Apache and PHP remote command execution exploit that leverages php5-cgi.
9d57dc343cc59f716358c28109591d65f8d5b225d645fd188e0084e43bad3ad6Ubuntu Security Notice 2009-1 - Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. Jordi Chancel discovered that HTML select elements could display arbitrary content. An attacker could potentially exploit this to conduct URL spoofing or clickjacking attacks Various other issues were also addressed.
8e63ed5e393428544209ac043e79fe9e8a1b315c5dd1c5295543d51b893c2332Red Hat Security Advisory 2013-1474-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.
421517e84fef6199d6a8b6d04a30c460895840aad9a34f2200a564e579c0e8d5Red Hat Security Advisory 2013-1473-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.
19d0b0a6756280e6ad7abc839d934e1c7d02df663ce5a760e3d3995cc5dd185eRed Hat Security Advisory 2013-1460-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state
43b8878126f2d8197447500e23a48bae3a714f62c8fe52e9b08b96ce1e28e43cApache and PHP remote command execution exploit that leverages php5-cgi. Written in Python.
e84173be8280a7b8f575e8f3452aec7371dc39379e8db2f2dff934de891370cdRed Hat Security Advisory 2013-1476-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that the Firefox JavaScript engine incorrectly allocated memory for certain functions. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox.
3c068c36e9c152a2f1a4ccdcdcc11b5f3b52e6eb75250554572367439033c82aRed Hat Security Advisory 2013-1475-01 - PostgreSQL is an advanced object-relational database management system. An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to a denial of service or disclosure of certain portions of server memory. A flaw was found in the way the pgcrypto contrib module of PostgreSQL initialized its internal random number generator. This could lead to random numbers with less bits of entropy being used by certain pgcrypto functions, possibly allowing an attacker to conduct other attacks.
f016163d3aebfd09fc79cc341c042bd891dacb31ae347f0f6ee3492cc8ebf390A vulnerability exists in EMC NetWorker that could allow exposure of sensitive information under specific circumstances. EMC NetWorker version 8.0.x is affected.
b065e24f0863cdfea51436716d40a59d9aba6197e39dffe532a7b7eaa0bf18e2Olat CMS version 7.8.0.1 suffers from multiple cross site scripting vulnerabilities.
39f8f1c2c8222466efd3ca3ff8b44c69d993ead66bdbacc015256813cdc192ddBlazeDVD version 6.2 SEH buffer overflow exploit that creates a malicious .plf file.
0402fc513d6a45f0367fd4919f1fef0d3db1446cfc7c5861412a5c395ac44e6dJBrute is a password cracking tool written in Java that uses both brute force and dictionary attack methodologies with a built-in rule pre-processor similar to John the Ripper. It supports several standard algorithms and several algorithms from proprietary applications (like Microsoft SQL Server, Oracle, SYBASE, and so on).
b6c69e1f756b77729e18afd6c66c9ca1c8854466b8b9630deded0f3187f6bc73The ASUS RT-N13U home router comes configured with an administrative root shell with a default password and is available via telnetd. Changing the password on the web interface does not remediate the issue.
ecd490cdd8df6d6a8157d63cac98201e4d8df54dcb1b076013ed6fe6f001b466Ops View version pre 4.4.41 suffers from a remote blind SQL injection vulnerability.
92acf8e21feac8586d79811c350e5a6dedf7fd0f2d984f37157264df9d4b6078sup versions prior to 0.14.1.1 and prior to 0.13.2.1 suffer from an arbitrary command execution vulnerability via a forged content type of an email attachment.
7f25065280e73ca0e7c1a1f6429061cd9ee6353dfc98cf483575c0a5d76a0da5WordPress Curvo theme suffers from a remote shell upload vulnerability.
c265d8b2cc6ce8faadfecc0108e2b0d861d13d909118a052dac7b78a99e62f9fGTX CMS 2013 Optima suffers from cross site scripting and remote SQL injection vulnerabilities.
15b0c869a76223dd746013e56d764bd49329bdf34f6ac55cc179e1aaf8849e87All Google Play Billing Library 3 versions before Oct, 8 distributed via Android SDK and marketbilling on Googlecode are susceptible to impersonation and signature verification vulnerabilities.
f68f31523fe048d0a532378407c09820e34245d3b9aac37fc00b428562210019WordPress MoneyTheme suffers from cross site scripting and remote shell upload vulnerabilities.
118f2518be3ef83f488608e39f34988f8e8d867943df4d1309be1c8476a48492
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed