Double-clicking a link can unexpectedly run a program from the Internet

When a user clicks a link on a Web page that points to an executable file, Opera will show a download dialog to allow the user to download it. The dialog will allow the user to choose to run the executable directly. If the user accidentally double clicks, the second click will activate whatever i...

Foxit Reader < 3.2.1 Arbitrary Program Execution

The version of Foxit Reader installed on the remote Windows host is prior to 3.2.1. It is, therefore, affected by an arbitrary program execution vulnerability related to certain '/Type /Action /S /Launch' or '/Launch /Action' sequences. An attacker can exploit these, by tricking a user into openi...

Energizer DUO USB Battery Charger Software Backdoor (credentialed check)

The remote Windows host includes an install of the Energizer DUO software, likely included with a Energizer DUO USB battery charger to allow a user to view the battery charging status. The installed version of this software includes the Arugizer backdoor Arucer.dll, which is reported to have been...

DEBIAN-CVE-2009-4261

Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0rc2 allow 1 remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API RAPI and allow 2...

How to use the database to crack the md5-vulnerability warning-the black bar safety net

Why password the number of bits short of MD5 unsafe? A length of 4 pure lowercase letters to generate passwords in the database with the help of Can in 0. 005s is cracked. This time also includes a connection to the database the time, the running environment is in my 900MHZ personal PC. Note that...

Office OCX Multiple ActiveX Controls OpenWebFile Arbitrary Program Execution

Office OCX provides multiple software products that parse various Microsoft Office documents. Some of these products include Word Viewer OCX, Excel Viewer OCX, PowerPoint Viewer OCX, and Office Viewer OCX. These products act as ActiveX document containers to create, open, edit, and print...

FreeBSD privilege escalation

It's possible to bypass environment variables filtering on suid program execution...

Novell NetMail <= 3.52d IMAP APPEND Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Novell NetMa...

GoodTech Telnet Server <= 5.0.6 Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'GoodTech...

Ipswitch IMail IMAP SEARCH Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Ipswitch IMa...

AwingSoft Winds3D Player 3.5 SceneURL Download and Execute

This module exploits an untrusted program execution vulnerability within the Winds3D Player from AwingSoft. The Winds3D Player is a browser plugin for IE ActiveX, Opera DLL and Firefox XPI. By setting the 'SceneURL' parameter to the URL to an executable, an attacker can execute arbitrary code...

Novell NetMail <= 3.52d IMAP SUBSCRIBE Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Novell NetMa...

How to create pseudo log-vulnerability warning-the black bar safety net

A, execute the external program DIM objShell set objShell="" iReturn=" /C set var=world", 1, TRUE Save As. the vbs file can be. In this code, we first set an environment variable, which is named var, and the value of the world, the user can use%Comspec%instead, and you can put the command: set...

php using Shell. Application to program execution-vulnerability warning-the black bar safety net

On the use of the Shell. Application to execute the program in Hai Duong to the top of the asp Trojan is with an example. With ShellExecute this method. Today tried it with the open also can. the php code is as follows, I feel like I haven't in the php webshell to see Related methods ? php $wsh =...

Soritong MP3 Player 1.0 Overflow

""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" """ :::::: :: :: :: :: :: :::: """ """ :: :: :: :: :::::: .. :::: :: """ """ ::::: ::: ::::: :: :: :: :: :: :::: """ """ :: :: :: :: : :: :: :: :: :: :: """ """ :::::: :: :: ::::: :: :::::: :: :: :::: rs.ir """ """ :: """ """ """...

Ubuntu 8.04 LTS / 8.10 / 9.04 : nagios2, nagios3 vulnerability (USN-795-1)

It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server. Note that Tenable Network Security has extracted the preceding description block directly from t...

Symantec Alert Management System 2 multiple vulnerabilities

SUMMARY The version of Alert Management System 2 AMS2 used by some versions of Symantec System Center, Symantec Antivirus Server, and Symantec AntiVirus Central Quarantine Server contains four vulnerabilities. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec AntiVirus Corporate...

Flower instruction generator, Perl version-bug warning-the black bar safety net

Author: countercurrent wind Have previously published in the Journal of the articles put up! , published in the hacker X-Files for the first few periods forget, huh? Foreword Believe donefree killfriends are aware flower instruction. Add flowers Instructions Is a good filefree to killmethod, and...

Microsoft Office OCX ActiveX controls OpenWebFile program execution

Added: 01/30/2009 BID: 33243 Background Microsoft Office OCX is a suite of ActiveX document containers to create, open, edit, and print Microsoft Office files. Problem A vulnerability in multiple Office OCX ActiveX controls allows a web page to execute remote programs using the OpenWebFile method...

Microsoft Office OCX ActiveX controls OpenWebFile program execution

Added: 01/30/2009 BID: 33243 Background Microsoft Office OCX is a suite of ActiveX document containers to create, open, edit, and print Microsoft Office files. Problem A vulnerability in multiple Office OCX ActiveX controls allows a web page to execute remote programs using the OpenWebFile method...