Core Security Technologies Advisory - The Real Helix DNA RTSP and SETUP request handler suffers from multiple denial of service vulnerabilities.
cdff514d4f41c4b45e2a5462892a195bd759a59e2540efc5011f58cbf0636d02Mozilla Firefox 3.5 heap spray exploit. Written in Python.
d1253f8edede8fa9f97227138d7df3490fea4cc39eb8c1282947c40659be1655This is a whitepaper called Image Authentication Injection. Proof of concept code is included.
d4a68cecd3dae6139f91157e6ef9e79417463b4b054b10498c792b2a524a904eSoritong MP3 Player version 1.0 local stack overflow proof of concept exploit that creates a malicious .txt file.
25fe222bbcd21b28545c415f9f6f354e0c9f8f4b5766e9a9c53af106ebede6c0PulseAudio suffers from a local race condition privilege escalation vulnerability. Proof of concept exploit included.
426a9d852cba8a790cc64c95d7415f44eccf93c747b639ad6f192ca0c06f2302NullSearchAccess is a scanner that attempts default logins for various services like ftp, pop3, imap, mysql, and more.
a10a9044c809fd3349b9ec60b05ed552425f65705f4c73c9f835870f23fb0bbdStreaming Audio Player version 0.9 local stack overflow proof of concept exploit.
e2ab28795513dbe62413f0ecead5a05853c3a82d38cc2a2677f58f24254e193aRadLance Gold version 7.5 suffers from remote SQL injection and cross site scripting vulnerabilities.
a76101de6790702d1a27b74eb2fbf2ac1b4f10662675de0b936ce29525242ddaRadBIDS Gold version 4 suffers from remote SQL injection and cross site scripting vulnerabilities.
38eb537c78a7658704a6ede901a1a8b5c1068cd2ff64e16b4531a423322c7a9eRadAFFILIATE Links suffers from cross site scripting vulnerabilities.
26a328bcc81a95419415128fbf79a5eecf66933d44e60e27ca0887019a72eda5RadNICS Gold version 5 suffers from remote SQL injection and cross site scripting vulnerabilities.
96798a04b6348ca6e66d7138c2afd226f2db75cc50a5f8d9863afad39512c045HUBScript version 1 suffers from cross site scripting and phpinfo() vulnerabilities.
1ff1eb39f17c36975c057674b80e92ef69de08c9ed1ddbe0f808270777c970cdHonest Traffic suffers from a cross site scripting vulnerability.
908a5966468b6cda5e3d71e3211f33df4237e6f7e965314a159c782cc01d227dFreelancers Script version 1 suffers from a cross site scripting vulnerability.
89882e7707f80338361107d432711418784f389e5ee5971ad3e10f58f3527b7bMandriva Linux Security Advisory 2009-153 - Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients. This update provides fixes for this vulnerability.
c6505a821af86ef94e58b06b54a047ef777eeca3029c106ce34aa9de69c61c2e23 bytes small win32 XP shellcode that executes cmd.exe.
18b4f1a4f1ea7b2e6cccf1c44dd49d10c60e7b3b5ae2a386ae008789d93d09f9Vopak.com suffers from a local file inclusion vulnerability.
02e52d0b38ce0bb2713b19931d8a8710d258a1f82756ef44ba50318a0835c38eMandriva Linux Security Advisory 2009-152 - Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that pulseaudio, when installed setuid root, does not drop privileges before re-executing itself to achieve immediate bindings. This can be exploited by a user who has write access to any directory on the file system containing /usr/bin to gain local root access. The user needs to exploit a race condition related to creating a hard link. This update provides fixes for this vulnerability.
efef538e5448dc71abb6142f0dac1a1ee4d7d0e7534491b4dea526851e048f60htmldoc version 1.8.27.1 universal stack overflow exploit.
a35d868c42c328be76f332f60badf664789e506e25dc2e1dc4184951c9692c56Easy RM to MP3 Converter universal stack overflow exploit that creates a malicious .m3u file.
a6c79f72fa7534bd1571a0879a0f13a4a742742f81da437fda8e1f9ca7bb5845WebVision version 2.1 remote SQL injection exploit.
25b9f9ce181828a4cb6fc1de3a9cafc2fdbc9feedbc4ec97d200250d944dc28bCOMRaider CreateFolder() and Copy() insecure method hard disk filler exploit.
6dc754186ff68f974317f5e7dbe75367f2be240d23e025ce07f6537f16294108dB Masters Multimedia's Content Manager version 4.5 suffers from a remote blind SQL injection vulnerability.
7cb186bd125e6a4123c29cadbebaf155e52ceb30a9898d85cb07234ea67cb6a3Joomla Jobline versions 1.3.1 and below suffer from a remote SQL injection vulnerability.
17f91f7d257c83e37c016b05114297310a5e82912cb9cb1fda72ed8629e3d103VS Panel version 7.5.5 suffers from multiple remote SQL injection vulnerabilities.
37e9fd04e79da711f7a35cdf14fe1cf4b163daff38d13d05b7de5744650f6d97
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed