This Metasploit module exploits the SEListCtrlX ActiveX installed with the SIEMENS Solid Edge product. The vulnerability exists on several APIs provided by the control, where user supplied input is handled as a memory pointer without proper validation, allowing an attacker to read and corrupt memory from the target process. This Metasploit module abuses the methods NumChildren() and DeleteItem() in order to achieve memory info leak and remote code execution respectively. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP SP3 and Windows 7 SP1, using Solid Edge 10.4.
e226e603a3f8f22c21c0f2712cbfeaa7a0838b3fecca9d66915509a6db1d2185
Red Hat Security Advisory 2013-1402-01 - Adobe Reader allows users to view and print documents in Portable Document Format. Adobe Reader 9 reached the end of its support cycle on June 26, 2013, and will not receive any more security updates. Future versions of Adobe Acrobat Reader will not be available with Red Hat Enterprise Linux. The Adobe Reader packages in the Red Hat Network channels will continue to be available. Red Hat will continue to provide these packages only as a courtesy to customers. Red Hat will not provide updates to the Adobe Reader packages.
15112bbb2757da8d97c09071d647a3eed807bc162c6815d183d625c1fbc5bc1c
Drupal Quick Tabs third party module versions 6.x and 7.x suffer from an access bypass vulnerability.
b146de9016fc6e95091150c9aed5700cf4891ef1dd8f89a660eb7f867382efe5
Cisco Security Advisory - Cisco IOS XR Software version 4.3.1 contains a vulnerability that could result in complete packet memory exhaustion. Successful exploitation could render critical services on the affected device unable to allocate packets resulting in a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
6d404124b869068e9d1fb227d65ef05b716547ed226f50f43230aba22391e4c5
Gnew version 2013.1 suffers from file inclusion and remote SQL injection vulnerabilities.
5199ad852acda0940d57030b7959f51f670c52fe7e8e02ec5f376e9a5ea53bec
GLPI version 0.84.1 suffers from improper access control bypass and PHP code injection vulnerabilities.
eff44306fe558c9ddee7deaada237abd8335437f7528971070868f8ecce632f6
ClipBucket suffers from a remote code execution vulnerability that allows for a shell upload.
da2f74182f3ada40b94de330c0a44721cab69310c2e568b8c1e64aae6164dbf2
The Facebook debugger tool allows for arbitrary port scanning through Facebook's systems, based upon responses received for open ports versus closed ports. In addition to this, Facebook suffers from an open redirection vulnerability.
3d59bd6ecabdd925d88119c5b3ccec4e9cee1f6557665ba434f2bd600c213c89
The Semper Fi Web Design WordPress plugin suffers from a cross site scripting vulnerability due to the use of stripcslashes().
2c1c34797bbfda372b7ccd583f5cd48d7f0a94a81c2eabecd541fa90ca61a321
Digital Whisper Electronic Magazine issue 45. Written in Hebrew.
b440a356de647c092c92d1c874bf443f68d9d4200aaf8fe6d6a412fa4dcca7f3
WordPress Social Hashtag plugin version 2.0.0 suffers from a cross site scripting vulnerability.
7bf7ae4b6feba80a69e7d845f070293668773ceb1f16c07383517dbebe7de626
This is a brief whitepaper that covers XPATH injection attacks and use cases.
72d2972397b3492bd0d1d375cb0e92be5b5ce54c9372c0809f8b6dc6a39cc58d
codecrypt is a GnuPG-like program for encryption and signing that uses only quantum-computer-resistant algorithms.
eee6b58d11a9fae9a72b635655881b8340d3bf27af3db8035b8ce96953f03074
This archive contains all of the 156 exploits added to Packet Storm in September, 2013.
dfb4ce944f8b9d50311d3c0f4103f34084e4c7841c73cd06b55a1514de0c82ba
Core Security Technologies Advisory - A security vulnerability was discovered in PineApp Mail-SeCure Suite, allowing a non-privileged attacker to get a root shell by sending a specially crafted command from the Mail-SeCure console. A valid user account is needed to launch the attack, so this is a privileged escalation vulnerability that can be exploited locally only. All Mail-SeCure versions prior to 3.70 are affected.
d5784fca160f27d4512fc94c354e9db07e14b87205f4f9a1c92f11ca795c0ad8