This Metasploit module exploits a vulnerability in the igssdataserver.exe component of 7-Technologies IGSS up to version 9.00.00 b11063. While processing a ListAll command, the application fails to do proper bounds checking before copying data into a small buffer on the stack. This causes a buffer overflow and allows to overwrite a structured exception handling record on the stack, allowing for unauthenticated remote code execution.
d6e50055a18ef8053fcab8d3dbb3013cea1bef5f64706db8cc621234903f31fbA reflected cross site scripting vulnerability in allocPSA version 1.7.4 can be exploited to execute arbitrary JavaScript.
c6d3929e70ce429ecd9432332d70868ebba842b7f609d46a711ea0c0063c3f99A reflected cross site scripting vulnerability in docMGR version 1.1.2 can be exploited to execute arbitrary JavaScript.
71981cc297341251677d9d7c40c9049a5c3f8ea76eb73f58fb860f2b94797246A local file inclusion vulnerability in eFront version 3.6.9 build 10653 can be exploited to include arbitrary files.
757d4d3ff27349cbcb4076c56397b29175bb764572af206f95a0de8ef3b1b26aA reflected cross site scripting vulnerability in eFront version 3.6.9 build 10653 can be exploited to execute arbitrary JavaScript.
e423ef5df13b78150b6b93df88be757d9b632b4929d23d96835f32256985f094A reflected cross site scripting vulnerability in HTML2PDF version 4.02 can be exploited to execute arbitrary JavaScript.
b1643cd1a55ddb0dabefeaff559e6c67d874bbd2bc771f1d91e43238efea560bA local file inclusion vulnerability in Jcow version 4.2.1 can be exploited to include arbitrary files.
d691b724a1767a1b7c65676e99b37b35e412f01c91ba255452ddfe3ee8b3b66eAn arbitrary upload vulnerability in NoticeBoardPro version 1.0 can be exploited to upload a PHP shell.
42eb351b7dcc9619cd585b9ac55004622fee7da9c5c55b7c016edc723f4644a1A SQL injection vulnerability in NoticeBoardPro version 1.0 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
7bc77fa2826526d53979b3c39a01fcc657ba86945a552ee4b77da29a7dfbdbf1A reflected cross site scripting vulnerability in openQRM version 4.8 can be exploited to execute arbitrary JavaScript.
d7d2209a239bb9bd6b5d18d36806bc27bb94b901bcb654fbf6cc920d8ef9a918A local file inclusion vulnerability in phpMyChat Plus version 1.93 can be exploited to include arbitrary files.
7473613dd8fef214fe65bb5d88818fc794c6df66621c4633c4d8b3eecfdb2796A local file inclusion vulnerability in Vanilla Forum version 2.0.17.9 can be exploited to include arbitrary files.
6d6f7abc83ce79333088d0061f3a68c539a14aad653d858429bd3497a68ee023Mandriva Linux Security Advisory 2011-087 - The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service X position or Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions. The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation. The updated packages have been upgraded to 2.28.3 which is not vulnerable to these issues.
071cbada81358e2a216406d81427278602a3d81ce6f686ff9d33a09a53583363The WebTech 2011 Call For Papers has been announced. It will take place from October 10th through the 12th, 2011 in Mainz, Germany.
05fb17867fb8f9a278e4ade37bcbfaef101b0948e68ea9c0d1504bcc445af491nSense Vulnerability Research Security Advisory - It is possible to cause a denial of service in Novell's LDAP-SSL daemon due to the system blindly allocating a user-specified amount of memory. Exploiting the issue on a Netware system will cause a system-wide DoS condition.
972238c95111a6fb64022b85c2982b7c92402fed540695e47f81e34f5d96e993Vmware vSphere Management Assistant (vMA) suffers from a local privilege escalation vulnerability.
00cf8c44a6d902ca66053c39cade132def8aa3357eed4f38516bf8a5094862aaQuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
0222c6eae1b59eab957306ca2b00a8c50513132b563bbd76b327300a3b99b354Steam Cloud suffers from a denial of service vulnerability.
50dd11160d8ffe10cc9dbcc013fe67d028576b3170b94e14d7e4a9c051f53988Mandriva Linux Security Advisory 2011-086 - A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those commands with pkexec. The updated packages have been patched to correct this issue.
4d1378d24d238c4a412b7901ca0ad28b94cd0c13aeb47449cf04e14e9c9fa2d1BadAss is a Ruby script that makes it very easy to perform cracking attacks, port scanning, and more.
f60b8cfe78a679c56d4b810db3e6e9bc7ced2dc2f8f463b2b80af1729f0bf974Secunia Security Advisory - Alexander Gavrun has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system.
1b81d4bf7f2645bba055cce2682a81346ec892113e638d0b765e68ff07758372Secunia Security Advisory - A vulnerability has been discovered in GuppY, which can be exploited by malicious people to conduct cross-site request forgery attacks.
29ca1e620a548ca571f038746ba441986dcb09ab6837d413ddfb4c8ec755116cSecunia Security Advisory - AutoSec Tools has discovered a vulnerability in allocPSA, which can be exploited by malicious people to conduct cross-site scripting attacks.
b14d0e35a6bc5ba5a9b304e7903d9f47ef82280d5a7e736490e20a9402324878Secunia Security Advisory - Some vulnerabilities have been reported in Crucible, which can be exploited by malicious people to conduct cross-site scripting attacks.
c2462b8ab7dd641a36ad005e0f660323498cfe375aaf1e61d1c9b9eed046731bSecunia Security Advisory - Fedora has issued an update for perl-Mojolicious. This fixes two vulnerabilities, where one has an unknown impact and the other can be exploited by malicious users to conduct script insertion attacks.
17a7d4e9fc0400f414731fe81b37e1d846afe1055296df5ddcb19f38638203e3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed