Postnuke versions 0.760RC3 and below suffer from cross site scripting and path disclosure flaws.
66ddf9e4e255853e95f73457bdca13fd14f34ad15d3055d1961499c6d00b4af7Proof of concept exploit that demonstrates how TCP does not adequately validate segments before updating the timestamp value.
32005b241d79383d20bcfb944afee8bab4677fb4534d2d5550992df217b24ad6Microsoft ASP.NET Web Services have an unhandled exception that leads to file system disclosure and SQL injection attacks.
236c5cf9bbf6b70888b54d9a9318d4f0f4cfc9764531136f0d161c981e0f7f8cPostnuke versions 0.750 and below suffer from SQL injection flaws.
8fc3d61af2f62298fa9053aa283fdf4a3d664c16d3dc97510075482c7e0df365picasm versions 1.12b and below suffer from a stack overflow. Exploit included.
4e2bb0c1435036569704215e743f9a5af4217a7e08548fa30a74bdd2bb04b027Wordpress versions 1.5 and below suffer from SQL injection and cross site scripting flaws.
c78936df310c89823fe91245ff652966933770cd26a7521e811a517d78570e18TOPo 2.2 is susceptible to various cross site scripting attacks.
b531d44a617f4f2b75630324ec8316af9de83507ea117031096a99c978abc086A Unicode buffer overflow exists in the handling of .mcw files in Microsoft Word.
bd6af65a00560736f607e17816c217de9f27ad59f1769adbd5fa1f8de4ff8e02phpATM 1.21 suffers from a remote file inclusion flaw.
0e5b62872d146f7735ef089e111df85eab8030fbbedda417cc73816366d8c88cDebian Security Advisory DSA 725-1 - Jens Steube discovered that ppxp, yet another PPP program, does not release root privileges when opening potentially user supplied log files. This can be tricked into opening a root shell.
01dafcc1bc58909222ef4156137e400a52a279ca84e2d0c3ed11f3cd0a056652D-Link DSL routers suffer from an authentication bypass flaw.
01030e48e04783c5d62e6e5be6312ae735d07e23c4c8fdc75e726bbb3a6acd8dExploit for the race condition vulnerability in /usr/bin/bellmail on AIX5.
4bf7ab1c7a83ef8fe6b1d6028574b0f88be711065ea4b137070453d9063d0a2cWhitepaper describing how to write buffer overflow exploits with any programming language.
acf42802dedaaa4bd1e2e3e4b81dbcd23bda2924cb38e0fb35d6be28d1fed55aThe Apple OSX 10.4 Dashboard widgets allow system commands to be executed, which is normally not considered a vulnerability in itself as they run with the user's permissions. If the user has recently authenticated to perform a super-user function, however, Dashboard widgets can hijack these credentials by calling the system's built-in sudo command and execute arbitrary functions with full administrative privileges.
a50c6951f75d23dfbeceb299ee744c63c29ccd29bc3eed02301998c3ff432d0dSuccessful exploitation of Novell ZENworks allows attackers unauthorized control of related data and privileges on the machine and network.
675bd95a6c61ec70ddbfeed484b02dfcfb969f70e96bb8ec044f07d61ce04d33Debian Security Advisory DSA 724-1 - Maksymilian Arciemowicz discoverd several cross site scripting issues in phpsysinfo, a PHP based host information application.
65767afbf78d91bb37e2f35693b18b7120ff31d2ee8fe26cc12bd5542b8611c3Pandora is a distributed system to monitor processes, performance, status, application or operating parameters of almost any system (AIX, Solaris, Linux, Windows, BSD and Nokia's IPSO). It has a decentralized management system, based in flexible user profiles, that allows generation of graphical reports, defined alarms, and a full incident management system to operate a 24x7 monitoring team.
035d150cdeb3f1c623a7848c5399880684faabe349452205a7b3ae0b0da6ae11Help Center Live is susceptible to cross site scripting, SQL injection, and various other flaws.
5f34a97325fe4b78d932896ad144aa6ff6ce89819cd0a4ca9d8b68fe0a103712MySQL contains a security flaw that can allow a local attacker the ability to commit SQL injection attacks.
a6162c7a6873c2af86c56725d216d20b2735c99db4b74692c0a079b627ea6131White paper called Domain Footprint for Web Applications and Web Services.
334c5dacdca8cb229f4e6fcd4408159edff35ea5eb82f949449c0fe623215485Two locally exploitable flaws have been found in the Linux rawdevice and pktcdvd block device ioctl handler that allows local users to gain root privileges and also execute arbitrary code at kernel privilege level. Proof of concept denial of service exploit included.
33b39531a43d55f0dc418fb73ffc620a6d8cc85f7b867a90fcb937881c9999baTechnical Cyber Security Alert TA05-136A - Apple has released Security Update 2005-005 to address multiple vulnerabilities affecting Mac OS X and Mac OS X Server. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities addressed by the update include disclosure of information and denial of service.
d3edf956afdc27eebd1ae3de94c8634a013a3e81aae7f454ddf34b6c3db5ec00JGS-Portal versions 3.0.2 and below suffer from a ton of SQL injection, cross site scripting, and path disclosure vulnerabilities.
6718c9099a40c76b119be71f090ef240b44e8104c7f73f94d30a5525724a96c5RedTeam found a information disclosure vulnerability in Pico Server (pServ) which results in a local user reading all files on the server with pServ's permissions. Versions 3.2 and below are susceptible.
f95c57741fe0234a42b40fb3fded920f5c8e99258cac8f0a9b18f8db9085cf63RedTeam found a information disclosure vulnerability in Pico Server (pServ) which gives an attacker the ability to read all files from cgi-bin. Versions 3.2 and below are susceptible.
0b3132bc22e7a126e31b2d42efcd4ba13fee494df56a60e3b7670b757d4bc289
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed