Exploit for External Control of File Name or Path in Microsoft

CVE-2025-33053 Vulnerability Checker & Proof-of-Concept PoC...

Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions

Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft, both unpatched flaws are being used in limited, targeted...

Siemens Solid Edge WebPartHelper ActiveX Remote Code Execution

Siemens Solid Edge ST4 and ST5 contain a flaw in the OpenInEditor method in the WPHelper.dll ActiveX control. This issue may allow a context-dependent attacker to potentially execute arbitrary commands. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: Vulnerability: the...

Microsoft Office - OLE Remote Code Execution

Microsoft Office - OLE Remote Code Execution Source: https://github.com/embedi/CVE-2017-11882 CVE-2017-11882: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11882 Research:...

Microsoft Office - OLE Remote Code Execution

Source: https://github.com/embedi/CVE-2017-11882 CVE-2017-11882: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11882 Research:...

IBM System Director Agent DLL Injection

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

SAP NetWeaver HostControl Command Injection

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Sun Java Web Start Double Quote Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Sun Java Web Star...

Java - Web Start Double Quote Injection Remote Code Execution (Metasploit)

======================================================== Java Web Start Double Quote Inject Remote Code Execution ======================================================== Date: Jun 12 2012 updated: Jun 6 2013 Author: Rh0 Version: At least Java 1.6.31 to 1.6.35 and 1.7.03 to 1.7.07 Tested on:...

Sun Java Web Start Double Quote Injection Vulnerability

This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. Parameters intial-heap-size and max-heap-size in a JNLP file can contain a double quote which is not properly sanitized when creating the command line for javaw.exe. This allows the injection of...

Microsoft Windows TrueType Font (TTF)远程代码执行漏洞（MS12-078)

BUGTRAQ ID: 56842 CVECAN ID: CVE-2012-4786 Microsoft Windows是Microsoft开发的Windows是目前世界上用户最多、并且兼容性最强的操作系统。 Microsoft Windows未正确处理TrueType Font TTF文件而存在安全漏洞。通过诱使用户浏览恶意网站或打开恶意文件，未经身份验证的远程攻击者可利用此漏洞在内核态中执行任意代码。 0 Microsoft Windows RT Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows XP...

IBM System Director Agent - DLL Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'IBM System Director Agent DLL...

IBM System Director Agent DLL Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'IBM System Director Agent DLL...

IBM System Director Agent DLL Injection

This module abuses the "wmicimsv" service on IBM System Director Agent 5.20.3 to accomplish arbitrary DLL injection and execute arbitrary code with SYSTEM privileges. In order to accomplish remote DLL injection it uses a WebDAV service as disclosed by kingcope on December 2012. Because of this, t...

KeyHelp ActiveX LaunchTriPane Remote Code Execution

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...

KeyHelp - ActiveX LaunchTriPane Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 OperatingSystems::WINDOWS, :uaname =...

KeyHelp ActiveX LaunchTriPane Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 OperatingSystems::WINDOWS, :uaname =...

KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability

This module exploits a code execution vulnerability in the KeyScript ActiveX control from keyhelp.ocx. It is packaged in several products or GE, such as Proficy Historian 4.5, 4.0, 3.5, and 3.1, Proficy HMI/SCADA 5.1 and 5.0, Proficy Pulse 1.0, Proficy Batch Execution 5.6, and SI7 I/O Driver...

SAP NetWeaver HostControl - Command Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'SAP NetWeaver HostControl Command...

SAP NetWeaver HostControl Command Injection

This module exploits a command injection vulnerability in the SAPHostControl Service, by sending a specially crafted SOAP request to the management console. In order to deal with the spaces and length limitations, a WebDAV service is created to run an arbitrary payload when accessed as a UNC path...