SaphpLesson version 2.0 remote SQL injection exploit.
84880ff4eb056306cb0b82e52812c3947c34a07cf6eccc6a330c88ff1c7c2339iGENUS WebMail versions 2.0.2 and below remote command execution exploit.
85c7f7a9b770046f5a06b39f98b512e90aada232d07b5f768129ae77bbd6bdffLocal privilege escalation exploit for MySQL 4.x and 5.0 that makes use of UDFs.
259ac0290dd0e3e004ce1a3a8f637fde8c686703359f1c60679c5a45b6988645This Metasploit module exploits a vulnerability in Safari's "Safe file" feature, which will automatically open any file with one of the allowed extensions. This can be abused by supplying a zip file, containing a shell script, with a metafile indicating that the file should be opened by Terminal.app. This module depends on the 'zip' command-line utility.
d07fb300961da20240be4d01af4bf9ae28d737166fc35716c762ae250e33252fMicrosoft Windows Media Player 10 Plug-In EMBED overflow universal exploit that makes use of the flaw discussed in MS06-006.
2773662b377c0c196a0104ce112087de801337f51b5949420cc9fc8330f312a6This Metasploit module exploits a vulnerability in the Windows Media Player plugin for non-Microsoft web browsers. This module has been tested with Windows Media Player 9 on Windows 2000 SP4, Windows XP SP2, and Windows 2003 SP0 (Firefox 1.5 and Opera 8.5).
109944d0f0bc94820c9812ca99a3a01766f288fa18315471b7364cf9c0e05b92Microsoft Windows Media Player BMP handling buffer overflow denial of service exploit.
8f2d41bf1dd64716755ada44360ed3a49914717b8e043672e16b3d2999406bcdWindows Media Player BMP heap overflow exploit.
822f5c646504ac887852555d8001a9bf10e68172b4532b4596c607174b9241afeZ publish versions 3.7.3 and below suffer from cross site scripting flaws.
a2e3a0d122a5938311a50fa279d8aaecfdf72b266d633af98ca648075c1b6805ICQmail.com and Mail2World.com suffer from cross site scripting flaws.
110d6619c74376b652d2594211b95a74a9ca9925caa10924f9d46b4c07940b4ePentacle In-Out Board versions 6.03 and below suffer from a SQL injection flaw in newsdetailsview.asp.
c41e3a101311cb8d1397efad265cd2055b641e6671e8d741ab46b7c57ba9771aPentacle In-Out Board versions 6.03 and below suffer from a SQL injection flaw in login.asp that allows for authentication bypass.
44e21740ebfcc261a03c72155b1ffc8c45a59dff7a5f146b6633b424340e2e5fNSA Group Advisory - SPiD version 1.3.1 suffers from a classic directory traversal flaw.
12524908c6c57479cfbc4caef1bf5c49494264797d167ce4596229d847b85cc3Remote exploit for ArGoSoft FTP server versions 1.4.3.5 and below that makes use of a remote heap overflow in the DELE command.
7254d5e1a22aa5a9bedc2e13bb70cc4b7c74c92e5c1eac37b5611a7eb4360abdHotmail/MSN cross site scripting exploit.
7ee723fd6bda6975447f5281a29e4b67559ae75d79a168fe927bfc0c9b56085fGuestext version 1.0 is susceptible to cross site scripting attacks.
325f9ac22671d90b92992e8b0593fdad85244048bb98ab1a9c7d6ae3d153ecd8Mandriva Linux Security Advisory - Multiple integer overflows in the new_demux_packet function in demuxer.h and the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value.
54fbfa44bc4ce46c7e7e5a855cf8134006656b7d86c6868f140376e5c7da05a4NSA Group Advisory - Website Generator version 3.3 suffers from an arbitrary remote PHP file inclusion flaw.
885da198541b682486a9824c51d6e3e1c076266899c8404b0a0cd280901f787fiDefense Security Advisory 02.24.06 - Local exploitation of an access validation error in SCO Unixware allows attackers to gain root privileges. The vulnerability specifically exists due to a failure to check permissions on traced executables. The ptrace() system call provides an interface for debugging other processes on the system. SCO Unixware's implementation of the ptrace system call fails to check for setuid permissions on binaries before attaching to the process. This results in the complete control of memory and execution for the traced process with root privileges. Attackers can inject data into the running setuid process and execute arbitrary code with root permissions. iDefense has confirmed the existence of this vulnerability in SCO Unixware versions 7.1.3 and 7.1.4. All previous versions of SCO Unixware are suspected to be vulnerable.
6eaaa424b75ac17dcb4ec8cdd9b4609599cfbdd9bbe9aea98a0e116202a59614SUSE Security Announcement - A new release of Heimdal fixes a file ownership flaw and a bug in the telnet server.
b0218c3a06d64bab844e1669fd6710cd43861365008010a8bab1d843588da063Mambo versions 4.5.3h and below are susceptible to SQL injection and file inclusion attacks. Full details provided.
32f94f56d297af76886b57f1aaf38f9c0442583eea7d2246d3d29f09d3e5105eMyPHPNuke versions 1.8.8 and below are susceptible to multiple cross site scripting vulnerabilities. Details provided.
e0c7f805e02b0449c14d070cba3507927c4da8f250e046f53b5066a0cbef8541Woltlab Burning Board 2.x is susceptible to multiple cross site scripting flaws. Details provided.
6a378f20bcf1a839d6265b48317ce172486aa6ae12a3ec5434d309d5d2318f60IRM Security Advisory No. 018 - A buffer overflow exists in Winamp's handling of a m3u playlist file. Version 5.13 is affected.
3def06357bbd61ad42bef60b1155880a09482b306cbc4c4de3efe11138eb667cSpeedCommander version 11.0, ZipStar version 5.1, and Squeez version 5.1 all suffer from directory traversal vulnerabilities when processing malicious JAR and ZIP files.
bb515a90987a52b0bcf6be0d1ee106843efd253c6e4dd84acebf0dd2ddc1b8cd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed