Moodle versions 1.6dev and below suffer from blind SQL injection, remote command execution, and cross site scripting flaws. Exploitation details provided.
7f4da795f3eca350bb006c6a9bdefe5528867b9c78c28be1d0b94852b70ca941Local root exploit for chfn under SuSE Linux 9.{1,2,3}/10.0, Desktop 1.0, UnitedLinux 1.0, and SuSE Linux Enterprise Server {8,9}.
d6f60a4c747ccc20d91eb071b663dd492f8bab5c73280fa823a145e795a28096F-Secure Internet Gatekeeper for Linux local root exploit written in Python.
a7d56ff4e5c5d57e8e6bee5a056b1b22243cc46266d105e8b2eb6fa7df25a0d7Local root exploit for sudo versions below 1.6.8p10 that makes use of the environment cleaning flaws with the SHELLOPTS and PS4 variables.
01540d7b6b0b6ee45a0878ef444900d18cdc75c2444c243cfc128279fd8df1b5Antville version 1.1 suffers from a cross site scripting flaw.
65a13345a6370cbd83ef8303e92c2f6af6db5ae09e9fa12c4473aa0ad5bf627dTikiWiki versions 1.9.x up to and including 1.9.2 suffer from a cross site scripting vulnerability and possible SQL injection vulnerabilities.
789603d9c715231cce4f6b651dd6544281cef61c96ee4a15e4b6dada3144cd12PHPKIT versions 1.6.1 R2 and below suffer from cross site scripting, SQL injection, information disclosure, password hash disclosure, local file disclosure, and arbitrary code execution flaws. Various sample exploitation details provided.
a91e4d42b773ee597b5ea0162d7a64232a6a053f5d7b8e1af72709197633e2f8ATutor versions less than or equal to 1.5.1pl2 SQL Injection and Remote commands execution exploit.
e2a2e37dcb0eaeb0884b07d1a427904fe82c1ec628e6e89d964624ea93406cd7The OSTE toplist script v1.0 is vulnerable to remote code execution.
7c98c5711a922879c1be02daa2cdaf33d7adfb1dc923a86f065747dbfbbfa609Guestbook v2.2 is vulnerable to a classic SQL admin bypass vulnerability.
834d6fd178742f363d14a0ce587fa6b9fdbeb3016c3bfafa4ee1f15cde133da3SEC-CONSULT Security Advisory 20051107-1 - SEC Consult has found that parameters to ActionDefineFunction (ACTIONRECORD 0x9b) in the Macromedia Flash Plugin are not properly sanitized. Loading a specially crafted SWF leads to an improper memory access condition which can be used to crash flash player or may be exploited as a vector for code execution. This issue is similar to CVE-2005-2628 (as reported by eEye Digital Security on November 4, 2005) but affects a different function. Versions affected: flash.ocx 7.0.19.0 and earlier, libflashplayer.so before 7.0.25.0.
8e6fb046a48b15f155e81ed751344b5482c9f52a4be9ea7157fd0da5cedddaa6SEC-CONSULT Security Advisory 20051107-0 - toendaCMS allows for theft of CMS usernames and passwords (XML database mode), session theft (XML database mode), directory traversal attacks (XML database mode), and arbitrary file uploads. Versions below 0.6.2 are affected.
144222686022b8b1399ddb13787fcc507b4e08544d5c7ae39a117d7c50b31914names.co.uk, an English registrar and web hosting company, has an cross site scripting vulnerability allowing injection of arbitrary Javascript.
6cd18e600b100ec54795e80d0e317b9b89700aa71f5874e4be0cf2489246d22bTWiki 20030201 VIEW string remote command execution exploit.
ffd1fb66748fb194d52e0c5a6b688695dcb044946458aaff1efc4b59ca8671c9PHPFM is susceptible to a remote command execution vulnerability.
48f148c2eb51c34a455f4c215f8a0d436968ee1ec6a93c978ec65d4d82ffa96dA vulnerability in the voicemail retrieval system for the Asterisk PBX software allows an authenticated user to download any .wav/.WAV file from the system, including other users' voicemail messages. Versions affected: Asterisk versions 1.0.9 and below, Asterisk Beta versions 1.2.0-beta1 and below, Asterisk @ Home versions 1.5 and below, and Asterisk @ Home Beta versions 2.0 Beta 4 and below.
f7a5df0e22275c8fdebf7ed2d4e110a0ea24464a098ba12734cae3db12a6c84bNetBSD versions 2.1 and below ptrace() local root exploit.
e206abdb40eb38c1a16aff4226d7394d290524b17f83c8baa92a4a7a2137452eInvision Power Board version 2.1 is susceptible to javascript injection and cross site scripting attacks. English version of this advisory translated by Jerome Athias. Exploitation details provided.
8b1b5097ef20b451fcda26afa6d66afb1521d2ef736c3cb1b0b83a5a13cd856dSolaris 10 DtPrintinfo/Session exploit for x86.
fcc0583f608dfa2ff466ab8443bc545a183459bdd2c5ce5d9e65723a7cbcc153The ibProArcade module versions 2.x that are commonly used in vBulletin and Invision Power board software are susceptible to SQL injection flaws. Details provided.
79f6de0e272f1bf830d4ffd79965f9fea2316cfd146983744ef724d2c014a1cfZoomblog is prone to javascript injection attacks due to a lack of properly sanitized IMG tags.
3ea5e379559a4c91c8b4af83e3904c8e6abcb6a6c8d1d02c1c63f05366da9649phpWebThings versions 1.4.4 is susceptible to cross site scripting and SQL injection attacks. Detail provided.
703c649fd4ad3bf5f3b8dfb16bfab0686e4f8735856badd8942182440e2629felinux-ftpd-ssl version 0.17 remote root exploit.
be5cea73ef109d7b131805238e4fdeaedde07aca071a5fe50ad0772a3753c056XMB Forums is susceptible to cross site scripting attacks in u2u.php.
bbb2a654df6ab03046d51ea118cf72c911fff98877b83dcfa0f05269f1984584Invision Power Board version 2.1 is susceptible to javascript injection and cross site scripting attacks. Advisory is in French. Exploitation details provided.
f9a96e4c9b10a0a99733b83955e71987b9af50073119af556a7a942b0e758e2d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed