Seringa (Romanian for seringe) is an SQL injection framework featuring high customizability and a user-friendly interface. It is completely open source. Uses the .NET 4.0 framework and Windows Presentation Foundation (WPF) for the GUI. With regard to design it utilizes the Strategy Pattern to distinguish between various SQLi strategies whilst storing other relevant data such as exploits, payloads and patterns in xml files so that the framework can be easily customized from the outside (a manifestation of the Open-Closed Principle).
12c6c7ca253db5b9a765be47d038f7aafa4725d090e4409dd3208b0d3aa802e9This Metasploit module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. This is due to the QuickTime3GPP.gtx component not handling certain Style subfields properly, as the font-table field, which is used to trigger the overflow in this module. Because of QuickTime restrictions when handling font-table fields, only 0x31-0x39 bytes can be used to overflow, so at the moment DEP/ASLR bypass hasn't been provided. The module has been tested successfully on IE6 and IE7 browsers (Windows XP and Vista).
ddda9ef400d14cabdbdf2f3208a25c3493b5c17111bbffef64ec3fb342b45d9dEMC Smarts Network Configuration Manager versions prior to 9.1 suffer from hard-coded encryption key and unauthenticated database connection vulnerabilities.
439bbcd4a69b43b581354b97da8d2fc1d0f95a1a7e8f113e8b824661c159e743VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error within the "DocumentViewerImpl::Show()" function, which could allow remote attackers to execute arbitrary code via a specially crafted web page.
5a8e530f261da8290d43f4bfe0c239292f5ff8d72f3e1b7040beafbd9b701dffmcrypt versions 2.5.8 and below stack based overflow exploit. Bypasses NX and ASLR protections.
6f15e1bd074af02d183bab2a865cd5bf95ecee50e01396c6679bc20335f5266bSmartCMS suffers from a remote SQL injection vulnerability.
8b086e2e6bc7eeb1ffd6e000847cd1748adf58f95967e0ef4dd1f7b1159e3217PRADO PHP Framework version 3.2.0 suffers from an arbitrary file read vulnerability.
fd086e67da0464ec36c572d088ffc6674ea2d174e7ab301aeecffdd832d45766GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
2f095984dd9cbbf4dce417ecd81640fe47732322d025062b2c9a189d022de0d3cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.
d054766533535bda5c86d8650a423042fb8de3363a77ff9ebc18531177104f66Incomedia WebSite X5 Evolution versions 9.0.4.1748 and below suffer from bypass and cross site scripting vulnerabilities.
6c4adfb0b186de88cf8aa1d1d84f4ddb0f4cd1d3e8f1f19606cace93970fa3a1WordPress Oberliga Theme suffers from a remote SQL injection vulnerability.
2d70289de97e352a135d3a3978019801c6eaea9b5dec5fae3815e1895fa50be9PHP-Nuke version 8.2 suffers from a remote blind SQL injection vulnerability.
5bd40e5c1333df98f71396e246db2673bfba846ced867a9b077d381b492c9545Secunia Security Advisory - SUSE has issued an update for icedtea-web. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
8b11b2967d13e3ded26849ef210ba513392094241eb9abed528937a8aed5e852Secunia Security Advisory - A vulnerability has been reported in Tor, which can be exploited by malicious people to cause a DoS (Denial of Service).
ba2da04da292ff0dacb00c4df8fec6951c9f28253e4bc3dd88f6b1d54d01bad8Secunia Security Advisory - Vulnerability lab has reported two vulnerabilities in ManageEngine ServiceDesk Plus, which can be exploited by malicious people to conduct script insertion attacks.
f2c8ad4820af79432ab9ae3955e7ac0789beda59c53668e1c6c9b6908ab08cafSecunia Security Advisory - Julien Cayssol has reported a vulnerability in Synology Photo Station, which can be exploited by malicious people to disclose sensitive information.
3be5b46d5361090d126ad0adbf7704a61d183dd5ce049b6472644228c0f6ed78Secunia Security Advisory - A vulnerability has been discovered in WibuKey Runtime for Windows, which can be exploited by malicious people to compromise a user's system.
45ef6e56dd3a165aa40e9befd41b7be705f8ba498a83106e031dcb9af4344f15Secunia Security Advisory - Ingress Security has discovered a vulnerability in jBilling, which can be exploited by malicious people to conduct cross-site request forgery attacks.
dc243ca9371074e2d2e4ec396a8c616c2dbe8a77e54384eca9ab28cfe113fafaSecunia Security Advisory - A vulnerability has been discovered in OpenBSD, which can be exploited by malicious people to cause a DoS (Denial of Service).
52a834674389e78d1d6edad3245c756ad34424fb5d62c4beea2c53c998123ca2Whitepaper called Exploitation of MS-SQL Servers Explained. Written in Turkish.
4ffc2985fa1f3d4996dafdb8b9f4aeb73a2c9f7d902970dcdd4e16f2f7207a9d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed