HP Insight Control for VMware vCenter Server version 7.3 allows a low privileged attacker to read sensitive information files, decrypt all configuration server passwords, and gain access to the systems which in turn leads to the compromise of the whole infrastructure.
171a6632cc48d498cc993433e0e5d051881555de1c0cff708aef0055cc0d4f1cThis Metasploit module exploits an unauthenticated arbitrary file download vulnerability in DotNetNuke DreamSlider versions 01.01.02 and below.
52a4f88b1baa1b9af28067c9267b9d789d0f09fd2836f93790e3965849f1381aCisco Sourcefire User Agent version 2.2 suffers from an insecure file permissions vulnerability.
f9ec0ff4ed5a3e12400b81d08aa5940551ad31df9356b52220128454c88018a4A vulnerability in iqvw32.sys and iqvw64e.sys drivers has been discovered in the Intel Network Adapter Driver. The vulnerability exists due to insufficient input buffer validation when the driver processes IOCTL codes 0x80862013, 0x8086200B, 0x8086200F, 0x80862007 using METHOD_NEITHER and due to insecure permissions allowing everyone read and write access to privileged use only functionality. Attackers can exploit this issue to cause a Denial of Service or possibly execute arbitrary code in kernel space.
2aaae5882cd70b23fb6de73c08c10c9b3a2580d689f599c18245a6496dc7c1caCisco Ironport AsyncOS suffers from a cross site scripting vulnerability.
625b938af5a85150b1a3686a1b0c965a9c909143433e02e16ae80a36174e5eb6Cisco Ironport AsyncOS suffers from an HTTP header injection vulnerability.
c57f9ad771a935b26f475d6d4926fe8d395da5205e4f888e8087a2c7dc97b1faCisco Ironport appliances are vulnerable to authenticated "admin" privilege escalation. By enabling the Service Account from the GUI or CLI allows an admin to gain root access on the appliance, therefore bypassing all existing "admin" account limitations. The vulnerability is due to weak algorithm implementation in the password generation process which is used by Cisco to remotely access the appliance to provide technical support.
7aa6e441f68e79df13353d80a424cccc6714794a6a89f8ed099d5267e077478dThere are weak permissions for IBackupWindows default installation where everyone is allowed to change the ib_service.exe with an executable of their choice. When the service restarts or the system reboots the attacker payload will execute on the system with SYSTEM privileges. Versions 10.0.0.32 and below are affected.
242ccf791d59eefa7b2dae5e7a23750351c763b99ad78523cea13e2cb9d8be66This Metasploit module exploits an arbitrary file upload vulnerability found in DotNetNuke DNNspot Store module versions below 3.0.0.
8d7b2e5c58eb4c7ab4147e4b1bbfc4bb6ee33a5ccd9b1c34821eb93b975e53ffThe Cisco Ironport WSA virtual appliances are vulnerable to an old FreeBSD telnetd encryption Key ID buffer overflow which allows remote attackers to execute arbitrary code. Cisco WSA Virtual appliances have the vulnerable telnetd daemon enabled by default.
1e50defbccefef3b6417c5dae6f4b42e12ae0ee91e5966ab9e31f8406c261827Alienvault OSSIM open source SIEM version 4.1 suffers from multiple remote SQL injection vulnerabilities.
cec5b0d081cb8bbd769dd87f67d17d9598653efb5fe766c3fed3b0ae82e30776This exploit leverages authentication bypass vulnerabilities in the Thomson wireless VoIP cable modem. It affects the TWG850-4 model.
cea6a6e04ceba1664ef59c383e65c0570aaf9427e085e40ab86134400cb990c6This is the Athcon 2011 Capture The Flag solution paper.
fd730b3a1e648f9ee412307c5e026b859f602446cf26a6eb56a9f8ae24c309f2OpenDrive versions 1.3.141 and below local password disclosure exploit.
505c98c457c01bf717e455493f3ba56a0610d9acd07aa365213dd13b85002310Xitami Web Server version 2.5b4 remote buffer overflow exploit with egghunter shellcode.
73db261ddf9325903ce5ef0bdf12b3e24b054fe1f3131430c8e164a3ee276687Adobe Premier Pro CS4 DLL hijacking exploit that leverages ibfs32.dll.
2e534786f9330372e98738b276b6c7d5a8f947fa4243bc5ffda32824175b516dAdobe On Location CS4 DLL hijacking exploit that leverages ibfs32.dll.
d5305e9abef3ec5d8120c23d744231c4971203a3142401c4dae22be3ca4a87eaAdobe InDesign CS4 DLL hijacking exploit that leverages ibfs32.dll.
bcd139eae8faab3f9c359327dfb1b281a9bba59aae8a8543c2536bc02afd66a4Adobe Illustrator CS4 DLL hijacking exploit that leverages aires.dll.
b1844eb9abcf78cc269a107443d6478c37a0dd6f3f5f18ff4cb8c64c4e4d7558Skype versions 4.2.0.169 and below DLL hijacking exploit that leverages wab32.dll.
1dc9ab9214f52af84cad865cee20c04573afdca03114518ac2f62b433d256a0eAdobe Device Central CS5 DLL hijacking exploit that leverages qtcf.dll.
e8cef321b35ff31bd0b305c3e668587929995c82fe8144bcf7933b24c091e2d1Opera versions 10.61 and below DLL hijacking exploit.
45121eea2141996c6a917e5c3b7a7f9c24d2f02315ff67aec8c258dd48ce57c9Adobe Dreamweaver CS4 DLL hijacking exploit that leverages ibfs32.dll.
d8971e05bea982d02edb1da6cd24a186f955607789c3dd2a8cad840bf2569689TeamViewer versions 5.0.8703 and below DLL hijacking exploit that leverages dwmapi.dll.
3ece1b22e3648333ee095b7f7528a9bc1ff3439a63ff9a0d683a8283e377deb5Firefox versions 3.6.8 and below DLL hijacking exploit.
dd6bd438744cbd4a32b1bc11a5b56f056ea6bbf9f28f77113d42bb600b0f29d1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed