PHP-Fusion version 7.02.04 suffers from a remote SQL injection vulnerability in weblinks.php.
336cf42e8dc8faa6b50900fe87f736405e406fd222446974eea37d4c2c4ef253This is a simple little port scanning script written in python.
ad34cb9d3975247aeac90686a80c09eb62fbcb41dbb7d953b4454b12630d2829This document specifies an algorithm for the generation of TCP Initial Sequence Numbers (ISNs), such that the chances of an off-path attacker guessing the sequence numbers in use by a target connection are reduced. This document revises (and formally obsoletes) RFC 1948, and takes the ISN generation algorithm originally proposed in that document to Standards Track, formally updating RFC 793.
1de02139d839860eb49ea553acf75e16b93a6326e4b0eda1ef0daa56433b89daTorrent-Stats suffers from a denial of service vulnerability in httpd.c.
800bc0f63fdba947738b01388e1c4834532ab1fc95c5b2912e467da4293d8011PHP 5.4SVN-2012-02-03 htmlspecialchars/entities buffer overflow proof of concept exploit.
7d9d68a3f64eb85daf94cd1428c3c855c5f69e5d8dbbbe3c5757e334382bf46dBSides Detroit 12 has announced its Call For Presenters. It will take place June 1st through the 2nd in Detroit, Michigan.
8ddd8b0bbb67c58efd7b496ba3179e010c0cf7b0a207d86528e511c8e938a61cHP Security Bulletin HPSBGN02740 SSRT100741 - A potential security vulnerability has been identified with HP Operations Manager, Operations Agent, Performance Agent, Service Health Reporter, Service Health Optimizer, and Performance Manager. The vulnerability can be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
7418d0451f1e1ba87babd8bf10bf3d28de3cfec8b7511fa6ad1c92a85606ed86Various NASA subdomains suffer from shell upload and remote SQL injection vulnerabilities.
f9277411d31f74135b7d8b55cd469dc0ee2d8891392968c97818206a6817974aDebian Linux Security Advisory 2403-1 - Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.
bbcaf9bacde93e6ba6e9cb4dfce9298a5d4f4801092f02f18b73ed6239c2c48dSecunia Security Advisory - HP has acknowledged a vulnerability in multiple HP products, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
2510d6ae95783ffa7bd0b8173f4b30d6e218e7258e1ab2b4351fd67963b9a155Secunia Security Advisory - Two vulnerabilities have been reported in the RTG Files extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
f2b0180fd7675b6dd2e6e1558565e1948b10ad8372e6cb748e64f1afe860cef4Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in 2X ApplicationServer TuxSystem ActiveX Control, which can be exploited by malicious people to manipulate certain data.
2ab0d932da86c475d4acc8a45fe1deeddb2a2401320ad2435c2f50b5398124afSecunia Security Advisory - Ubuntu has issued an update for usbmuxd. This fixes a vulnerability, which potentially can be exploited by malicious people with physical access to compromise a vulnerable system.
3680690ce0b9ba4cac5019935e645cdabb7d8527110030be38445277e2b9fe5cSecunia Security Advisory - Debian has issued an update for iceape. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system.
3dcb73e3eafa01141df2df3d127d044c68b9b47516b959d8e66088673b56ad0aSecunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Portal Platform. This fixes multiple weaknesses, a security issue, and multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system.
4d46d88fe1552e6fef5b6dc95b3fc4a042a2f4f0ea8038b01309fd5cfc6856bcSecunia Security Advisory - Prabhu S Angadi has discovered a vulnerability in Sphinx Mobile Web Server, which can be exploited by malicious people to conduct script insertion attacks.
c53a959f8318d131180c025a5eeb7280a7b9ac241cbdcbb9e8093e51d31d30b9Secunia Security Advisory - A weakness and two vulnerabilities have been reported in DotNetNuke, which can be exploited by malicious users to enumerate files on an affected system and bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks.
284bdc1cf5ff2c3f03a5ddb3699b77eb6c218d5454dada4c778ecef452cf8eb3Secunia Security Advisory - A vulnerability has been discovered in project-open, which can be exploited by malicious people to conduct cross-site scripting attacks.
d517d5923b67a3688950ed142d0cdaebee8a221028b114cd84d654f2ec36bea0dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts.
acd6962974b366615d52eda38b9efa9e28463c266a80b88cccc0bfb5f0026deaThe NetSarang Xlpd printer daemon version 4 suffers from a remote denial of service vulnerability. Proof of concept exploit included.
d109d13e6fc0ff37cda9997cc4f9db745daa155a93a66134074d8bbe18a8c310Achievo version 1.4.3 suffers from cross site scripting and remote SQL injection vulnerabilities.
c5d888cc5d96ea7a0d5ed27148675da50510a9ee66be018f11fe7ca786e93b96Foswiki suffers from a cross site scripting vulnerability.
6be24141745459eeaf32cb631743a60b84dd0d2249f8beb4e3273f5e3033b9b9This Metasploit module exploits a stack based buffer overflow found in the SNMP NetDBServer service of Sunway Forcecontrol <= 6.1 sp3. The overflow is triggered when sending an overly long string to the listening service on port 2001.
e52f022e2ed545bd142274261056cd28d052302e65c42387b95414958583c89bThis Metasploit module exploits a vulnerability in Icona SpA C6 Messenger version 1.0.0.1. The vulnerability is in the Downloader ActiveX Control (DownloaderActiveX.ocx). The insecure control can be abused to download and execute arbitrary files in the context of the currently logged-on user.
5ff82482c6d0cc8cb96eb23172d540f4d5ded54210dbc21fe3ea60715403632aOSCommerce version 3.0.2 suffers from a persistent cross site scripting vulnerability.
0a2520ea5c52566aba471703d7a80fc90e05ce97b35a678bdbc29dd0b250e477
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed