This Metasploit module exploits a remote stack buffer overflow vulnerability in ABB MicroSCADA. The issue is due to the handling of unauthenticated EXECUTE operations on the wserver.exe component, which allows arbitrary commands. The component is disabled by default, but required when a project uses the SCIL function WORKSTATION_CALL. This Metasploit module has been tested successfully on ABB MicroSCADA Pro SYS600 9.3 over Windows XP SP3 and Windows 7 SP1.
0bdf9a94501d5619a20ed028d746c3734042d2dd9d819b70fa7fbb4ef414fa5dAmetys CMS version 3.5.2 suffers from an XPath injection vulnerability. Input passed via the 'lang' POST parameter in the newsletter plugin is not properly sanitized before being used to construct an XPath query for XML data.
c5dbcda0f10c655d76ff28210efc04294966ced89d00fa641314117ecc195ed1Kingsoft Office Writer 2012 version 8.1.0.3385 SEH buffer overflow exploit that creates a malicious .wps file that pops calc.exe.
b7d9ad349ded8a5a19c71d80cba93ff175a9354bd4e6012b41c0c8d3a2f14174Gentoo Linux Security Advisory 201311-22 - Multiple vulnerabilities have been found in Namazu, worst of which allows remote attackers to cause a Denial of Service condition. Versions less than 2.0.21 are affected.
cf1c03efd75bf2533cc1c1a5ef8b465bdf5305a5b8eb4bd14243711d106e2c38Gentoo Linux Security Advisory 201311-21 - A heap-based buffer overflow in cpio might allow a remote rmt server to execute arbitrary code or cause a Denial of Service condition. Versions less than 2.11 are affected.
ad033b6440ffd791abb4c68830d89b3569db4426500c37f2f7a3efe34d81876aGentoo Linux Security Advisory 201311-20 - A heap-based buffer overflow in Okular might allow a remote attacker to execute arbitrary code or cause a Denial of Service condition. Versions less than 4.4.5-r2 are affected.
90d2f60d08781dc417b053575206a5874d29481f531479378ff20936a57968c7Gentoo Linux Security Advisory 201311-19 - Multiple vulnerabilities have been found in rssh, allowing local attackers to bypass access restrictions. Versions less than 2.3.4 are affected.
2cfca946aed87f93230a6b6e24c15593789e28cee281ff97f52258c3b9f27c16Gentoo Linux Security Advisory 201311-18 - Multiple Denial of Service vulnerabilities have been found in Unbound. Versions less than 1.4.13_p2 are affected.
3dff5969d86693a7dab8a560bda4867b086561ac001da064348a4988c97d21b3Debian Linux Security Advisory 2807-1 - Mikulas Patocka discovered an integer overflow in the parsing of HTML tables in the Links web browser. This can only be exploited when running Links in graphical mode.
ba5a92b5b80509e542694170e4e9e8527491de2d75490fd48b0d59c5569aee23Gentoo Linux Security Advisory 201311-17 - Multiple vulnerabilities were found in Perl, the worst of which could allow a local attacker to cause a Denial of Service condition. Versions less than 5.12.3-r1 are affected.
17bc7911b1233ec593e55fce4bd6168ee82f0df54d00136756cc65e61e2a42aaDebian Linux Security Advisory 2806-1 - It was discovered that nbd-server, the server for the Network Block Device protocol, did incorrect parsing of the access control lists, allowing access to any hosts with an IP address sharing a prefix with an allowed address.
398f2e5d0075f4755d9ccc3540ba884827feb9034ec784f85499eec4a5909ef4Debian Linux Security Advisory 2805-1 - joernchen of Phenoelit discovered two command injection flaws in Sup, a console-based email client. An attacker might execute arbitrary command if the user opens a maliciously crafted email.
5739388c0a7982317759271534e33911f76ce90521112509c624b3d0475a21c3This tutorial on bugs in PHP code covers remote file inclusion, SQL injection, file disclosure, and much more. Written in Indonesian.
393606eec0109757ddbf4016a45ac214a4c84078e4af86faf4fd016ee8bd422cWordPress Folo theme suffers from a cross site scripting vulnerability.
6f6a0b653d47d002c0d96429481f77236becff3c3cf8a84c7c394b20619c5ffbJoomla JMultimedia component remote shell upload exploit.
60512e22d6ce24750d26196501efc9831992d71d5a81d6681e45d2ad7ddfc47f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed