Mongoose Web Server version 2.11 suffers from directory traversal vulnerabilities.
74af731d1e007a43282f6effec2953ff20250a69d95957c35ab69e40d51f7fcdMetInfo version 3.0 suffers from a php code injection vulnerability.
f753569c888d092712939d066e85867009003f957e4f5011efcd74e156b2492aMetInfo version 2.0 suffers from a php code injection vulnerability.
f12a348c5ed6a4ea5e5bed74ea247b521f6d3b52506b12da76a4e8902fe5d3f6PinkTrace is a lightweight C99 library that eases the writing of tracing applications. It consists of wrappers around different ptrace() requests, an API for decoding arguments and an experimental API for encoding arguments.
5d002d0fff437bedb4ffb8e7cf23770199fe24a71c37af572a8aaf54d6f4193dThe Joomla Flipwall component suffers from a remote SQL injection vulnerability.
2fc6f1966067b8aa245ca0420f7a934a66760fcfe9c3830461b583b598e97efaMandriva Linux Security Advisory 2010-215 - Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service via a large ZSIZE value in a black-and-white RGB image that triggers an invalid pointer dereference. Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the expandrow function. The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.
eaac600dd12a8079009e070b22fa4e731d6d01f52207ddf5ef9db27f19f96f29Simpli Easy Newsletter versions 4.2 and below suffer from cross site scripting and information leakage vulnerabilities.
62d55601bd8c8f67b08da3f1bfa7e1c0cb9ccd7a03872e45986bf5e290640bc7HP Security Bulletin HPSBMA02605 SSRT100238 - A potential security vulnerability has been identified in HP Insight Managed System Setup Wizard for Windows. The vulnerability could be exploited remotely to download arbitrary files. Revision 1 of this advisory.
610c40ddcef707331e2b7ed7da30300bad16427ec12843bc5d1473a12cdd5fb9Zero Day Initiative Advisory 10-228 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within code responsible for parsing Director files (.dir). When handling the 3D record type 0xFFFFFF89. The module trusts size fields within a substructure and can be forced to make a faulty memory allocation. This can be abused by a remote attacker to execute arbitrary code under the context of the currently logged-in user.
2bf79d660e35afb62e9c4701473fd62d24a794a9cd6566d6aef621d52a4ecaf0Buffy version 1.3 suffers from a directory traversal vulnerability.
ff66056a17dbe1478d2636170c5b47f6988c0530d10ae1b463db4320181ac06bSmallFTPD version 1.0.3 suffers from a directory traversal vulnerability.
fa50e9cefa5f474e7a53303d086772c1f93c61c2930aa6c65c868083d7fd97cdHP Security Bulletin HPSBMA02604 SSRT100320 - Potential security vulnerabilities have been identified in HP Insight Recovery for Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS) or arbitrary file download. Revision 1 of this advisory.
f9ed9d84e5e0a052eaa995f5d9294a685bfc5548debaeb84d50f660679ea7593Zoopeer versions 0.1 and 0.2 suffer from a shell upload vulnerability.
ea9e6e9f559430ca29c4ae6d7b8d1d16aad2861b7895328f662ad029712292dbThe Joomla JFUploader component suffers from a shell upload vulnerability.
0a11bbdccaf472815611dc9e5c71c11cc9cf804936ea1ac4f97197e65b1d98ffRoSPORA versions 1.5.0 and below remote php code injection exploit.
668adf9a0a8bbc0cf1cffe4b98ca4cc711d8d15491e0e69d9c3578ca272d6212Xerox 4595 remote denial of service exploit.
b1b86d2b1a0f5a53e725a5a29ee874deea3b4873022c5fdc9d1a02cc7fc874faAdobe Shockwave Player suffers from multiple memory corruption vulnerabilities.
11361a286c7fb83e25af1b9c1340df96ba726fed468d57467a1833d1809da8d7The Joomla MailChimpCCNewsletter component suffers from a local file inclusion vulnerability.
529ad97b1d9f20767e5a10b38a23db35635098b66e001586e2e5f522eb040417CYBSEC Security Advisory - Front Accounting version 2.3RC2 suffers from multiple persistent cross site scripting vulnerabilities.
7ad6eec6de177732540eb94a6e3068b74bd94b850096ad3f764102b42e4866d2Mandriva Linux Security Advisory 2010-214 - A vulnerability in Linux kernel caused by insecure allocation of user space memory when translating system call inputs to 64-bit. A stack pointer underflow can occur when using the compat_alloc_user_space method with an arbitrary length input.
fe95f56e09001ae57c4106c3e56e421c183ce28a1a6dec0d9a2d5220e0b853d3Zero Day Initiative Advisory 10-227 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for parsing Director movies. The .dir format is RIFF-based and is parsed mainly by the dirapi.dll module distributed with Shockwave. While parsing the Lnam chunk within a DIR file, the process attempts to extract a string into a fixed-length buffer located on the stack. The string is prefixed with a one byte size value. If the value is 0xFF the process blindly copies the following string until a NULL byte is found. This can be abused by an attacker to overflow the stack buffer and consequently execute arbitrary code under the context of the user running the browser.
ac54dba056609851316a236f3105251463e0d59056cd90135319899b0135df0aHP Security Bulletin HPSBMA02602 SSRT100317 - Potential security vulnerabilities have been identified in HP Insight Control performance management for Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), privilege escalation, cross site request forgery (CSRF). Revision 1 of this advisory.
40568de651991c74fa385159104da87e2b46f791ffa1b7734750d6fd6797dbceHP Security Bulletin HPSBMA02600 SSRT100239 - A potential security vulnerability has been identified in HP Insight Control performance management for Windows. The vulnerability could be exploited remotely to download arbitrary files. Revision 1 of this advisory.
e13ce46188562497758760318026232f3b5e8eab3dfb4c3883927b96ee779a70go-derper.rb is a tool for hacking memcached servers, released as part of our BlackHat USA. It uses elements of the memcached protocol to derive full lists of keys stored on the memcached server, and can therefore extract the contents of the cache. In addition, it also supports basic searching of retrieved data via user-configurable regular expressions, fingerprinting of multiple caches, monitoring usage in caches as well as basic cache content manipulations such as value insertion, overwrites and deletion.
244cda8b11f13b2a097dc55c275911e305ea6a0949da46dc16992fb0ed1c6b4eThis archive contains all of the 284 exploits added to Packet Storm in October, 2010.
109c7f81b0e2739d5ebe2f11c94eee497c45746c5c5de1adbd277418fd305e40
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed