makit news/blog poster versions 3 and below suffer from a remote SQL injection vulnerability in news_page.asp.
9d971d37dd0a2964f7b78dd6b427200905345294e381a3aca416fadf91ad83d3ASP EDGE versions 1.2b and below suffer from a remote SQL injection vulnerability in user.asp.
1e33aa05c09debb585604e20f242e058dee9e37283a03b9b377537c31d839418ASP NEWS version 3 suffers from a remote SQL injection vulnerability in news_detail.asp.
5380209fc780ce1991271b20465815ce050a987bc39d0d1b6f274e6a381e5fb0GPS version 1.2 suffers from a remote SQL injection vulnerability in print.asp.
cc591995364d5b916d837484b9841b6e9f180e6df2b57d4cbae3773daeeb406fXero Portal version 1.2 local file inclusion exploit.
09941014a410f6135b305eac88986452312c2ec5889f5ff03454e1e137392e9bIP Phones based on the Centrality Communications/Aredfox PA168 chipset suffer from a weak session management vulnerability. Exploit included.
1821bfb5f8cd756cd89b28517356ba2347b103a4fe336db4aabb7a4ab85a7751Upload Service version 1.0 suffers from a remote file inclusion flaw.
ba0bfa958df599ce727eaf211393014b2e9944204f9b13abb3650607af4ea8eeBitweaver version 1.3.1 is susceptible to cross site scripting attacks.
3c529894f4f1dae48debfb510b1132234ee5cd8c473db9dfd614319f61e4c675Microsoft Visual C++ 6.0 is prone to a stack based memory corruption vulnerability during the processing of .RC resource files. Exploit included.
8696e5a5416cd2f40b051e194616ca6a631f2a6140fa34b75255ec156816cf72Check Point Connectra End Point is susceptible to a bypass flaw.
9c4bd92a1c99cc73f4cff85e7926a401ced28074124ee8b438d2858e5df2c682Fish Cart is susceptible to SQL injection attacks.
2a6bbf15f38a3aa2d131fc77d3ed42070f0ce7357d7ee50f55e87b2ad61f7727Month of Apple Bugs - A vulnerability exists in the handling of ARGB records (Alpha RGB) within PICT images, that leads to an exploitable memory corruption condition. This is the proof of concept exploit in .pct format that demonstrates this vulnerability.
cae45c1818004c6d0fa86b4df9d9713a53b3af47e14c3b7813983523855384baMonth of Apple Bugs - InputManager provided by the user. Code within the input manager will run under wheel privileges. In combination with diskutil and a wheel-writable setuid binary, this allows unprivileged users to gain root privileges. This is the proof of concept exploit that demonstrates this vulnerability.
649846dcedfd17c9b293d5b586249ab6641f7f2f4b7077ce8728d64523c3794eMonth of Apple Bugs - The preference panes setuid helper, writeconfig, makes use of a shell script which lacks of PATH sanitization, allowing users to execute arbitrary binaries under root privileges. This is the proof of concept exploit that demonstrates this vulnerability.
bc6a6482959f9f36bea4aefc8de705de29960037c93a88c4c71f6382b1e18c26Month of Apple Bugs - Apple iChat AIM URI scheme (referred as the 'url handler') handling is affected by a classic format string vulnerability, allowing remote users to cause a denial of service condition or arbitrary code execution. This is the proof of concept exploit that demonstrates this vulnerability.
c72c10a4e48008dc4508828d784627e557382e0c510236900986c74a82eab3f4Month of Apple Bugs - Transmit does not allocate enough space when dealing with the string passed on via the ftps:// URL handler, leading to an exploitable heap-based buffer overflow condition. This is the proof of concept exploit.
9080e0d951067307f9ad1fe2f1c855dcceaac4dd146e38b6c610d666ed9c242fOracle 10g SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE PL SQL injection exploit.
ff6fb0134cfc47331035b5f15c58c56826677223f77908b27cd35cbb99a246e5Oracle 10g SYS.KUPW$WORKER.MAIN PL SQL injection exploit.
8beaa06d01b567da971ba185e7339af52a5064fb0a7948237f40db6c321bfd9aOracle 10g SYS.KUPV$FT.ATTACH_JOB PL SQL injection exploit.
ed9f5b91026cb15dc943ab62c9204654d1437846a3973ebd51b5c69cb614ffdeVote-Pro version 4.0 remote code execution exploit that makes use of poll_frame.php.
00009b7e4146bd3200b4090538fa6e83c6a88916b5ac2a8a616d4ecc63a8ee0cBBClone version 0.31 suffers from a remote file inclusion vulnerability in selectlang.php.
e7adc8dfccb70309e1f6bfc9f2a2afead0b714d3314269447ae6dba45d0442b6phpXD versions 0.3 and below remote file inclusion exploit.
a458745ac671c26d9c651cb1bd37fcbf6d430224b0bdad3671c24d4cac1d8cffSami HTTP Server version 2.0.1 remote denial of service exploit.
2326d69f70737e6f9c98f0454fa72eeb1651ffc0778b1363535a83c316ced6b0Sun Microsystems Java GIF file parsing memory corruption vulnerability proof of concept exploit.
bef001eada19b002d8d220d83f479254605f9fc79694a55346531c4c2aa13a42FreeForum version 0.9.0 suffers from a remote file inclusion vulnerability in index.php.
e4902e71f33f297d1b5dc3c869fcc1b26c9122c8001e6591f0ddbbbbd713ee7c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed