Microsoft Source Code Analyzer for SQL Injection is a static code analysis tool for finding SQL Injection vulnerabilities in ASP code. The package suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exists due to the improper permissions, with the "C" flag (Change(write)) for the "Everyone" group, for the binary file msscasi_asp.exe and the package itself, msscasi_asp_pkg.exe.
985f1b8a0c9c7170bfff235022459884dade76cc7504b5ccb7d597a030b5d2e8
Mandriva Linux Security Advisory 2011-045 - A security flaw was discovered in postfix which allows plaintext command injection with SMTP sessions over TLS.
89faa00a8b6e91fed511265852b9d21d485a9bb915eedbb9c39f53fff07f4630
AVIPreview version 0.26 Alpha local denial of service exploit that creates a malicious .avi file.
4897ca8735c0f747f65adefcf1ac1ab0642d1493062ef177c94392f92c695b04
SAP Front End applications (SAPGui.exe) are vulnerable to DLL hijacking attacks allowing for remote code execution.
28ae63b22ea645e5c51c549e98085f2be91b625a787181783ae2e6a8a3c0929e
SAP NetWeaver Runtime suffers from a cross site scripting vulnerability.
9181483e340b92a0eba8cbdc85b2d7b41fe702b11953196d7adeec92089118b9
Pointter PHP CMS version 1.2 suffers from cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.
9576e04112b662072178f9e55b2f30889f73467a6b27a79f96dc6bffd32f2b9b
AplikaMedia CMS suffers from a remote SQL injection vulnerability.
beb6e139aa9c26bb9c3de84b8752ffc774075526abfe9efb4c1f06bd3c67639b
Multiple cross site scripting vulnerabilities have been discovered in the SAP NetWeaver Integration Directory.
6c1f10b4919499bf8e2eb3a38ba5b4c505670c59ce701c4a2769af93a5d72d82
This Metasploit module exploits a vulnerability in Java Runtime Environment that allows an attacker to escape the Java Sandbox. By supplying a codebase that points at a trusted directory and a code that is a URL that does not contain an dots an applet can run without the sandbox. The vulnerability affects version 6 prior to update 24.
7b085d16fc224d04acc72867a334f80b6d2236665c25fefb9802bb1c7783d2ac
This Metasploit module exploits a hidden account in the com.trinagy.security.XMLUserManager Java class. When using this account, an attacker can abuse the com.trinagy.servlet.HelpManagerServlet class and write arbitrary files to the system allowing the execution of arbitrary code. NOTE: This Metasploit module has only been tested against HP OpenView Performance Insight Server 5.41.0.
050081861cf9f50a5ad646217b0778ac53503dda9e87c16307c0f9afee856b4c
This Metasploit module exploits a directory traversal bug in Adobe ColdFusion. By reading the password.properties a user can login using the encrypted password itself. This should work on version 8 and below.
30d24479f36de7b6cb78e0669b676ca8ad8705ff92ec0b9d808502f823261cc0
Multiple cross site scripting vulnerabilities have been discovered in the PerformanceManagement application module in SAP Crystal Reports Server 2008.
51f030365393b65a3456ecb53c5f5e39b1847584605dc54abbe2141bcba154a8
SugarCRM versions 6.1.1 and below suffer from a list privilege restriction bypass vulnerability.
a294b9e72e838a381dedca4166df412f8e9cceeb2a4d6fe5ffa135e777b8126e
Nostromo (nhttpd) versions 1.9.3 and below suffer from a directory traversal vulnerability.
21642ad06a6be195db94145ad06272a939d44c4341d01becfc5db1a0b9bb3907
MIT krb5 Security Advisory 2011-003 - The MIT Kerberos 5 Key Distribution Center (KDC) daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication (PKINIT) capability is enabled, resulting in daemon crash or arbitrary code execution (which is believed to be difficult).
b0ca25ea27a1f31338f24d60a05c7d8d56f653b8316aaf2ac49d655c3abd9ae7
Whitepaper called Reversing Basics - A Practical Approach. It discusses reverse engineering a simple crackme using IDA Pro.
679c95da8af6c67f9a7bdc9c4101b0fcd4ae7db3c57d78433cadd6b580902064
RSA Access Manager Server contains a potential vulnerability due to improper input handling that could be exploited by malicious people to gain unauthorized access to protected resources. Versions 5.5.x, 6.0.x, and 6.1.x are affected.
449ef96e8d46bd914e2bdef9ef656182b6dd2a2b660178b9639ff8ed403fda87
EMC Avamar utilizes an internally developed service utility which can potentially transmit customer sensitive information in clear text for certain events to other EMC internal systems as part of normal operations. Also, emails configured to be sent by the customer to notify about these events, may also potentially contain sensitive information. Versions 5.0.0-407 and later but prior to 5.0.4 are affected.
9a390dc3cc984b6c2a56e2f3a6fcacfde236c63f99649b20ad281219bc7f950a
EMC Avamar contains a potential privilege escalation vulnerability that may allow an authenticated user to obtain escalated administrative privileges in the affected system. Versions 5.0.4-26 and below are affected.
04f8e91f925dd81db300371745a3fc691eba8975aa3bd0d81547fb9578dc8bad
Secunia Security Advisory - A vulnerability has been reported in Citrix Secure Gateway, which can be exploited by malicious people to compromise a vulnerable system.
896fef1e432c6e4fa985c3cec023a8cfaa292bd12b8cefb169fd0068d96e360c
Secunia Security Advisory - A vulnerability has been discovered in jQuery Mega Menu Widget plugin for WordPress, which can be exploited by malicious people to disclose potentially sensitive information.
7f8ce038cee48dd1e74591a838ceb01d77b9a42fef9bc9c3c596d71f40270a25
Secunia Security Advisory - A vulnerability has been discovered in the IGIT Posts Slider Widget plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
3d9f72bb4a0b6b9c7ad1f1a3bce47d01e5ec52a6aab725aaf18ff99fcb1e314f
Secunia Security Advisory - A vulnerability has been reported in the ComicPress Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
af73eca68c6a3f479cb7c2bdedf7e1a2905627555bcbea8bf7f6bf6a9b082c68
sfWpCumulusPlugin for Symfony suffers from a cross site scripting vulnerability.
886bb00a439b512a682d6f5f86316c55c1f9d8deef67c2c0781ed6fbe95ae01a
Ubuntu Security Notice 1088-1 - Cameron Meadors discovered that the MIT Kerberos 5 Key Distribution Center (KDC) daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication (PKINIT) capability is enabled. This could allow a remote attacker to cause a denial of service.
eb748ff1ea1b858e0d288934566d4d38ddd39892f0b180a86f346cc403fd7926