PHPvocabtionary suffers from a PHP code injection vulnerability.
35815077f57e1f2a0c402c5aa47bd660a80be4e101ed5ce9aa820d993b33b171This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CGenericElement object is freed, but a reference is kept on the Document and used again during rendering, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild on 2013 May, in the compromise of the Department of Labor (DoL) Website.
723999396b06b95680fb759bf7a793de8245f41f4c76b136b6109a09e4954141D-Link DSL-320B suffers from persistent cross site scripting and multiple authentication bypass bypass vulnerabilities.
39f8eb0877b4a1479fcf473272af42277ef75ed9a0c42219a8756b0d491a8ad4Michal Zalewski put together a really amusing asteroids proof of concept to demonstrate how a modified version of the javascript ":visited" attack can be leveraged based on visibility. Proof of concept js included.
0c1b7330caf6f1622bcdfe153cd13fde591641b80ff7a9881a550469301c5a39The Huawei AR1220 SNMPv3 service suffers from multiple buffer overflow vulnerabilities. Proof of concept code included.
a2461e3befdfb50515c11ca9595e07480247ee2c8f41a08738dc3a72c2c19311Webid version 1.0.6 suffers from local file disclosure and remote SQL injection vulnerabilities.
18d44295209f490ad81cc1f5e3e8e12c5e0835f2ffdca7b29f8ebc0733e53a86GetSimpleCMS version 3.2.1 suffers from a persistent cross site scripting vulnerability.
c104417689e0929e94e0ffb8bc8dcf34adf9b7f88d9438da13fcb5b0af45065dGetSimpleCMS version 3.2.1 suffers from a remote arbitrary file upload vulnerability due to not using whitelisting.
6e6a12193bbda8bbf5d3e8f79bc113751942309e56cc2e70e3ea96dc597d99f5JW Player and JW Player Pro versions prior to 5.10.2393 suffer from a cross site scripting vulnerability.
3245ddea3643dcef93da43abf81563693bdd734be6dea6a9c28c227473275b39VideoJS suffers from a cross site scripting vulnerability.
139174ef78c5cd7005b493eea97a84315c36e8d0deb9be083d494629a3bc8d5dMyBB Games suffers from a cross site scripting vulnerability.
4587a32c6a64a7513957760fbd359aa4690e411b2d53bfdc353478481de946cfMicrosoft Security Essentials versions prior to 4.2 have a vulnerability that could lead to execution of arbitrary code in the security context of the LocalSystem account.
630839495c69bb80d036def90337a0a1056ac7d933a99a4be17cb22ed523c8b4This Metasploit module exploits a buffer overflow in Audio Code 0.8.18. The vulnerability occurs when adding an .m3u, allowing arbitrary code execution with the privileges of the user running AudioCoder. This Metasploit module has been tested successfully on AudioCoder 0.8.18.5353 over Windows XP SP3 and Windows 7 SP1.
11e93e7aa31d0230bae1786bd7beb805bafd2f8f17ea750760363ad97854f84aDVD X Player versions 5.5.37 Pro and Standard structured exception handler (SEH) buffer overflow exploit that pops calc.exe.
342a8ca8722652cb76fe697c08c7e930f1d9c84489cf62ad64084e6bf95abdc7Winarchiver version 3.2 structured exception handler buffer overflow exploit that binds a shell to port 4444.
e03c150650d0c093092de920a5d5778e57636907dea5df9c2351fec4f6e3d06dFuzeZip version 1.0.0.131625 structured exception handler buffer overflow exploit that binds a shell to port 4444.
16af598a8a9110ba118802425d3aee66e98d1676f712385eb4834b602a3e7d53Speck CMS suffers from multiple remote SQL injection vulnerabilities. The latest framework as of 05/02/2013 is affected.
af0c4fd03471abd25cd0417d9aac71d0df6693743f31e36f97bba17515c094f7During a penetration test a typical misconfiguration was found in the way Dovecot is used as a local delivery agent by Exim. A common use case for the Dovecot IMAP and POP3 server is the use of Dovecot as a local delivery agent for Exim. The Dovecot documentation contains an example using a dangerous configuration option for Exim, which leads to a remote command execution vulnerability in Exim.
3025b7b604291903b2d800d82014d424dcaadbb269d1a91c5be2394530f8e8c8WordPress Advanced XML Reader plugin version 0.3.4 suffers from a XXE (XML eXternal Entity) injection vulnerability.
8f00f9b3232481b2651bd135bbb4cc1f273adbf09d9d0da522f46d08d53f898bD-Link DNS-323 suffers from remote arbitrary file upload, directory traversal, and command execution vulnerabilities.
73e321a17a925589691872d4a616ae300aabc4641e22fad215bbb2024c010d77Beat Websites version 1.5 suffers from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
714331b1b42de4cf2cee24fb227a4e19dde980c09f152c2ef53bc58c1d6e51a6b2evolution version 4.1.6 suffers from remote SQL injection and cross site request forgery vulnerabilities.
a5ab5b7104a53bbb94e8b06e61c86f560a088dd4b5a5a927911191693b7c5615sudo versions 1.8.0 through 1.8.3p1 sudo_debug root exploit with glibc FORTIFY_SOURCE bypass.
fd5de3c224057c2badb29c86b2ccb0d9023bebf0836e30f5d1c043a51ada25c8eggBlog suffers from a remote shell upload vulnerability.
5c8c12f9ba011e1d9b900652719ed84c53d2e512020dfa87080f173d8e6f0587The Fortinet FortiClient VPN client on all available platforms suffers from a certificate validation vulnerability which allows an attacker to successfully run a man-in-the-middle attack and to steal the credentials of the user.
c9eab5520d3748247b19a71073dbe3eae001373c7bb79efe6b038b7a23417fc3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed