This Metasploit module exploits a buffer overflow vulnerability found in ERS Viewer 2011 (version 11.04). The vulnerability exists in the module ermapper_u.dll where the function ERM_convert_to_correct_webpath handles user provided data in an insecure way. It results in arbitrary code execution under the context of the user viewing a specially crafted .ers file. This Metasploit module has been tested successfully with ERS Viewer 2011 (version 11.04) on Windows XP SP3 and Windows 7 SP1.
f08aa677e4bbe773f77b4590e3bc7bcc07a3ecbc53b0cb2b1479169e8de33890Ubuntu Security Notice 1818-1 - It was discovered that Mesa incorrectly handled certain arrays. An attacker could use this issue to cause Mesa to crash, resulting in a denial of service, or possibly execute arbitrary code.
38775ad65561b8e9952676b2969324dd8dc108776108aa64484152db56334ce4Ubuntu Security Notice 1817-1 - It was discovered that libxml2 incorrectly handled memory management when parsing certain XML files. An attacker could use this flaw to cause libxml2 to crash, resulting in a denial of service, or to possibly execute arbitrary code.
0b02e32ba8a9f56c87f13a8dbb3a6852a0c7074c596b429f676116c90977ea2dCisco Linksys E4200 firmware suffers from cross site scripting and local file inclusion vulnerabilities.
59820449af959f72e12353106ed7dd3292754025d1b09dccf9477170e26b0b2eUbuntu Security Notice 1819-1 - Ben Murphy discovered a vulnerability in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to execute arbitrary code. James Forshaw discovered a vulnerability in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit this to execute arbitrary code. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
a635281db9d2f6415d9524c066b6db166a048380476c69d658d0a8b5199bb47aOpenDocMan version 1.2.6.5 suffers from persistent and reflective cross site scripting vulnerabilities.
09a561eea3e2a4cf7a0b605a95ace0f35855e1d5dc113069e4c7516091aab7e1Hloun Support Management System version 3.0 suffers from authentication bypass and remote SQL injection vulnerabilities.
4036c3b54a9386a38fb0387988ef8098b48eb2d63998f2fa2f7cfbf8ad120412MoinMelt remote arbitrary command execution exploit as released in HTP version 5.
57a4eee9988f535e79cf25e3113013c4894c962158793e8fa7a2a42a01d07190ColdFusion version 9 and 10 remote root zero day exploit as released in HTP version 5.
7ca7d0dbbf03c4e7f09cce36a6785fc2d64fa398061c3b4afd5d406f11f33c4eNetApp onCommand System Manager versions 2.1 and below and 2.0.2 and below suffer from cross site scripting, file inclusion, and OS command execution vulnerabilities.
c03a185c7bd69fd181b1a14ec856e4d335a0da6e6ea530fcfec62dc71fd11947Xenotix is a keylogger for windows that is written in Python. It has the ability to send logs remotely.
16bbf9e5e1780a33332509ebf9181a4f9de56d922e037343ce45e5b75909227fDrupal Htmlarea module version 4.7.x-1.x suffers from a remote shell upload vulnerability.
78f77867a46c4aaaff7aac7994d6a185897bc9f0853cd50e089fc3b01fb28d09Craigslist Clone Gold suffers from a remote SQL injection vulnerability.
f54dec94a7742199481341e8ad792abf58d3234159c8418dbce4610386e3bbdePHPvocabtionary suffers from a PHP code injection vulnerability.
35815077f57e1f2a0c402c5aa47bd660a80be4e101ed5ce9aa820d993b33b171This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CGenericElement object is freed, but a reference is kept on the Document and used again during rendering, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild on 2013 May, in the compromise of the Department of Labor (DoL) Website.
723999396b06b95680fb759bf7a793de8245f41f4c76b136b6109a09e4954141Ruxcon 2013 Call For Papers - Ruxcon is the premier technical computer security conference in the Australia. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations. This year the conference will take place over the weekend of 26th and 27th of October at the CQ Function Centre, Melbourne, Australia.
8ebb6efde087b84a046399571288fbdbd808cd206ebf4276c0ed862e153e9a24SAP ERP Central Component PS-IS suffers from a remote code injection vulnerability.
5e58652bd4084d45a345426470327c91caa6fc06378fffda9da820fa86d98247Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need.
89747957be987508490f1ce9e2239c4570d3760c4c8ec6766920b98883569b8b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed