This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting Zabbix versions 2.0.8 and lower. The SQL injection issue can be abused in order to retrieve an active session ID. If an administrator level user is identified, remote code execution can be gained by uploading and executing remote scripts via the 'scripts_exec.php' file.
43e33eef7564de8ef7460b90f5eacf0b5e096e9067163c4790e0950c800b1b87This Metasploit module exploits a stack-based buffer overflow in the Hewlett-Packard Data Protector product. The vulnerability, due to the insecure usage of _swprintf, exists at the Cell Request Service (crs.exe) when parsing packets with opcode 211. This Metasploit module has been tested successfully on HP Data Protector 6.20 and 7.00 on Windows XP SP3.
012e016b24b2c26e511cc5510500cd5238be83253a10e49838760b44e27f4253This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. It was originally found being exploited in the wild targeting Japanese and Korean IE8 users on Windows XP, around the same time frame as CVE-2013-3893, except this was kept out of the public eye by multiple research companies and the vendor until the October patch release. This issue is a use-after-free vulnerability in CDisplayPointer via the use of a "onpropertychange" event handler. To set up the appropriate buggy conditions, we first craft the DOM tree in a specific order, where a CBlockElement comes after the CTextArea element. If we use a select() function for the CTextArea element, two important things will happen: a CDisplayPointer object will be created for CTextArea, and it will also trigger another event called "onselect". The "onselect" event will allow us to set up for the actual event handler we want to abuse - the "onpropertychange" event. Since the CBlockElement is a child of CTextArea, if we do a node swap of CBlockElement in "onselect", this will trigger "onpropertychange". During "onpropertychange" event handling, a free of the CDisplayPointer object can be forced by using an "Unslect" (other approaches also apply), but a reference of this freed memory will still be kept by CDoc::ScrollPointerIntoView, specifically after the CDoc::GetLineInfo call, because it is still trying to use that to update CDisplayPointer's position. When this invalid reference arrives in QIClassID, a crash finally occurs due to accessing the freed memory. By controlling this freed memory, it is possible to achieve arbitrary code execution under the context of the user.
b81ef79beb6b40ba18f17d324392436ed6e432b070c679e6f4a3ed30964a2dfdDebian Linux Security Advisory 2779-1 - Aki Helin of OUSPG discovered many out-of-bounds read issues in libxml2, the GNOME project's XML parser library, which can lead to denial of service issues when handling XML documents that end abruptly.
4682eeca0f934912986654d74a9f0a116b0158b32579eddd8bf333493da86f86aMSN version 0.98.9 suffers from local file inclusion and remote SQL injection vulnerabilities.
139d345468fde77a4b91ccbd0e3b2625bfaeb5e36d34915fa821a8700d4bfe52The Passwords^13 Call For Submissions has been announced. It will be held December 2nd through the 3rd, 2013.
3390c568b1f38f866637d47d3dd6eb69335f65c39bc82e9f2e71ecbaa112e9e2mp3-player versions 2.5 and below suffer from cross site scripting and content spoofing vulnerabilities.
ce7f77d670a3572ac9908b8903aebe5d014f95e41b695d75d8be5cc3641ad500PHPFox version 3.6.0 suffers from multiple cross site scripting vulnerabilities.
064f6e8ad5e6b6c1bcec776a5fa4e575ffdaa64c94223e49fab9582d83777d06This is a brief whitepaper that discusses various Linux kernel patches.
5334d65e04977552085549f202d6bb59ae90e69923984b89d09119c2bfb8472aBeetel Connection Manager structured exception handler buffer overflow exploit.
3b3f8b7f6d9548d78db8aa84dc8ac21c8cec15a1ba10388b33b7df0f4378f4f7The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
513dc6786c7a93ea2a87dcbbeda78f26149a156fcf0fbe5a91e4c1920637a9fbPagelime CMS suffers from cross site scripting, unencrypted __VIEWSTATE parameter, credentials being sent in the clear, and various other security issues.
a438a73e380380d700a8be6d0a80415637a312aaaf38398234e40b95d0a106f7ShoreTel ShoreWare Director version 18.61.7500.0 suffers from denial of service and arbitrary file modification vulnerabilities.
505ba77382b9179efd9840d54308bc2d3182f26224f97f65224c67bc9c97e4ddWordPress Finalist plugin suffers from a cross site scripting vulnerability.
ced8ea299e2428f2cea7a17ff3e128f07621ee25909202fdb466986ed54770b5Android Zygote socket vulnerability fork bomb attack exploit.
ed067b440d55ab89daa037af12a8eceffa6ad3a3178e67cbe5c402411a93182f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed