Sunway Force Control SCADA version 6.1 SP3 SEH overwrite exploit that leverages httpsrv.exe.
2a1865e7d256806fcaff46aa46e479ea0c60c29cfbd3e16e191d673217f78af3Whitepaper called Reversing on Linux x86 (with GDB). Written in French.
63981f464847dbb4d276d73bf0736d51248fa7a93e40390d2df252a1579bf0caMarinet suffers from a remote SQL injection vulnerability.
b76b56eba9e49c276aaed0c3b791749ab48785e57d5a60e50d5054ea4e10dfdbUsing the attacks in this paper allows you to bypass all of PHPIDS's rule sets, which defeats all protection PHPIDS can provide. Furthermore, on a default install of PHPIDS the log file can be used to drop a PHP backdoor. This can use PHPIDS as a vital steping stone in turning an LFI vulnerability into remote code execution. The end result is that use of PHPIDS 0.6.5 can make you less secure. All of these issues have been fixed in version 0.7.
4e80f010f2e100b6cc954b44c4b4a7f65f2ce4d15ff9f32967990f6eb5333cabJcow CMS versions 4.2 and below and 5.2 and below suffer from an arbitrary code execution vulnerability.
ca327972965db48f7581199c807d5eec464e9116d0151f07f7d010ecda397b29Jcow CMS version 4.2 suffers from a cross site scripting vulnerability.
e38d842b5d074b78cd8472b0be60fe3e5dff9c86f251b915e8f9858ab00a7533Anthem Design suffers from multiple remote SQL injection vulnerabilities.
21761970d43dd7ac7743dc9b25711696fc46cd0d220f099d3947307d6d42a5baWEBSOURCE CMS suffers from a remote SQL injection vulnerability.
8cff116773659c616ac15201e0fec8016121834ce748f0964182374f5bb3cc3bListen Different suffers from a remote SQL injection vulnerability.
6d661d67e45f139db28008afd3829af3c9002febdcf3dba73737bd6f16ed5688Omnitec suffers from a remote SQL injection vulnerability.
29bcfe14f0768091491b0bd6babb3d6187d3b924fe8fbdcba075b2551cfbdaf6Web Art Studio suffers from a remote SQL injection vulnerability.
b66f635a49212df0ef903de41ccd4401035d83617be6c59c772e786ada092800TconZERO suffers from a remote SQL injection vulnerability.
56e4c6c89bb210e0675828756d98c8340324f89fea7aec0233c668d8bdc9239dBoxmodel suffers from a remote SQL injection vulnerability.
cd09894f42ea43e327544ff5cee3c0afbbc6cf2fe82b5c859319331b1c37ec1aNet Studios suffers from a remote SQL injection vulnerability.
e3fc95c2af756172f51b158ebfde22685b949e5706f0604dc77b5ce8f388f428Digital Consulting suffers from a remote SQL injection vulnerability.
24d933a3af7b9eada789ff6534d9f26bab4c16e43c4b54ead53a19a0edf099e9A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPd server. Both the 1.3 and 2.x releases are affected. An attack tool is circulating in the wild. Active use of this tool has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.
5d5a40e4d8f57c587755cd3f5ff822e2259dd225fa37f5f99b5edcce51cf091dGroovy Media Player version 2.6.0 local buffer overflow proof of concept exploit that creates a malicious .m3u file.
2296a6c0a9772a83268cee88e8415f7949feef813f63d26a7c862df51c86c8d0LarkinWeb suffers from a remote SQL injection vulnerability.
fab3a13af000c479a93819bdccd210432d85c7e27fbbc5a1571e7db484731e39Ultimate Presence suffers from a remote SQL injection vulnerability.
79a41137b13fd45ecc6f55b4d926e2bdaf2d45f0d01c6e534f03f862f205f464Ubuntu Security Notice 1185-1 - Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. It was discovered that a vulnerability in event management code could permit JavaScript to be run in the wrong context. This could potentially allow a malicious website to run code as another website or with escalated privileges in a chrome-privileged context. Various other issues were also addressed.
7d623d64d770f510ca059e7b6d7b019b181306370d0337f8cb840cf9be294609This Metasploit module exploits an Authentication Bypass Vulnerability in RealVNC Server version 4.1.0 and 4.1.1. It sets up a proxy listener on LPORT and proxies to the target server The AUTOVNC option requires that vncviewer be installed on the attacking machine. This option should be disabled for Pro.
e04dfdae1c144c55bf3ae60b0db55de39d6d8b5d1ffc4b3506d87fa3c3c8e7c6Spherica suffers from a remote SQL injection vulnerability.
5e4b203b07995cb998e26eda37919371c8a70418728d543520565fa2a23f6fb2Secunia Security Advisory - eidelweiss has reported a vulnerability in JagoanStore CMS, which can be exploited by malicious people to compromise a vulnerable system.
ec8d81421c3e0749c58f3a2739dacd88b2a16ce90028e039322f950711ad23e4Secunia Security Advisory - A security issue has been reported in the Asus RT-N56U Wireless Router, which can be exploited by malicious people to disclose sensitive information.
c93015754eea2081842e79ed21a62c58a1d45797251f6e0e7a15b4046e909c2dSecunia Security Advisory - A vulnerability has been reported in AlstraSoft E-Friends, which can be exploited by malicious people to conduct cross-site scripting attacks.
a134845bacb2c3e098bcc3aec0e8d2076317360d4dd30e364c645c01d2dded82
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed