FSlint is a toolkit to find various forms of lint on a filesystem. At the moment it reports duplicate files, bad symbolic links, troublesome file names, empty directories, non stripped executables, temporary files, duplicate/conflicting (binary) names, and unused ext2 directory blocks.
aa7deb491339804b8bec13fbcc17125ab4f18ae0f91a6c84b260d7868f4e1d44112 byte connect back.send.exit /etc/passwd shellcode for freebsd/x86.
2a9e2dbe79087eeea63c69f7234f0b2c4331c511246dc7eb688bdbeb4f82ae76Secunia Security Advisory - Some vulnerabilities with unknown impacts have been reported in MyBB.
fefb02a9fd0c0f12543459d3341f4bdcddf57a36c1582a0c0dad74536989e77fE-PHP CMS suffers from a remote SQL injection vulnerability in article.php.
258bf18f72763da6dc3174218e389a48d4e0a85af9ad0ff0e2b6c05b17b428beInsomnia Security Vulnerability Advisory - Microsoft Office OneNote suffers from a URL handling vulnerability.
cd5c05fc129fad5e01ad13fafee248da86bca40d183785e3fddc3dc796468b18A vulnerability has been discovered in the Graphics Rendering Engine (GRE) component of Microsoft Windows. Specifically this vulnerability is exposed by the Microsoft Windows GDI+ subsystem. The vulnerability is created by an error in parsing certain Windows Metafile (WMF) files, a standard image file format used by many commonly-used software applications. . A successful code execution attempt will result in arbitrary code to be executed within the security privileges of the currently logged in user. An unsuccessful attack attempt will result in abnormal termination of the program used for opening the malicious file.
9b6c1b0b5a4674f7675b402b16aa2e22199f06c41ee19046873a161c464b9347Wordpress version 2.6.1 SQL column truncation admin account takeover exploit.
b8859d9da21d871130dc4e5844456269004f32aaafa27f40a0518fc25b1c46e6Zanfi CMS Lite / Jaw Portal Free suffer from a remote arbitrary file upload vulnerability.
a996ca29209759c920cd34275f768a2796e89943ab88b7d6c1415f5a70d04ccaApache Tomcat versions 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 suffer from an information disclosure vulnerability.
336ae34f18a11aaa4141e2fcd7aeb318b8b924dd30a3de3cafb02c982c3cd061Offensive XSS 101 - A small write up discussing basic logistics and methodologies for cross site scripting.
27e72fa2e63a49489f43b7cab215acd2c2f77db033859417e7313ff0f1c63d0bphpVID version 1.1 suffers from blind SQL injection and cross site scripting vulnerabilities.
5df4bd1024ce78d63d971b47ec5e919ea03440393238dc05b596c2101c230dcdSecunia Security Advisory - Some vulnerabilities have been reported in various Horde products, which can be exploited by malicious people to conduct script insertion attacks.
4bb48927a742bf36630ad3cc59af1d97cd910d31d60a3117990d80eb308526d8iDefense Security Advisory 09.09.08 - Remote exploitation of an integer overflow in Apple Inc.'s QuickTime could allow an attacker to execute arbitrary code in the security context of the current user. QuickTime is vulnerable to an integer overflow vulnerability when handling malformed PICT files. This issue results in heap corruption which can lead to arbitrary code execution. Apple Inc.'s QuickTime versions 7.4.5 and 7.4 have been confirmed to be vulnerable to this issue. Older versions are also suspected to be vulnerable.
3a27ed0d3c1812d0055d1944f27351bebfb69cb078fc9043b995e86593ef2c54iDefense Security Advisory 09.09.08 - Remote exploitation of an integer overflow vulnerability in multiple versions of Microsoft Corp.'s GDI+ could allow an attacker to execute arbitrary code within the context of the local user. The vulnerability specifically exists in the memory allocation performed by the GDI+ library. Certain malformed gradient fill input can cause the application to corrupt the heap, potentially allowing arbitrary code execution. iDefense Labs confirmed this vulnerability affects Internet Explorer 7 and Internet Explorer 6 on the Microsoft Windows XP SP2 platform.
2e0532d3c8039af7d9bf1009a1f7bb604a510e3e30eb42cd198c7f69f961ba91A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of mov video files in QuickTimeH264.scalar. A maliciously crafted MDAT atom can cause a heap corruption resulting in the execution of arbitrary code under the context of the current user.
5505a8d86f01ec1cb84018259da835f194e151aac9cb3eaae01af2039ff9552aA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of MP4 video files in QuickTimeH264.qtx. A maliciously crafted MDAT atom can cause a heap corruption resulting in the execution of arbitrary code.
9afbe58a772c9e4591b17f9504ab443c57bbd2efa131ce92c7e3cf29d0c54178A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of AVC1 atoms. An integer overflow condition is present that can result in a heap chunk being under-allocated. This heap corruption can be further leveraged to execute arbitrary code under the context of the current user.
8ea03995cb7114cd28f7bf73f5caca4b76b9adb9e3e90856c865896a2a487304A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of STSZ atoms within the function CallComponentFunctionWithStorage(). When an entry in the sample_size_table is too large, a memory corruption occurs which can be further leveraged to execute arbitrary code under the context of the current user.
2d1888b9c7264e11b6198be6e6eb29d6724803b19f1b271a1621eeee0c98eddfA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of panorama track PDAT atoms. When the maxTilt, minFieldOfView and maxFieldOfView elements are corrupted, a stack buffer overflow occurs which can be further leveraged to execute arbitrary code under the context of the current user.
eb997f73aea467930d32554ee16ba841ad22190e86477a72b3b00c9102fd783eA vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of QuickTime files that utilize the Indeo video codec. A lack of proper bounds checking within QuickTimeInternetExtras.qtx can result in a stack based buffer overflow leading to arbitrary code execution under the context of the currently logged in user.
94f39224d7ece7c67c5aab9c018b806912bd8830b53df7a31a064a2dbe6ca978This paper will present a new class of attack, called SQL Smuggling. SQL Smuggling is a sub-class of SQL Injection attacks that rely on differences between contextual interpretation performed by the application platform and the database server. While numerous instances of SQL Smuggling are commonly known, it has yet to be examined as a discrete class of attacks, with a common root cause. The root cause in fact has not yet been thoroughly investigated; this research is a result of a new smuggling technique, presented in this paper. It is fair to assume that further study of this commonality will likely lead to additional findings in this area.
46f3d645ad84a08e0fd5e13e5b32e7c9a124a0b37fd8e35f1fe56d83038a5ddfHot Links SQL-PHP versions 3 and below suffer from a remote SQL injection vulnerability in news.php.
095302ee957f90a56738ab6b73cf65b77bcc7bd1975f96fffc215819242eb055Libera CMS versions 1.12 and below suffer from a remote SQL injection vulnerability using the cookie.
a1c7d46c2b73d19ba7df705c23cc1eb5cc1becda265b640b65cf3f0de16d79bbZanfi CMS lite version 1.2 suffers from multiple local file inclusion vulnerabilities.
a9cecc30fed76fbe56bab70774421f8f389168637ff5c9baa5d3ebce2fddbb47Kim Websites version 1.0 suffers from a remote arbitrary file upload vulnerability.
5f99bc55da99e9a6b5a9cb7ffbdccdb639aabea0bde270d11b9a449a32518878
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed