AraDown suffers from a remote blind SQL injection vulnerability.
41e7b47921288cc2622e48e697fcad74d05977c7a323d075cf3df493214caa46WespaJuris versions 3.0 and below exploit that leverages multiple vulnerabilities in order to upload a shell.
c88b207a07a921881c04bb51f5e72349969de8ea379080cc49da4fee5d1b3689This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).
d858c8b6d6fe0d0ffc9d06afc12e482599a5ca2b027ef372734fa46886a66c4dThe uplay ActiveX component allows an attacker to execute any command line action. User must sign in, unless auto-sign in is enabled and uplay is not already running. Due to the way the malicious executable is served (WebDAV), the module must be run on port 80, so please ensure you have proper privileges. Ubisoft released patch 2.04 as of Mon 20th July.
b06a8a97e093f62b1f9d8ff1ae71702688d1cb47e94160036dd253ab69142e43CoolPlayer+ Portable version 2.19.2 buffer overflow exploit with ASLR bypass.
166843ef977577a858c2c28b45a618c91cb636c27690ed808c276fca44609888Oracle Business Transaction Management Server version 12.1.0.2.7 suffers from a FlashTunnelService remote file deletion vulnerability.
311f91db815c5072aac47198136e9ee10f620d76d370e8cac2b356c864e2ee5eYourOnlineAgents CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
08c47bd484b067291df87dd30298341a33104a747b55afc101b3888cdada0f17Opera.com suffers from a cross site scripting vulnerability during registration.
6295963fda07a45257b8abb964451700bcfe0fc0421fb156eff043655e4fe033Zoho BugTracker suffers from multiple stored cross site scripting vulnerabilities.
5f84abf0fd32b20d83731d75e8fa472c4d86148ea3ded99941f4e9ec38a9a318Oracle Business Transaction Management Server version 12.1.0.2.7 suffers from a remote code execution vulnerability in the FlashTunnelService WriteToFile message. Proof of concept included.
acb8d1760f5f38380a8cfd44a94ad8e001b2abf766fc39b9cc5f2f92f8d61758VMware's vendor website service application suffers from multiple cross site scripting vulnerabilities.
97fea96f5c77623458d932b5ee192d04609a250f496344ae5ccebf8f7fa24694iAuto Mobile Application 2012 suffers from multiple cross site scripting vulnerabilities.
6fcd4bdd4e9f9da4b8ee80d130444bbd608889f7016cdbbe4cd6eac9b18fdc47Mandriva Linux Security Advisory 2012-125 - It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This advisory provides the latest version of Wireshark (1.4.14, 1.6.8) which is not vulnerable to these issues.
9e87ddc3fea6ac41e4d9377c1943007652e3a474c5e39060f4f84cb334d16997HP Security Bulletin HPSBMU02798 SSRT100908 - Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). Revision 1 of this advisory.
a885cd01ca8cd93fe66e4e8013b2d793165bb1bcc6b061769b8c443a13f18e3fAOL products downloadUpdater2 plugin suffers from a remote code execution vulnerability. Proof of concept included.
5dd419850203744eecbd83ce5e621ac6ad8521036c7ff6ea92f36ad34d871c9dInoutmail Webmail CMS 2012 suffers from a cross site scripting vulnerability.
d8b9e67d54c9d90d74f9052a85dac0ea25191ec820d9607b7be90a978e3b1ab3Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.
76ca25d4f7c84938b67595662b7b2a2ccc1f026c5fd38878da67d399c829206cJoomla Enmasse component remote SQL injection exploit.
cf821d066145cc0aaa6bf61dac10e9bf55b1cb6536262dcf10639062c8982c56Debian Linux Security Advisory 2525-1 - It was discovered that Expat, a C library to parse XML, is vulnerable to denial of service through hash collisions and a memory leak in pool handling.
848c3eb00844f54221e2042582ec3fba9c8596a608dd661ee1ed3f8fdc13fcb6Secunia Security Advisory - A vulnerability has been reported in NVIDIA Graphics Drivers for Linux, which can be exploited by malicious, local users to potentially gain escalated privileges.
a4d7a89a52823ee72e2d9c1b6867da8316cbe73c3406841aa4fb1e2b1d525648Secunia Security Advisory - Ubuntu has issued an update for nvidia-graphics-drivers. This fixes a vulnerability which can be exploited by malicious, local users to potentially gain escalated privileges.
2eb5d533cfcdb87f080e49702bf297ae62062fa49729a3ee3845b1ff8d06cc66Secunia Security Advisory - Debian has issued an update for globus-gridftp-server. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
ed41f44e3b0b071a4b2c879a145f99965553ad8cdb77a72f4a087a93b9f0f033Secunia Security Advisory - Accuvant Labs has reported a vulnerability in KOffice, which can be exploited by malicious people to compromise a user's system.
ac14bbaedc29c2f936ec38bc639b32637749fa45449b932c1eaaf1935a45b3f7Secunia Security Advisory - Debian has issued an update for expat. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
a08cff871694f7e8edfadb551932b52d7279d0e2bbdd430a360ca65e0df88a44Secunia Security Advisory - A vulnerability has been reported in Intuit GoPayment, which can be exploited by malicious people to disclose certain sensitive information.
296d497cb44a6a3bb9e277edfabe66ef50ab505c27ed5b60a0cfc4ecf6bc7315
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed