Posts Tagged ‘execution’

Microsoft Office 2007 Groove Security Bypass / Code Execution

Microsoft Office 2007 Groove contains a security bypass issue regarding ‘Workspace Shortcut’ files (.GLK) because it allows arbitrary (registered) URL Protocols to be passed, when only ‘grooveTelespace://’ URLs should be allowed, which allows execution of arbitrary code upon opening a ‘GLK’ file. Source: Microsoft Office 2007 Groove Security Bypass / Code Execution


Microsoft Excel Remote Code Execution

Microsoft Excel contains a remote code execution vulnerability upon processing OLE objects. Versions 2007, 2010, 2013, and 2016 are affected on both architectures. Source: Microsoft Excel Remote Code Execution


Oracle WebLogic Server Java Deserialization Remote Code Execution

This exploit tests the target Oracle WebLogic Server for Java Deserialization remote code execution vulnerability. The ysoserial payload causes the target to send Ping requests to the attacking machine. You can monitor ICMP ECHO requests on your attacking machine using TCPDump to know if the exploit was successful. Feel free to modify the payload (chunk2) […]