TIBCO Security Advisory: March 23, 2021 - TIBCO Enterprise Message Service -2021-28821

TIBCO Enterprise Message Service Windows Platform Installation vulnerability Original release date: March 23,2021 Last revised: CVE-2021-28821 Source: TIBCO Software Inc. Products Affected TIBCO Enterprise Message Service versions 8.5.1 and below TIBCO Enterprise Message Service - Community Editi...

Atlassian Bitbucket on Windows is vulnerable to privilege escalation due to weak ACLs

Overview Atlassian Bitbucket on Windows fails to properly set ACLs, which can allow an unprivileged Windows user to run arbitrary code with SYSTEM privileges. Description The Atlassian Bitbucket Windows installer fails to set a secure access-control list ACL on the default installation directory,...

Adobe ColdFusion is vulnerable to privilege escalation due to weak ACLs

Overview Adobe ColdFusion fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges. Description The Adobe ColdFusion installer fails to set a secure access-control list ACL on the default installation directory, such as...

Macrium Reflect is vulnerable to privilege escalation due to OPENSSLDIR location

Overview Macrium Reflect contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can create files. Description CVE-2020-10143 Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR...

EasyMail Objects EMSMTP.DLL 6.0.1 ActiveX Control Remote BOF

Exploit for unknown platform in category remote exploits ====================================================================================== EasyMail Objects EMSMTP.DLL 6.0.1 ActiveX Control Remote Buffer Overflow Vulnerability...

RHEL 4 / 5 : kdegraphics (RHSA-2009:0431)

Updated kdegraphics packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment,...

Important: Red Hat Security Advisory: kdegraphics security update

Updated kdegraphics packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment,...

Mortbay Jetty vulnerable to HTTP response splitting

Overview Mortbay Jetty is vulnerable to HTTP response splitting, which may allow a remote, unauthenticated attacker to inject various HTTP headers Description Mortbay Jetty is a web server that is written in Java. Jetty fails to properly handle HTTP headers with CRLF sequences, which can allow an...

Program Checker (sasatl.dll 1.5.0.531) DebugMsgLog Heap Spraying Exploit

Exploit for unknown platform in category remote exploits ======================================================================== Program Checker sasatl.dll 1.5.0.531 DebugMsgLog Heap Spraying Exploit ======================================================================== :. GOODFELLAS Security...

ms-activex.txt

REM metasploit, add a user 'su' with pass 'tzu' scode =...

Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)

No description provided by source. !-- 6.30 10/06/2007 Microsoft Windows DirectSpeechSynthesis Module XVoice.dll 4.0.4.2512 / DirectSpeechRecognition Module Xlisten.dll 4.0.4.2512 remote buffer overflow exploit/ xp sp2 version both dlls are vulnerable, this is the poc for the first one...

Microsoft Speech API ActiveX Control (Windows XP SP2) - Remote Buffer Overflow (MS07-033)

Microsoft Speech API ActiveX Control Windows XP SP2 - Remote Buffer Overflow MS07-033 REM metasploit, add a user 'su' with pass 'tzu' scode =...

Microsoft Speech API ActiveX Control (Windows 2000 SP4) - Remote Buffer Overflow (MS07-033)

Microsoft Speech API ActiveX Control Windows 2000 SP4 - Remote Buffer Overflow MS07-033 !-- 01/06/2007 23.19.50 Microsoft Windows DirectSpeechSynthesis Module XVoice.dll / DirectSpeechRecognition Module Xlisten.dll remote buffer overflow exploit / 2k sp4 seh version both the dlls are located in...

Microsoft Speech API ActiveX Control (Windows XP SP2) - Remote Buffer Overflow (MS07-033)

REM metasploit, add a user 'su' with pass 'tzu' scode =...