Sites designed by Plan B suffer from remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
74353edb6b9bfad8c79dd5fc97bd85115a127b7ec3a208e7ce1ed9b1bf98ca4a
GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
535373f59c88c171429ed3c4777dc7126681b597e3adca95aa88ecbb69e7c646
Backupbuddy versions 2.2.4 and below suffer form sensitive data exposure vulnerabilities.
cbe311849237bfc9b163b928d07dd363ac78ad37c2671920bf6ec41f05f6039f
JAOW version 2.4.8 suffers from a cross site scripting vulnerability.
1756fb0f74d18ef67eb1e819d35290b5368c6c4ca15037e67b1d5eb67dff2bc6
AContent version 1.3 suffers from a local file inclusion vulnerability.
dc8fa3990193a6cdff88f129fadbb8cd29020fb630f73f75c5ed020e4615685e
Free Hosting Manager version 2.0.2 suffers from a remote SQL injection vulnerability.
4295a00581caeec06139b95b1fc60c8ee276284817c2324aecfcae44f23330ae
This Metasploit module exploits a vulnerability found in KingView <= 6.55. It exists in the KingMess.exe application when handling log files, due to the insecure usage of sprintf. This Metasploit module uses a malformed .kvl file which must be opened by the victim via the KingMess.exe application, through the 'Browse Log Files' option. The module has been tested successfully on KingView 6.52 and KingView 6.53 Free Trial over Windows XP SP3.
a222e0dccc97deceefae4025049d3943429ac06345a09773afe5955769586945
This Metasploit module exploits an authenticated command injection vulnerability in the Mutiny appliance. Versions prior to 4.5-1.12 are vulnerable. In order to exploit the vulnerability the mutiny user must have access to the admin interface. The injected commands are executed with root privileges. This Metasploit module has been tested successfully on Mutiny 4.2-1.05.
1fad7a31c0a752bd14f7e1935025f6ba0a7fc35ef4c925b7202c07a9fca02a4a
Ubuntu Security Notice 1778-1 - Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. A flaw was reported in the permission checks done by the Linux kernel for /dev/cpu/*/msr. A local root user with all capabilities dropped could exploit this flaw to execute code with full root capabilities. Various other issues were also addressed.
af8c6d029a29cb100ee0cf285e51af80c2f837650a0be518c832cb85e752d2a1
Ubuntu Security Notice 1776-1 - A flaw was reported in the permission checks done by the Linux kernel for /dev/cpu/*/msr. A local root user with all capabilities dropped could exploit this flaw to execute code with full root capabilities. A flaw was discovered in the Linux kernels handling of memory ranges with PROT_NONE when transparent hugepages are in use. An unprivileged local user could exploit this flaw to cause a denial of service (crash the system). Various other issues were also addressed.
97d3855a4b7407cdfe8da33f6e14f63525cfe8916a39471f14e794dc510927ad
Ubuntu Security Notice 1775-1 - A flaw was reported in the permission checks done by the Linux kernel for /dev/cpu/*/msr. A local root user with all capabilities dropped could exploit this flaw to execute code with full root capabilities. A flaw was discovered in the Linux kernels handling of memory ranges with PROT_NONE when transparent hugepages are in use. An unprivileged local user could exploit this flaw to cause a denial of service (crash the system). Various other issues were also addressed.
1358f8a1f860e256b3384b686b5acc9fc5aaf68a1cbe72af55479f9faf55d338
HP Security Bulletin HPSBUX02856 SSRT101104 - Potential security vulnerabilities have been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or allow unauthorized disclosure of information. Revision 1 of this advisory.
9917a432965b1459a3758cf6c669fbe20c9d2348e5edcfdba51ca85b607708f2
Local root exploit for Mageia release 2 (32bit) using the sock_diag_handlers[] vulnerability.
583f10c762d370ddd5cd3c44ff64334cc20eb9b077d18cc3b9667645a0e13222
GnuTLS libgnutls double-free certificate list parsing remote denial of service proof of concept exploit. Versions affected are 3.0.13 and below.
cdefe8cbc7db61295ac1d863eda74e91643144878d48831d727a329a03ac2ec2
WordPress IndiaNIC FAQS Manager third party plugin version 1.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
4eef48563f974167e0475f2ccc99c75e0be7d32fa173da8022968e93ced51a37
WordPress IndiaNIC FAQS Manager third party plugin version 1.0 suffers from a remote blind SQL injection vulnerability.
3d1a884edc47b4a97429ba801e284ca9de542f09d510a7f8693e162902fc8430
This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions < 2.3.1.2. This issue is caused because the ParametersInterceptor allows for the use of parentheses which in turn allows it to interpret parameter values as OGNL expressions during certain exception handling for mismatched data types of properties which allows remote attackers to execute arbitrary Java code via a crafted parameter.
e56bcff70dfc308ffd717452aab966d54c1fdec14e8544d8df4198054ba401b9
LibreOffice version 4.0.1.2 suffers from an update spoofing vulnerability due to not using a secure channel nor digital signatures.
0fd0fd152553fcde204b860ae9af883db4511e308c44f058a80c84db259f2843
EastFTP Active-X control version 4.6.02 code execution exploit.
47eaaf588524ad7407e7c1eb004c09636584ead0b6cece7bf2405b531a30fe71
This archive contains proof of concept exploits from Security Explorations. They waited for over a year for vendors to fix the issues in various digital satellite TV platforms and were ignored.
226671de37e4d85a2d62d0df29ac823cb5ba7b68f552e3d574a8e4642dcc0a49
Red Hat Security Advisory 2013-0671-01 - PackStack is a command line utility that uses Puppet modules to support rapid deployment of OpenStack on existing servers over an SSH connection. PackStack is suitable for deploying both single node proof of concept installations and more complex multi-node installations. It was found that PackStack did not handle the answer file securely. In some environments, such as those using a non-default umask, a local attacker could possibly modify the answer file if PackStack was run in an attacker controlled directory, or attempted to create the answer file in "/tmp/", allowing the attacker to modify systems being deployed using OpenStack. Note: After applying this update, PackStack will create the answer file in the user's home directory by default. It will no longer create it in the current working directory or the "/tmp/" directory by default.
85ac7dd9a04979cc15ea84e62d6594f4bb4612fd814eea5ea9893b169ddd1d78
Red Hat Security Advisory 2013-0670-01 - The Django web framework is used by Horizon, the OpenStack Dashboard, which is a web interface for managing OpenStack services. A denial of service flaw was found in the Extensible Markup Language parser used by Django. A remote attacker could use this flaw to send a specially-crafted request to an Horizon API, causing Horizon to consume an excessive amount of CPU and memory. A flaw was found in the XML parser used by Django. If a remote attacker sent a specially-crafted request to an Horizon API, it could cause Horizon to connect to external entities, causing a large amount of system load, or allow an attacker to read files on the Horizon server that are accessible to the user running Horizon.
f43133ae695ecbbd6f834f905823dd891d699fa224d25328a2c8c1c9c98db579
Red Hat Security Advisory 2013-0669-01 - Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. It was discovered that the QSharedMemory class implementation of the Qt toolkit created shared memory segments with insecure permissions. A local attacker could use this flaw to read or alter the contents of a particular shared memory segment, possibly leading to their ability to obtain sensitive information or influence the behavior of a process that is using the shared memory segment.
0e67715652896aa6a5c89b1f944208d96234e81835c89b6e02a33a791946f822
Red Hat Security Advisory 2013-0668-01 - The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. A flaw was found in the way the ordered_malloc() routine in Boost sanitized the 'next_size' and 'max_size' parameters when allocating memory. If an application used the Boost C++ libraries for memory allocation, and performed memory allocation based on user-supplied input, an attacker could use this flaw to crash the application or, potentially, execute arbitrary code with the privileges of the user running the application.
177eeb143093a935b907879d3e2456e4d04a4b736b6f3edca5b2c328fd9975cf
Red Hat Security Advisory 2013-0658-01 - The openstack-cinder packages provide OpenStack Volume, which provides services to manage and access block storage volumes for use by virtual machine instances. A denial of service flaw was found in the Extensible Markup Language parser used by Cinder. A remote attacker could use this flaw to send a specially-crafted request to a Cinder API, causing Cinder to consume an excessive amount of CPU and memory. A flaw was found in the XML parser used by Cinder. If a remote attacker sent a specially-crafted request to a Cinder API, it could cause Cinder to connect to external entities, causing a large amount of system load, or allow an attacker to read files on the Cinder server that are accessible to the user running Cinder.
685dedeb4a1d9e24e68f572aa40addf6cf297350396926eb9e89d6cf3c150694