19 matches found
Microsoft Windows Malicious Script File Generator
This PHP script generates a malicious .WSF Windows Script File containing both VBScript and JScript payload blocks. The payload runs arbitrary system commands through WScript.Shell...
SUSE CVE-2018-19395
ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service NULL pointer dereference and application crash because com and comsafearrayproxy return NULL in compropertiesget in ext/comdotnet/comhandlers.c, as demonstrated by a serialize call on...
TortoiseSVN 1.12.1 - Remote Code Execution
Document Title: =============== TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2188 Product:...
TortoiseSVN 1.12.1 Remote Code Execution
Document Title: =============== TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2188 Product:...
TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability
Document Title: =============== TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2188 Product:...
Latest TeslaCrypt Targets New File Extensions, Invests Heavily in Evasion
TeslaCrypt, like many of its ransomware cousins, doesn’t sleep on past success. Researchers at Endgame Inc., have found two updates for the cryptoransomware in the past two weeks that invest heavily in obfuscation and evasion techniques, and also target a host of new file extensions. These sample...
Rejetto HTTP File Server (HFS) - Remote Command Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Rejetto HttpFileServer Remote Command Execution", 'Description' = %q Rejetto HttpFileServer HFS is vulnerable to remote command...
PuterJam\'s Blog PJBlog3 3.0.6 \'action.asp\' SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/34701/info PJBlog3 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
Firefox XPCOM Execute Command
This module runs a shell command on the target OS without touching the disk. On Windows, this command will flash the command prompt momentarily. This can be avoided by setting WSCRIPT to true, which drops a jscript "launcher" to disk that hides the prompt. This module requires Metasploit:...
Mysql mof extension vulnerability example and prevention-vulnerability and early warning-the black bar safety net
Mysql mof extension vulnerability prevention methods Online disclosure some of the use of the code: pragma namespace“\\\\.\\ root\\subscription” instance of EventFilter as $EventFilter EventNamespace = "Root\\Cimv2"; Name = "filtP2"; Query = "Select From InstanceModificationEvent" "Where...
Windows Executable Download and Evaluate VBS
Downloads a file from an HTTPS URL and executes it as a vbs script. Use it to stage a vbs encoded payload from a short command line. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize =...
wscript. the shell is disabled,execute the command-vulnerability warning-the black bar safety net
See close wscript. shell, upload the cmd. exe to the above to run no command. The runtime will tell the fault. If you want to run the command you can try this method, try the following: Put the following code to copy: object runat=server id=oScriptlhn scope=page...
PuterJam's Blog PJBlog3 3.0.6 - 'action.asp' SQL Injection
source: https://www.securityfocus.com/bid/34701/info PJBlog3 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data,...
CVE-2008-5823
CVE-2008-5823 describes a denial-of-service vulnerability in Microsoft Money 2006 related to an ActiveX control (prtstb06.dll). When the control is used with Windows Script Host/WScript on Windows Vista, supplying a zero Startup property value can trigger an access violation and crash the applica...
OllyDBG disassemble to hack Radmin password-vulnerability warning-the black bar safety net
Radmin is a very good Server Management Whether it is a Remote Desktop control or file transfer Speed very fast very convenient This also formed a lot of servers are installed radmin such Now you say 4 8 9 9 default port no password for the server you where looking for? Everyone knows radmin...
PHP COM extensions (inconsistent Win32) safe_mode Bypass Exploit
Exploit for unknown platform in category local exploits ================================================================ PHP COM extensions inconsistent Win32 safemode Bypass Exploit ================================================================ Run'c:\windows\system32\cmd.exe /c...
MS Windows (HTA) Script Execution Exploit (MS05-016)
Exploit for unknown platform in category local exploits ==================================================== MS Windows HTA Script Execution Exploit MS05-016 ==================================================== / Changed date in db to place it on the main page instead of it being bumped off /str0...
MS Internet Explorer Remote Wscript.Shell Exploit
Exploit for unknown platform in category remote exploits ================================================= MS Internet Explorer Remote Wscript.Shell Exploit ================================================= ----------------------------------------------------- default.htm...
Microsoft Internet Explorer - Remote Wscript.Shell
Microsoft Internet Explorer - Remote Wscript.Shell ----------------------------------------------------- default.htm ------------------------------------------------------- function InjectedDuringRedirection...