This is a whitepaper called Heap Spray Attack. Written in Portuguese.
dc4f2ac47dc932c63129892dd805287d31bd57204c5aea95c49b725c72782088LMS Web Ensino suffers from cross site request forgery, cross site scripting, session fixation, and remote SQL injection vulnerabilities.
d8ab9601e507b72e229d48cc75c285dc85f18205b70fc7eedf5d56427d760fc4PHP Speedy WordPress plugin versions 0.5.2 and below remote code execution exploit that leverages admin_container.php.
f81fcd56b70169b59a0219e334476443ac5a3384a2646989bfb17d3cbe9b831fComtrend ADSL router BTC (VivaCom) CT-5367 C01_R12 suffers from a cross site request forgery vulnerability that allows for password changes. Successful exploitation allows remote root access to the device.
7787b03f3c56cdbf0d32b20b5495b9e6aa2e1f78000dc7155d3ea2bf26850ee9OTVS ERP Microsiga Protheus suffers from a remote user enumeration vulnerability. Versions 8 and 10 are tested and affected.
36e840f98aff7512f31664eebae4913320e88a61fe951bf1515698dabaf9e338The TP-LINK TL-WR740N network device suffers from cross site scripting and denial of service vulnerabilities.
a097150919d27e37f9e77cc30f3985d6cf30d8bacddf84d2f069fb3370badd89Debian Linux Security Advisory 2181-1 - Philip Martin discovered that HTTP-based Subversion servers crash when processing lock requests on repositories which support unauthenticated read access.
e279a1bcfe680594e3d3bf9362b9c8c66ae64ddd00c4ec601e1ee978f8fea16dTramot CMS suffers from a local file inclusion vulnerability.
9d7baf4178b6d4c58cd34f56bb71dc3f58f7cf8e87420c8efcc1616758deb072This Metasploit module exploits a buffer overflow in NetSupport Manager Agent. It uses a similar ROP to the proftpd_iac exploit in order to avoid non executable stack.
97cfba55ad99e70aab89080a5fd28096914ddedef3359cfe0a68bdb2d98b0bffADAN Neuronlabs suffers from a remote SQL injection vulnerability in view.php.
befecbe43a3408df144d83f1134c8578e34c809f5037c66235c6181bb6703376JBoss Application Server remote command execution exploit for instances running on either Windows or Linux.
9334c5c75c7639d2db62091242226924783ba61ae3fe5d5895dd5fa97e45c898Limelight Software LTD suffers from a remote SQL injection vulnerability.
ab47931934a400323e3c07aab1f3e5f1064c1261d40dc3a649517dcf83170cc8The Citrix Access Gateway provides support for multiple authentication types. When utilizing the external legacy NTLM authentication module known as ntlm_authenticator the Access Gateway spawns the Samba 'samedit' command line utility to verify a user's identity and password. By embedding shell metacharacters in the web authentication form it is possible to execute arbitrary commands on the Access Gateway.
67ee0d90c122f14d2d05bf0be45df498f4d30d47f4fb4d085869433a4c230eb3Tramot CMS suffers from a remote SQL injection vulnerability.
d27bfeaa6d524c85d7e1b6e470358cfd481d86f3ef9ca04ff38ac5dd02a91717Secunia Security Advisory - Red Hat has issued an update for subversion. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
e6d0a21450f1b37828febfced3eb7bfecd23d53b6639b23f506cdba511d87478Secunia Security Advisory - Red Hat has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
8d3b4f49221757aef8ace4cbb9d3a8a8150a5b05a6b69e1b74b3af66a0701c3eSecunia Security Advisory - Red Hat has issued an update for libcgroup. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges.
0a0de4acd4a6994df9e8d742e40653455d0f7f7120547c166013cde4e179a441Secunia Security Advisory - Fedora has issued an update for moodle. This fixes multiple vulnerabilities, which can be exploited to conduct cross-site scripting attacks and disclose sensitive information.
568b287e814630c5ee40dd9abfb94c37a03b5a2c560d09f09974992be127dd9cSecunia Security Advisory - Patrick Kelley has reported a vulnerability in AltiGen AltiServ, which can be exploited by malicious people to cause a DoS (Denial of Service).
3ef0f2b24468d729cc0bf18d5d0a823675746503a996f907b04df50478a21844Secunia Security Advisory - Fedora has issued an update for firefox and xulrunner. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, cross-site request forgery attacks, and compromise a user's system.
cdd2dcc40620ba28f9b9a681d6f7fe971819c7f5878cb6e1d59995d649fd5751Secunia Security Advisory - Debian has issued an update for iceape. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, cross-site request forgery attacks, and compromise a user's system.
a0d38b7dbf3ddf527948243de34de3f8b81cf5685350dcec2857684b21f41d55Secunia Security Advisory - Ubuntu has issued an update for firefox and xulrunner. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, cross-site request forgery attacks, and compromise a user's system.
bcf7e1825307f2ea93433fb27dad4bbd1623f59966c79c5d28a857bed4399ae3Secunia Security Advisory - AutoSec Tools has discovered a vulnerability in RhinOS, which can be exploited by malicious people to disclose sensitive information.
8f1c01af1833636b828e81a88fc662c98370f6e1eb345913498abd8231fa715aSecunia Security Advisory - A security issue has been reported in Gri, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
88e54b5d84f8f18bc93d081cacd9268b00d5089ec2ec6c14dd05c54833b6faddSecunia Security Advisory - A security issue has been reported in Q, which can be exploited by malicious, local users to potentially gain escalated privileges.
424669bdb6cbe5f5a3838be2a91eb6234388dec3725780a40c86ccbc19644c4e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed