Sitecom MD-253 and MD-254 Network Storage reverse shell exploit that combines file upload and command injection vulnerabilities.
4c49dfca908c07a42f80b9ba3833053ddca2ed0b88eee000424d387808d21d50TWE CMS suffers from a remote SQL injection vulnerability.
f1f0355cdf1a8a35b7d3e9a315b67779df67052cbd13d6c00b34f654fd2788b6Debian Linux Security Advisory 2546-1 - Timo Warns discovered that the EAP-TLS handling of freeradius, a high-performance and highly configurable RADIUS server, is not properly performing length checks on user-supplied input before copying to a local stack buffer. As a result, an unauthenticated attacker can exploit this flaw to crash the daemon or execute arbitrary code via crafted certificates.
ed52d45c73c0d59fbc9ec78912eeefe168da4ef39d47e38fe08bbe2a2f58abb6Red Hat Security Advisory 2012-1259-01 - Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network.
37b20bb55b5cac2a78ef3d512a2dcd040a9fa6e30e2802150f11501eda2c1742Red Hat Security Advisory 2012-1258-01 - Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network.
e7c3357cb6c8f7846df113bcf13f4689158037c3437cb2228958e385d53137beDebian Linux Security Advisory 2547-1 - It was discovered that BIND, a DNS server, does not handle DNS records properly which approach size limits inherent to the DNS protocol. An attacker could use crafted DNS records to crash the BIND server process, leading to a denial of service.
eff9202309704a0080d4c59195a2cc92f4b75958b293c816b1cf95a4eae5ce45Webify Business Directory suffers from a remote arbitrary file deletion vulnerability.
8e19d1a444a7bd93acef46dd1822e9828a592ec9279ab441c740eb64db723273Webify eDownloads Cart suffers from a remote arbitrary file deletion vulnerability.
006bdecd722d84197f1f5823d9c261de54427f122f4550a4cb5985fbadbe7bf2CMS United suffers from a remote SQL injection vulnerability.
1b31e7c825bd2b0da07f93cb62620efec335570d3ebe4469182773e2a291b041WordPress Krea3AllMedias third party plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
82781413cae2166f326ac53a670a474a65d6db5c197757581b095f4f6d13833dSites designed by Centersite suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
2cb74f7fd2a3daf7b9da13be77c4c064c52c23e62dc6363e8950bccd66204ccfSites designed by S&S Computer Imaging suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
5f6b1b230881b9f7d90e592109e2903a72628af3bfef91c14ff7e8d7887058a7Dynamics of Design suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
52973b10fca6f0925d5ffa9b0be150ee5e1cec67eeda6ad2a4f166a65d080f6fWordPress Tierra Audio third party plugin suffers from full path disclosure and directory listing vulnerabilities. Note that this finding houses site-specific data.
eb8bf13ce083445d9f8934609a93b31fdbda0da617aced0b90568a7a46902d18Secunia Security Advisory - IBM has acknowledged multiple vulnerabilities in IBM Java, which can be exploited by malicious, local users to disclose potentially sensitive data and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
d66507a314fd4a1c5c50e36fad966bb3459c05d51bb4a9d1331c64fa545a1d5bSecunia Security Advisory - SUSE has issued an update for compat-openssl097g. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
0b8ebbcd79802cb13a8e53691abf2b921098a7e72b67b5f75bee743020e4b31eSecunia Security Advisory - EMC has acknowledged a weakness in RSA BSAFE, which can be exploited by malicious people to disclose potentially sensitive information and hijack a user's session.
ea919627a70832af99f9916a0fa7436a890b000927459651dcd9ab780c889315Secunia Security Advisory - A security issue has been reported in Bacula, which can be exploited by malicious users to bypass certain security restrictions.
00b889bf7c3f53e35dd56613f8a7887479246ec87db144e5c9c9bc96b6579321Secunia Security Advisory - EMC has acknowledged a weakness and a vulnerability in RSA BSAFE, which can be exploited by malicious people to disclose sensitive information, hijack a user's session, and potentially compromise an application using the library.
c30573a5dee0abc28c4c8b866aa4f92637df44805b76944dca1e0df6162fad36Secunia Security Advisory - A vulnerability has been reported in Smarty, which can be exploited by malicious people to conduct cross-site scripting attacks.
284876a1e9b57851b2d2d73bd498b05cc16b223981f79b96022f0a989267a8e5Secunia Security Advisory - A vulnerability has been reported in Python trytond Module, which can be exploited by malicious users to bypass certain security restrictions.
8b4fc4431f3c32bf28600a573bc5ddd0665a5e8f08f015c6c4fbb161a33db63aSecunia Security Advisory - A security issue has been discovered in Akcms, which can be exploited by malicious people to disclose sensitive information.
98228f23d21c2bf4b6d3da9e1105fdac0bc317b6f4a8bf32fd337d3f62fc21adEMV, also known as "Chip and PIN", is the leading system for card payments world- wide. It is used throughout Europe and much of Asia, and is starting to be introduced in North America too. Payment cards contain a chip so they can execute an authentication protocol. This protocol requires point-of-sale (POS) terminals or ATMs to generate a nonce, called the unpredictable number, for each transaction to ensure it is fresh. The authors have discovered that some EMV implementers have merely used counters, timestamps or home-grown algorithms to supply this number. This exposes them to a "pre-play" attack which is indistinguishable from card cloning from the standpoint of the logs available to the card-issuing bank, and can be carried out even if it is impossible to clone a card physically (in the sense of extracting the key material and loading it into another card).
f84ee2e08154a6b99c6a080b531ba266efec1a3a793f9705959e779bb106cd3e72 bytes small Raspberry Pi Linux/ARM reverse_shell(tcp,10.1.1.2,0x1337) shellcode.
33477d9d007d6784386a6fd40196c1a6cc8adde4241c48bc9ed3a6600246f48630 bytes small Raspberry Pi Linux/ARM execve("/bin/sh",[0],[0 vars]) shellcode.
812eace2fa0e2e4dde574596e94fbdef1a568d857abd26d44693db4443a5a932
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed