This Metasploit module exploits a vulnerability in Microsoft Internet Explorer. A memory corruption may occur when the Option cache isn't updated properly, which allows other JavaScript methods to access a deleted Option element, and results in code execution under the context of the user.
307b7adfa8d05c300b48db94ceb041a3ced231d646f14a788423d6874081b7c4This Metasploit module exploits an authentication bypass vulnerability in eXtplorer versions 2.1.0 to 2.1.2 and 2.1.0RC5 when run as a standalone application. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to any writable directory in the web root. This Metasploit module uses an authentication bypass vulnerability to upload and execute a file.
8483dda079be04a44863b410b51eecbb3374b00177e8c973282a9974a2918555Nero MediaHome version 4.5.8.0 suffers from multiple denial of service vulnerabilities due to improper handling issues.
a667ecae12bef1ca764da84656ce5d402feb400df56dbf141eca769b9ea9f54eSamsung Kies version 2.5.0.12114_1 suffers from a buffer overflow vulnerability.
ba64ccf75ec04e06017109e58437056a7a1dbd3ba88cbccb70812d4d1fcc3311Quick.Cms version 5.0 and Quick.Cart version 6.0 suffer from a cross site scripting vulnerability.
8252388141e7acdab8a3ad358488b4c7928f6202ea3ddb4ef3a0897770e81079Websitebaker add-on Concert Calendar version 2.1.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
08f398cedb0b208dc2348c5f4b971fa4c1f1f8a17d18a0ccc2f9741ea6710a5bInmatrix Ltd. Zoom Player version 8.5 memory corruption and arbitrary code execution exploit that leverages a crafted JPEG file.
e93c531005e5c45acf7db63cf82c525cc84d2dc9abe53bbded611012472ddc3fWeBid version 1.0.6 suffers from a remote SQL injection vulnerability.
ef41b2d6bc97d34ca048f725d9b129c4675df101d0c695328fc8a1ead4856ed3Free Blog version 1.0 suffers from remote shell upload and arbitrary file deletion vulnerabilities.
046160c2bebcad5524fa1b471bdd14084971b0c1484eb63472002891c5138a53Watson Management Console version 4.11.2.G suffers from a directory traversal vulnerability.
cd68cebca871fa857fd92a06863d08fe109c6863e7c6ae3cb2dcf499712269e4Exploit for Colloquy versions 1.3.5 and 1.3.6 that triggers a denial of service condition.
4636db7755d6aeed2ca9f21829f1a721a8ce8c1a886f99cc24ff2e213292c663Joomla Incapsula component versions 1.4.6_b and below suffer from a reflective cross site scripting vulnerability.
c5607c9cd5809d111ccf666b897697c5865f1a7009fc745dd22e6f522013f58fThis Metasploit module exploits a stack buffer overflow in IBM Cognos Analytic Server Admin service. The vulnerability exists in the tm1admsd.exe component, due to a dangerous copy of user controlled data to the stack, via memcpy, without validating the supplied length and data. The module has been tested successfully on IBM Cognos Express 9.5 over Windows XP SP3.
abf55a041edebfc9c10a71c63250d53ebae7935806c4ab38d15c7743ef4a47b2This Metasploit module exploits an arbitrary file disclosure flaw in the WordPress blogging software plugin known as Google Document Embedder. The vulnerability allows for database credential disclosure via the /libs/pdf.php script. The Google Document Embedder plug-in versions 2.4.6 and below are vulnerable. This exploit only works when the MySQL server is exposed on a accessible IP and Wordpress has filesystem write access. Please note: The admin password may get changed if the exploit does not run to the end.
d86ee12abd38355eaa0ede874337844297f09019b89cae1d861c414675387207Advantech WebAccess HMI/SCADA software version 7.0-2012.12.05 suffers from a persistent cross site scripting vulnerability.
c464b8149b11c22b146cd1282f4bc0fb07c6fa07603793bf344a5c29515c7e5fMotoCMS versions 1.3.3 and below suffer from password file disclosure and shell upload vulnerabilities.
50ef5f1a3f0f908dddc8abdea740939f5d9baf76b7b62233a900f21d57fdd029Joomla JEvents component version 1.5.0 suffers from a remote SQL injection vulnerability.
f73ecc331c5f2a72a9a9d7a40c3985adb1997944ebf0d29c9f417a53c84b9f1eSites designed by Saggitarius suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
0ce97df760e60c7cca115361adb9c40dc4b35138903d91d2d8595981f11d078fProjektB CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
4998020a38d8d94d01f56166bc6ccd988a51688158596a9e158984017670376aXML Sitemap Generator for WordPress versions 3.2.8 and below suffers from a remote PHP code injection vulnerability.
392e6bee500cdf72349e1e6a1fa71c23a6256f393a3c9c89859bb4d62cc50e32Ettercap versions 0.7.5.1, 0.7.5, and 0.7.4 and below suffer from a stack overflow vulnerability. Version 0.7.4.1 is not affected.
441cfdeb1206f31b83110efd5e60a48cc510f71789d13efdc3787ca345080ca6The Foxit Reader plugin for Firefox suffers from an overly long query string remote stack buffer overflow vulnerability in npFoxitReaderPlugin.dll. Versions 5.4.4.1128 and below are affected.
6a542e992542383195aaa18e60759b3a2bfb1211b67ab8744bdec617dbce8df3The LoginActivity of the Facebook for Android application has an improper intent handling flaw that allows for malicious Android applications to perform private file theft. Version 1.8.2 was released to address this vulnerability.
bfd6840f9cf9dfaa8007ee516aa404c4986914448f276af4a47c918238fb498dSymbolic links can be used for spoofing Content-Type of local files and this enables malicious Android applications the ability to steal Chrome's cookie file. Version 18.0.1025308 was released to address this vulnerability.
20dd3d870f049909a9ad1c797062381c1dafee9065f6baad9f3348dc65d0e398Chrome for Android's Same-Origin Policy for local files (file: URI) can be bypassed by using symbolic links. It results in theft of Chrome's private files by malicious Android applications. Version 18.0.1025308 was released to address this vulnerability.
31b4f82055384f1f95a84986da35e99a7077219bca1316b3a7026760d9c6556a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed