Смотрите также связанные темы
18.04.2018 Обзор утечек: 30 марта - 12 апреля
Аналитический центр компании Perimetrix представляет обзор утечек за период с 30 марта по 12 апреля. За это время в мире произошло не менее 7 масштабных утечек информации, в которых пострадали не менее 1,6 млн. человек.
05.06.2018 CVE-2012-1185
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.
19.06.2018 CVE-2012-0950
The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949.
12.12.2018 Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability (0day)
# wwww.abysssec.com # Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability (0day) # CVE-2012-4959 # @abysssec # well just one more of our 0day got published after ~2 year # here is info : https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959 # and here is our exploit import httplib, md5, sys def message_MD5(arg): v = "SRS" + arg + "SERVER" m = md5.new(v) return m.hexdigest() def g...
19.07.2018 CVE-2012-4024
Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.
08.02.2018 MS13-005 (win32k.sys) exploit POC
MS13-005 (win32k.sys) The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application. This security update is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT. For more information, see the subsection, Affected and Non-Affected Software, in this section. include <windows.h> #include <stdio.h> int main() { nbsp; STARTUPINFO si = {0}; nbsp; PROCESS_INFORMATION pi = {0}; nbsp; PC...
26.02.2018 Linux Kernel 3.x Privilege Escalation Exploit
#include <unistd.h> #include <sys/socket.h> #include <linux/netlink.h> #include <netinet/tcp.h> #include <errno.h> #include <linux/if.h> #include <linux/filter.h> #include <string.h> #include <stdio.h> #include <stdlib.h> #...
26.03.2018 HP Intelligent Management Center Arbitrary File Upload Exploit
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = GreatRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info = {}) super&...
04.09.2018 Антивирусы по подписке Outpost от Москвы до Амура
Услуга Outpost Antivirus Service набирает популярность и стала доступна более чем 300 тысячам абонентов Интернета от Москвы до Дальнего Востока. Полный список новых успешных внедрений антивирусных решений по подписке Outpost AV Service смотрите здесь.
19.08.2018 CVE-2012-4353
Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a crafted port-46824 TCP packet that triggers an incorrect file-open attempt by the _TCPIPS_BinOpenFileFP function, a different vulnerability than CVE-2012-3815. NOTE: some of these details are obtained from third party information.
|
