Showing 1 - 4 of 4

Files Date: 2012-06-09

phpAccounts 0.5.3 SQL Injection: Posted Jun 9, 2012; Authored by loneferret; phpAccounts version 0.5.3 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 30cdfeba324743b1bf4c4c95682a87039a6577116abd1abe95054f052c5f2cf5; Download | Favorite | View

Zero Day Initiative Advisory 12-092: Posted Jun 9, 2012; Authored by Tipping Point | Site zerodayinitiative.com; Zero Day Initiative Advisory 12-092 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles audio encoded with the QCELP codec. The codec allows you to specify the 'block_size' that is used. This size is used to create an allocation to hold the data, but a hardcoded blocksize is later used to copy data into that allocation. This could lead to remote code execution under the context of the current user.; tags | advisory, remote, arbitrary, code execution; advisories | CVE-2011-4247; SHA-256 | 380a02510159c9cdf960797da6f1c88b06cb8a4e5eafa4f9a55b560e374118c2; Download | Favorite | View

Zero Day Initiative Advisory 12-091: Posted Jun 9, 2012; Authored by Tipping Point | Site zerodayinitiative.com; Zero Day Initiative Advisory 12-091 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists because Symantec Web Gateway allows unauthenticated users to upload a file while preserving the file extension. This allows users to upload additional script files that can be used to execute remote code from user supplied commands under the context of the webserver.; tags | advisory, remote, web, arbitrary; advisories | CVE-2012-0299; SHA-256 | e6455c20b1364db65ee13fb4709268297326339c75eaaeafc7611ed4f8084cdd; Download | Favorite | View

Zero Day Initiative Advisory 12-090: Posted Jun 9, 2012; Authored by Tipping Point | Site zerodayinitiative.com; Zero Day Initiative Advisory 12-090 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to insufficiently filtered user-supplied data used in a call to exec() in multiple script pages. The affected scripts are located in '/spywall/ipchange.php' and 'network.php'. There is also a flaw in '/spywall/download_file.php' that allows unauthenticated users to download and delete any file on the server.; tags | advisory, remote, web, arbitrary, php; advisories | CVE-2012-0297; SHA-256 | 27dcc990753c286009309447bb9c72ba6733589421579106d30bc8c69f3a95ef; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days