HP System Management Homepage iprange parameter command execution

Added: 04/12/2013 BID: 58817 OSVDB: 91812 Background HP System Management Homepage SMH is a web-based interface that consolidates the management of ProLiant and Integrity servers. Problem A vulnerability in HP SMH allows command execution when an attacker requests /proxy/DataValidation with a...

Adobe InDesign Server SOAP interface RunScript command execution

Added: 02/04/2013 BID: 56574 OSVDB: 87548 Background Adobe InDesign is a desktop publishing application. It includes a server interface providing an API for software developers using SOAP. Problem The SOAP interface in Adobe InDesign Server allows remote, unauthenticated attackers to run arbitrar...

Novell NetIQ Privileged User Manager modifyAccounts Security Bypass

Added: 12/07/2012 BID: 56535 OSVDB: 87335 Background Novell NetIQ Privileged User Manager NPUM allows IT administrators to work on systems without exposing superuser administrator or supervisor passwords or root-account credentials to the administrator. Problem NetIQ Privileged User Manager 2.3.1...

Novell NetIQ Privileged User Manager Security Bypass

Added: 12/03/2012 BID: 56539 OSVDB: 87334 Background Novell NetIQ Privileged User Manager NPUM allows IT administrators to work on systems without exposing superuser administrator or supervisor passwords or root-account credentials to the administrator. Problem NetIQ Privileged User Manager 2.3.1...

Novell NetIQ Privileged User Manager Security Bypass

Added: 12/03/2012 BID: 56539 OSVDB: 87334 Background Novell NetIQ Privileged User Manager NPUM allows IT administrators to work on systems without exposing superuser administrator or supervisor passwords or root-account credentials to the administrator. Problem NetIQ Privileged User Manager 2.3.1...

TurboSoft TurboFTP Server PORT Command Buffer Overflow

Added: 11/05/2012 BID: 55764 OSVDB: 85887 Background TurboSoft TurboFTP Server is a MS Windows based file transfer server that provides FTP, FTP over SSL/TLS, and SFTP over SSH services. Problem TurboFTP Server 1.30.826 is vulnerable to a stack based buffer overflow that could allow remote code...

TurboSoft TurboFTP Server PORT Command Buffer Overflow

Added: 11/05/2012 BID: 55764 OSVDB: 85887 Background TurboSoft TurboFTP Server is a MS Windows based file transfer server that provides FTP, FTP over SSL/TLS, and SFTP over SSH services. Problem TurboFTP Server 1.30.826 is vulnerable to a stack based buffer overflow that could allow remote code...

Oracle Business Transaction Management FlashTunnelService WriteToFile Vulnerability

Added: 08/17/2012 BID: 54839 Background Oracle Business Transaction Management BTM is a component of several Oracle Enterprise Manager Management Packs, including WebLogic Server Management Pack Enterprise Edition. Oracle BTM provides capability in three key areas: transaction visibility,...

CA Total Defense UNCWS exportReport SQL Injection

Added: 03/20/2012 OSVDB: 78930 Background CA Total Defense is a combined host-based anti-virus, anti-spyware, firewall, and IPS solution. Problem CA Total Defense includes a web service management component, which in version r12 prior to SE3, fails to validate certain parameters. The exportReport...

Citrix Provisioning Services Opcode 40020006 Integer Underflow

Added: 01/20/2012 BID: 49803 Background Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk. Problem Citrix Provisioning Services 5.6 SP1 and prior are vulnerable to a remotely exploitable integer...

Netzip Classic ZIP file parsing buffer overflow

Added: 11/04/2011 BID: 46059 Background Netzip Classic is a Windows utility for downloading and decompressing files. Problem A buffer overflow vulnerability allows command execution when a user opens a specially crafted ZIP file and double-clicks on the file contained in it. Resolution Do not use...

Get OS X 10.7 Hashes

Added: 07/14/2011 Background This tool attempts to retrieve the SHA 512 password hashes stored by OS X Lion 10.7.x Acounts are enumerated using dscl . list /Users/ and password hashes are eunmerated using dscl . read /Users/ Limitations A connection to the target is required to run this tool. The...

Lotus Domino HPRAgentName Stack Overflow

Added: 07/08/2011 Background IBM Lotus Domino is a messaging and collaboration solution for multiple platforms. Problem The WebAdmin.nsf resource on the Domino web service contains a buffer overflow vulnerability. Resolution No patch is available at this time. References...

SQL injection authentication bypass

Added: 01/04/2011 Background Structured Query Language SQL is the most common language understood by modern relational databases. Problem A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to manipulate the authentication query via a...

Novell iManager getMultiPartParameters file upload vulnerability

Added: 10/11/2010 BID: 43635 OSVDB: 68320 Background Novell iManager is a web-based management interface for other Novell products. Problem The getMultiPartParameters function in the nps.jar web application in Novell iManager allows remote attackers to upload arbitrary files to the server. By...

Apple QuickTime Streaming Debug Error Logging Buffer Overflow

Added: 08/05/2010 BID: 41962 OSVDB: 66636 Background QuickTime is a media player for Windows and Mac OS platforms. Problem Apple QuickTime is vulnerable to a stack buffer overflow in QuickTimeStreaming.qtx when processing specially crafted SMIL files. The crafted SMIL files contain an invalid and...

Novell ZENworks Configuration Management Preboot Service Code Execution

Added: 06/17/2010 BID: 39111 OSVDB: 65361 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server...

ReGet Deluxe .wjr file SaveTo attribute buffer overflow

Added: 05/14/2010 BID: 37511 Background ReGet Deluxe is a download manager for Windows. Problem A buffer overflow vulnerability allows command execution when a user opens a .wjr file containing a Download tag with a specially crafted SaveTo attribute. Resolution Do not open untrusted .wjr files...

Open and Compact FTP Server Long Password Buffer Overflow

Added: 03/22/2010 Background Open and Compact FTP Server Open-FTPD is a Windows-based compact FTP server. Problem A buffer overflow vulnerability allows command execution as a result of an overly long password. Resolution Upgrade to a version newer than 1.2 when it becomes available, or use a...

Cross-site scripting cookie theft

Added: 03/09/2010 Background Many web sites include scripts , which are lists of commands which, when executed in sequence, provide some enhancement to a web page. Web browsers are able to recognize scripts in web pages by the tag and handle them accordingly. Problem By sending an HTTP request...

Novell eDirectory DHost HTTPSTK buffer overflow

Added: 11/23/2009 BID: 37042 Background Novell eDirectory is a directory server which implements the LDAP protocol. eDirectory for Windows, Linux, and UNIX includes the DHost program, which runs under eDirectory and provides the functionality of the NetWare operating system. Problem A buffer...

Novell eDirectory DHost module load buffer overflow

Added: 10/30/2009 BID: 36815 Background Novell eDirectory is a directory server which implements the LDAP protocol. eDirectory for Windows, Linux, and UNIX includes the DHost program, which runs under eDirectory and provides the functionality of the NetWare operating system. Problem A buffer...

Google Apps googleapps.url.mailto handler command injection

Added: 10/13/2009 BID: 36581 Background Google Apps is a web-based productivity suite hosted by Google. Problem Google Apps handles googleapps.url.mailto URLs by passing the URL as a command-line argument to the googleapps.exe program without sufficiently validating the URL. This allows command...

ProFTP welcome message buffer overflow

Added: 10/01/2009 BID: 36128 OSVDB: 57394 Background Labtam ProFTP is an FTP client program for Microsoft Windows. Problem A buffer overflow vulnerability allows command execution when a user connects to an FTP server which sends a specially crafted welcome message. Resolution Apply a fix from th...

Click Logger

Added: 09/30/2009 Background This tool runs an exploit server which simply returns an error page and logs which users visited it. It can be used to find out which users were susceptible to clicking on the link in an e-mail message. Limitations The target must be present in the license key but is...

Oracle Database password weakness

Added: 05/12/2009 Background Oracle Database is a relational database solution available for multiple platforms. Problem The Oracle Database service has accounts with default or easily guessed passwords, which could allow an attacker to make unauthorized SQL queries. Resolution Set a strong...

IBM Access Support ActiveX GetXMLValue buffer overflow

Added: 04/01/2009 CVE: CVE-2009-0215 BID: 34228 OSVDB: 52958 Background The IBM Access Support ActiveX control is used to collect system information. It comes with certain IBM and Lenovo computer systems. Problem A buffer overflow vulnerability allows command execution when a user loads a page...

Keystroke Logger

Added: 03/05/2009 Background This tool records all keystrokes which are typed at a computer's console. The keystrokes can be viewed in the exploit server's log. Limitations Logger works on Windows targets. A connection to the target is required to run this tool. Platforms Windows...

Read Address Book

Added: 10/07/2008 Background This tool attempts to gather e-mail addresses from Outlook and Outlook Express address book files .WAB, .PAB on the target. Limitations A connection to the target is required to run this tool. Recent versions of Microsoft Outlook no longer store address books locally ...

Orbit Downloader URL Unicode conversion buffer overflow

Added: 07/07/2008 CVE: CVE-2008-1602 BID: 28541 OSVDB: 44036 Background Orbit Downloader is a download manager supporting various protocols. Problem A buffer overflow vulnerability during Unicode conversion in the download failure notification message allows command execution when Orbit Downloade...

ASPX Shell

Added: 02/14/2008 Background This exploit does not exploit a vulnerability, but instead creates an aspx page. The page, if placed on an IIS server, establishes a shell connection when requested. Problem N/A Resolution N/A References N/A Limitations The user needs the ability to upload the resulti...

Solaris loadable kernel module directory traversal

Added: 06/22/2007 CVE: CVE-2004-1767 BID: 9477 OSVDB: 15128 Background Loadable kernel modules are programs which can be dynamically loaded into the kernel. Problem A directory traversal vulnerability in the vfsgetvfssw function in the Solaris kernel allows unprivileged users to load their own...

Oracle Database string conversion buffer overflow

Added: 08/23/2006 BID: 10871 OSVDB: 9890 Background Oracle Database is a relational database product for multiple platforms. Problem The string conversion function in Oracle Database is affected by a buffer overflow vulnerability. A remote attacker could execute arbitrary commands by sending a lo...

RSA SecurID Web Agent for IIS redirect buffer overflow

Added: 11/30/2005 CVE: CVE-2005-4734 BID: 26424 OSVDB: 20151 Background RSA SecurID Web Agent for IIS provides access control for IIS web servers using one-time authentication tokens. Problem A buffer overflow in IISWebAgentIF.dll could allow a remote attacker to execute arbitrary commands using ...

Foxit Reader Plugin for Firefox URL Filename Stack Buffer Overflow

Added: 01/12/2013 BID: 57174 OSVDB: 89030 Background Foxit Reader is a free PDF reader for Microsoft Windows systems. Problem Foxit Reader plugin for Firefox npFoxitReaderPlugin.dll is vulnerable to remote code execution as a result of failure to check boundary conditions when processing a URL...

Browser Find toolbar phishing attack

Added: 02/25/2012 Background This tool serves a page claiming to be a list of stolen passwords. When a user sees this list, the most common response is to validate the claim by opening a Find box Ctrl-F and searching for his or her own password. The tool intercepts the Ctrl-F keypress and opens a...

Browser Find toolbar phishing attack

Added: 02/25/2012 Background This tool serves a page claiming to be a list of stolen passwords. When a user sees this list, the most common response is to validate the claim by opening a Find box Ctrl-F and searching for his or her own password. The tool intercepts the Ctrl-F keypress and opens a...

Avaya WinPDM Unite Host Router service buffer overflow

Added: 12/30/2011 BID: 47947 OSVDB: 73269 Background Avaya Windows Portable Device Manager WinPDM is used for local administration and software download of various devices. Problem A buffer overflow vulnerability in Avaya WinPDM allows an attacker to execute arbitrary commands by sending a...

MPlayer SAMI Subtitle File Overflow

Added: 09/07/2011 BID: 49149 OSVDB: 74604 Background MPlayer is an open source media player with support for many operating systems. Problem MPlayer does not properly validate the contents of Synchronized Accessible Media Interchange SAMI caption files. If a video references a malformed SAMI file...

Lotus Domino HPRAgentName Stack Overflow

Added: 07/08/2011 Background IBM Lotus Domino is a messaging and collaboration solution for multiple platforms. Problem The WebAdmin.nsf resource on the Domino web service contains a buffer overflow vulnerability. Resolution No patch is available at this time. References Limitations This exploit...

AOL Desktop .rtx File Buffer Overflow

Added: 03/18/2011 BID: 46129 OSVDB: 70741 Background AOL Desktop is an internet suite that integrates a web browser, media player, and IM client. Problem A heap overflow vulnerability exists in the Rich Text file parser of AOL Desktop 9.x. In documents with HTML links, the parser does not properl...

Apple QuickTime Streaming Debug Error Logging Buffer Overflow

Added: 08/05/2010 BID: 41962 OSVDB: 66636 Background QuickTime is a media player for Windows and Mac OS platforms. Problem Apple QuickTime is vulnerable to a stack buffer overflow in QuickTimeStreaming.qtx when processing specially crafted SMIL files. The crafted SMIL files contain an invalid and...

Yahoo Messenger WScript.Shell ActiveX control command execution

Added: 07/29/2010 Background Yahoo! Messenger is an instant messaging application. It includes the WScript.Shell ActiveX control. Problem The Execute method of the WScript.Shell ActiveX control allows command execution when a malicious web page is loaded in Internet Explorer. Resolution Set the...

Automatic Drive-by Download

Added: 07/23/2010 Background This tool waits for client connections, and then gathers information about the operating system and installed software on the client. Next, it chooses the latest and most reliable client exploit for the client's operating system and installed software, and delivers th...

Novell ZENworks Configuration Management Preboot Service Code Execution

Added: 06/17/2010 BID: 39111 OSVDB: 65361 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server...

Novell ZENworks Configuration Management Preboot Service Code Execution

Added: 06/17/2010 BID: 39111 OSVDB: 65361 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server...

Novell ZENworks Configuration Management UploadServlet Remote Code Execution

Added: 05/10/2010 BID: 39114 OSVDB: 63412 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server...

Open and Compact FTP Server Long Password Buffer Overflow

Added: 03/22/2010 Background Open and Compact FTP Server Open-FTPD is a Windows-based compact FTP server. Problem A buffer overflow vulnerability allows command execution as a result of an overly long password. Resolution Upgrade to a version newer than 1.2 when it becomes available, or use a...

Oracle Database DBMS_JVM_EXP_PERMS IMPORT_JVM_PERMS privilege elevation

Added: 02/26/2010 BID: 38115 OSVDB: 62184 Background Oracle Database embeds a Java runtime environment called OracleJVM. The DBMSJVMEXPPERMS package is included in Oracle Database and is used for importing and exporting Java permissions between database servers. Problem A privilege elevation...

PHP Remote File Inclusion

Added: 01/28/2010 Background PHP scripts support the include and require statements, which cause an outside script to be run within the calling script. The included script can be a local file or, in some configurations, the URL of a remote file. Problem The PHP script is vulnerable to a remote fi...