Sitecom MD-253 and MD-254 Network Storage reverse shell exploit that combines file upload and command injection vulnerabilities.
4c49dfca908c07a42f80b9ba3833053ddca2ed0b88eee000424d387808d21d50
TWE CMS suffers from a remote SQL injection vulnerability.
f1f0355cdf1a8a35b7d3e9a315b67779df67052cbd13d6c00b34f654fd2788b6
Debian Linux Security Advisory 2546-1 - Timo Warns discovered that the EAP-TLS handling of freeradius, a high-performance and highly configurable RADIUS server, is not properly performing length checks on user-supplied input before copying to a local stack buffer. As a result, an unauthenticated attacker can exploit this flaw to crash the daemon or execute arbitrary code via crafted certificates.
ed52d45c73c0d59fbc9ec78912eeefe168da4ef39d47e38fe08bbe2a2f58abb6
Red Hat Security Advisory 2012-1259-01 - Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network.
37b20bb55b5cac2a78ef3d512a2dcd040a9fa6e30e2802150f11501eda2c1742
Red Hat Security Advisory 2012-1258-01 - Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network.
e7c3357cb6c8f7846df113bcf13f4689158037c3437cb2228958e385d53137be
Debian Linux Security Advisory 2547-1 - It was discovered that BIND, a DNS server, does not handle DNS records properly which approach size limits inherent to the DNS protocol. An attacker could use crafted DNS records to crash the BIND server process, leading to a denial of service.
eff9202309704a0080d4c59195a2cc92f4b75958b293c816b1cf95a4eae5ce45
Webify Business Directory suffers from a remote arbitrary file deletion vulnerability.
8e19d1a444a7bd93acef46dd1822e9828a592ec9279ab441c740eb64db723273
Webify eDownloads Cart suffers from a remote arbitrary file deletion vulnerability.
006bdecd722d84197f1f5823d9c261de54427f122f4550a4cb5985fbadbe7bf2
CMS United suffers from a remote SQL injection vulnerability.
1b31e7c825bd2b0da07f93cb62620efec335570d3ebe4469182773e2a291b041
WordPress Krea3AllMedias third party plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
82781413cae2166f326ac53a670a474a65d6db5c197757581b095f4f6d13833d
Sites designed by Centersite suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
2cb74f7fd2a3daf7b9da13be77c4c064c52c23e62dc6363e8950bccd66204ccf
Sites designed by S&S Computer Imaging suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
5f6b1b230881b9f7d90e592109e2903a72628af3bfef91c14ff7e8d7887058a7
Dynamics of Design suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
52973b10fca6f0925d5ffa9b0be150ee5e1cec67eeda6ad2a4f166a65d080f6f
WordPress Tierra Audio third party plugin suffers from full path disclosure and directory listing vulnerabilities. Note that this finding houses site-specific data.
eb8bf13ce083445d9f8934609a93b31fdbda0da617aced0b90568a7a46902d18
Secunia Security Advisory - IBM has acknowledged multiple vulnerabilities in IBM Java, which can be exploited by malicious, local users to disclose potentially sensitive data and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
d66507a314fd4a1c5c50e36fad966bb3459c05d51bb4a9d1331c64fa545a1d5b
Secunia Security Advisory - SUSE has issued an update for compat-openssl097g. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
0b8ebbcd79802cb13a8e53691abf2b921098a7e72b67b5f75bee743020e4b31e
Secunia Security Advisory - EMC has acknowledged a weakness in RSA BSAFE, which can be exploited by malicious people to disclose potentially sensitive information and hijack a user's session.
ea919627a70832af99f9916a0fa7436a890b000927459651dcd9ab780c889315
Secunia Security Advisory - A security issue has been reported in Bacula, which can be exploited by malicious users to bypass certain security restrictions.
00b889bf7c3f53e35dd56613f8a7887479246ec87db144e5c9c9bc96b6579321
Secunia Security Advisory - EMC has acknowledged a weakness and a vulnerability in RSA BSAFE, which can be exploited by malicious people to disclose sensitive information, hijack a user's session, and potentially compromise an application using the library.
c30573a5dee0abc28c4c8b866aa4f92637df44805b76944dca1e0df6162fad36
Secunia Security Advisory - A vulnerability has been reported in Smarty, which can be exploited by malicious people to conduct cross-site scripting attacks.
284876a1e9b57851b2d2d73bd498b05cc16b223981f79b96022f0a989267a8e5
Secunia Security Advisory - A vulnerability has been reported in Python trytond Module, which can be exploited by malicious users to bypass certain security restrictions.
8b4fc4431f3c32bf28600a573bc5ddd0665a5e8f08f015c6c4fbb161a33db63a
Secunia Security Advisory - A security issue has been discovered in Akcms, which can be exploited by malicious people to disclose sensitive information.
98228f23d21c2bf4b6d3da9e1105fdac0bc317b6f4a8bf32fd337d3f62fc21ad
EMV, also known as "Chip and PIN", is the leading system for card payments world- wide. It is used throughout Europe and much of Asia, and is starting to be introduced in North America too. Payment cards contain a chip so they can execute an authentication protocol. This protocol requires point-of-sale (POS) terminals or ATMs to generate a nonce, called the unpredictable number, for each transaction to ensure it is fresh. The authors have discovered that some EMV implementers have merely used counters, timestamps or home-grown algorithms to supply this number. This exposes them to a "pre-play" attack which is indistinguishable from card cloning from the standpoint of the logs available to the card-issuing bank, and can be carried out even if it is impossible to clone a card physically (in the sense of extracting the key material and loading it into another card).
f84ee2e08154a6b99c6a080b531ba266efec1a3a793f9705959e779bb106cd3e
72 bytes small Raspberry Pi Linux/ARM reverse_shell(tcp,10.1.1.2,0x1337) shellcode.
33477d9d007d6784386a6fd40196c1a6cc8adde4241c48bc9ed3a6600246f486
30 bytes small Raspberry Pi Linux/ARM execve("/bin/sh",[0],[0 vars]) shellcode.
812eace2fa0e2e4dde574596e94fbdef1a568d857abd26d44693db4443a5a932