Microsoft Internet Explorer VBScript Memory Corruption (MS14-080; CVE-2014-6363)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way that the VBScript engine handles objects in memory when rendered in Internet Explorer. A remote attacker can exploit this issue by enticing a user to open a specially crafte...

MS14-084: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)

The installed version of the VBScript Scripting Engine is affected by a remote code execution vulnerability due to improper handling of objects in memory. By tricking a user into viewing or opening malicious content, an attacker can exploit this to execute arbitrary code on the affected system,...

MS14-084: Vulnerability in VBScript scripting engine could allow remote code execution: December 9, 2014

Resolves a vulnerability in the VBScript scripting engine in Microsoft Windows that could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.INTRODUCTIONMicrosoft h...

IE pass to kill the remote command execution poc-vulnerability warning-the black bar safety net

! doctype html 2. html 3. meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8" 4. meta http-equiv="content-type" content="text/html;charset=utf-8" 5. head 6. /head 7. body 8. For you to open Notepad and Calculator, IE Only 9. SCRIPT LANGUAGE="VBScript" 1 0. 1 1. function runmumaa 1 2. On...

Microsoft Internet Explorer 11 - OLE Automation Array Remote Code Execution (1)

Microsoft Internet Explorer 11 - OLE Automation Array Remote Code Execution 1 // alliewin95+ie3-win10+ie11 dve copy by yuange in 2009. cve-2014-6332 exploit https://twitter.com/yuange75 http://hi.baidu.com/yuange1975 // function runmumaa On Error Resume Next set...

Internet Explorer OLE Automation Array Remote Code Execution Exploit

This Metasploit module exploits the Windows OLE automation array remote code execution vulnerability. The vulnerability exists in Internet Explorer 3.0 until version 11 within Windows 95 up to Windows 10. // alliewin95+ie3-win10+ie11 dve copy by yuange in 2009. cve-2014-6332 exploit...

Internet Explorer Winhlp32.exe MsgBox Code Execution

No description provided by source. $Id: ms10022ievbscriptwinhlp32.rb 10504 2010-09-28 16:19:50Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing an...

Acuity CMS 2.7.1 - SQL Injection Vulnerability

No description provided by source. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ \ /\ \...

Gatesoft Docusafe 4.1.0 - SQL Injection Vulnerability

No description provided by source. Author: R4dc0re Exploit Title: Gatesoft Docusafe Sql Injection Vulnerablity Date: 05-12-2010 Vendor or Software Link:http://gatesoft.no/ Category:WebApp Version:4.1.0 Price:3500$ Contact: [email protected] Website: www.1337db.com Greetings to: R0073r1337db.com,...

Rising Online Virus Scanner 22.0.0.5 - ActiveX Control DoS (Stack overflow)

No description provided by source. Exploit Title: Rising Online Virus Scanner ActiveX Control DoS Stack overflow Author: wirebonder Software Link: http://www.rising-global.com/products/online-scanner-intro.html Tested on: Windows XP sp3 ProgID: RavOLCtlLib.RavOnline ClassID:...

LEADTOOLS 11.5.0.9 - (ltdlg11n.ocx) Bitmap Access Violation DoS

No description provided by source. html Test Exploit Page object classid='clsid:00110060-B1BA-11CE-ABC6-F5B2E79D9E3F' id='target' //object script language='vbscript' targetFile = C:\Program Files\Rational\common\ltdlg11n.ocx prototype = Property Let Bitmap As Long memberName = Bitmap progid =...

HP Data Protector Backup Client Service Remote Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include...

Microsoft Internet Explorer 5.0.1 LoadPicture File Enumeration Weakness

No description provided by source. source: http://www.securityfocus.com/bid/9611/info Microsoft Internet Explorer is prone to an issue that may permit a remote site to enumerate the existence of files on the client system. This may be exploited via abuse of the VBScript LoadPicture method...

BrightSuite Groupware SQL Injection Vulnerability

No description provided by source. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ \ /\ \...

MS IE 5/6,Outlook 2000/2002/5.5,Word 2000/2002 VBScript ActiveX Word Object DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4463/info A vulnerability has been discovered which is reported to affect Microsoft Internet Explorer, Outlook and Word. Other Office components may also be affected by this issue. It is possible to misuse VBScript Active...

NVR SP2 2.0 (nvUtility.dll 1.0.14.0) - DeleteXMLFile() Inscure Method

No description provided by source. ---------------------------------------------------------------------------------------------- NVR SP2 2.0 nvUtility.Utility.1 nvUtility.dll v. 1.0.14.0 DeleteXMLFile Inscure Method url: http://www.acti.com/index.asp author: shinnai mail: shinnaiatautisticidotor...

Data Dynamics ActiveBar ActiveX (actbar3.ocx <= 3.1) Insecure Methods

No description provided by source. pre codespan style=font: 10pt Courier New;span class=general1-symbol--------------------------------------------------------------------------------------- bData Dynamics ActiveBar ActiveX Control actbar3.ocx = 3.1 Multiple Inscure Methods/b url:...

Ecommercemax Solutions Digital Goods Seller SQL Injection

No description provided by source. Author: R4dc0re Exploit Title:Ecommercemax Solutions Digital good seller Sql Injection Vulnerablity Date: 05-12-2010 Vendor or Software Link:http://www.ecommercemax.com/ Category:WebApp Version:1.5 Price:60$ Contact: [email protected] Website: www.1337db.com...

LEADTOOLS 11.5.0.9 (ltdlg11n.ocx) - GetColorRes() Access Violation DoS

No description provided by source. html Test Exploit Page object classid='clsid:00110060-B1BA-11CE-ABC6-F5B2E79D9E3F' id='target' //object script language='vbscript' targetFile = C:\Program Files\Rational\common\ltdlg11n.ocx prototype = Function GetColorRes ByVal hWnd As Long As Integer memberNam...

Mcafee FreeScan CoMcFreeScan Browser Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10077/info Reportedly the Mcafee FreeScan 'McFreeScan.CoMcFreeScan.1' COM object is prone to a remote information disclosure vulnerability. This issue is due to a failure of the object to properly validate information...