Debian Linux Security Advisory 2742-1 - It was discovered that PHP, a general-purpose scripting language commonly used for web application development, did not properly process embedded NUL characters in the subjectAltName extension of X.509 certificates. Depending on the application and with insufficient CA-level checks, this could be abused for impersonating other users.
94d9e680a062358787e25ec659acc74944e9b260376d2f8e2978f25085b91e0eThis Metasploit module gains a session with root permissions on versions of OS X with sudo binary vulnerable to CVE-2013-1775. Tested working on Mac OS 10.7-10.8.4, and possibly lower versions. If your session belongs to a user with Administrative Privileges (the user is in the sudoers file and is in the "admin group"), and the user has ever run the "sudo" command, it is possible to become the super user by running `sudo -k` and then resetting the system clock to 01-01-1970. This Metasploit module will fail silently if the user is not an admin or if the user has never run the sudo command.
861501e9890ef0e4cff6780f3ce32dadf2038337f7e60f127a1275773d181e73Belkin G Wireless Router remote code execution proof of concept exploit.
43beacbd1d2f3672fb7be34a7a3f2b6f9fabf3623fbe5cb404ae146733cc6365Cisco IronPort Security Management Appliance M170 version 7.9.1-030 suffers from cross site scripting and cross site request forgery vulnerabilities.
40a0643dbab499a3f46d60fad23c407a10df8680b8e1f4e8115ef3aed8b93719CM3 AcoraCMS versions 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, and 5.5.0/1b-p1 suffer from cross site request forgery, cross site scripting, information disclosure, weak cookies, and URL redirection vulnerabilities.
f65adb8d5d4537a8f1aff22cba3e550a87e391426812fdba7c08849a765bdb48libtiff versions 3.9.5 and below suffer from an integer overflow vulnerability.
e047e24940fc1946d2bd9e6123520ff4837f2a59b4ec6f49e5d2d1e28babd003WordPress Simple Login Registration version 1.0.1 suffers from a cross site scripting vulnerability.
8eaaf8d9c59f71217d63637d3dbbbe789fbc7b92081e36db7effd8b1901a4a06Musicbox version 2.3.8 suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
20cfed76192734cf617e94e030e36c6d5394c6401ca591e0ff39e54db386abe2Wi-fEye is designed to help with network penetration testing. It allows the user to perform a number of powerful attack automatically including WEP/WPA cracking, session hijacking and more.
9611698676e916490e7e33d98b18839292c0c6cd89d52c1228a8bc0865e2cd69Debian Linux Security Advisory 2741-1 - Several vulnerabilities have been discovered in the Chromium web browser.
bdd10a6aa033fcc7c6611dd7a8e6b25e019466b4bb621cfcb18e5dff400ad50dObehotel CMS suffers from denial of service, insecure transit, directory listing, and remote SQL injection vulnerabilities.
d5574eb95b9c81f907d0fcbec02ac11f615600255a8fae6dcf88f94ba7394837xml2 Fuzzer is a fuzzing utility that daemonizes in order to fuzz the client side of a web browser.
6ce1679a18a737f7e82c37dd5a21cc85bfe82165cf1e8c95fb312c29f4e930d0The WordPress Post-Gallery plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
a27e312e77262e178eaa8ddeb54a389448031e07bf31d9f1a766423a417f183c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed