Spring Framework versions 3.0.0 to 3.0.5, 2.5.0 to 2.5.6.SEC02, and 2.5.0 to 2.5.7.SR01 suffer from an information disclosure vulnerability.
f0dc757e73d89236f2c88698d4791d1317a31be811db0b76dade2bee53c8a3d7The Liferay JSON service suffers from multiple remote information disclosure vulnerabilities.
2eefe242df465b532ea4094ef0f4f75673c5d531310f8b98bab39ea2e08b2790Liferay Calendar suffers from an exportFileName path manipulation vulnerability that allows for arbitrary JSP execution.
364ef10eb3fb5346794a9da1561ef77a228dcdd72f907d0ae2256c91da27a284New Atlanta Servlet Exec allows for the reading of system configuration files and unauthorized access to system information.
34a4088e3ba49cb55c3d0a4c393f545d9987745e1a0af51a84ec49da7a867e1fThis is a presentation called HTTP Parameter Pollution that focuses on manipulation and injection of HTTP GET/POST parameters.
df989e106011230b8418a8adeaad6d36878992bf93ca8fd2ac0c12fef5be85faTomcat versions 4.1.0 to 4.1.37, 5.5.0 to 5.5.26, and 6.0.0 to 6.0.16 all suffer from an information disclosure vulnerability.
f8c36b93b9442322e44a0b2612396b39102152d21428d8074fa6dbbc58be85ffInternet Explorer 7 allows the overwrite of headers such as Content-Length, Host and Referer, exposing the browser to HTTP request splitting attacks.
eaea3131591bfb6ccae35e2fe3c39290b35d6c49dc952d056d4a2a8909089880Internet Explorer 7 allows the setting of header "Transfer Encoding: chunked" in setRequestHeader exposing the browser to HTTP request splitting/smuggling attacks.
27996f8ad05851a84e1ef28e49b50bfdf6fdaa29d8a9736f6f788a883dbc9cffmod_negotiation as shipped with Apache versions 1.3.39 and below, 2.0.61 and below, and 2.2.6 and below suffers from cross site scripting and http response splitting vulnerabilities.
7f86ee48aeabb8b145f34046e06f37b34c3aa28b2b9640c2e4a27e73d169a460SWFIntruder (pronounced Swiff Intruder) is the first tool specifically developed for analyzing and testing security of Flash applications at runtime. Some features include predefined attack patterns, highly customizable attacks, semi-automated cross site scripting checks, and more.
ed7bcff3fefd34be99edafb8554813713aebb26330bb5743201776c9eff34d1eBy using a specially crafted "flv" video it is possible to trigger an integer overflow inside Adobe Flash interpreter which could lead to client/browser-plugin crash, arbitrary code execution or system denial of service.
b5745d95565e102a3b47c37bae0f9bb5d2ad4eb82226f8857c7805702ddd2ae8Firefox and Internet Explorer are prone to HTTP request splitting when Digest Authentication occurs.
edf659ed906fc3bd6c2fc58b554242e8d5cd97e23770a48f1df6a9e2d0681852PHP Nuke version 8.0, and possibly lower versions, are susceptible to a POST cross site scripting vulnerability.
240246141b63832150858dd16b81a45662e47408b15b013ca75d852b41f72486PHP versions greater than or equal to 4.0.7 and less than or equal to 5.2.1 suffer from an arbitrary variable overwrite in import_request_variables().
5fa15988075ab903a6fb5db15ca53a4cf5cbc587310a227e5c83e5aa6494637bThe Adobe Acrobat Reader plugin is susceptible to session riding and cross site scripting vulnerabilities.
6f8787159ec262edcfdaedc27ea3b2c37a154fdd74c3dce34a6fc9e8817c536dMySQL server versions 5.0.20 and below suffer from information leakage and arbitrary command execution flaws.
73926f323fd235433143abd52ed6b9430e45c62875f010bf2cd9188857a7813dExploit for MySQL server versions 5.0.20 and below which suffer from information leakage and arbitrary command execution flaws.
dff58328a3f1ca93623e9a8886b9d869d4f877a0b500615da4f050b4bbaf2ad2MySQL server versions 4.1.18 and below and 5.0.20 and below suffer from an information leakage issue.
eb1d10694aff57e15a622b021c3784bf24605040a4da6933d54eafaa3b59792cProof of concept exploit that demonstrates an information leakage vulnerability in MySQL server version 4.1.18 and below and 5.0.20 and below.
8660944cf077440334eb208ca4159d9608657b390786c7af9f2b5c70a2a33352Proof of concept exploit that makes use of functions in libc in order to gain MySQL user privileges. Version 4.1.10 and versions below and equal to 4.0.23 are affected.
883268c86f6fa35f215d28b707d9b6aa5143b2203243c3f53302acab8d0dc34dIf an authenticated user has INSERT and DELETE privileges on an mysql administrative database, it is possible, by using the CREATE FUNCTION command, to take advantage of functions from libc in order to gain mysql user privileges. Version 4.1.10 and versions below and equal to 4.0.23 are affected.
05ae9e22a0591885b9e526aefabcc601ce81851c4dcec3496411367507e6bb0aProof of concept exploit that makes use of a library injection flaw in MySQL via the CREATE function. Version 4.1.10 and versions below and equal to 4.0.23 are affected.
d74efbde515c47b96c4ca08796c904e378535ec258fbffd7eb05c6774714d9c8If an authenticated user has INSERT and DELETE privileges on a mysql administrative database, it is possible to use a library located in an arbitrary directory using the CREATE function. Version 4.1.10 and versions below and equal to 4.0.23 are affected.
b6cd1438080f20142c162f5f1c30010bcc56c15eeb9a45e72e51b6759e1dc41fPHP shmop shared memory module has a leak that can lead to Safe Mode bypass. PHP versions 5.0.2 and below and 4.3.9 and below are susceptible.
dc588853dfb8ad0042d6999abaa9d3b5fc69f9d552e5b678cca0ce19da0a4550PHP proof of concept exploit that makes use of an arbitrary file upload flaw in PHP versions below 4.3.9 and 5.0.2.
afff49337f58bcf7a3d4d154ad71cfde47193d319ff6dbeccf14fc280a7b754b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed