Ubuntu Security Notice 1871-1 - Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.
c22bd1cae1cbd80fab4d001278af5bd13f17816f2d993318c00144f6151ab18dSelfbank.es suffers from multiple cross site scripting vulnerabilities. The author has tried to contact them multiple times but they still have not addressed the issue.
c3f66357f373d38ba92b936055d9ff5c490bac66ad80f480d32ccb49d1deaeb7This Metasploit module exploits a command injection vulnerability against Dovecot with Exim using the "use_shell" option. It uses the sender's address to inject arbitrary commands since this is one of the user-controlled variables, which has been successfully tested on Debian Squeeze using the default Exim4 with dovecot-common packages.
d72b6de0ba7eaf73295bab2780dde4862dd95a6711d35c8ea50c93c6aad58c90This Metasploit module exploits a vulnerability found in Synactis' PDF In-The-Box ActiveX component, specifically PDF_IN_1.ocx. When a long string of data is given to the ConnectToSynactis function, which is meant to be used for the ldCmdLine argument of a WinExec call, a strcpy routine can end up overwriting a TRegistry class pointer saved on the stack, and results in arbitrary code execution under the context of the user. Also note that since the WinExec function is used to call the default browser, you must be aware that: 1) The default must be Internet Explorer, and 2) When the exploit runs, another browser will pop up. Synactis PDF In-The-Box is also used by other software such as Logic Print 2013, which is how the vulnerability was found and publicly disclosed.
717b46a540961e751ccf7b61962579a6966ed5098437c588fd29d0ce3364ac7bThis Metasploit module abuses the java.sql.DriverManager class where the toString() method is called over user supplied classes, from a doPrivileged block. The vulnerability affects Java version 7u17 and earlier. This exploit bypasses click-to-play on IE throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java Web Start can be launched automatically throw the ActiveX control. Otherwise the applet is launched without click-to-play bypass.
1b4db1b27c17aab0b21ca54b384927fd35c2a31fb00fd5b3dfb2d240422f385fWeathermap versions 0.97C and below suffer from a local file inclusion vulnerability.
486331f97939ecbd65c1e512e5b14aec91f638921e861347b680bcb77ee1e12bBuffalo WZR-HP-G300NH2 suffers from a cross site request forgery vulnerability. The demonstration payload changes the administrative password.
356ff09e4efca2670f2e2f1a9ece0406305b5341ab44dff0237f4cf86e2c9419NanoBB version 0.7 suffers from cross site scripting and remote SQL injection vulnerabilities.
83e3693f866591301cbb5f6157865c114f517dbdea2d30608ef6a6dd724b3655This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. Parameters intial-heap-size and max-heap-size in a JNLP file can contain a double quote which is not properly sanitized when creating the command line for javaw.exe. This allows the injection of the -XXaltjvm option to load a jvm.dll from a remote UNC path into the java process. Thus an attacker can execute arbitrary code in the context of a browser user. This flaw was fixed in Oct. 2012 and affects JRE <= 1.6.35 and <= 1.7.07. In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. Alternatively an UNC path containing a jvm.dll can be specified with an own SMB server.
7c4106b8276c9c6b588b2cdcba693eefaab7d0e2605a82a0728828840ed79442Lokboard version 1.1 suffers from a remote PHP code injection vulnerability.
d657c10dae83eb0c200a7f8f29e9521a0a4b076a65a941d86d5b104b56ffda5eMaxForum version 2.0.0 suffers from PHP code injection, local file inclusion, and credential disclosure vulnerabilities.
e86565b1040c9480a896fd183b64a35b3657cb31227e853becd6ffe5cdc1c01bDebian Linux Security Advisory 2704-1 - It was discovered that applications using the mesa library, a free implementation of the OpenGL API, may crash or execute arbitrary code due to an out of bounds memory access in the library. This vulnerability only affects systems with Intel chipsets.
fdadd1953f3d7908f47cebe66cd2ef9149ee87ce918a2e3a7b876adf5687e5e2Debian Linux Security Advisory 2703-1 - Several vulnerabilities were discovered in Subversion, a version control system.
caddbfdb7658445ed7350579889cd63c0708db562c2ce97028ee36d9fc54f9bbConcrete5 CMS version 5.6.1.2 suffers from multiple cross site request forgery and cross site scripting vulnerabilities.
ee5b8075000df622272220b838f5ac287abf4b8ad61ae58d1f58d40e1f2f6b4fThis is the Cisco ASA ethernet information leak exploit that leverages the vulnerability noted in CVE-2003-0001. Versions prior to 8.4.4.6 and 8.2.5.32 are affected.
ada92ec408b17ad98b8a34bbb874aa0239b2511cafe8e2286f516be9b06a52b8ScriptCase suffers from a remote SQL injection vulnerability.
4fe9154183e38e1f46974c286be0812e23627649a00601a0488fd5721da7f3f7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed