Смотрите также связанные темы 22.06.2018 CVE-2009-2169 Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the FtpDownloadFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
12.12.2018 Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability (0day) # wwww.abysssec.com # Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability (0day) # CVE-2012-4959 # @abysssec # well just one more of our 0day got published after ~2 year # here is info : https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959 # and here is our exploit import httplib, md5, sys def message_MD5(arg): v = "SRS" + arg + "SERVER" m = md5.new(v) return m.hexdigest() def g...
18.03.2018 Honeywell HSC Remote Deployer ActiveX Remote Code Execution ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::EXE def initialize(info={}) super(update_info(info, ...
26.03.2018 HP Intelligent Management Center Arbitrary File Upload Exploit ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = GreatRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info = {}) super&...
24.01.2018 Сюрприз из kernel32 для сетевых ресурсов (MS12-081, детальный разбор уязвимости в Microsoft File Handling Component) Одиннадцатого декабря прошлого года вышел бюллетень Microsoft, связанный с уязвимостью, обнаруженной в Microsoft File Handling Component. Уязвимости был присвоен ранг критической и категория Remote code execution.
10.04.2018 CVE-2012-0168 Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability."
18.08.2018 CVE-2008-3703 The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create"snapshots schedules"registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.
11.08.2018 IntelliTamper 2.07 HTTP Header Remote Code Execution Exploit Цель: IntelliTamper 2.07 Воздействие: Выполнение произвольного кода
21.08.2018 CVE-2008-3765 SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
03.09.2018 Moodle <= 1.8.4 Remote Code Execution Exploit Цель: Moodle 1.8.4 и более ранние версии Воздействие: Выполнение произвольных команд
|