Radiography is a forensic tool which grabs as much information as possible from a Windows system. It checks registry keys related to start up processes, registry keys with Internet Explorer settings, host file contents, taskScheduler tasks, loaded system drivers, uses WinUnhide to catch hidden processes, and does much more.
3b250869fc03d623c0391fb2eb009c78PHP Gift Registry version 1.5.5 suffers from a remote SQL injection vulnerability.
53a5d7853ede2a9b2562c03f725a0777Red Hat Security Advisory 2011-1380-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges.
d84707b99c686739b0dc26318ce4c87aDigital forensics deals with the analysis of artifacts on all types of digital devices. One of the most prevalent analysis techniques performed is that of the registry hives contained in Microsoft Windows operating systems. Registry Decoder was developed with the purpose of providing a single tool for the acquisition, analysis, and reporting of registry contents.
249edb0ee32fdfb5f2b3c8b00e1a3c38Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Service Registry and Repository, which can be exploited by malicious people to conduct script insertion attacks.
7491e54bb7b5621ffe2a86b82f95e844Iconics GENESIS32 version 9.21.201.01 suffers from an integer overflow vulnerability. The GenBroker service on port 38080 is affected by three integer overflow vulnerabilities while handling opcode 0x4b0, which is caused by abusing the the memory allocations needed for the number of elements passed by the client. This results unexpected behaviors such as direct registry calls, memory location calls, or arbitrary remote code execution. Please note that in order to ensure reliability, this exploit will try to open calc (hidden), inject itself into the process, and then open up a shell session. Also, DEP bypass is supported.
598c01f621d3562c965ff0d9cbaa8d3cThis Metasploit module takes advantage of the default configuration of the RMI Registry and RMI Activation services, which allow loading classes from any remote (HTTP) URL. As it invokes a method in the RMI Distributed Garbage Collector which is available via every RMI endpoint, it can be used against both rmiregistry and rmid, and against most other (custom) RMI endpoints as well. Note that it does not work against Java Management Extension (JMX) ports since those do not support remote class loading, unless another RMI endpoint is active in the same Java process. RMI method calls do not support or require any sort of authentication.
fbbadd0ab71e68aa96956d8f618d9d6dDell IT Assistant detectIESettingsForITA.ocx Active-X control readRegVal() remote registry dump exploit.
649c55abd626a502b88a188681be5acdGrokEVT is a collection of scripts for reading Windows event log files on Unix. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.
787a28d5d253e07522305208ca65bc96RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later.
1fb1eea7435d368a91ade8c4016b5be6RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later.
c86d45b55756ed754c04db13f7eac408This windows binary is a lightweight tool for removing strings in the Windows registry.
5df2d230ce8cdd6f3dd97756a90c6c07Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Service Registry and Repository, which can be exploited by malicious people to bypass certain security restrictions.
0011293164311c6e925ec5ac838e438dSmartFTP version 4.0.1142.0, Speak Aloud, The GodFather version 0.80, Vip Rumor Player version 3.7 and Wise Registry Cleaner DLL hijacking exploit.
c118c7246cd7c320e8d8391e21902f12Zero Day Initiative Advisory 10-145 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks Remote Management. Access to a single node with Remote Management client installed and configured is required. The specific flaw exists within the storage of Remote Management authentication information on the client. The client utilizes a password stored in the registry that is common among all nodes. This can be exploited by an attacker to execute remote code on any target with the client installed.
86a4e1ae13d8899cb51ab8ac8d53cc7eSecunia Security Advisory - Two vulnerabilities have been reported in IBM WebSphere Service Registry and Repository, which can be exploited by malicious people to conduct cross-site scripting attacks.
127cb42cadfc2a69e8f487910fe6c45fHP Security Bulletin - Potential security vulnerabilities have been identified with HP SOA Registry Foundation. The vulnerabilities could be exploited remotely to gain unauthorized access to data, for cross site scripting (XSS), or to escalate privileges.
b5f1aa561e1cdab7575d45cc28edae44Secunia Security Advisory - Multiple vulnerabilities have been reported in HP SOA Registry Foundation, which can be exploited by malicious users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.
b2ae018ebc57d174f43924d85f24550cRegLookup is a small command line utility for parsing and searching registry files from Windows NT and later.
7fa5bd1f55f3f8345952bf6a03ef2e1aThis registry code allows any terminal client access to a Terminal Server. It bypasses the Microsoft "Terminal Server License" and allows the client to create a session on the server without a CAL (Client Access License) or MS Open License. It works on WinNT, Win2000, Win2003 server and Win2008 server.
41053a7e4a261472d04cdc1eea0cae07This Metasploit module exploits a registry-based stack overflow in the Windows Routing and Remote Access Service. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well. A valid username and password is required to exploit this flaw on Windows 2000. When attacking XP SP1, the SMBPIPE option needs to be set to 'SRVSVC'. Exploiting this flaw involves two distinct steps - creating the registry key and then triggering an overwrite based on a read of this key. Once the key is created, it cannot be recreated. This means that for any given system, you only get one chance to exploit this flaw. Picking the wrong target will require a manual removal of the following registry key before you can try again: HKEY_USERS\\\\.DEFAULT\\\\Software\\\\Microsoft\\\\RAS Phonebook
e3878c4e99491b1e90737445afd1a5bdMandriva Linux Security Advisory 2009-042 - Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name. This update provides samba 3.2.7 to address this issue.
c23f8f67b376b134aa6c3b750c756c16Ubuntu Security Notice USN-702-1 - Gunter Hockel discovered that Samba with registry shares enabled did not properly validate share names. An authenticated user could gain access to the root filesystem by using an older version of smbclient and specifying an empty string as a share name. This is only an issue if registry shares are enabled on the server by setting "registry shares = yes", "include = registry", or "config backend = registry", which is not the default.
16c06750eef20e3808874ed0c796b230Hummingbird Deployment Wizard 2008 with DeployRun.dll versions 10.0.0.44 and below suffer from a registry value creation/change vulnerability.
2c4e1391c98f4d7ea86b670ddd70a9f5GrokEVT is a collection of scripts for reading Windows event log files on Unix. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.
729ebacf9abc79130c80a6e599bb78dc
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed