This Metasploit module exploits a vulnerability in ActFax Server 5.01 RAW server. The RAW Server can be used to transfer fax messages to the fax server without any underlying protocols. To note significant fields in the fax being transfered, like fax number and recipient, you can use ActFax data fields. @F506,@F605, and @F000 are all data fields that are vulnerable. This has been fixed in a beta version which will not be pushed to release until May 2013.
4a69b08e3f25832796905f1a619e884a1be0ddff4a7741e5aa998ad429b5daaeGNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
1d600717eee1f952e23d192288850a67948e92e0b1dee5d950d111b2670cbed7Google Chrome version 24.0.1312.57 fails to properly recognize HTTP Basic Authentication when injected in various HTML tags. As a result of this behavior Chrome will not alert the user when HTTP Basic Authentication is taking place or when credentials are rejected.
e316ddd6ab2e95da7b3c2e08ac9ea8e27e40250049abf354194730d177c70c74This Metasploit module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.
947c3e740f21931c7ef1cd3e576fdca5e6de25b2e58c1c570786397ac62955ddThis Metasploit module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.
9db02738e3d911d404dec888f15753cc6ace8f4996b9bf8064037d16d77e53a5A few weeks ago, DefenseCode announced the remote pre-auth root access exploit for Cisco Linksys. During further research, they have discovered that other router manufacturers are also vulnerable to the same vulnerability, since the vulnerable Broadcom UPnP stack is used across multiple router vendors. Rapid7 has produced some scary numbers surrounding how many routers are affected on the Internet.
973bb983a4d13f077857f0d5faee4a6aaf7969bdaa84af71296a5aabd7a67568Mandriva Linux Security Advisory 2013-008 - sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service via vectors related to incorrect calculation and a sort order index. Stack-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. The updated packages have been patched to correct these issues.
b49df6bc4397ad8618cab19cb79f3703b128fb5b64bd72878f5ca80369c7124bThe Microsoft Skype GiftCards application suffers from multiple cross site scripting vulnerabilities.
cf8abc721feaf16edbdec7700d540b0a83197f500581fd8cc33afc04c7238248WirelessFiles version 1.1 suffers from local file inclusion and remote file access vulnerabilities.
3850602449bad921852b410c589969cec88b5db971be283eacaa3ba68c2677a6Cisco Security Advisory - Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device. Cisco has available free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
a44fd2ae255011f46fdf2f2dd21e8ae9bff6fff2f42ff72eaacd5943dc3fe15bCubeCart versions 5.0.0 through 5.2.0 suffer from a PHP object injection vulnerability in cubecart.class.php.
b8ea293ae015b63e23adb34ead1c724de72f0f626c8efabb09536e66ba543d0fWordPress CommentLuv version 2.92.3 suffers from a cross site scripting vulnerability.
ae48875150b20411b2335d809a224933fbe7bb20bfc97d57d235b86b2bf5e302WordPress Wysija Newsletters plugin version 2.2 suffers from cross site request forgery and remote SQL injection vulnerabilities.
9dde7457fba5a279d311d740eafd71d7c2ae6a2f5ae2fe36607c5399443b6fbeThe Hackito Ergo Sum 2013 Call For Papers has been announced. It will be held from May 2nd through the 4th, 2013 in Paris, France.
3b6b51704aabb88f069f1fde3a7d38ca1bb69ff0cbf949fa1738242708f96c47The VK social network at vk.com suffers from an open redirection vulnerability.
bd8c1780be2ec4a04a0a4a587a8024d0c4f67d722bfd08529ca171336aadd429Digital Whisper Electronic Magazine issue 39. Written in Hebrew.
79573a58ab62e55569c9c82d766db938701c9e781fe91f8b650de16e99c27926Secunia Security Advisory - A vulnerability has been reported in IBM System Storage SAN Volume Controller and Storwize V7000, which can be exploited by malicious people to bypass certain security restrictions.
0fa01b8c954f11df766d4fc663993a241d58cc29f0e58a77ffacdacb3c78dbffSecunia Security Advisory - A vulnerability has been reported in IBM System Storage SAN Volume Controller and Storwize V7000, which can be exploited by malicious people to bypass certain security restrictions.
0fa01b8c954f11df766d4fc663993a241d58cc29f0e58a77ffacdacb3c78dbffSecunia Security Advisory - Two vulnerabilities have been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).
7d1e4feab54d262c54480616e0769b5ef917e049544adc4237d0c8726b58ff8bSecunia Security Advisory - A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).
4ed820bbfddd667ee07e2c2e57ea1b5b18322c715e8782901e1c1f82dbb51097Secunia Security Advisory - James Clawson has discovered a weakness and multiple vulnerabilities in Nagios XI, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct spoofing, cross-site scripting, and cross-site request forgery attacks.
e2c59d9a85c7216cfd8758f57594b572bcc50d5f6eab228745f3322bbfe713e1Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service).
ed91805f613ab3984d5019dc8cb3691d8b9886f7d70286dabc8457e4a52c1198
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed