This Metasploit module exploits a vulnerability in QQPLAYER Player 3.2. When opening a .mov file containing a specially crafted PnSize value, an attacker may be able to execute arbitrary code.
e7973f30b18ed27c4b6aafd3963abbf49ddc019ae30ed745b733674e032c75d3Yahoo! Small Business suffers from a directory traversal vulnerability.
056f3e4d03ee4f8af07a366f01c02a68ea25f2030d29de39e1ad454c344bdf8bSupport Incident Tracker versions 3.65 and below remote code execution exploit that leverages translate.php.
7ffa1156de49d88784954d7cb69a66baecd33c27f096acddfdbe8fc423368721ARASTAR suffers from a remote SQL injection vulnerability.
dc12599283621325cb714093b93b59d602c5361717808e4fb4f37cc5e0f8f30aDigital Attic suffers from a remote SQL injection vulnerability.
70394b8ab202643cf6d047b51fa41a4d3558a6cef4ca6dba23d0455999412c7aThe WordPress Jetpack plugin suffers from a remote SQL injection vulnerability.
d000017c326513bd43fc0da1283f6f2b07d76a93d548cf37b41525864890a150This Metasploit modules exploits a vulnerability in Wireshark 1.6 or less. When opening a pcap file, Wireshark will actually check if there's a 'console.lua' file in the same directory, and then parse/execute the script if found. Versions affected by this vulnerability: 1.6.0 to 1.6.1, 1.4.0 to 1.4.8
c7b86f510e7897dd9923514fbd475d9ec025e6ea543ad22525475f3d82ace5efStack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.
902c4d348e0eb89f02c1aff016e36bb2f309e424dad941285a19cf704212a739Sites powered by CareerBuilder suffer from a cross site scripting vulnerability.
9d7b6dbe930d644e2ab47535610458db70fe572c54f27cfdbe7669bf99e51032YSD Web Design suffers from a remote SQL injection vulnerability.
6edf8fc65414a9538a833e32d7e3de32ab92e2430f71b30040abecf9b7b40463Freelancer Calendar versions 1.01 and below suffer from a remote SQL injection vulnerability.
be67ac306c1efcaf129123dc73d6f56e23d34a6ef1f363bde7389b90fb6b24eaValid Tiny-Erp versions 1.6 and below suffer from a remote SQL injection vulnerability.
033932fbde1f4a37243f50169a59c068547443885f6f41bd653640b9ff55a35aBlogs Manager versions 1.101 and below suffer from a remote SQL injection vulnerability.
81328f0584264f638a81425426602f05079f2cab3ae43de5d53401d4cbefffa3Thunder Kankan Player denial of service exploit that produces a malicious .wav file.
43b9671cd01b8ef15c05281a172ba89140e165c74569bc6de3490a7ed8d7ca24webERP version 4.05 suffers from cross site scripting, information disclosure and remote SQL injection vulnerabilities.
6527863421172bed1320a1beaaf760e10db2399f57d8d1c408408d39b2fe8524Zoho ManageEngine ADSelfService Plus version 4.5 build 4521 suffers from a cross site scripting vulnerability.
11759ad39a70c1b72eb5634f99b277ad6cdfc9e7d8b29555043fd98c549dc901SAP NetWeaver BW DOC metadata suffers from a cross site scripting vulnerability.
68d97d678e3c0fdb4545781101c9713cebe198b3b21c2030417b80a51a588341Tiki Wiki CMS Groupware suffers from multiple cross site scripting vulnerabilities. Versions 7.2 and 8.0 RC1 are affected.
21ef97d86d440a917b5caedb85996e891e834ea1014f4979355b34a905298c19The WordPress Flexible Custom Post Type plugin suffers from a cross site scripting vulnerability.
fee1493e19247201bae6078b7248fec39db259065399d0d9db505b56dfe63910A reflected cross site scripting vulnerability in V-CMS version 1.0 can be exploited to execute arbitrary JavaScript.
c6bd8d414c203e4d7061c79f3542c1b5b217553d5e43319d293458513d863d05A SQL injection vulnerability in V-CMS version 1.0 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
df2dee289d5c87f204cf0fee719b33c99baed4a25e2a6f9f88c897389068853fAn arbitrary upload vulnerability in V-CMS version 1.0 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
9b9778fc86835a6bdf9f0531d06a9035e7c2a698cfe50ecd0e20362d22be8cd2A directory traversal vulnerability in Herberlin Bremsserver version 3.0 can be exploited to read files outside of the web root.
950c47363f210cdb881bcfb068ccaf7f685f850f0d610b4a2d6acc3361bd64caThis Metasploit module exploits a stack based buffer overflow in the Active control file ImageViewer2.OCX by passing a overly long argument to an insecure TifMergeMultiFiles() method. Exploitation results in code execution with the privileges of the user who browsed to the exploit page. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.
ff98b933de5295139e90a1985be85c50e19987cebb121f5874c995e6d229d3eeThe SonicWALL Aventail SSL-VPN suffers from a remote SQL injection vulnerability.
50d808ee714423eff293cd2e86943f50a1eee9dfbb7447f0d91d5eaf91c81044
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed