AraDown suffers from a remote blind SQL injection vulnerability.
6c30b677c0ba2bc5d3786ec00566a8a8WespaJuris versions 3.0 and below exploit that leverages multiple vulnerabilities in order to upload a shell.
2a78ca2749eedfb5c2995af792146e22This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).
301b2e3f021a35617717fcccfd8f4870The uplay ActiveX component allows an attacker to execute any command line action. User must sign in, unless auto-sign in is enabled and uplay is not already running. Due to the way the malicious executable is served (WebDAV), the module must be run on port 80, so please ensure you have proper privileges. Ubisoft released patch 2.04 as of Mon 20th July.
d11a8dbcc1ac1eb4891e9236623d06eaCoolPlayer+ Portable version 2.19.2 buffer overflow exploit with ASLR bypass.
3b9c932b608c6adfb366d059b3e2fb27Oracle Business Transaction Management Server version 12.1.0.2.7 suffers from a FlashTunnelService remote file deletion vulnerability.
896c6723e4d3eb5be9d4fa7c77601292YourOnlineAgents CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
dcc5ba1061a0e5748c998d22d73bbd01Opera.com suffers from a cross site scripting vulnerability during registration.
060f602ff412c9e3c2ecc5e7587bb2cdZoho BugTracker suffers from multiple stored cross site scripting vulnerabilities.
4c0c0bff2e223b05a8201d4d63540300Oracle Business Transaction Management Server version 12.1.0.2.7 suffers from a remote code execution vulnerability in the FlashTunnelService WriteToFile message. Proof of concept included.
942dde996f9deaa3c951dcebc0fb416fVMware's vendor website service application suffers from multiple cross site scripting vulnerabilities.
c9c0343ea800e5377435905af90c31ebiAuto Mobile Application 2012 suffers from multiple cross site scripting vulnerabilities.
aefa8ae5d10f47614153515ed22a7b8dMandriva Linux Security Advisory 2012-125 - It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This advisory provides the latest version of Wireshark (1.4.14, 1.6.8) which is not vulnerable to these issues.
7ff77d1aa63bca1a0638545356f74bd7HP Security Bulletin HPSBMU02798 SSRT100908 - Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). Revision 1 of this advisory.
9c4f0d725632ffd6c097ffed63f04fbfAOL products downloadUpdater2 plugin suffers from a remote code execution vulnerability. Proof of concept included.
4e869fb75d06d79472c0d6cb106c9e8dInoutmail Webmail CMS 2012 suffers from a cross site scripting vulnerability.
5c79be60f8d9872fca01f04dc56ca0d5Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.
f6138b5aab418f3ad2c629194ea6cb46Joomla Enmasse component remote SQL injection exploit.
d40266b095a569c7ae98ef4b954ac54dDebian Linux Security Advisory 2525-1 - It was discovered that Expat, a C library to parse XML, is vulnerable to denial of service through hash collisions and a memory leak in pool handling.
bee79272ea2be6e83d58703f36c60b28Secunia Security Advisory - A vulnerability has been reported in NVIDIA Graphics Drivers for Linux, which can be exploited by malicious, local users to potentially gain escalated privileges.
55c0a84469bf6fab749c9d10437db2cdSecunia Security Advisory - Ubuntu has issued an update for nvidia-graphics-drivers. This fixes a vulnerability which can be exploited by malicious, local users to potentially gain escalated privileges.
eb89fb757978f6c9b541b261e522e27bSecunia Security Advisory - Debian has issued an update for globus-gridftp-server. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
b7033271f917f74e4e1c3b75c9f2f577Secunia Security Advisory - Accuvant Labs has reported a vulnerability in KOffice, which can be exploited by malicious people to compromise a user's system.
f41e5e79d555f60f68dcfd8f900fb43fSecunia Security Advisory - Debian has issued an update for expat. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
ecbb2e74a350eb926889ae4f0ba30af7Secunia Security Advisory - A vulnerability has been reported in Intuit GoPayment, which can be exploited by malicious people to disclose certain sensitive information.
c2fe942458524ff49e5023c7b0cd8b31
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed