This Metasploit module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval(), in InstantCMS versions 1.6.
e6fe49a21c081f6767abccc8e0116845SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
7a1d2931c78736c006ee34dfb6be4a75Kasseler CMS version 2 r1223 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
d4d50ae65b8c29fc9f0f8fab7b3364daOpenX version 2.8.10 suffers from cross site scripting and local file inclusion vulnerabilities.
b7d372283ec699afbe97e210670afa08Apple Security Advisory 2013-07-02-1 - Security Update 2013-003 is now available and addresses multiple arbitrary code execution vulnerabilities in QuickTime.
dbb8424ff0b31096bd7602718b30ec2cHP Security Bulletin HPSBUX02893 - Potential security vulnerabilities have been identified with HP-UX Apache running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform Cross Site Scripting (XSS). Revision 1 of this advisory.
763f7a99f3c52889387c7696a809b2a4HP Security Bulletin HPSBUX02889 SSRT101252 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.
cdb8997e52ddbd134f8fadb3ce4cd0adOpera 12.15 memory exhaustion denial of service proof of concept exploit.
e7a38a15557dd7efc3dd745de4d3982fRealtek Sound Manager AvRack crash proof of concept exploit.
079312d709a9354de424ab03c9252c5dNokia 1280 phones suffers from a denial of service vulnerability when receiving a large SMS.
91983364f1c9904cec9f1d012d8a868dUbuntu Security Notice 1897-1 - Jibbers McGee discovered that PyMongo incorrectly handled certain invalid DBRefs. An attacker could use this issue to cause PyMongo to crash, resulting in a denial of service.
93e0d41a854f17bc073fa5ddc6948b84Red Hat Security Advisory 2013-1014-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application.
f240f2e1536a009ade5d97fcbb908156Red Hat Security Advisory 2013-1013-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes.
8e7be06f0560bf7ce62b0b6f6281181eRed Hat Security Advisory 2013-1011-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes.
82a11145c9ffd62ab05d50efe254a6f1Red Hat Security Advisory 2013-1012-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes.
b07f39e4f1f69a9201b2b7d0e910f596Ubuntu Security Notice 1890-2 - USN-1890-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in Firefox using the wrong network proxy settings. This update fixes the problem.
7d4614a10f7f18c477dbc5d72cfd67e6Ubuntu Security Notice 1896-1 - Florian Weimer discovered that the Module::Signature perl module incorrectly loaded unknown ciphers from relative directories. An attacker could possibly use this flaw to execute arbitrary code when a signature is verified.
c10bcbe452f716e58bf43aa252f746baDebian Linux Security Advisory 2718-1 - Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches.
58ec8e6dd185e2bf83d991352df10a14Linksys versions EA2700, EA3500, E4200, EA4500 using lighttpd 1.4.28 and Utopia on Linux 2.6.22 suffer from an unauthenticated access vulnerability.
5a1284c6192df7a3cda5a1165f391709WordPress versions 3.5.1 and below suffer from multiple cross site scripting vulnerabilities.
7ff3fd09d500af42c2782108bba05ac9
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed