ac Avaya IP Office (IPO) 10.1 Active-X Buffer Overflow By packetstormsecurity.com Published On :: Sun, 05 Nov 2017 15:40:54 GMT Avaya IP Office (IPO) versions 9.1.0 through 10.1 suffer from an active-x buffer overflow vulnerability. Full Article
ac BarcodeWiz ActiveX Control Buffer Overflow By packetstormsecurity.com Published On :: Sat, 06 Jan 2018 18:33:30 GMT BarcodeWiz ActiveX Control versions prior to 6.7 suffers from a buffer overflow vulnerability. Full Article
ac Microsoft Windows 10 scrrun.dll Active-X Creation / Deletion Issues By packetstormsecurity.com Published On :: Wed, 06 Jun 2018 20:22:22 GMT scrrun.dll on Microsoft Windows 10 suffers from file creation, folder creation, and folder deletion vulnerabilities. Full Article
ac G DATA TOTAL SECURITY 25.4.0.3 Active-X Buffer Overflow By packetstormsecurity.com Published On :: Fri, 13 Jul 2018 16:14:16 GMT G DATA TOTAL SECURITY version 25.4.0.3 suffers from an active-x buffer overflow vulnerability. Full Article
ac Adobe Flash Active-X 28.0.0.137 Remote Code Execution By packetstormsecurity.com Published On :: Mon, 24 Dec 2018 04:44:44 GMT Adobe Flash Active-X plugin version 28.0.0.137 remote code execution proof of concept exploit. Full Article
ac Apache James Server 2.3.2 Insecure User Creation / Arbitrary File Write By packetstormsecurity.com Published On :: Thu, 20 Feb 2020 21:25:29 GMT This Metasploit module exploits a vulnerability that exists due to a lack of input validation when creating a user. Messages for a given user are stored in a directory partially defined by the username. By creating a user with a directory traversal payload as the username, commands can be written to a given directory. To use this module with the cron exploitation method, run the exploit using the given payload, host, and port. After running the exploit, the payload will be executed within 60 seconds. Due to differences in how cron may run in certain Linux operating systems such as Ubuntu, it may be preferable to set the target to Bash Completion as the cron method may not work. If the target is set to Bash completion, start a listener using the given payload, host, and port before running the exploit. After running the exploit, the payload will be executed when a user logs into the system. For this exploitation method, bash completion must be enabled to gain code execution. This exploitation method will leave an Apache James mail object artifact in the /etc/bash_completion.d directory and the malicious user account. Full Article
ac Facebook's Libra Falls Into Big Gap In EU Rules By packetstormsecurity.com Published On :: Thu, 05 Sep 2019 13:39:29 GMT Full Article headline government bank cybercrime fraud facebook social cryptography
ac Facebook Suspends Tens Of Thousands Of Apps Over Privacy Issues By packetstormsecurity.com Published On :: Mon, 23 Sep 2019 16:52:46 GMT Full Article headline privacy facebook social
ac AG Barr Asks Facebook To Not Use End To End Encryption By packetstormsecurity.com Published On :: Fri, 04 Oct 2019 13:47:34 GMT Full Article headline government privacy usa spyware facebook social cryptography
ac Cozy Bear Is Back In Action Again By packetstormsecurity.com Published On :: Thu, 17 Oct 2019 14:06:50 GMT Full Article headline government usa russia fraud cyberwar facebook social
ac How The Wheels Came Off Facebook's Libra Project By packetstormsecurity.com Published On :: Fri, 18 Oct 2019 14:59:55 GMT Full Article headline government bank facebook social cryptography
ac Two Plead Guilty In Conspiracy Involving Uber, LinkedIn, Others By packetstormsecurity.com Published On :: Thu, 31 Oct 2019 14:20:28 GMT Full Article headline hacker privacy cybercrime data loss fraud social uber
ac System Bug Gives Facebook Access To iPhone Cameras By packetstormsecurity.com Published On :: Wed, 13 Nov 2019 17:01:40 GMT Full Article headline privacy phone flaw apple facebook social
ac Amnesty Slams Facebook, Google Over Business Models By packetstormsecurity.com Published On :: Thu, 21 Nov 2019 15:02:04 GMT Full Article headline privacy data loss google spyware facebook social
ac Facebook Alleges Company Infiltrated Thousands For Ad Fraud By packetstormsecurity.com Published On :: Fri, 06 Dec 2019 16:13:45 GMT Full Article headline cybercrime fraud facebook social
ac Greek Journo Who Published List Of Swiss Bank Account Holders Cleared By packetstormsecurity.com Published On :: Fri, 02 Nov 2012 15:15:41 GMT Full Article headline privacy bank data loss switzerland greece
ac Attackers Raid Swiss Banks With DNS And Malware Bombs By packetstormsecurity.com Published On :: Wed, 23 Jul 2014 15:04:55 GMT Full Article headline malware bank dns cybercrime fraud switzerland
ac Swisscom Data Breach: 800,000 Customers Affected By packetstormsecurity.com Published On :: Thu, 08 Feb 2018 15:23:24 GMT Full Article headline privacy phone data loss switzerland
ac execMacOSX.txt By packetstormsecurity.com Published On :: Tue, 15 Nov 2005 06:51:18 GMT execve("/bin/sh",{"/bin/sh",NULL},NULL) shellcode for Mac OSX on both the PPC and x86 platforms. Full Article
ac Twin Terror Attacks Shock Norway By packetstormsecurity.com Published On :: Sat, 23 Jul 2011 01:58:41 GMT Full Article headline terror norway
ac Police Say Oslo Suspect Admits To 'Facts' In Massacre By packetstormsecurity.com Published On :: Sun, 24 Jul 2011 15:52:52 GMT Full Article headline terror norway
ac Anonymous Lashes Out At Norway Massacre Suspect By packetstormsecurity.com Published On :: Tue, 26 Jul 2011 04:32:40 GMT Full Article headline terror anonymous norway
ac Norweigian Oil And Defense Industries Are Hit By A Major Cyber Attack By packetstormsecurity.com Published On :: Fri, 18 Nov 2011 16:43:19 GMT Full Article headline cyberwar norway
ac Soca Website Attack: Norway Arrests Two Youths By packetstormsecurity.com Published On :: Wed, 09 May 2012 15:58:55 GMT Full Article headline hacker denial of service mpaa norway
ac Hacker Site's Incriminating Database Published Online By Rivals By packetstormsecurity.com Published On :: Tue, 13 Aug 2019 14:29:24 GMT Full Article headline hacker privacy database data loss cyberwar
ac 700,000 Choice Hotels Records Leaked In Data Breach, Ransom Demanded By packetstormsecurity.com Published On :: Thu, 15 Aug 2019 16:15:26 GMT Full Article headline privacy database data loss
ac Oracle Rushes Out Emergency Apache DoS Patch By packetstormsecurity.com Published On :: Mon, 19 Sep 2011 13:16:26 GMT Full Article headline flaw oracle apache
ac Attack On Apache Server Exposes Firewalls, Routers, Etc By packetstormsecurity.com Published On :: Thu, 06 Oct 2011 02:06:20 GMT Full Article headline flaw apache
ac Apache OpenOffice Security Fixes Emerge By packetstormsecurity.com Published On :: Sat, 19 May 2012 01:35:07 GMT Full Article headline flaw patch apache
ac Apache Server Status Pages Put Popular Websites At Risk By packetstormsecurity.com Published On :: Fri, 02 Nov 2012 04:02:21 GMT Full Article headline privacy data loss flaw apache
ac Apache Plug-In Doles Out Zeus Attack By packetstormsecurity.com Published On :: Thu, 20 Dec 2012 14:55:43 GMT Full Article headline malware trojan botnet apache
ac Hackers Hit Thousands Of Sites With Apache Backdoor By packetstormsecurity.com Published On :: Tue, 30 Apr 2013 00:02:31 GMT Full Article headline malware backdoor apache
ac Apache ActiveMQ Flaws Leave Servers Open To DoS Attacks By packetstormsecurity.com Published On :: Mon, 09 Mar 2015 20:04:49 GMT Full Article headline denial of service flaw apache
ac 1 In 20 Android Apps Hit By Apache Cordova Flaw By packetstormsecurity.com Published On :: Thu, 28 May 2015 13:47:45 GMT Full Article headline phone flaw google apache
ac Apache Struts 2 Needs Patching, Without Delay. It's Under Attack Now. By packetstormsecurity.com Published On :: Thu, 09 Mar 2017 16:15:22 GMT Full Article headline hacker flaw apache
ac Apache Struts 2 Bug Bites Canada, Cisco, VMware, And Others By packetstormsecurity.com Published On :: Tue, 14 Mar 2017 15:11:27 GMT Full Article headline canada flaw cisco apache
ac 9 Year Old Apache Struts Vuln Was Used To Pop Equifax By packetstormsecurity.com Published On :: Sat, 09 Sep 2017 16:22:18 GMT Full Article headline privacy bank cybercrime data loss fraud flaw apache
ac Oracle Corrals And Patches Struts 2 Vulnerabilities By packetstormsecurity.com Published On :: Wed, 27 Sep 2017 06:32:18 GMT Full Article headline flaw patch oracle apache
ac ZDI Is Throwing Out $200k Bug Bounties On Apache And Microsoft IIS By packetstormsecurity.com Published On :: Wed, 25 Jul 2018 17:02:50 GMT Full Article headline hacker microsoft flaw apache
ac Apache Vulnerabilities Spotted In OpenWhisk And Tomcat By packetstormsecurity.com Published On :: Wed, 25 Jul 2018 17:02:58 GMT Full Article headline flaw apache
ac Apache Struts Vulnerability Would Allow System Takeover By packetstormsecurity.com Published On :: Tue, 06 Nov 2018 23:26:37 GMT Full Article headline flaw apache
ac Apache Hadoop Spins Cracking Code Injection Vulnerability YARN By packetstormsecurity.com Published On :: Mon, 26 Nov 2018 15:31:20 GMT Full Article headline flaw apache
ac Serious Apache Server Bug Gives Root To Baddies In Shared Environments By packetstormsecurity.com Published On :: Thu, 04 Apr 2019 14:38:10 GMT Full Article headline flaw apache
ac Web Tools Create XSS Headaches By packetstormsecurity.com Published On :: Mon, 07 Jan 2008 15:48:51 GMT Full Article xss
ac Facebook Vulnerable To Critical XSS, Could Lead To Malware Attacks By packetstormsecurity.com Published On :: Fri, 23 May 2008 08:26:21 GMT Full Article malware facebook xss
ac Mozilla Tackles XSS Vulnerabilities With New Technology By packetstormsecurity.com Published On :: Mon, 22 Jun 2009 16:29:11 GMT Full Article mozilla xss
ac Facebook App Flaws Create Trojan Download Risk By packetstormsecurity.com Published On :: Mon, 21 Sep 2009 16:04:03 GMT Full Article trojan flaw facebook xss
ac IE 8 XSS Filter Exposes Sites To XSS Attacks By packetstormsecurity.com Published On :: Mon, 19 Apr 2010 19:23:01 GMT Full Article microsoft xss
ac XSS Flaw Discovered In Skype's Shop, User Accounts Targeted By packetstormsecurity.com Published On :: Fri, 24 Feb 2012 23:57:20 GMT Full Article headline flaw identity theft skype social xss
ac macOS Kernel wait_for_namespace_event() Race Condition / Use-After-Free By packetstormsecurity.com Published On :: Wed, 18 Dec 2019 14:08:33 GMT In the macOS kernel, the XNU function wait_for_namespace_event() in bsd/vfs/vfs_syscalls.c releases a file descriptor for use by userspace but may then subsequently destroy that file descriptor using fp_free(), which unconditionally frees the fileproc and fileglob. This opens up a race window during which the process could manipulate those objects while they're being freed. Exploitation requires root privileges. Full Article
