This Metasploit module exploits a stack buffer overflow in Enterasys NetSight. The vulnerability exists in the Syslog service (nssylogd.exe) when parsing a specially crafted PRIO from a syslog message. The module has been tested successfully on Enterasys NetSight 4.0.1.34 over Windows XP SP3 and Windows 2003 SP2.
a2a7abb62b7094d36913fa79d19bb69245717566e1704427edc640d574c4528epfSense version 2.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities. The cross site request forgery proof of concept also demonstrates a remote command execution vulnerability.
94f420cccc815bf5e6c23bf9a91dc74dd47d39e3a3f76ad09f158b2b4de134dcTomatoCart 1.x versions are susceptible to an unrestricted file creation vulnerability.
2e147796802b3248ce966051f2fcfd93c44a0046998a2ef2d6eb55d5f1e43a7dICEstate (Real Estate Marketplace) suffers from a remote SQL injection vulnerability.
a56773bcdbedc688b681eb604b350ff68209816e603ac33aef3639c9061359daNova is a software application for preventing and detecting hostile network reconnaissance (such as nmap scans). It does this by first creating the Haystack: a large collection of low interaction honeypots using an updated version of Honeyd. Finding real machines on the network becomes like finding a needle in a haystack of fake machines. Second, Nova uses machine learning algorithms to automatically detect and classify attempts at hostile reconnaissance, so there's no need to go searching manually through your honeypot's log files. It provides an easy to use Web-based interface powered by Node.js to configure itself and Honeyd instances.
dcf0af64744f50d72354c2d8ba08b21cee25a77e04152cf9fe497674d64387feEye-Fi Helper versions prior to 3.4.23 suffer from a directory traversal vulnerability. Exploit included in eyepwn.zip.
486ed903af6a54bddbbd537029507f28d201e93ea101acb92735932e27476b9cElastix versions prior to 2.4 php code injection exploit.
ce6fb46f23d7953423aa20792ce1ddf8ea18fa14c699cbeb5f77d90e4edbdf0d160By2.com and Way2SMS.com suffer from a cross site request forgery vulnerability.
a4a9f06aa2fcd3dd3f76d0df5feae4276c85baf17e37179900569cdd9bb6f840MyBB Profile Wii Friend Code version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
7a87a90be849ac2aabfe617153d559794e0bcf703f0f44a1cdd7b86d9bc66ab1Secunia Security Advisory - Two vulnerabilities have been reported in WHMCompleteSolution, which can be exploited by malicious users to bypass certain security restrictions and conduct SQL injection attacks.
34321d0eea7e226de684c383229e4760eaaa47476749725b5950c15bd311c686Secunia Security Advisory - Two vulnerabilities have been reported in SWI-Prolog, which can be exploited by malicious people to potentially compromise a vulnerable system.
b033be527d364e3c943070cecc48b42de373750d3667cf1739f0a9b35ede8b89Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Web Server. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
9103ca580658f95c21d48f2033999af6532778490d0936a971915a28a3de1190Secunia Security Advisory - A vulnerability has been reported in WHMCompleteSolution, which can be exploited by malicious users to conduct SQL injection attacks.
02e091045f29dcabf25d800fca59de71fec996c0ffcf0bff303ec318f3ea2844Secunia Security Advisory - Mohamed Ramadan has discovered a security issue in Facebook Camera for iOS, which can be exploited by malicious people to conduct spoofing attacks.
8624b1fda76ebf7a859f6939fdb132d4bd2e5c3e79f7838bcc61cc15d58aa115Secunia Security Advisory - A security issue has been reported in RPM Package Manager, which can be exploited by malicious people to bypass certain security restrictions.
f9b691bcb1faf0787be0a6974791ddabe05fe259fd11e32bb6dd0bfdcf62b28fSecunia Security Advisory - A vulnerability has been reported in multiple WPScientist themes for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
e73d7ee29764291aa547ce2040aa13561707c8c42aacc8db6c7404d3f07a1e6cSecunia Security Advisory - A security issue has been reported in nginx, which can be exploited by malicious people to conduct spoofing attacks.
a6a116ec8d5ef34913b76ad6a8ffa50d0f370962ae31ec106e0ffa2a6508a4d6Nova is a software application for preventing and detecting hostile network reconnaissance (such as nmap scans). It does this by first creating the Haystack: a large collection of low interaction honeypots using an updated version of Honeyd. Finding real machines on the network becomes like finding a needle in a haystack of fake machines. Second, Nova uses machine learning algorithms to automatically detect and classify attempts at hostile reconnaissance, so there's no need to go searching manually through your honeypot's log files. It provides an easy to use Web-based interface powered by Node.js to configure itself and Honeyd instances.
bf855aa9570e5b9b8c04298118b358b1a649cf4648014873770e74d97913879eThe Aastra 6753i IP telephone uses 3DES encrypted payloads in ECB mode to pass configuration files, allowing for modification to the phone's set up.
37afa236f204f396a881ea999505cdbd4d8047d6b315beac681e7afeab78a829Red Hat Security Advisory 2013-0005-01 - Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.
0781355ec770743c0f5222d41d87037e6506287f3cf0801ea39ecd4edcfa3653Red Hat Security Advisory 2013-0004-01 - Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.
86d90b0aae88ee00e8b987ea78a78e2e0aa310557e81ede1b766617c80dbd528This exploit demonstrates a remotely trigger-able crash in ircd-ratbox version 2.0. It affects Shadowircd version 6.3.3 and Charybdis version 3.4.2.
505feddc38f244f05e0a7faef634f09df484c9f17abd9e04dfc0e53aceb6f6adThe WordPress Valums Uploader plugin suffers from a remote shell upload vulnerability. Note that this finding houses site-specific data.
ff9d417dcdb72cecdfe6693ce266a4e1d5cd7e902fc64c64b4368480a4ecf888
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed