Microsoft Source Code Analyzer for SQL Injection is a static code analysis tool for finding SQL Injection vulnerabilities in ASP code. The package suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exists due to the improper permissions, with the "C" flag (Change(write)) for the "Everyone" group, for the binary file msscasi_asp.exe and the package itself, msscasi_asp_pkg.exe.
985f1b8a0c9c7170bfff235022459884dade76cc7504b5ccb7d597a030b5d2e8Mandriva Linux Security Advisory 2011-045 - A security flaw was discovered in postfix which allows plaintext command injection with SMTP sessions over TLS.
89faa00a8b6e91fed511265852b9d21d485a9bb915eedbb9c39f53fff07f4630AVIPreview version 0.26 Alpha local denial of service exploit that creates a malicious .avi file.
4897ca8735c0f747f65adefcf1ac1ab0642d1493062ef177c94392f92c695b04SAP Front End applications (SAPGui.exe) are vulnerable to DLL hijacking attacks allowing for remote code execution.
28ae63b22ea645e5c51c549e98085f2be91b625a787181783ae2e6a8a3c0929eSAP NetWeaver Runtime suffers from a cross site scripting vulnerability.
9181483e340b92a0eba8cbdc85b2d7b41fe702b11953196d7adeec92089118b9Pointter PHP CMS version 1.2 suffers from cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.
9576e04112b662072178f9e55b2f30889f73467a6b27a79f96dc6bffd32f2b9bAplikaMedia CMS suffers from a remote SQL injection vulnerability.
beb6e139aa9c26bb9c3de84b8752ffc774075526abfe9efb4c1f06bd3c67639bMultiple cross site scripting vulnerabilities have been discovered in the SAP NetWeaver Integration Directory.
6c1f10b4919499bf8e2eb3a38ba5b4c505670c59ce701c4a2769af93a5d72d82This Metasploit module exploits a vulnerability in Java Runtime Environment that allows an attacker to escape the Java Sandbox. By supplying a codebase that points at a trusted directory and a code that is a URL that does not contain an dots an applet can run without the sandbox. The vulnerability affects version 6 prior to update 24.
7b085d16fc224d04acc72867a334f80b6d2236665c25fefb9802bb1c7783d2acThis Metasploit module exploits a hidden account in the com.trinagy.security.XMLUserManager Java class. When using this account, an attacker can abuse the com.trinagy.servlet.HelpManagerServlet class and write arbitrary files to the system allowing the execution of arbitrary code. NOTE: This Metasploit module has only been tested against HP OpenView Performance Insight Server 5.41.0.
050081861cf9f50a5ad646217b0778ac53503dda9e87c16307c0f9afee856b4cThis Metasploit module exploits a directory traversal bug in Adobe ColdFusion. By reading the password.properties a user can login using the encrypted password itself. This should work on version 8 and below.
30d24479f36de7b6cb78e0669b676ca8ad8705ff92ec0b9d808502f823261cc0Multiple cross site scripting vulnerabilities have been discovered in the PerformanceManagement application module in SAP Crystal Reports Server 2008.
51f030365393b65a3456ecb53c5f5e39b1847584605dc54abbe2141bcba154a8SugarCRM versions 6.1.1 and below suffer from a list privilege restriction bypass vulnerability.
a294b9e72e838a381dedca4166df412f8e9cceeb2a4d6fe5ffa135e777b8126eNostromo (nhttpd) versions 1.9.3 and below suffer from a directory traversal vulnerability.
21642ad06a6be195db94145ad06272a939d44c4341d01becfc5db1a0b9bb3907MIT krb5 Security Advisory 2011-003 - The MIT Kerberos 5 Key Distribution Center (KDC) daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication (PKINIT) capability is enabled, resulting in daemon crash or arbitrary code execution (which is believed to be difficult).
b0ca25ea27a1f31338f24d60a05c7d8d56f653b8316aaf2ac49d655c3abd9ae7Whitepaper called Reversing Basics - A Practical Approach. It discusses reverse engineering a simple crackme using IDA Pro.
679c95da8af6c67f9a7bdc9c4101b0fcd4ae7db3c57d78433cadd6b580902064RSA Access Manager Server contains a potential vulnerability due to improper input handling that could be exploited by malicious people to gain unauthorized access to protected resources. Versions 5.5.x, 6.0.x, and 6.1.x are affected.
449ef96e8d46bd914e2bdef9ef656182b6dd2a2b660178b9639ff8ed403fda87EMC Avamar utilizes an internally developed service utility which can potentially transmit customer sensitive information in clear text for certain events to other EMC internal systems as part of normal operations. Also, emails configured to be sent by the customer to notify about these events, may also potentially contain sensitive information. Versions 5.0.0-407 and later but prior to 5.0.4 are affected.
9a390dc3cc984b6c2a56e2f3a6fcacfde236c63f99649b20ad281219bc7f950aEMC Avamar contains a potential privilege escalation vulnerability that may allow an authenticated user to obtain escalated administrative privileges in the affected system. Versions 5.0.4-26 and below are affected.
04f8e91f925dd81db300371745a3fc691eba8975aa3bd0d81547fb9578dc8badSecunia Security Advisory - A vulnerability has been reported in Citrix Secure Gateway, which can be exploited by malicious people to compromise a vulnerable system.
896fef1e432c6e4fa985c3cec023a8cfaa292bd12b8cefb169fd0068d96e360cSecunia Security Advisory - A vulnerability has been discovered in jQuery Mega Menu Widget plugin for WordPress, which can be exploited by malicious people to disclose potentially sensitive information.
7f8ce038cee48dd1e74591a838ceb01d77b9a42fef9bc9c3c596d71f40270a25Secunia Security Advisory - A vulnerability has been discovered in the IGIT Posts Slider Widget plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
3d9f72bb4a0b6b9c7ad1f1a3bce47d01e5ec52a6aab725aaf18ff99fcb1e314fSecunia Security Advisory - A vulnerability has been reported in the ComicPress Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
af73eca68c6a3f479cb7c2bdedf7e1a2905627555bcbea8bf7f6bf6a9b082c68sfWpCumulusPlugin for Symfony suffers from a cross site scripting vulnerability.
886bb00a439b512a682d6f5f86316c55c1f9d8deef67c2c0781ed6fbe95ae01aUbuntu Security Notice 1088-1 - Cameron Meadors discovered that the MIT Kerberos 5 Key Distribution Center (KDC) daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication (PKINIT) capability is enabled. This could allow a remote attacker to cause a denial of service.
eb748ff1ea1b858e0d288934566d4d38ddd39892f0b180a86f346cc403fd7926
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed