This Metasploit module exploits an authentication bypass vulnerability on Avaya IP Office Customer Call Reporter, which allows a remote user to upload arbitrary files through the ImageUpload.ashx component. It can be abused to upload and execute arbitrary ASP .NET code. The vulnerability has been tested successfully on Avaya IP Office Customer Call Reporter 7.0.4.2 and 8.0.8.15 on Windows 2003 SP2.
38fdec2a063f86b17c2227e7876f3caa2eb9ea10ec338d6f0a5b2d15773ee645
conntrack-tools is a set of userspace tools for Linux that allow system administrators to interact with the Connection Tracking System, the module which provides stateful packet inspection for iptables. It includes the userspace daemon conntrackd and the commandline interface conntrack.
036b032a5c4d180aad686df21399d74506b9b3d3000794eb13ac313482e24896
Interspire Email Marketer version 6.0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
f8bd46b59908fd250f604a96039d46e1985482e022445cd4f574ef41594a8737
iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
4468ce7e1d68349a8e30f26110eb7969dbfdbf497d6c53758883123b3f2d6f6e
This Metasploit module exploits a vulnerability found in PhpTax, an income tax report generator. When generating a PDF, the icondrawpng() function in drawimage.php does not properly handle the pfilez parameter, which will be used in a exec() statement, and then results in arbitrary remote code execution under the context of the web server. Please note: authentication is not required to exploit this vulnerability.
3ecd2777666a36e43ebd4979984a5196686b1b70e2c3ecf4ce15f5ace94c27d1
Endpoint Protector version 4.0.4.0 suffers from cross site scripting vulnerabilities. The vendor has contacted Packet Storm on 10/09/2013 and noted that they have addressed these issues in product update 4.4.0.1. The update is available through the Webadmin console :: Dashboard > Live Update.
a2328643204ae516795d8ff44584e599f64ae809a6f8cea65a8b02f5dc1a9a04
Arctic Torrent version 1.2.3 remote memory corruption denial of service exploit.
9172304714395a3f989c23b4c6fb9c5679590e4aa469b113717c0617e2230ff7
Paypal.com suffered from a stored cross site scripting vulnerability.
830b99c97288997b434a67b496389dd1abe41e3409067abdeb8904aadb08121e
Mandriva Linux Security Advisory 2012-161 - Directory traversal vulnerability in html2ps before 1.0b7 allows remote attackers to read arbitrary files via directory traversal sequences in SSI directives. The updated packages have been upgraded to the 1.0b7 version which is not affected by this issue.
31f408029f1fd46e682a264c58eec8582e316235aafdcd50c1d8b422c86673c1
Red Hat Security Advisory 2012-1344-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.
ea965db75ccab2bc911e17e369001d135c14c39a71c3d7f46b9a1ff0db688bce
Debian Linux Security Advisory 2558-1 - It was discovered that bacula, a network backup service, does not properly enforce console ACLs. This could allow information about resources to be dumped by an otherwise-restricted client.
540e28b87842e07569ce4cdb550d5fd82780156516cf39012cc27566adf0b7d9
Debian Linux Security Advisory 2557-1 - Timo Warns discovered that the internal authentication server of hostapd, a user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator, is vulnerable to a buffer overflow when processing fragmented EAP-TLS messages. As a result, an internal overflow checking routine terminates the process. An attacker can abuse this flaw to conduct denial of service attacks via crafted EAP-TLS messages prior to any authentication.
c582a13609ee1ecc52a1cf49c47300445708bbdeff3916a7b6c350acdb913743
Debian Linux Security Advisory 2556-1 - Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client.
dae9e88472f489701a9a4c3c26908271b44a466bf658731b487c1aa4c4bed850
Number Nine Design suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
3626f2c20d0d1c333cedc520cacadaaed1687354a90213540bf6dd37a66cbc40
Icy Phoenix CMS version 2.0 suffers from a cross site scripting vulnerability.
15720fc7decd54d9ee32a0151f318dd82bc8c3f227810fad4a1408017fc42cd5
Hostapd versions 0.6 through 1.0 fail to validation EAP-TLS message length allowing for a possible denial of service condition.
a0941ae5fb0105278f2f227f2f8eeb6cb5597abe9be8c07f467d7e20a835d576
Easy Fast Admin suffers from a remote SQL injection vulnerability.
44ba807f64174cdb090827ed7459279438ec5befc347d31f201f72c5a7d33890
Secunia Security Advisory - A vulnerability has been reported in hostapd, which can be exploited by malicious people to cause a DoS (Denial of Service).
1a10b695395a0fa6c7d5b5a69e97622a405976e979ce4fd315b329544d5adba3
Web Help Desk version 11.0.7 suffers from a stored cross site scripting vulnerability.
92d407863cc4660b9160ec7ee4b566b3f02ec436aa4aadd47f903d4acf797aa7
Secunia Security Advisory - Debian has issued an update for icedove. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
ce3fa4a394934c7c76a8b8c3f9021f47bcf4a1235a4d23f63db614413f83dc30
Secunia Security Advisory - Debian has issued an update for hostapd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
05e102799fa3973c5602f39e2f90afaeab3199e280945cf51311fb85ddeef3a4
Secunia Security Advisory - A security issue and two vulnerabilities have been reported in IBM Tivoli Directory Server, which can be exploited by malicious people to conduct spoofing attacks and cause a DoS (Denial of Service).
e2e9d4a792eb8e813725170c748d216aad304e98f9fcef3b65f130cded7802d5
Secunia Security Advisory - Multiple vulnerabilities have been reported in SRWare Iron, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.
9cd16cbff19de037e240242115ac0b2ef72453078b69bc17a0dc39a95177528b
Secunia Security Advisory - Debian has issued an update for libxslt. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
ab511b8f8bb9c34e2c7dc3d3bb6806517a57fc82e9bc605e7bd62faa7088e211
Secunia Security Advisory - A security issue has been reported in IBM Tivoli Access Manager for e-business, which can be exploited by malicious people to conduct spoofing attacks.
8115ba527d6ea2a0ef8363f708240e851755025a0c9ae3d0b8d8c9ec19c53032