subject to...

Determining if your Company is Prepared for FedRAMP

Many companies interested in pursuing FedRAMP are seeking guidelines, checklists and any referenceable source to help them understand and determine their level of preparedness to go through the FedRAMP process. The GSAs FedRAMP.gov site provides documentation on the FedRAMP process in their "Guid...

MS13-005 HWND_BROADCAST PoC

No description provided by source. / ms13-005-funz-poc.cpp - Drive a Medium IL cmd.exe via a Low IL process and message broadcasted Copyright C 2013 Axel "0vercl0k" Souchet - http://www.twitter.com/0vercl0k This program is free software: you can redistribute it and/or modify it under the terms of...

Microsoft Windows - HWND_BROADCAST (PoC) (MS13-005)

Microsoft Windows - HWNDBROADCAST PoC MS13-005 / ms13-005-funz-poc.cpp - Drive a Medium IL cmd.exe via a Low IL process and message broadcasted Copyright C 2013 Axel "0vercl0k" Souchet - http://www.twitter.com/0vercl0k This program is free software: you can redistribute it and/or modify it under...

Windows Manage Memory Payload Injection Exploit

Exploit for windows platform in category local exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...

Windows Manage Memory Payload Injection

This module will inject a payload into memory of a process. If a payload isn't selected, then it'll default to a reverse x86 TCP meterpreter. If the PID datastore option isn't specified, then it'll inject into notepad.exe instead. This module requires Metasploit: https://metasploit.com/download...

Windows Manage Memory Payload Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/exploit/exe' class...

AIX 6.1 TL 6 : fuser (IV28151)

IBM AIX is vulnerable to a denial of service, caused by improper restrictions on the fuser command. A local attacker could exploit this vulnerability via the -k argument to kill a process of another user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the description was extract...

AIX 7.1 TL 2 : fuser (IV29207)

IBM AIX is vulnerable to a denial of service, caused by improper restrictions on the fuser command. A local attacker could exploit this vulnerability via the -k argument to kill a process of another user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the description was extract...

A micro windows crash catcher in python

In this article we describe how to write a minimalistic Windows debugging loop.aspx in python. Modern applications usually spawn more than one process and the bugs in them generate different type of crashes. Our minimalistic debugger shall detect "any" crash condition of a process or process tree...

openSIS 5.1 - ajax.php Local File Inclusion

openSIS 5.1 - ajax.php Local File Inclusion source: https://www.securityfocus.com/bid/56598/info openSIS is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this vulnerability to obtain potentially sensitive...

[ShowWindows v1.0] Command-line Tool to Manage Open Windows

Show Windows is the command-line tool to manage Windows opened by all running Processes on your system. In addition to showing open Windows, it does little more. Here are some of the things that you can do with ShowWindows, View all open Windows/Apps Windows opened by particular User Windows open...

CVE-2012-5091

Unspecified vulnerability in the Oracle Agile Product Supplier Collaboration for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect confidentiality via unknown vectors related to Supplier Portal...

CVE-2012-5091

CVE-2012-5091 targets Oracle Agile Product Supplier Collaboration for Process in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0. The documented impact is an unspecified vulnerability affecting confidentiality via unknown vectors related to the Supplier Portal; CVSS v2 base score 4.3 (MEDIUM...

CVE-2012-5092

CVE-2012-5092 affects Oracle Agile PLM for Process within Oracle Supply Chain Products Suite (versions 5.2.2 and 6.1.0.0). The vulnerability is described as unspecified, allowing remote authenticated users to impact confidentiality and integrity via unknown vectors related to Supply Chain Relatio...

CVE-2012-5093

CVE-2012-5093 affects Oracle Agile PLM for Process in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0. The vulnerability is described as unspecified and enables remote attackers to impact integrity via unknown vectors related to Global Spec Management. The connected resources indicate this i...