This Metasploit module exploits a type confusion vulnerability in the OLE32 component of Windows XP SP3. The vulnerability exists in the CPropertyStorage::ReadMultiple function. A Visio document with a specially crafted Summary Information Stream embedded allows to get remote code execution through Internet Explorer, on systems with Visio Viewer installed.
38a04eb9235c0ff6ef85f3b9bba40470be0f95a7efe95b58a475e3f84a0afc55
This Metasploit module exploits a vulnerability in the CNC_Ctrl.dll ActiveX installed with the Samsung NET-i viewer 1.37. Specifically, when supplying a long string for the fname parameter to the BackupToAvi method, an integer overflow occurs, which leads to a posterior buffer overflow due to the use of memcpy with an incorrect size, resulting in remote code execution under the context of the user.
03a28d9b585a04552b2af08e30b7a0771b1cda34693418914dcb8507b373570a
This Metasploit module can be used to execute arbitrary code on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service. The service is exploitable even when RDS is configured to deny remote connections (handsafe.reg). The service is vulnerable to a heap overflow where the RDS DataStub 'Content-Type' string is overly long. Microsoft Data Access Components (MDAC) 2.1 through 2.6 are known to be vulnerable.
5b8f51f6304db9028ffb31a8630bc9126a8b59e8dff7370fae1e12b8fd591199
This Metasploit module can be used to execute arbitrary commands on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service using VbBusObj or AdvancedDataFactory to inject shell commands into Microsoft Access databases (MDBs), MSSQL databases and ODBC/JET Data Source Name (DSN). Based on the msadcs.pl v2 exploit by Rain.Forest.Puppy, which was actively used in the wild in the late Ninties. MDAC versions affected include MDAC 1.5, 2.0, 2.0 SDK, 2.1 and systems with the MDAC Sample Pages for RDS installed, and NT4 Servers with the NT Option Pack installed or upgraded 2000 systems often running IIS3/4/5 however some vulnerable installations can still be found on newer Windows operating systems. Note that newer releases of msadcs.dll can still be abused however by default remote connections to the RDS is denied. Consider using VERBOSE if you're unable to successfully execute a command, as the error messages are detailed and useful for debugging. Also set NAME to obtain the remote hostname, and METHOD to use the alternative VbBusObj technique.
382234f494b3e6be1ceaa9dc39e8b06bf8faad703997a8f0eec9259b5d187113
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
0e57e6e7dbc98aaa1b458ba745dac9fb19ed3ef59e4251d98de02068723148db
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
2a9eb3cd4e8b114eb9179c0d3884d61658e7d8e8bf4984798a5f5bd48e325ebe
Zero Day Initiative Advisory 12-089 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable applications using DataDirect's SequeLink. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application processes GIOP packets. When processing a specific GIOP packet, the application will trust a size field in the packet. The application will use this size in a copy operation into a statically sized buffer which can cause a buffer overflow. This can lead to code execution under the context of the service.
43d89dc6d8f2896d4073d62babb332c51c310b1770c3161b7ee5c9e499ed4724
Zero Day Initiative Advisory 12-088 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP DataDirect SequeLink. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application parses a packet that is received. When parsing a field in this packet, the application will use a signed length to copy data into a statically sized buffer located on the stack. This can lead to a buffer overflow on the stack and allow for code execution under the context of the service.
f203aea2ee76cb87d0d30eb0dcf903a08388cd2b6769d0937ce793c27023bc74
This document specifies a mechanism that can be implemented in layer-2 devices to mitigate attack vectors based on Neighbor Discovery messages. It is meant to complement other mechanisms implemented in layer-2 devices such as Router Advertisement Guard (RA-Guard) and DHCPv6-Shield, with the goal of achieving a comprehensive IPv6 First Hop Security solution. This document is motivated by the desire to achieve feature parity with IPv4 with respect to First Hop Security mechanisms.
b0bd48d4dfcf7fc338169df812038a282998457c61b3f8cfb9294a669b43f80a
Red Hat Security Advisory 2012-0715-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled.
9bf9246976f592bed20f872ed2417a507c1f7741236848f6ea9072b866a2f002
Drupal Protest third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.
76092a55e6b9d30efe330e8fd8894c43054d3766b55c8460c34c37a3eaed9354
Drupal Authoring HTML third party module version 6.x suffers from a cross site scripting vulnerability.
19c6727ac3aa1fc751733d4d10647f65f1979d97c2fcaa6fa2fd0786305fc0f1
Zero Day Initiative Advisory 12-087 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the raac.dll module. By editing the stsz atom in the mp4 file data, an attacker could change a sample size to force a loop in raac.dll to loop too many times, causing heap corruption. This vulnerability can be leveraged to execute code under the context of the user running the application.
2ce52b7504df49825da4887cac96c03aa28226252b6f7f55300204478c048607
Zero Day Initiative Advisory 12-086 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rvrender module. When parsing an IVR file, the code within this module does not account for a negative value for the "RMFF 1.0 Flags" element within the input data. By providing a specially crafted file an attacker is able to achieve a program state that results in a function pointer value being retrieved from file data and subsequently called. This vulnerability can be leveraged to execute code under the context of the user running the application.
95be120705ca4e062f32484ba1379b8274788104bd1a0ab24e69832485c9b78d
Drupal Simplenews third party module versions 6.x and 7.x suffer from an information disclosure vulnerability.
c6685213ac066fa6bc378bac975fe3b4f3589d5f1e3d5de4ed106c5fa290eb9a
Drupal Maestro third party module version 7.x suffers from cross site request forgery and cross site scripting vulnerabilities.
bea74b2a86b66783035aa9b7818b9d39d67192aad10a1e02f4e54f6e4732270b
WordPress VideoWhisper Video Presentation plugin version 3.17 suffers from a remote shell upload vulnerability.
1e725372cf26adbf0e1855b1bdee73de2500d7305882f01e5d2990986d2afed8
Zero Day Initiative Advisory 12-085 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dmp4 component. If the width value is altered inside the esds atom, arithmetic instructions within RealPlayer code can result in a loop counter wrapping to a large value. This can cause the loop to run too many times while operating on heap memory. By exploiting this condition, an attacker can corrupt memory and leverage that to execute code under the context of the user running the application.
efbe76fedf3296c7ef451c7b351df87ac87091b6a35538b7186d05716162501f
WordPress MM Forms Community versions 2.2.5 and 2.2.6 suffer from a remote shell upload vulnerability.
ff7b90dc1856fd55dc689b94a4e6b2c40f4969f143f5f3a25a70f19e12338a39
Serendipity version 1.6.1 suffers from a remote SQL injection vulnerability.
6e3df312750080c8c6d894fed47cc8aca0f08d4ecdf5c3c3381f93221a6a8180
Drupal Tokenauth third party module version 6.x suffers from an access bypass vulnerability.
7221dc15d9c821c321728ee4f4fa17ddaf19ba6032017b4a8bec982d1568e3f5
SN News versions 1.2 and below suffer from a remote SQL injection vulnerability in visualiza.php.
aacacee5354d62b76db5fa5c96305f3abdac02cc023a92e856b3744b9fa0bd72
JW Player version 5.9.x suffers from cross site scripting and content spoofing vulnerabilities.
745dad00f0d27c02390246bb3d97b20455221ab826e6936bd3380eebb74e5e06