FUD Forum bulletin board software version 2.6.15 allows for unauthenticated access to messages.
6f46411549bf33bf6f7bed0062473c2cc53c9b0b6db070ab308e184d5abdb4b8Veritas Backup Exec Agent remote file access exploit that makes use of a logic flaw. This exploit is part of the Metasploit framework and works against all current versions of this Agent.
ce6635868c10007bb4b2fbdfee0b95f5aeb19d955c488884770156f4c69c0f4fA privilege escalation flaw exists in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3). Exploitation details provided.
4a189c2e780a80f5f87fb463cff8a682acc537284c383163a446215361fa9becMicrosoft Windows 2000 Plug and Play universal remote exploit for the flaw discussed in MS05-039.
781399405050c0988fddc2a8b8e492927b774aa17316460c4c494ff7b5f37391Remote code execution exploit for cPanel versions 9.x and below that binds a shell to port 1666.
aaf90668dff66a551d8b4f647e0e60c86fcce644a7ba3f2704c85d8761c9bf22Microsoft Internet Explorer COM Object remote file down and execute exploit. Makes use of the vulnerability described in MS05-038.
fb75508c17a1d01407c6df35ff810bd6880a37223ff16a1e6f1e8d024a2ae186When the Nortel Contivity VPN Client client is running as a service, it is possible to manipulate the interface of the client and escalate privileges to that of the LocalSystem account. Version 05_01.030 is affected.
375720faf531efb224a26293c8093be95398b85ba2b516ad88bb2fcfe96567dcThe Linksys WLAN Monitor service (WLSVC) that is used to configure settings for various Linksys wireless network cards runs under the context of the LocalSystem account. It is possible to manipulate the administrative interface of the Linksys WLAN Monitor and escalate privileges to that of the LocalSystem account. Linksys WLAN Monitor version 2.0 is susceptible.
5d90e99cc7d09ce144cac0cd72259307db621dccdafb8d814216fa1cbd271982Versions of FreznoShop below 1.4.1 are vulnerable to SQL injection attacks due to a lack of input validation on parameters used in database queries. Sample exploitation provided.
bb41250b3bed688b2353f87c21a762846fbdd3c0632679bc8735b511054a6defEzupload suffers from remote file inclusion vulnerabilities.
cc6a1084416c5380adcefb79cf41bc48381e547e7a5644b7c2248daba7f8e1c1FunkBoard version 0.66CF suffers from multiple cross site scripting flaws, remote code execution, and more. Full exploitation details provided.
341cba6f628ae217204ed8a035ecc83e03e3ffab6efd0cb1a31bbc68a2a46724Open Bulletin Board is susceptible to multiple SQL injection attacks. All versions are affected. Sample exploitation provided.
f5a7171817cf22609c88ce76409a34caa6d626023c800f8fdf9d045e99bc3d1cVegaDNS suffers from a cross site scripting flaw, amongst others.
e12edad8d0932192fe07350fcb728d12e504dccef4aff68770e927dccaa2a428Gravity Board X version 1.1 suffers from multiple vulnerabilities that can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or compromise a vulnerable system.
ec37b4ef13ab549c90e03d5f8aee07bfe1aa4c23fda47a199c5aa3d9e1f0360aDVBBS version 7.1 suffers from a cross site scripting flaw.
8d5df1ee1f1202ce0205c6854b4ca77d2cfacba0817b1756556a5d5369185cd5CFBB version 1.1.10 suffers from a cross site scripting vulnerability.
c414fe01c445f69e90004e81ad96687e080921c8812c0424760d75e895c7b078ePing is a ping utility plugin for e107, a PHP-based content management system that uses a MySQL backend database. ePing versions 1.02 and prior are vulnerable to a file creation vulnerability caused by improper validation of user-supplied input in the doping.php script.
9d4ba242da284f3dcab0ba39bddde39831b135ee0f0ebb6405d8d419c281ce47FlatNuke version 2.5.5 suffers from remote command execution, cross site scripting, and path disclosure flaws. Detailed exploitation provided.
81e30587599982da3bf59e0f7d131a1f736b2f0438e54be66228aa183d392b28nbSMTP version 0.99 remote format string exploit. Tested on Slackware Linux 9.0, 10.0, and 10.1.
10190d51efb7acc9891701971fa67cb9aa231b76267cf93d3c6f21332ddb0dbcMultiple Lantronix Secure Console Server local root exploits that make use of security issues allowing for unrestricted shell access.
c0a5ce471897d527b519e28394d96c4425c7cba31436744d12e76f3ba35bd3c2Various Jax PHP scripts suffer from a multitude of cross site scripting vulnerabilities. Detailed exploitation provided.
15b03ab0a2c065863d7b0e624494620518775990929ba694978ad49cb2903584Comdev eCommerce 3.0 is susceptible to a remote file inclusion flaw.
f2e1e1e0fccd12ce088028d4026ef864b42817e88ad3cc6b30ad701d52bd95d3Comdev eCommerce 3.0 is susceptible to a directory traversal flaws.
08ec4b86e2cd9d24ab5dacd6b85499262634dd75f2905e4d0be87973bf1f8ea8PortailPHP 2.4 allows for SQL injection attacks.
5ca963e85e2437f90ca560d0fda172bec5690cd1c6519079b2d297a549a33e1fSilvernews versions 2.0.3 and below suffer from SQL injection, login bypass, remote command execution, and cross site scripting flaws.
85f61b5793c2cb50c002c4877892598f7a5b0936632f5a391639a9ceb94201eb
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed