Cosmoshop suffers from a cross site scripting vulnerability.
3a5e674c472acb0da22de2b4fe8eb6999aaedf57bf00a44f5c67812ad8a330b1Cosmoshop suffers from having an unrestricted pwd.cgi script that allows for arbitrary creation of an htaccess file that can be leveraged to block access or perform phishing attacks.
53f0f39b47e349790d4106dadcb4f94299cf242f14f2206dfedf4903924e2e8aCosmoShop ePRO version 10.17.00 suffers from an authentication bypass vulnerability.
9ca82553e2a91b39a4615aa811e754f8bc091c8b5bfe3f6def05090e26d88f4cReverberation is a proof of concept denial of service tool that makes use of UDP echo servers.
14699b1e6d5e32f01ee4e0376b52b221fce84d7267f7896bf740da0191cc46baHippolyte is a shell script that automates the checking of inactive account hijacking possibilities for accounts that may be used elsewhere for access (ie. Amazon, etc).
1c0cc2c62ba866eb985107f9934f171a08c1a9c308b03ebae41c7f1d8555a69eThis code searches for Google Calendar accounts which exist and are not password protected.
3151bb236822f342ed070d2d4b6ddae739cbb33cf4ba0c9777a56abb9f7bb51bC library written to implement the functionality of Google queries into C related projects.
135efb82700e7d3117b9caeffbc267fd572f84133cfe5a370c23d799c910c8daCosmoshop versions 8.11.106 and below suffer from SQL injection and directory traversal flaws.
8b27208612e77657b4af85607e71e76051898f89a6acde4b8fb317e982698949Login - Guestbox version 0.6 suffers from cross site scripting and administrative bypass flaws.
e7678dce241a98b21a240835ec53db5b588aaa2c1116c60056d1f0f6406a043eIt is possible to crash the web interface on a D-Link DWL-G700AP by sending it a simple GET request. POC included.
b871451dc09aa313045fd79f0f175a1b7c4a71df8e6f5fc1ed298a782aff19beCosmoshop versions 8.10.78 and below suffer from SQL injection flaws, clear text passwords, and directory traversal flaws.
7afc580e4915d241635c89dec9a0e70603c257327ef5b3095f6601a40f25460bicb was written to inject a small logical bomb in elf files without resizing sections of the file itself.
61287a1c4dface850c210335f648bd0a3137e0eb906f483141ebcb8d3f9c98afdwc_articles versions 1.6 and below suffer from various SQL injection attacks.
868b0d709c04337ab6679a6750c0c3949932eafe1e106b3ce4937e990b0ec271Lgool is a program that will search Google for a given vulnerability. It does the exact same thing you could do by going to Google and searching for nasty stuff like passwd.cfg, but without all the trouble of actually opening a web browser. It operates in a way that is similar to "gooscan" (written by johnny and presented at defcon this year).
fc84bedf31be38ae83ff3d535b74ab23de27f74cc69a13e4347fc8c5f24bbf9eThe Serverview server management product is susceptible to multiple denial of service and data corruption attacks due to insecure file permissions.
108fcccc833eb5fcd6c72e00dec99910326570a898687b5d0d5fcb0084408a96osCommerce versions 2.x suffer from a directory traversal attack that allows for access to directories outside of the webroot.
3107c48a97297e43059422e4412939d4c8573f182c0a92a23911da5610afd136ftpgrep tries to grep for valid users on remote machines using the old CWD ~ ftpd bug found in wuftpd and some other variants.
3464aef370394a488838a73ebe145b21b8ec9a413fa217fe3f91b965c6cd0a8aPossible symlink attack in SuSe's Yast Online Update tool.
fa5ad54174d9f2e28e10a089d616b0f4ebc3a38a0f1b21434805e9abf2d6c5a7Security comments regarding the way clamav sets up VirusEvent information and how it could be improved. Due to a lack of input sanitizing, the variable taken in on the command line could be used for malicious purposes when put to a system().
c4b9e905084bd1c5af9e8ca8c970424ede8be3a4306833892f7fe3f5f705853beTrust Virus Protection 6.0 InoculateIT for Linux is vulnerable to various symlink attacks and also creates multiple world writeable files and directories that can lead to system compromise.
8b163eb967dcd0f8561591434297e9b857a280d9af0cc48874c8eca5debb3f11Various init related script in SuSE 9.0 are susceptible to symlink attacks.
558fe9c77b84013499f18e08a176fcedcda8445c9e6304fead1629d649ed6cc9A plausible symlink attack exists in networker version 6.0 in the shutdown script.
f71446ef6211d128c354e2004097b4569b81064c3ae7c06613e3f72160b90019Local exploit that makes use of a symlink vulnerability in YaST when using SuSEconfig.gnome-filesystem.
b52db200e1ea04d1dd8b34e13eb95b40a438eeed156071a65829e4a699a709a6Local exploit that makes use of a symlink vulnerability that lies in Antivir for Linux version 2.0.9-9.
16c3a212203098718f24a83489734c130a494f00fe79ca71a4e1ce777906a39dLotus Notes version 6.0.2 on Linux installs with faulty permissions on its notes.ini file which would allow local attackers to compromise the system.
99641299508cfd2408eb78d99c4ead40d71cad304a5188181956419b494672ec
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed