Secunia Research has discovered some vulnerabilities in Free Download Manager, which can be exploited by malicious people to compromise a user's system. Multiple boundary errors exists in relation to torrent files allowing for arbitrary code execution.Free Download Manager versions 2.5 Build 758 and 3.0 Build 844 are affected.
86565ed22b3c1b8dade154b897b1b8f0f21fa8a840a14b598b19f7b4178d642bSecunia Research has discovered a vulnerability in Free Download Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the Remote Control Server when processing "Authorization" headers in HTTP requests. This can be exploited to cause a stack-based buffer overflow via an HTTP request containing an overly long "Authorization" header. Successful exploitation allows execution of arbitrary code. Free Download Manager versions 2.5 Build 758 and 3.0 Build 844 are affected.
2d6a98a1c54f3e78b5ee64d40212d81016ff64590c30aaee596d5b936675f6e2Small HTTP Server versions 3.05.85 and below directory traversal exploit.
682007293d9ec53a757ba070b2171fd3df99476a6df52154c2fb8436300f298dphpslash versions 0.8.1.1 and below remote code execution exploit.
662d1a5b90d0b1590026d37a8495f4800f94426aea13fcf80d044e5e24df7bccZero Day Initiative Advisory 09-010 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware Groupwise SMTP daemon. Authentication is not required to exploit this vulnerability. The specific flaw exists during the parsing of malformed RCPT verb arguments to the SMTP daemon. When an overly long e-mail address is received an off-by-one condition is triggered which minimally will cause a denial of service and can result in arbitrary code execution.
16947b005107697a5043ffe2f056900f34ccc5c5be96831168dde8b40d5f21a1RealVNC version 4.1.2 RFB protocol remote code execution proof of concept exploit that leverages vncviewer.exe.
a3333c283bd28560b7a8f864055c05b6066368678e12275b9bc2f81fd7e82028KIS 2008 and Kaspersky AntiVirus for Workstations suffer from a local privilege escalation vulnerability in Klim5.sys.
986d0ad816e789cda1a3b6e60acf76a92dd2c3e35c8b13cf6af11184f8f77d00KIS 2008 and Kaspersky AntiVirus for Workstations local privilege escalation exploit for Klim5.sys.
85cd67d9a7dd14368a87ecb0b6e2697b18ac25ac9ed708ce4af6e323ab93fca8Sourdough version 0.3.5 suffers from a remote file inclusion vulnerability.
d7a953e96913edf059eb85b58c0f83f36f9cc8f9f628288f9ce3336e8b12065aSMA-DB version 0.3.12 suffers from remote file inclusion and cross site scripting vulnerabilities.
fbae7e0d7c2feb8ca5dd80a9561ca4ace6d15d5ac8782108923a4381cbee93f934 bytes small Linux x86 shellcode for killall5 on System-V.
cb7ee4390ce63207cf66bb2b74cda1be6e9d28e447faac64cdceb3cac9a455feThe BruCON 2009 Call For Papers has been officially announced. It will be held in Brussels, Belgium from September 18th through the 19th, 2009.
e904a7b8f04613bfacdecba37d93f121f9456052646509079b7f361370f93668Flatnux 2009-01-27 cross site scripting / iframe injection proof of concept code.
0a271eacfa48bd24aedbaf1c8e34f4347461e219d0e8e15217ccf5fea7f68ba4GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
1111cf07ff18327ca9c859386603f18d38212ecb93890788dacb89939ae6da6eThis Metasploit module is for OpenHelpDesk version 1.0.100 that is vulnerability to php code execution to an improper use of eval().
790a572fa2eaf8a14620e19f2985d1b25f1ddb1857ea163771dbd4fb5f3c3ffeCMS Mini versions 0.2.2 and below remote command execution exploit.
5aee8bfb785971f9f491d5f5d51f1a4246d16e312609ff7b61aca70659259db0phpBLASTER version 1.0 RC1 remote blind SQL injection exploit.
6e115427df40a13ae0f048c2578c31d985ec9f601c3778b4b9e8f1e5b3c093caWholeHogSoftware Ware Support suffers from a remote SQL injection vulnerability that allows for authentication bypass.
ea563c4447f105bb1e7119ea0228b3175266493197db51f918fddb8ec4f88513AJA Portal version 1.2 on Windows suffers from multiple local file inclusion vulnerabilities.
f51fd110d0e3b858fadaab744e6277870461f1fb1ccd23f14b419d48ec8dec91WholeHogSoftware Password Protect suffers from a remote SQL injection vulnerability that allows for authentication bypass.
bc4cec2f042161b909315694bbdc204eed5ab4af635f4f00ffa4317fd20deb64Elecard AVC HD Player local stack overflow proof of concept exploit that creates a malicious .m3u file.
adc386e5d5230ec9d591dd602fdd2bed27f534f85ccd7e20f82ae2f2b0a4f4fdSecunia Security Advisory - Some vulnerabilities have been discovered in the ImageField module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system.
4b528acf6fec27f3d86bb55ca6d97ea6d66794679d685c055cb6797253874ce2Secunia Security Advisory - A vulnerability has been reported in Enomaly ECP, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
c9ae97de3a30444e26c428487095bb7e1dab57e3224cf850a0ed945cf02bb28dSecunia Security Advisory - A vulnerability has been discovered in the Synactis ALL In-The-Box ActiveX control, which can be exploited by malicious people to compromise a user's system.
201aeb344625e91ad3aeaafbff900647824517934b24e845fe1fff1e60854a12Secunia Security Advisory - nuclear has reported some vulnerabilities in ReVou Twitter Clone, which can be exploited by malicious people to conduct SQL injection attacks and malicious users to conduct script insertion attacks.
8ccf19ea8cf86a960b5f7136c793524c131f78f29b64edc1a6a30bd8373b4c35
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed