Secunia Security Advisory - Ams has reported two vulnerabilities in Wing FTP Server, which can be exploited by malicious people to conduct script insertion attacks or cause a DoS (Denial of Service).
e5391225bebc1fe8e8132d0b95882fc68deab7ad04b3e3bce23c34e4e0cc46f7Secunia Security Advisory - A vulnerability has been reported in I-Escorts Directory, which can be exploited by malicious people to conduct SQL injection attacks.
705f096b9b986828ba31f8071cd4196e0c7c5139783f0da56fe3620a6b32751aSecunia Security Advisory - LionTurk has reported a security issue in UranyumSoft Listing Service, which can be exploited by malicious people to disclose sensitive information.
b8327750af0c0c1d76b48457e830b11000202bf8b1cd3a858d643eed29399b57Secunia Security Advisory - A vulnerability has been reported in vBulletin, which can be exploited by malicious people to conduct spoofing attacks.
d68f78be26f9361dd812d87ad29f54accbda88dc35e88e227983ab3ca23fb1b0Secunia Security Advisory - A vulnerability has been reported in Sendmail, which can be exploited by malicious people to conduct spoofing attacks.
b57f1c33fda72f1a9f0eb649bb4ac1211f460f6e1e1818c0e6960bf924a15588Secunia Security Advisory - A vulnerability has been reported in PicMe, which can be exploited by malicious people to conduct cross-site scripting attacks.
c16df0cd4678108e2af4615efa2633d6ff4b80c39693491ca1aeb1f7191b3efbSecunia Security Advisory - SecurityRules has reported a vulnerability in DirectAdmin, which can be exploited by malicious people to conduct cross-site request forgery attacks.
49396c7a93e8450d604ffceef58dbf9f4bc5b966ff17b2ef6b82f2af5469d6deSecunia Security Advisory - A vulnerability has been reported in the Autocomplete Widgets for CCK Text and Number module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.
38e9c2357de1b6239438ea0767e5e1b8c60894cf1d4755483f0a23a85b576095Secunia Security Advisory - A vulnerability has been reported in iDevAffiliate, which can be exploited by malicious people to conduct cross-site scripting attacks.
abfa2dac47729c1438f19239ea9551233bee7937316701776a72a995ecf5f2a7Secunia Security Advisory - A security issue has been reported in FlashChat, which can be exploited by malicious people to disclose system information.
596816b9d06a895ac5e9c43c756f2b329ae0a7f9ee3081a9edde894504472555Secunia Security Advisory - A vulnerability with an unknown impact has been reported in the Run Digital Download component for Joomla!.
b738dfb7f92a247660f94cead249a1d831f23fbc45f3cc85fb1279862f789369Secunia Security Advisory - Fabian Yamaguchi has discovered a vulnerability in Pidgin, which can be exploited by malicious people to disclose sensitive information.
3e19d3c02020837febda833f78ccf0defbdeab22c088c0531138fc1f2a19688dSecunia Security Advisory - Fabian Yamaguchi has reported a vulnerability in Adium, which can be exploited by malicious people to disclose sensitive information.
54a658785fe6e80d2d4beddc0ce2fc265249dbc07c7369c56a7df779c579b8f7Secunia Security Advisory - A vulnerability has been reported in dB Masters Links Directory, which can be exploited by malicious people to bypass certain security restrictions.
2f708514b2f83f6e709e36080e58bed33aaf8b1faba1c6ee8ee8c2195b9a6fc2Secunia Security Advisory - indoushka has discovered multiple vulnerabilities in Despe FreeCell, which can be exploited by malicious people to conduct cross-site scripting attacks.
279d356829e9941b6602419ce72f64a10861a1455bf7e5c012755924538f65fcSecunia Security Advisory - A vulnerability has been discovered in the Avatar Studio module for PHP-Fusion, which can be exploited by malicious users to disclose sensitive information.
3bf8496803c3d0f7f07dee396abb7cbc09b708f4f27f9f56c383a0feae426bdeThis exploit takes advantage of a stack based overflow. Once the stack corruption has occurred it is possible to overwrite a pointer which is later used for a memcpy. This gives us a write anything anywhere condition similar to a format string vulnerability.
eb9a55064f6e381a97138b188135a0635600efe4ead2bdf62f7751369e16a37eThis Metasploit module exploits a buffer overflow in Computer Associates BrighStor ARCserve r11.5 (build 3884). By sending a specially crafted RPC request to opcode 0x342, an attacker could overflow the buffer and execute arbitrary code. In order to successfully exploit this vulnerability, you will need set the hostname argument (HNAME).
25561774611f62f76340df5f53273f88999603ab3128927abfd951eddc17dd28This Metasploit module exploits a stack overflow in the IBM Tivoli Storage Manager Express Remote Client Agent service. By sending a "dicuGetIdentify" request packet containing a long NodeName parameter, an attacker can execute arbitrary code. NOTE: this exploit first connects to the CAD service to start the RCA service and obtain the port number on which it runs. This service does not restart.
3d12be67beff922e63d2ba3c7af87796dc724d566da3472bbc068cb1c51b523bThis Metasploit module exploits a stack-based buffer overflow in HP Application Recovery Manager OmniInet daemon. By sending a specially crafted MSG_PROTOCOL packet, a remote attacker may be able to execute arbitrary code.
bb3140caff7cdc64edf4b36ae5ea23db6db25dcb500491fe2b403cad680d6697This Metasploit module exploits a buffer overflow in the Eureka Email 2.2q client that is triggered through an excessively long ERR message. NOTE: this exploit isn't very reliable. Unfortunately reaching the vulnerable code can only be done when manually checking mail (Ctrl-M). Checking at startup will not reach the code targeted here.
03aa5d1fb353fd0b0a186d111853941e220644c617f4997fc853286c33067088This Metasploit module exploits a stack overflow in the IBM Tivoli Storage Manager Express CAD Service. By sending a "ping" packet containing a long string, an attacker can execute arbitrary code. NOTE: the dsmcad.exe service must be in a particular state (CadWaitingStatus = 1) in order for the vulnerable code to be reached. This state doesn't appear to be reachable when the TSM server is not running. This service does not restart.
8a10ef51f9a242610ead82abda18b323770c190feb98597aba24f56a8407f14aThis Metasploit module exploits a stack based buffer overflow in Timbuktu Pro version <= 8.6.6 in a pretty novel way. This exploit requires two connections. The first connection is used to leak stack data using the buffer overflow to overwrite the nNumberOfBytesToWrite argument. By supplying a large value for this argument it is possible to cause Timbuktu to reply to the initial request with leaked stack data. Using this data allows for reliable exploitation of the buffer overflow vulnerability. Props to Infamous41d for helping in finding this exploitation path. The second connection utilizes the data from the data leak to accurately exploit the stack based buffer overflow vulnerability. TODO: hdm suggested using meterpreter's migration capability and restarting the process for multishot exploitation.
1a3eb49398ce9b0ab57cd1e8f8fcef3eb6dad5ad3499db7694e64b4fa58552a2This Metasploit module exploits a stack overflow in the NetApi32 NetpManageIPCConnect function using the Workstation service in Windows 2000 SP4 and Windows XP SP2. In order to exploit this vulnerability, you must specify a the name of a valid Windows DOMAIN. It may be possible to satisfy this condition by using a custom dns and ldap setup, however that method is not covered here. Although Windows XP SP2 is vulnerable, Microsoft reports that Administrator credentials are required to reach the vulnerable code. Windows XP SP1 only requires valid user credentials. Also, testing shows that a machine already joined to a domain is not exploitable.
ea9293c701b97bcc0c680f787edd7ae46789120c6798479e817b203688e6abb8This Metasploit module exploits a directory traversal in Persits Software Inc's XUpload ActiveX control(version 3.0.0.3) that's included in HP LoadRunner 9.5. By passing a string containing "..\\\\" sequences to the MakeHttpRequest method, an attacker is able to write arbitrary files to arbitrary locations on disk. Code execution occurs by writing to the All Users Startup Programs directory. You may want to combine this module with the use of multi/handler since a user would have to log for the payload to execute.
a22d6a5d6ae13466a6759a4b609ca02715e96a081fa217cf96cb8a72607502d3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed