Whitepaper called Introduction to Metasploit. Written in Arabic.
b6428c54335fa37f8bc90d06de566bb58aaaebecc11f04d903e2a3cfc50cd8b8Mandriva Linux Security Advisory 2010-195 - libESMTP, probably 1.0.4 and earlier, does not properly handle a backslashed 0 field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName.
7d2a2655d0bc856465b92c6c2f680298e7c00c413037228658babf2ed384b5d1Mandriva Linux Security Advisory 2010-196 - Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
9a3686cad02bb3f6785e39683ac633d1dd451a5c0d3265195bc19564d9b9cba3CuteNews suffers from a local file inclusion vulnerability.
caccde755bfbe7f98d41777d2d8c96a88e23336827845acba44f4444922c5ca6Facebook.com suffers from cross site request forgery and cross site scripting vulnerabilities.
2a56c78b4d9faa62d3f97a355e88375441218e8acf64eb122ad6ef1ef100a9f5SnackAmp version 3.1.3B malicious SMP buffer overflow exploit with DEP bypass.
6b3746b0928c1d95c1cafeabece47e71024f0d6098da89f7f3dfd6b25dbca2b3Proof of concept exploit that demonstrates the downloading of Web.config. This affects unpatched versions of .NET framework 3.5 Sp1. Full details are available on the homepage.
c2bff02b5943229b67a2c7bfe0e791c38fd61cecc58a739443381625fa85ed4bNetWin Surgemail version 4.3e suffers from a cross site scripting vulnerability.
0835158fda6c41308fa60e24e3d49d7bea9c3893a72e0b9d8c22545411ac45a8ITS SCADA suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6b2bfbde9ed54d4607036817af12071cbc28999cc84c4895379b19a1be15fbcbFreeBSD versions 7.0 through 7.2 pseudofs null pointer dereference local exploit.
22f7237d83ef0a7ecbc6f409a5b2a8f85c968be8f991ec9d649f3b126b963114Uebimiau Webmail version 3.2.0-2.0 suffers from a local file inclusion vulnerability.
7fc91fe88ddc29761c0a08cb6b86047aa397c875786e4649924f32af2a98044cAspect Ratio CMS suffers from a remote blind SQL injection vulnerability.
5b97eff78f9cc36a72b689b6a0c3a72327a5b51bfafe5af2de86330ab1decaadDNET Live-Stats version 0.8 suffers from a local file inclusion vulnerability.
c9b189d8fc877e16ec667d8396e8b82cd74519b4232e0d79808a2bed332b0e20Abhimanyu Infotech SQL injection exploit that leverages show_news.php.
099a613d5f44b9bd44d09e1ee6c6631491f691ebbc8b92b9e8cd968505396248Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
ec65b64f4524a8a7deb461ff0b8df63db26df45397d7cee1b846bd19b53dd82f113 bytes small generic Win32/XP Pro SP3 add new local administrator shellcode.
4651924f38d3b39b87fec3f3ed9e5d843645d2d4ccb4ec77449aaa48c7749d8e326 bytes small generic Win32 add new local administrator shellcode.
b8cc1cbf3df621cb3da50f5af0f5ee39f43693b4a4e8fdfb2c3d6f71dea4aaecFAQMasterFlex version 1.2 suffers from a remote SQL injection vulnerability.
b2550956f463005cf29109ee9ed5356b6345ce57da3ecf7fa1cc0da3a94c3b0aCilem Haber version 1.4.4 suffers from a database disclosure vulnerability.
bdc941e374e6699f709194eb361b07e183ae67ff3a1a2445b7963c2cd0c85bd7This Metasploit module exploits a buffer overflow in Computer Associates BrightStor ARCserve Backup 11.1 - 11.5 SP2. By sending a specially crafted RPC request, an attacker could overflow the buffer and execute arbitrary code.
c4ca4645d9925d456decaa55b7a17382e1c311a583da4c7b865b4621e3893f92This Metasploit module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup r11.1 - r11.5. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.
e55c78f6c73f858857f835c254a3c8793ee443028db1ba508ebb04ffca926082Secunia Security Advisory - A vulnerability has been reported in ProxySG, which can be exploited by malicious people to conduct cross-site scripting attacks.
310aca70fe5869e11b3244db7f518959ee1e3a822dbc428a0e9ce8f444aa7c23Secunia Security Advisory - Kerem Kocaer has discovered a vulnerability in SurgeMail, which can be exploited by malicious people to conduct cross-site scripting attacks.
d5c58e76c40efaad324a674d4dcad1f804d04b08c2cd6cb6beaff15baeb97a96Secunia Security Advisory - Multiple vulnerabilities have been reported in APR-util, which can be exploited by malicious people to cause a DoS (Denial of Service).
4226149adf9c5285bcab49eec64df725278e0b6207a717bac23a256b6ca76f1cSecunia Security Advisory - Multiple vulnerabilities have been reported in MySQL, which can be exploited by malicious users to gain escalated privileges or cause a DoS (Denial of Service).
473d6fe8322f443e4753d45f2c901ca0e578a15886ca4856e4c273ceefebf02d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed