A vulnerability allows remote attackers to retrieve arbitrary files on systems with vulnerable installations of EMC Control Center SAN Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SAN Manager Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_SENDFILE requests the service does not validate the requestor allowing any remote attacker to download arbitrary files.
461e165b1293cc00e1d6b9380680b3251d008e466d4d8f0a77303e8d91c15fbdA vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC Control Center SAN Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SAN Manager Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_CTGTRANS requests the process copies packet data into a fixed length stack buffer. Exploitation allows for arbitrary code execution under the context of the SYSTEM user.
aee6d5e4517fc845d2a37d58942b8f8d9b515170a768e9ea0179b3cafcc43942ToursManager suffers from a blind SQL injection vulnerability in tourview.php.
4d0862ac35c71f59549f8a0f7be83099dd4f645b32ac2abbf8e1b5cf37c106c9phpRS versions 2.6.x and 2.8.x suffer from a remote SQL injection vulnerability in gallery.php.
cd37a62705b90092cec6ee3361131b1700931e182692ee03102eb885c5ef7e27Mandriva Linux Security Advisory 2008-233 - A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code. In addition, the fixes for were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 (this was originally fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied. The updated packages have been patched to prevent these issues.
2dce704b30c5057d574019fc7d3911b1a7e1917657a49ce71f95f9a0d9af8ddaWhitepaper entitled Java 2 Micro Edition (J2ME or Java ME) Based Computer Malware Propagation Technique.
33dd9cf75d17e73d0b9c873025e3dd464002ef35b74dc38578987a00ee29000dOracle Database Vault runtime disabler that uses ptrace.
0d48b8ebbd50899212a445327c014e7d2065b85348b30ced6cef07c51a106a34Natterchat versions 1.12 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.
fdaca1a9c305161e92f99409bc5f23f72a342ea384bd5b361a547e3fa2b96b45PHP version 5.2.6 suffers from an error_log related safe_mode bypass vulnerability.
dfa81ee9fe5ed6e1ece110d40fa867c9d3ca32a9a65c0a1f95afb57512cb484dPHP-Fusion version 7.00.1 remote SQL injection exploit that makes use of messages.php.
77817606cf5e9fed61740e8e7fda85ce50b412c3ee6fc324930edec411a37b22Social Engine versions 2.7 and below suffer from remote SQL injection and cookie manipulation vulnerabilities.
cc404081ed843b5c909a79b12ce67ff7d853b70cf072abefb61a297df95cc82cThe Visitor Messages add-on for vBulletin version 3.7.3 suffers from cross site scripting and cross site request forgery vulnerabilities. This is a worm exploit that takes advantage of these issues.
5752206c5691ff705d128ca2dc77666331538a0b7d3d082cd48a913b6c4d2723AskPert suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a790ed10037506515e1cb4fa8df7b0b9165b6d1742e7081b58afa65f98c028e2Brief whitepaper discussing return to LIBC exploitation on Linux.
60df69f9613a7068834b59cadfa21bfe78b5e1a540709800c8da40b9243c2620Brief whitepaper discussing stack overflow exploit on Linux.
213beb0caf6939f7b983962882c19d76cf2d7c40ce84befefe5a6c4310688863The BackLinkSpider Exchange Links script suffers from remote SQL injection vulnerabilities in links.asp and links.php.
95bd3ddaba52709a0a2ff97a065ee4fb33c150b34551544104ec30c5b5dca58cExodus version 0.10 suffers from an URI handler arbitrary parameter injection vulnerability.
a264639d87455f56875a23401f59036d3f82d8733d2fa690f11e8e6f50ec84e0wPortfolio versions 0.3 and below remote arbitrary file upload exploit.
77857473a16edc35e3846dde8b47e890e7346e7a1246ca3ed301a780b8622f1f26 byte (the smaller) GNU/Linux x86 setuid/execve shellcode without NULLs.
87786ce6282d8885f0a55ff4452c4588f5c2aaa59e5b5c89e649507cc012443bBoastMachine version 3.1 suffers from a remote SQL injection vulnerability.
3188017b37ab4a98aa44caa9771b4a4443c0211c97b37cc476885a070dc0110eHP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM).The vulnerabilities could be exploited remotely to allow cross site scripting (XSS).
b8c9fe6d25660a81a6f06aae5f7fa118b9a41d276c0d7b7e813c689357f06725PunPortal PunBB module version 0.1 local file inclusion exploit.
63e5162517b423113437d76ce37e4881551e54e731e0b89b6f220564e426d437Pre Job Board suffers from a SQL injection vulnerability that allows for authentication bypass.
767f3b7b80905d4af74a7319352b4d649488147010ed6235478fe8c051e7c9fbSecunia Security Advisory - A security issue has been reported in SystemImager, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
b86a2ff45f2aee8400b99722dcda1cae022399f4bc56b827c5b235f3c249d084Secunia Security Advisory - HP has acknowledged some vulnerabilities in OpenView Network Node Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
c878986f26c644625cbed0d7794101f606d09164f75f812d506ee2556b57c81c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed