This Metasploit module exploits a stack buffer overflow in Microsoft's Visual Studio 6.0. When passing a specially crafted string to the Mask parameter of the Msmask32.ocx ActiveX Control, an attacker may be able to execute arbitrary code.
def095f5fae66e555774c80c31922aee92bbe086dec4cbf1548a0683a892e8c5PenPals version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
ed95f8b8be7752b1c32578b0733c88f3daf58b9186f0d98cb97200da517c7118MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
748b9c33dcb3214fab6c7798e140405187a3fb4b71e9b5e184fd4b5e46428e90agentsmith is a daemon that continuously monitors a log file for break-in attempts by remote hosts. Upon detection of a break-in attempt, it launches a user defined script or application, which can do virtually anything from sending mail messages to whatever else you might think of. The criteria for what is considered a break-in attempt can be configured by means of a regular expression.
2fd6257852996ba88a353a3c39ff46e2177ff75fa360a82dd7caeca82c528dc5iCommander is a free and open source Command and Control Centre that lets you manage multiple servers from one place. The idea of iCommander is to provide an easy and secure solution for system administrators that allows them to control several servers from one place and in the same time.
73f3055a6a1ca8b5e80b3a19e36b165a9642add50ff7c81b5f9d42581cd2fc7eEasy Travel Portal suffers from a remote SQL injection vulnerability.
887cb6cabe73f309c70c0c7cb2f12c7e92cf905430b81866a605cf744c9b8a99iDefense Security Advisory 06.16.10 - Remote exploitation of a buffer overflow vulnerability within Samba Project's Samba could allow an attacker to execute arbitrary code with root privileges. This vulnerability exists in a certain function within Samba, where an attacker could trigger a memory corruption by sending specially crafted SMB requests resulting in heap memory overwritten with attacker supplied data, which can allow attackers to execute code remotely. iDefense has confirmed the existence of this vulnerability in Samba version 3.3.12. Previous versions are suspected to be affected.Samba 3.4.0 and newer versions rewrite the whole logic of the vulnerable function and thus are not affected by this vulnerability.
0f3906ee46ff98f1da265c6dd01ae1df772e0d26f20fe6ac2c61cfa40c024efdEQdkp-Plus Gallery suffers from a shell upload vulnerability.
1b3870ffc008156ce9ed5b10c4a449ced61f40f4c8cc85db3fe43475201568a3Weevely is a PHP trojan that hides a backdoor for communication using a fake HTTP_REFERER header. Archive password is set to p4ssw0rd. Use at your own risk.
cf94575c893708f95eb4a55035795ab332e4ea43d663319a5d7ef61efd4d7224Traidnt Discovery suffers from a cross site request forgery vulnerability.
0641e4c162ff143e5861131b1cc97542dc20b49808b477807e082e39d1514939SAP J2EE Telnet Administration suffers from an authentication bypass vulnerability.
1a80e20e80a3c1db1a6e588e5955e080382df05484aa9d8c7c179a6d923eec1dZero Day Initiative Advisory 10-110 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required in that a target must visit a malicious website. The specific flaw exists within the code for parsing embedded image data within SWF files. The DefineBits tag and several of its variations are prone to a parsing issue while handling JPEG data. Specifically, the vulnerability is due to decompression routines that do not validate image dimensions sufficiently before performing operations on heap memory. An attacker can exploit this vulnerability to execute arbitrary code under the context of the user running the browser.
ac57012b1da744853d08508a20989f6d770c79f5be724971ee6fdb073b1e50f3Zero Day Initiative Advisory 10-109 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing embedded MP4 files. When handling the STSC, STSZ, and STCO atoms the player can be made to improperly calculate length values later used as size parameters during memory copy operations. By providing a specially crafted file an attacker can corrupt heap memory and execute arbitrary code under the context of the currently logged in user.
055f900abb9dc3fbae2023801bcf07f4aa123aa4e0bf5e50b27e5c87c5db9540Zero Day Initiative Advisory 10-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovwebsnmpsrv.exe process which can be reached remotely through the jovgraph.exe CGI program. By supplying overly large values to variables passed through an HTTP request a strcpy call within the main() function can be made to overflow a static buffer. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver.
00278e85899dd283e140d40875be47b96c833e538416bebb14d77122837ee655Mandriva Linux Security Advisory 2010-117 - SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which bypasses the validation routine. The updated packages have been patched to correct this issue.
33947dbd868524d62aad14623e5a01f9a97ad2142ead8f2fa5b005de44e44224Ubuntu Security Notice 951-1 - Jun Mao discovered that Samba did not correctly validate SMB1 packet contents. An unauthenticated remote attacker could send specially crafted network traffic that could execute arbitrary code as the root user.
9507d496c82c755a408def6dfe5c81f2e0e7ea5c2f1f441bf5399a32f62a4db8Nakid CMS suffers from a remote arbitrary shell upload vulnerability.
3c37edb6246cbace20430035a315ff9ae22d896af71f30ebc537d5a9e08696a1Software Index suffers from a remote shell upload vulnerability.
2d0067968f0065e97e6da4b306cc5f1d9643146df438c33c200b85a8d992a88cSoftware Index suffers from a cross site scripting vulnerability.
3f8fa73529c07bf84ac2ea81d592ef0c41bb636b2075b88f0df22aa8ef27a1efPishBini Footbal suffers from cross site scripting and remote SQL injection vulnerabilities.
f528163c5facbec463a5fe975ab081208649067eecb13334bd68cbf0c4114b8fCeica-GW version 1.5 suffers from a cross site scripting vulnerability.
1465c6f7ca3bd1bfbadfac886990557c680b6431549f3cd4786a7436ba0287e82daybiz Online Classified System suffers from cross site scripting and remote SQL injection vulnerabilities.
f6aa481cb1f85f358baa9c8ba71459ccd42b4cd769cd8d6f063d28c16c95c85d2daybiz Network Community Script suffers from cross site scripting and remote SQL injection vulnerabilities.
b031a3c537dca0cae75bb56471260670a86e6d6d3880971f66b6effda7d9394bPHPAuctionSystem suffers from an arbitrary php code execution vulnerability.
2fc5a1c1f78f4e64119f95a6c9373b94d885bb57728eed2a125535a55280d1e5AspTR EXtended suffers from a cross site request forgery vulnerability.
79983bfe525c9de9e0e80f93a9a526a48f343fa858a0da177e0206ba704f8bb7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed