Microsoft Internet Explorer VBScript Memory Corruption (MS14-080; CVE-2014-6363)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way that the VBScript engine handles objects in memory when rendered in Internet Explorer. A remote attacker can exploit this issue by enticing a user to open a specially crafte...

MS14-084: Vulnerability in VBScript scripting engine could allow remote code execution: December 9, 2014

Resolves a vulnerability in the VBScript scripting engine in Microsoft Windows that could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.INTRODUCTIONMicrosoft h...

MS14-084: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)

The installed version of the VBScript Scripting Engine is affected by a remote code execution vulnerability due to improper handling of objects in memory. By tricking a user into viewing or opening malicious content, an attacker can exploit this to execute arbitrary code on the affected system,...

IE pass to kill the remote command execution poc-vulnerability warning-the black bar safety net

! doctype html 2. html 3. meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8" 4. meta http-equiv="content-type" content="text/html;charset=utf-8" 5. head 6. /head 7. body 8. For you to open Notepad and Calculator, IE Only 9. SCRIPT LANGUAGE="VBScript" 1 0. 1 1. function runmumaa 1 2. On...

Microsoft Internet Explorer 11 - OLE Automation Array Remote Code Execution (1)

Microsoft Internet Explorer 11 - OLE Automation Array Remote Code Execution 1 // alliewin95+ie3-win10+ie11 dve copy by yuange in 2009. cve-2014-6332 exploit https://twitter.com/yuange75 http://hi.baidu.com/yuange1975 // function runmumaa On Error Resume Next set...

Internet Explorer OLE Automation Array Remote Code Execution Exploit

This Metasploit module exploits the Windows OLE automation array remote code execution vulnerability. The vulnerability exists in Internet Explorer 3.0 until version 11 within Windows 95 up to Windows 10. // alliewin95+ie3-win10+ie11 dve copy by yuange in 2009. cve-2014-6332 exploit...

Gatesoft Docusafe 4.1.0 - SQL Injection Vulnerability

No description provided by source. Author: R4dc0re Exploit Title: Gatesoft Docusafe Sql Injection Vulnerablity Date: 05-12-2010 Vendor or Software Link:http://gatesoft.no/ Category:WebApp Version:4.1.0 Price:3500$ Contact: [email protected] Website: www.1337db.com Greetings to: R0073r1337db.com,...

Acuity CMS 2.7.1 - SQL Injection Vulnerability

No description provided by source. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ \ /\ \...

Internet Explorer Winhlp32.exe MsgBox Code Execution

No description provided by source. $Id: ms10022ievbscriptwinhlp32.rb 10504 2010-09-28 16:19:50Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing an...

Microsoft Internet Explorer 5.0.1 LoadPicture File Enumeration Weakness

No description provided by source. source: http://www.securityfocus.com/bid/9611/info Microsoft Internet Explorer is prone to an issue that may permit a remote site to enumerate the existence of files on the client system. This may be exploited via abuse of the VBScript LoadPicture method...

LEADTOOLS 11.5.0.9 - (ltdlg11n.ocx) Bitmap Access Violation DoS

No description provided by source. html Test Exploit Page object classid='clsid:00110060-B1BA-11CE-ABC6-F5B2E79D9E3F' id='target' //object script language='vbscript' targetFile = C:\Program Files\Rational\common\ltdlg11n.ocx prototype = Property Let Bitmap As Long memberName = Bitmap progid =...

Rising Online Virus Scanner 22.0.0.5 - ActiveX Control DoS (Stack overflow)

No description provided by source. Exploit Title: Rising Online Virus Scanner ActiveX Control DoS Stack overflow Author: wirebonder Software Link: http://www.rising-global.com/products/online-scanner-intro.html Tested on: Windows XP sp3 ProgID: RavOLCtlLib.RavOnline ClassID:...

HP Data Protector Backup Client Service Remote Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include...

BrightSuite Groupware SQL Injection Vulnerability

No description provided by source. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ \ /\ \...

NVR SP2 2.0 (nvUtility.dll 1.0.14.0) - DeleteXMLFile() Inscure Method

No description provided by source. ---------------------------------------------------------------------------------------------- NVR SP2 2.0 nvUtility.Utility.1 nvUtility.dll v. 1.0.14.0 DeleteXMLFile Inscure Method url: http://www.acti.com/index.asp author: shinnai mail: shinnaiatautisticidotor...

MS IE 5/6,Outlook 2000/2002/5.5,Word 2000/2002 VBScript ActiveX Word Object DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4463/info A vulnerability has been discovered which is reported to affect Microsoft Internet Explorer, Outlook and Word. Other Office components may also be affected by this issue. It is possible to misuse VBScript Active...

Data Dynamics ActiveBar ActiveX (actbar3.ocx <= 3.1) Insecure Methods

No description provided by source. pre codespan style=font: 10pt Courier New;span class=general1-symbol--------------------------------------------------------------------------------------- bData Dynamics ActiveBar ActiveX Control actbar3.ocx = 3.1 Multiple Inscure Methods/b url:...

Ecommercemax Solutions Digital Goods Seller SQL Injection

No description provided by source. Author: R4dc0re Exploit Title:Ecommercemax Solutions Digital good seller Sql Injection Vulnerablity Date: 05-12-2010 Vendor or Software Link:http://www.ecommercemax.com/ Category:WebApp Version:1.5 Price:60$ Contact: [email protected] Website: www.1337db.com...

LEADTOOLS 11.5.0.9 (ltdlg11n.ocx) - GetColorRes() Access Violation DoS

No description provided by source. html Test Exploit Page object classid='clsid:00110060-B1BA-11CE-ABC6-F5B2E79D9E3F' id='target' //object script language='vbscript' targetFile = C:\Program Files\Rational\common\ltdlg11n.ocx prototype = Function GetColorRes ByVal hWnd As Long As Integer memberNam...

Real-time ASP Calendar SQL Injection Vulnerability

No description provided by source. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ \ /\ \...