This Metasploit module exploits a SQL injection flaw in the Lyris ListManager software for Microsoft SQL Server. This flaw allows for arbitrary commands to be executed with administrative privileges by calling the xp_cmdshell stored procedure. Versions 5.0 through 8.8a are affected.
7d6ccc51f336ce0a2d0a9c33c17d7a6238325d81dd91de8436bfc6be6ef6c9daThe Lyris ListManager software versions 5.0 through 8.8a are vulnerable to numerous SQL injection, source code disclosure, and authentication bypass flaws. Full details provided.
10f2e8c21eea54d36f999ca9d94097e8dd67de908cd6f954ec2432ce49137136A pre tag with the style element white-space:normal; crashes Internet Explorer 6.0 if the pre tag contains two or more 'single' tags (for example, <span />). The bug was tested with Windows XP SP2 and Internet Explorer 6.
0ede0010d3fdddf412ac3a8c64361ab48c73521266c5bc1be96bf5c5fe82786dSimple javascript related denial of service that primarily affects Internet Explorer. Version 6.0 was tested and stayed unresponsive for over 3 minutes. Firefox does not appear truly affected as it seems to recover although it may freeze for a short period of time.
6b2abb16d6a23a69e69135004e0b1df0943fac4a1100cdc11d1bae55bd8f50dcPerl-Cal version 2.99.20, the CGI script written by Acme Software, is susceptible to cross site scripting.
409897c86dca6af8b40a1da0d915383377f662d53d49fbe1013b03ea0ee1c830Website Baker versions 2.6.0 and below suffer from SQL injection, login bypass, and remote code execution flaws. Exploit included.
b49d9398dea8569ec129afc9974e4c07277a1adf4ab648aa0b2b10e4c0cf1866eNvolution, the fork of PostNuke, is susceptible to cross site scripting and SQL injection attacks.
865c68bd2e1d4c7b91f6db4fb634ae6b79e22185ec0f60cfad95bdde189f228fToendaCMS version 0.6.2.1 is susceptible to cross site scripting attacks.
8f07ad79529cd8415eb4969dee95f03753f42d5c0e8c648f163a57ae4668e4c8Nodez version 4.6.1.1 is susceptible to multiple cross site scripting flaws.
291282274ca509c8c0f638d02f1712db7f423e1ce1af2c974796bff6dc2c3ea4FlatCMS version 1.01 is susceptible to multiple cross site scripting flaws.
7b8f8bdcc7e2731c49b3096d3f99ac914f0836d360b46fccd53014f27c4c9975TML CMS version 0.5 is susceptible to cross site scripting and SQL injection attacks.
0bd8e18d3c0aa50a112ed3e2c08e9c7476f19e8955c80add7a02ff13937ff99eSimpleBBS versions 1.1 and below remote command execution exploit.
7803041c087492f87adf6167d27ddee161f5b1f9f28bff149d9e7396b9721a17ThWboard version 3 beta 2.8 is susceptible to HTML injection, cross site scripting, and SQL injection attacks. Details provided.
b6748f11eab63ffe76a6f2b734fd18a8b4a579dc4eeca78ae82b52b960a64150Appfluent Database IDS version 2.0 suffers from an environment variable overflow that can be manipulated using sudo as an attack vector. Exploit provided.
27bbf57c930750edaa25ffa94bf598ee98a2503f8cb18f967e8422de7d3533a2SugarSuite Open Source versions 4.0beta and below suffer from remote code execution and file inclusion flaws. Exploit provided.
ebc5a4123b1fbce281924c7e04a5037ab9070017bd8aceeb7663198ae7f16620Checkpoint SecureClient NGX Security Policy can be easily disabled.
35f23d488b30efd1dce89d0af4b51371e1f2752103ed34866c152ab9ec77b113DRZES HMS is susceptible to cross site scripting and SQL injection vulnerabilities.
bcdb5ac100a453d27c725347e333b7fd8eaf2d7bd0d903786aba6e7c6d30306bSimpleBBS versions 1.1 and below remote command execution exploit.
345ef17e4d499d035a6e2ac4b77bd243fcc1f60f9dcef8df7dc5ff909293ee98All versions of the Horde IMP Webmail client are susceptible to cross site scripting attacks.
2f7f5467ab0ea3513404404714c47e38d96ce191db569f9075bc9f24d75ac16dThe Blog System version 1.2 is susceptible to SQL injection attacks.
dc5d2a154355bbd334a0e219253935de6e5ee169d5d4371411787698f9a026c7Mambo versions 4.5.2 and below Globals overwrite and remote command execution exploit.
f689837db099f7691c035bb6973b4ed195d0366d2640148e1b8646ed4c270995Firefox 1.5 suffers from a denial of service condition when a large topic gets saved automatically to the history.dat file. This only works on a small amount of the Firefox 1.5 users, and it is not apparent that the problem is a buffer overflow. More information available here.
3d991f748dc673714c5369f8086f4bf5f038dbbf3f4bc4b0bd6ef6e9f4bc3074Patch for ussp-push that allows you to exploit the overflows discovered in the Widcomm BTStackServer.
0e42bdfaf64c52451da826f13806b1f19737198ef4ee6c79b7376721678cb3cdeXtreme Styles mod versions 2.2.1 and below are susceptible to directory traversal attacks.
38e8c7c5270528f8b8bbf8b9695a566043f2ed8a59082f7375fae510219da931Remote exploit that makes use of a format string vulnerability in sobexsrv.
70af8edf82d16d5c0a15f619b7c245147a561588641160e58d5d55fedecb6bb3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed