CubeCart versions 5.0.7 and below suffer from an insecure backup file handling vulnerability.
4ad0bade6b43f93bb55527eb3f44f901936684bc818abacd7c7a8ba1a7d090bbtcgetkey is a set of tools that deal with acquiring physical memory dumps via FireWire and then scan the memory dump to locate TrueCrypt keys and finally decrypt the encrypted TrueCrypt container using the keys. It is a proof of concept and only works against TrueCrypt running on Linux hosts.
fd1ca946bf249034b70df9e906adf2257e7c7ba2d5c950bee07fc421f5efa391This Metasploit module exploits a stack based buffer overflow on RealPlayer versions 15.0.6.14 and below. The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section. This Metasploit module generates a malicious rm file which must be opened with RealPlayer via drag and drop or double click methods. It has been tested successfully on Windows XP SP3 with RealPlayer 15.0.5.109.
f1c623bc1dcad36e79d57718a63066d97b024a30199457832d62e68170935185This Metasploit module exploits a vulnerability found in WordPress plugin Asset-Manager versions 2.0 and below. By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.
81b75da9229bb9ea397205ad2f8f36a7be52ab7edb32882060a059e87e819740Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
877f0fde7a1b9bb0cdd0999db9a608db6beb44a3c5860736fcb665139c816ff8SonicWall Email Security version 7.4.1.x suffers from a persistent cross site scripting vulnerability.
7b65bbace4bdb5f0e1d2c16ffbaaeb17804008aad4232e2101248a191518d805Log Analyzer version 3.6.0 suffers from a cross site scripting vulnerability.
f987ab8bbed2ee70d4fd2071548210b7b53ce96342dea67455f31fb3d9addeb1Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
feffed3a6f9712581d6d3919879040b1a1af45225b1010a4993bf862650b8bd0The Polycom HDX Video End Points web management interface suffers from a cross site scripting vulnerability.
c33a77f2c171969139be48d5bb5f627a19f1a2eb5aac6100b6844b72341d03acDebian Linux Security Advisory 2591-1 - Multiple security issues have been found in Mahara, an electronic portfolio, weblog, and resume builder, which can result in cross-site scripting, clickjacking or arbitrary file execution.
390bb5471860b52761704077ff7b8ecce39f0e34112b25385a74becd6479363dThis is a whitepaper discussing insecure authentication control in J2EE implemented using sendRedirect().
b2a82a30b0720aba342064d33edf9fea0ba6e7a76c0c2af4a6533a79e5904233
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed