This Metasploit module exploits a vulnerability found in Distinct TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of 'SYSTEM'.
f9ed713ff3be483dd14a09fbef83afaa998846ace3aab19c3588c2a752aaa832
This Metasploit module exploits a vulnerability found in WikkaWiki. When the spam logging feature is enabled, it is possible to inject PHP code into the spam log file via the UserAgent header, and then request it to execute our payload. There are at least three different ways to trigger spam protection, this module does so by generating 10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6). Please note that in order to use the injection, you must manually pick a page first that allows you to add a comment, and then set it as 'PAGE'.
979dd7941c1071466332c8564dba032aa510362e1fb22f874339cf269936c50e
Debian Linux Security Advisory 2670-1 - Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from release announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches.
0653a473faa390234b73508340d08c8214f4c4547676ce3bc7b489056f6b8a4d
Red Hat Security Advisory 2012-0570-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts.
1f28378d0ad201c2be56e3429b494b0bf3230369093643c49c69f56fdcc942e8
This bulletin summary lists two re-released Microsoft security bulletins for May, 2012.
38e00533230827541928577359ace3c6629bc35bb69e64bd970ec68602541ed6
Debian Linux Security Advisory 2469-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
a3855fca7a7b37d79b7f6bcc79e55a1eb3f3c10c58793ebd4569091d400c8937
The t2'12 Call For Papers has been announced. It will take place October 25th through the 26th, 2012 in Helsinki, Finland.
907ffabf1abbb6e3f3eced4beda6b5211592757431268c359ff9bc6b2f7bbc1b
OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals, etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the source code release.
541d48c626a68f4fde63c7fca65c1f14bbaf9ece1f236099d199f6a931b408c7
EMC Information Rights Management (IRM) contains vulnerabilities that can potentially be exploited by malicious users to cause denial of service.
c110c54b95ad7c9787a2d6d0c64c6b9beafde60a2b5a5b539cc3671a8eb2bcb3
Mandriva Linux Security Advisory 2012-073 - A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can be exploited in a denial of service attack on both clients and servers. The updated packages have been patched to correct this issue.
54666cdfa2efbdfef9bc70d2dfc67f9deaea6c7ad3fe4059fb274292752c2164
Owncloud versions 3.0.3 and below suffer from a clear text ldap password disclosure vulnerability in owncloud.db.
31549886f764c292ef5d70e3a5a923ec24afda76b24471bdb34b6fc0fa48ebe5
QNX phrelay/phindows/phditto suffer from bpe_decompress stack overflow and Photon Session buffer overflow vulnerabilities. Proof of concept test code included.
a8febe1f7594f7227637fd1ab3e211df28595f24d5860319add7faa94e431a79
Adobe Photoshop version CS5.1 U3D.8BI suffers from a library collada asset elements stack based buffer overflow vulnerability. Proof of concept included.
3b56287d07b0ddbf3d319fb8f5847cc3fb85dc7f6c1df369e6873d52c0c28335
Kerio WinRoute Firewall Embedded Web Server version prior to 6 suffer from a source code disclosure vulnerability.
a9b2d547021c7228d6ca8bc163da0d1d602976d34a4d91607ab1178f64961ef6
eLearning Server version 4G suffers from remote file inclusion and remote SQL injection vulnerabilities.
41e20fa49cc1f8fdca910d1a1867f399a18b00b5955ee10221592384e80d1790
The WordPress Bad Behavior plugin suffers from multiple cross site scripting vulnerabilities.
39a4dfbfed1ff091b2170a63180a37194ebf673217a7d0fc2e945b4a2def914f
The WordPress BulletProof Security plugin suffers from a cross site scripting vulnerability.
c4c73a666f9c5b135276a6fb0f81181e11045470d01eda786e646c88c500260b
The WordPress Better WP Security plugin suffers from a cross site scripting vulnerability.
31227c75ab186bbc50acee0cd1c5fad5814d561a7fac16365b8a42bd0f7e4135
The WordPress Custom Contact Forms suffer from multiple cross site scripting vulnerabilities.
6fbdbdd9d16b2eecdf7564812c327cfa17babb9f81e82c4c9afda08562ba71e5
The WordPress 2-Click-Socialmedia-Buttons plugin suffers from a cross site scripting vulnerability.
0bb0732ad689e55347e573e1989e0f03f7afb1b9d317d6027800702fc33c87b4