CVE-2014-2003
published 2014-06-16CVE-2014-2003: JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows…
PriorityP345high7.6CVSS 2.0
AVNACHAuNCCICAC
EPSS
3.59%
88.0th percentile
JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| justsystems | ichitaro | <= 2014 | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
| justsystems | ichitaro | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)
exploitdb·2015-02-27·CVSS 10.0
CVE-2015-1497 [CRITICAL] Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)
Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)
---
# Exploit Title: Persistent Systems Client Automation (PSCA, formerly HPCA or Radia) Command Injection Remote Code Execution Vulnerability
# Date: 2014-10-01
# Exploit Author: Ben Turner
# Vendor Homepage: Previosuly HP, now http://www.persistentsys.com/
# Version: 7.9, 8.1, 9.0, 9.1
# Tested on: Windows XP, Windows 7, Server 2003 and Server 2008
# CVE-2015-1497
# CVSS: 10
require 'msf/core'
class Metasploit3 'Persistent Systems Client Automation (PSCA, formerly HPCA or Radia) Command Injection Remote Code Execution Vulnerability',
'Description' => %Q{
This module exploits PS Client Automation, by sending a remote service install and creating a callback payload.
},
'Author' => [ 'Ben Turner'
Exploit-DB
Thomson Reuters Fixed Assets CS 13.1.4 - Local Privilege Escalation
exploitdb·2014-12-02
CVE-2014-9141 Thomson Reuters Fixed Assets CS 13.1.4 - Local Privilege Escalation
Thomson Reuters Fixed Assets CS 13.1.4 - Local Privilege Escalation
---
# Exploit Title: Thomson Reuters Fixed Assets CS Windows 7, Windows 8
# CVE : 2014-9141
Product Affected:
Fixed Assets CS <=13.1.4 (Workstation Install)
Note: 2003/2008 Terminal Services/Published apps **may** be vulnerable,
depending on system configuration.
This vulnerability has been reference checked against multiple
installs. This configuration was identical across all systems and each
version encountered.
Executables/Services:
C:\WinCSI\Tools\connectbgdl.exe
Attack Detail:
The Fixed Assets CS installer places a system startup item at
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Which then executes the utility at C:\WinCSI\Tools\connectbgdl.exe.
The executables that are ins
Exploit-DB
Elipse E3 - HTTP Denial of Service
exploitdb·2014-11-26·CVSS 5.0
CVE-2014-8652 [MEDIUM] Elipse E3 - HTTP Denial of Service
Elipse E3 - HTTP Denial of Service
---
// Exploit Http DoS Request for SCADA ATTACK Elipse 3
// Mauro Risonho de Paula Assumpção aka firebits
// [email protected]
// 29-10-2013 11:42
// Vendor Homepage: http://www.elipse.com.br/port/index.aspx
// Software Link: http://www.elipse.com.br/port/e3.aspx
// Version: 3.x and prior
// Tested on: windows
// CVE : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8652
// NVD : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8652
// Hard lock Dll crash in Windows 2003 SP2 + 20 requests connections
// exploit in Golang (golang.com) C Google
// compile and execute:
// go build Exploit-Http-DoS-Request-for-SCADA-ATTACK-Elipse3-PoC.go
// chmod +x Exploit-Http-DoS-Request-for-SCADA-ATTACK-Elipse3-PoC.go
// ./Exploit-Http-DoS-Request
Exploit-DB
Kolibri Web Server 2.0 - GET (SEH)
exploitdb·2014-07-14
CVE-2014-4158 Kolibri Web Server 2.0 - GET (SEH)
Kolibri Web Server 2.0 - GET (SEH)
---
#!/usr/bin/python
# Exploit Title : Kolibri WebServer 2.0 Get Request SEH Exploit
# Exploit Author : Revin Hadi S
# Date : 14/07/2014
# Vendor : http://www.senkas.com
# Version : 2.0
# Tested on : Windows XP SP2 Eng, Windows Server 2003 Eng, Win 7 SP1 Eng
import socket, sys
help = """Kolibri WebServer 2.0 Get Request SEH Exploit
Target
[1]Windows XP SP2 Eng & Windows 2003 SP2 Eng
[2]Windows 7 SP1 Eng
Usage : %s [rhost] [port] [target]""" %sys.argv[0]
try:
script, rhost, port, target = sys.argv
except ValueError:
print help
exit()
try:
port = int(port)
target = int(target)
except ValueError:
print "Port & Target should number !"
exit()
#msfpayload windows/shell_bind_tcp LPORT=5698 R | msfencode -a x86 -e x86/alpha_mixed -t c
shellcode = ("\x89\
Exploit-DB
JIRA Issues Collector - Directory Traversal (Metasploit)
exploitdb·2014-04-07
CVE-2014-2314 JIRA Issues Collector - Directory Traversal (Metasploit)
JIRA Issues Collector - Directory Traversal (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'JIRA Issues Collector Directory Traversal',
'Description' => %q{
This module exploits a directory traversal flaw in JIRA 6.0.3. The vulnerability exists
in the issues collector code, while handling attachments provided by the user. It can be
exploited in Windows environments to get remote code execution. This module has been tested
successfully on JIRA 6.0.3 with Windows 2003 SP2 Server.
},
'Author' =>
[
'Philippe Arteau', # Vulnerability Discovery
'juan vazquez' # Metasploit module
],
'License' => MSF_LICENSE,
'References' =>
[
[ 'CVE', '2014-2314'],
[ '
Exploit-DB
HP Data Protector - 'EXEC_BAR' Remote Command Execution
exploitdb·2014-02-16·CVSS 10.0
CVE-2013-2347 [CRITICAL] HP Data Protector - 'EXEC_BAR' Remote Command Execution
HP Data Protector - 'EXEC_BAR' Remote Command Execution
---
import argparse
import socket
"""
Exploit Title: HP Data Protector EXEC_BAR Remote Command Execution
Exploit Author: Chris Graham @cgrahamseven
CVE: CVE-2013-2347
Date: February 14, 2014
Vendor Homepage: www.hp.com
Version: 6.10, 6.11, 6.20
Tested On: Windows Server 2003, Windows Server 2008 R2
References:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03822422
http://www.zerodayinitiative.com/advisories/ZDI-14-008/
Details:
The omniinet service, which runs by default on port 5555, is susceptible
to numerous remotely exploitable vulnerabilities. By sending a malicious
EXEC_BAR packet (opcode 11), a remote attacker can force the omniinet
service to run an arbitrary command. On Windows, the omnii
Bugzilla
CVE-2014-9527 apache-poi: denial of service in HSLFSlideShow via corrupted PPT file
bugzilla·2015-01-12·CVSS 5.0
CVE-2014-9527 [MEDIUM] CVE-2014-9527 apache-poi: denial of service in HSLFSlideShow via corrupted PPT file
CVE-2014-9527 apache-poi: denial of service in HSLFSlideShow via corrupted PPT file
A denial of service flaw was found in the way the HSLFSlideShow class implementation in Apache POI handled certain PPT files. A remote attacker could submit a specially crafted PPT file that would cause Apache POI to hang indefinitely.
Upstream Issue:
https://issues.apache.org/bugzilla/show_bug.cgi?id=57272
Upstream Fix:
https://svn.apache.org/viewvc?view=revision&revision=1643680
Discussion:
There are some problems to solve for upgrade Apache Poi to 3.11
#1, i have no idea what license they use these files, used by poi-ooxml* artefacts
http://www.ecma-international.org/publications/files/ECMA-ST/Office%20Open%20XML%201st%20edition%20Part%202%20(PDF).zip
http://dublincore.org/schemas/xmls/qdc/2003/0
Talos
Microsoft Update Tuesday: April 2014, two final XP and Office 2003 fixes
blogs_talos·2014-04-08·CVSS 6.9
CVE-2014-1761 [MEDIUM] Microsoft Update Tuesday: April 2014, two final XP and Office 2003 fixes
It’s the last Microsoft Update Tuesday before the end-of-life of both Windows XP and Office 2003 and Microsoft is patching two vulnerabilities that also impact XP and two that also impact Office 2003 this month. All-in-all it’s a relatively light month this time around with only four bulletins covering eleven CVEs.
The first bulletin this month, MS14-017, deals with Word and covers three CVEs. One fix is for a 0-day vulnerability, CVE-2014-1761, that Microsoft previously addressed in advisory 2953095 and a “Fix it” that disables support for RTF completely in Word. The vulnerability results from an incorrect “listoverridecount” value in an “overridetable” structure in the RTF file.This value is not properly checked by Word and setting it to an invalid value causes a type confusion bug, whi
Talos
Microsoft Update Tuesday: January 2014, fix for the XP/2003 0-day vulnerability
blogs_talos·2014-01-14·CVSS 9.8
CVE-2014-0258 [CRITICAL] Microsoft Update Tuesday: January 2014, fix for the XP/2003 0-day vulnerability
The first Microsoft Update Tuesday of 2014 is here and it’s a very light month this time around. We’ve got 4 bulletins covering 6 CVEs. What’s remarkable is that there’s no Internet Explorer bulletin this month. There are also no bulletins that are marked critical, all 4 bulletins are marked as important.
The first bulletin, MS14-001, is for Word and Office Web Apps, this bulletin covers 3 CVEs (CVE-2014-0258, CVE-2014-0259 and CVE-2014-0260. They are memory corruption vulnerabilities in Word, which could result in remote code execution.
MS14-002 is a fix for the Windows XP/2003 0-day kernel escalation of privilege vulnerability (CVE-2013-5065) that was being exploited in the wild in tandem with the Adobe Reader vulnerability (CVE-2013-3346). Here an attacker would convince the user to o
http://jvn.jp/en/jp/JVN50129191/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000053http://www.ipa.go.jp/security/ciadr/vul/20140611-jvn.htmlhttp://www.justsystems.com/jp/info/js14002.htmlhttp://jvn.jp/en/jp/JVN50129191/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000053http://www.ipa.go.jp/security/ciadr/vul/20140611-jvn.htmlhttp://www.justsystems.com/jp/info/js14002.html
2014-06-16
Published