Delta Electronics InfraSuite Device Master versions below 1.0.5 have an unauthenticated .NET deserialization vulnerability within the ParseUDPPacket() method of the Device-Gateway-Status process. The ParseUDPPacket() method reads user-controlled packet data and eventually calls BinaryFormatter.Deserialize() on what it determines to be the packet header without appropriate validation, leading to unauthenticated code execution as the user running the Device-Gateway-Status process.
9f0d3862f019202aea4e14692644ab8356967d12a61b6b3dc1c1b6df8ea0f48cWellsFargo.com password and security management has been identified as being in a weak state of configuration and violation of PCI DSS 3.2 Subsection 8.2.3, 8.2.4. Multiple vulnerabilities result in poor credential management and configuration, as well as flaws in triggering fraud detection. Some vulnerabilities can be paired with each other to increase the risk associated.
9897ca9c7c3fef37c751ef96b01826fa4151765a9919ef86e72d4e6962195fa6Proof of concept exploit that demonstrates remote command execution on Netgear ReadyNAS.
7ae30b42d1addf06dce009c2571e44ead9195cf7589aebbb33dbd101756f76ddEasyPHP version 12.1 suffers from a remote code execution vulnerability due to a code tester feature running on a server bound to localhost.
814a7e2f8ae6e9523274aa676fd721b24acff3564dddc86375c83c95b4f0669cmeetOne, a populate iTunes application, suffers from information disclosure and transport of credentials in the clear.
f1b6167b0f9adb1d2ae657c5d3a9d3aa57bc983cdcb2a5b4eab69f77c76dd946Linux/x86 nc -lvve/bin/sh -p13377 shellcode.
82814b845968c56350403d27e03f872f32b6ae31b961b7b431a805f5a5853460PTK version 1.0.5 suffers from cross site scripting and direct access bypass vulnerabilities.
73db2993ed1cf68f7e922d7bd762d40bda60592e0f603e13367647097dc3daa2Outlook Web Access 2003 suffers from a cross site request forgery vulnerability.
30a91fa07904715e8b9028a6989f8ead9d5901c6b67546213fd92089851942a7Ubuntu PAM MOTD local root exploit.
cfe1d4524f8800a0a8fedc6a9d860e556b8da87b87b4b9ceede2d9c6db65c31dThis Metasploit module exploits a memory corruption vulnerability in the Internet Explorer Tabular Data ActiveX Control. Microsoft reports that version 5.01 and 6 of Internet Explorer are vulnerable. By specifying a long value as the "DataURL" parameter to this control, it is possible to write a NUL byte outside the bounds of an array. By targeting control flow data on the stack, an attacker can execute arbitrary code.
f289814b228dcb38a6cb14ec1a0f1b164ee34f9990d3cdfec8eb912f49211937This Metasploit module exploits a stack overflow in eDirectory 8.7.3 iMonitor service. This vulnerability was discovered by Peter Winter-Smith of NGSSoftware.
4e791e501a09eb7698018606ca07a32fef29347f8989cf4e0bcce74ebadb9246This Metasploit module exploits a buffer overflow in the CRAM-MD5 authentication of the MDaemon IMAP service. This vulnerability was discovered by Muts.
ab790525ee06e4631621b8a149d2cc10a555ebb52be8f2bcf2739624fa36b789This Metasploit module exploits a stack overflow in the Sybase EAServer Web Console. The offset to the SEH frame appears to change depending on what version of Java is in use by the remote server, making this exploit somewhat unreliable.
f58c489d839d09e1465a0d4ea81e1e308cf4bcde12cf05c866053bdcba044d0dThis Metasploit module exploits a heap overflow in the Novell ZENworks Desktop Management agent. This vulnerability was discovered by Alex Wheeler.
a468b60beef7167326397d8bf03b1490959d3e5778ff2338a43b241907526e6dDirectAdmin versions below 1.33.4 suffer from a local file overwrite and local root escalation vulnerabilities.
2fdd4977d213bb5c2935ac3f55fed30ddd739101b5af3e32b4eaf8b45c8688f5CNN.com suffers from cross site scripting and content modification vulnerabilities.
bfcc8419314c5c245c68d63bc8934b0444d1a4f928f37fd95e5471fb4182bb80ASM that provides a win32 reverse connect shell with no null bytes.
573d386784ec8abf184d1c6b7393baeeee3e4d801fa6b8cc6176368b18430fc6Simple multi-threaded code that spawns a command prompt on win32.
fb905034094e2423d323b670b2e31b316d61f5dadd627838561f0374cf37a54cThe Joomla Players component suffers from a SQL injection vulnerability.
7afdcc21545173a8bb2d40904314a8369909071233f719456558e4d6d648d507The Joomla Football component suffers from a SQL injection vulnerability.
3697aaa4cf43905c47e98a171b0056cc5f6c7e0dfca049508c36ef1fe08869ebhttp://forums.microsoft.com/ appears to suffer from another cross site scripting vulnerability.
8427b8e7c7c63dcbf2c1142c2f49a17b887e61093ef8ffcaa952202e695eb818Microsoft's Terminal Server on Windows 2003 Server with all of the current service packs fails to enforce its own settings.
8798b9bc51b7d84c7da9fb7f5b4f9eba6130b48b4e845424495701e089d46febRemote denial of service exploit for Asterisk PBX that makes use of a bug in the SIP channel driver. Versions below 1.2.16 and below 1.4.1 are affected.
5a35585cb02179c081c481b527bb9d32dd489f17cdc09a9fbdc837c8bfa91a2cVarious vulnerabilities exist in the FON free wifi service.
8ea74b8fe945edae4bd53ec05f5f387e6de5f100ff4df43b976dda7467357b51A huge list of IP space for various Federal agencies. Interesting to cross reference to logs and see who may be accessing your web sites, etc.
73f31ee9cf759edddd06e96a9c43a4ceedd2b123dbb9551c20ef02cde5a19713
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed