AJ-Fork version 1.67 is susceptible to path disclosure, directory listing, backup directory access, and other flaws that allow access to database files. Exploitation provided.
8ec6b8d2a7db3b1b263f522b3d69c5e2539d1001dc807514dad9cd3127bed9d8A SQL injection vulnerability exists in bBlog 0.7.3 that will allow a remote user administrative privileges.
64e86af99d91124d41d2bb4cc26af33bd805b5f93c64732ee22d1372f9976e05Pads is a signature based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.
5ab766170b9b9d398e49ab81943136e90ac10d1790984db741067b66de921e37There is a vulnerability in ColdFusion MX 6.1 when a user can create a cold fusion template on a ColdFusion server with CreateObject or cfobject tags enabled.
b35cc809e881359da234ac0dce6ce8d8cc7a7743cecbf5078cdcc0b3ca19a324iDEFENSE Security Advisory 09.30.04 - Remote exploitation of an input validation vulnerability in Samba allows attackers to access files and directories outside of the specified share path.
093d77ea6f8671a498b2960e60a63166e361922696586d3e51dd8af521ab506ePHP/PostfreSQL front-end to Unicornscan, a new information gathering and correlation engine built for and by members of the security research and testing communities.
cd1ceb8668dae0f4b2c023ae3b2e4a132102417998f76629ebd41e41f00b4ec5Unicornscan is a new information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL license. Unicornscan is an attempt at a User-land Distributed TCP/IP stack. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network.
97d75b4b1bd21590631324583e09fa056619d571a68591f1de160d33fad76225Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
3aee0ebc1ebb1971abf7ee42e3186c20328ea94ede74439ea0128393e9851315Aircrack is an 802.11 WEP cracking program that can recover a 40-bit or 104-bit WEP key once enough encrypted packets have been gathered. It implements the standard FMS attack along with some optimizations, thus making the attack much faster compared to other WEP cracking tools.
9b749d98278450b80153c1f82b7e253548a3f03603062dc98cc1320803d791daRemote proof of concept exploit for Icecast versions 2.0.1 and below on win32 that downloads NCAT from elitehaven.net and spawns a shell on port 9999.
79cf3f920b0cea39a5d66a27f360516678f853ec3ca8c9e63debfaa00a9a1212Remote root exploit for Icecast 2.0.1 on Windows. Makes use of an overflow that allows for remote command execution and provides a nice reverse shell.
8eb4988ca3de0fc8a5f36b206a8e275c4ca45baf3e95a867c8c789929cc342e6Secunia Security Advisory - Some vulnerabilities in PHP-Fusion can be exploited by malicious people to conduct SQL injection and script insertion attacks.
3bfc33c8df640d2a6a2de1df47310622b234eec864fc0ace3c37bb10a74c9a55The Silent Storm Portal versions 2.1 and 2.2 suffer from cross site scripting and unauthorized administrative access vulnerabilities due to a lack of variable sanitization.
66fff379261531b82d643a07be7550936ed43fd65a23dbed702ddf1df0474c02Samba versions 2.2.11 and below and versions below and equal to 3.0.5 allow a remote attacker that ability to gain access to files that exist outside of the share's defined path. Such files must still be readable by the account used for the connection.
4f9156f25d9d86303f9556eb907601a2fdfd174787601f7b6045e7dc7b476a98Multiple vulnerabilities were found in the w-agora forum version 4.1.6a. A remote user can conduct SQL injection, HTTP response splitting and Cross site scripting attacks.
252158627116de7a2f7d1b59a8370a428edf3f5dfc0dd28f1f3bb1bcd9bb5e5bDebian Security Advisory DSA 555-1 - It has been noticed that the freenet6 tspc.conf file is world readable by default, allowing a local attacker to retrieve password information.
17829c003c7011c2698e773a3025aa782967aed5ff55934cd04312689bb163d9Blackboard Hash Cracker is a bruteforce script, cracking by Blackboard Software encoded passwords via a dictionary attack.
38d51d62f5d24d11311bc81ebcb1c598299a7f74b3e10e642815acf492b7cc30Remote denial of service exploit for Alpha Black Zero: Intrepid Protocol versions 1.04 and below, which suffer from a denial of service flaw where the server does not limit how many clients can attempt to connect.
52dc7d20f94d6123f3601ec2dacab82d609ae5bb8953ab77436ce3d2710a41c8Alpha Black Zero: Intrepid Protocol versions 1.04 and below suffer from a denial of service flaw where the server does not limit how many clients can attempt to connect.
4414c547a52fab54a828574d7e1fbf317922a056f062f765be6b4258949199a0iDEFENSE Security Advisory 09.29.04 - Remote exploitation of a buffer overflow vulnerability in Macromedia's JRun 4 mod_jrun Apache module could allow execution of arbitrary code.
93907fd7f33154250f601c445f3d1a1ee72b302063061e76b9aefecb32be7a2cGentoo Linux Security Advisory GLSA 200409-35 - An information leak in mod_authz_svn could allow sensitive metadata of protected areas to be leaked to unauthorized users.
2b072be0bf26cab40d910363fe510e068e23315916607e67bb88cbe04fac2a10HP Security Bulletin - A potential security vulnerability has been identified in Command View XP for all versions up to and including 1.8B, running on any management stations whereby it is possible to bypass access restrictions.
0421e9c99b21c484f1bee311428abfcf00650deaeacacb5e5cc5eeb4dd1fe4ffSecunia Security Advisory - A security issue has been reported in Computer Associates Unicenter Common Services, which may disclose sensitive information to malicious, local users.
dc66e166a89f52a8d1f75df952d6ce32453a2687f864f0da1906a5afbf7ad0a3RealNetworks Inc. has recently been made aware of security vulnerabilities that could potentially allow an attacker to run arbitrary or malicious code on a user's machine. While they have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously by RealNetworks Inc. Real has found and fixed the problem.
6271c03d314637ce60285d26839c6ed02232a7c525f81fffb3637673d7cd4358dbPowerAmp Music Converter 10.0 and Player 2.0 suffer from multiple buffer overflow and denial of service vulnerabilities.
6e960aaf7dcf4d341dce48d56fc7b3987ad56e984d13fae340528a8beb88d129
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed