Maxthon arbitrary-file read/write exploit example.
83e15a14c4ca1f73136d1a24e593806b928158a0e285203e908ede1f7670d146Maxthon (essentially a wrapper for Internet Explorer to allow tabbed browsing, plugins, etc.) can be exploited by a malicious website to read and write arbitrary local files on the machine running it.
2ff28f0629769068a8a4d27d251a092c75a2951bd09734d553331d287e6d1042PunBB forum software contains a vulnerability where SQL injection can be performed by first entering an email address containing exploitation data into the change_email function, and then redisplaying the email address. This is due to PunBB trusting data it gets from its own database.
5fd7b7dfa4f40fbb3979dda469c1018c6a5f5a970b23430b090c05f3a14e5f41PostNuke 0.760-RC3 is susceptible to SQL injection and cross site scripting attacks.
1980dd4e2e92bf4117657e6d579f8f7c916706f0ee78009ae756ab764277c296Astalavista Security Newsletter Issue 15 - The latest security events, trends, tools and resources, two articles - "P2P networks - unaware employees, security threats and your organization in between" and "Help, my boss is spying on me!" and an interview with Bruce from the DallasCon, http://www.dallascon.com/ event.
5713702fa5289a535139efebd78a273de1a3e920fa464b2fac30aa62eaefd123MacOSX Java Runtime Environment Remote Denial of Service. Java SDK and JRE contain a flaw which crops up when objects are being de-serialized. This affects servers which are remotely getting data fed over RMI/IIOP, as well as "evil applet" attacks where a user can be persuaded to visit a site and attempt to load an applet.
9240b9c36216337500ad4e6dfbbd857f177a6bbbc8ca8a2b74647cc9add4b812The up.php script in phpBB 2.0.x allows malicious remote attackers to upload files and execute them with the permissions of the webserver uid.
0fab773d0a914d66e982e894e653b4e19ce9feddd6c3fa068f1bcec3d715f8edGentoo Linux Security Advisory GLSA 200504-07 - Joseph VanAndel has discovered a buffer overflow in Grip when processing large CDDB results (see GLSA 200503-21). The same overflow is present in GnomeVFS and libcdaudio code. Versions less than 2.8.4-r1 are affected.
e77f6bcd49e79832caa4a3f457d50b11968012fc78aafbf32e7a331e44bc8fc3OpenText FirstClass 8.0 client allows for arbitrary file execution due to insufficient validation of user input.
b976296b2efced00f4ad9db88a892382c7216db64fc23218f491679d6f1c3929ColdFusion 6.1 Updater 1 creates a directory named /WEB-INF/cfclasses, and places compiled Java .class files there. These files can be downloaded by the end user. It is possible to decompile .class files, meaning that this basically provides access to sourcecode.
d7b1b3c859d12c04a0f3ca16ffb18db9f291e9677461b7c104d32ba9e93f52e3SCO Security Advisory - A very long HOME environment variable will cause a buffer overflow in auditsh, atcronsh and termsh.
5b698e7d22e61337025c621ff27bfe734078535ff5c5947c215f495febbabfc6SCO Security Advisory - The CDE dtlogin utility has a double-free vulnerability in the X Display Manager Control Protocol (XDMCP). By sending a specially-crafted XDMCP packet to a vulnerable system, a remote attacker could obtain sensitive information, cause a denial of service or execute arbitrary code on the system.
24bb6cc7c24a3053840cf6a4090a3bd2cd80da9b00448e52d83e306efef43c75iDEFENSE Security Advisory 04.07.05 - Local exploitation of a file overwrite vulnerability in the gr_osview command included in multiple versions of Silicon Graphics Inc.'s IRIX operating system could allow for the overwriting of arbitrary files, regardless of permissions. The vulnerability specifically exists in the way that gr_osview opens user specified files without dropping privileges. When a file is specified using the -s option, it will be opened regardless of permissions, and operating system usage information will be written into it.
29a70daef98009d4fa1ecd712df21886a85b1073f4c94150aff6fcc84691906cMSN Plus "locking" can be bypassed by changing the lock password. Changing the lock password does not require knowing the current lock password.
dd112afee2d90828080399022d95ebfc61f1b905029955c8a62aa850ef5dc9c5iDEFENSE Security Advisory 04.07.05 - Local exploitation of an information disclosure vulnerability in the gr_osview command included in multiple versions of Silicon Graphics Inc.'s IRIX Operating System could allow for the disclosure of sensitive information such as the root user's password hash. The vulnerability specifically exists in the way that gr_osview opens user-specified description files without dropping privileges. When this is combined with the debug option, it is possible to dump a line from an arbitrary file, regardless of its protection.
33fd95497c6279b174df0ba9d86a06c156ff31e8632e7ad7b59db900e31cdda0PHPNuke 7.6 is susceptible to multiple SQL injection vulnerabilities in the Web_Links module cXIb803.14.
60d72dd7277f7f18f9bc11e7c141afad2bbe83ef23916ed5d81d6bac84512910PHPNuke 7.6 is susceptible to multiple SQL injection vulnerabilities in the Downloads module cXIb803.13.
edd182cbf088c1e3d61aad3bb195dc0aee217341ddd31ba25ce407e364dbf7e8Nokia MMS "Terminal Gateway" software is vulnerable to a login-bypass issue where attackers can gain access to MMSs as long as they know the phone number to which the MMS was originally sent. Exploit URLs included in advisory.
e1f0ffaa814f6513033680b7df4ba3b31386d4650d33bd549da8e3d4c2eb6538SurgeFTP is susceptible to a LEAK command denial of service vulnerability. Tested versions include SurgeFTP versions 2.2m1 and 2.2k3 Windows on English Win2K SP4, WinXP SP2.
870f7f9a0e500e8dfffd3386dd856ff95f0c6018ebb9e1b154f414caa090d494The Cisco Linksys WET11 is vulnerable to having the password reset simply by going to a known URL on the administrative interface recently after the systems administrator has logged in. It is not necessary to know the current password.
41a5685548d9372b766fdd212e2e121b1473c1fcba0c32e03733c9355f3cea6dFTP Now version 2.6.14 local password disclosure exploit.
db4d5cd625c186f85857254d493858696e6c85cf751477950de385fcbead84ffPHPNuke versions 6.x through 7.6 suffer from SQL injection flaws in their Top module.
e501e135737e253eaa617b3dce6618ba24463fe19e53ff93b1759277eab29ea3Secunia Security Advisory - Diabolic Crab has reported some vulnerabilities in RadBids Gold, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, and potentially disclose sensitive information.
a8d3a5905ec1c79ca746cfbfc488dd4bc32717bb3441105c9707c5c2c3e07d86Secunia Security Advisory - Unixware has issued an update for telnet. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.
ca7123ba0d173808e31ef5c7d0e94b819224307de4b2b3a1b7b6486e37836c45Secunia Security Advisory - Aviv Raff has reported a vulnerability in Maxthon, which potentially can be exploited by malicious people to compromise a user's system.
5b4cf6d730cf7909ea4224dce7cd7fca1250ad03a1d6c1bb99edb412cd0f4ff6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed