It is possible to remotely spoof the Microsoft Internet Information Server 5.0, 5.1 and 6.0 SERVER_NAME variable by doing a modified HTTP request. This allows for the revealing of sensitive ASP code through the IIS 500-100.asp error page.
9265062b769c12c9797d72a61a3d47995803db86c2d1079cb92eaf33f0bc6113Traceroute and ping suffer from buffer overflows and a user spoofing vulnerability exists in Mac OS X versions up to 10.3.9 and 10.4.2.
ee042c25fc12d8e97cbd7e655a28d07129f44192331cb3d7682b49791c571b91Proof of concept exploit for Elm versions 2.5.8 and below that makes use of a buffer overflow during the parsing of the Expires field.
7d429b07d470bef21a26afbf52a3adc8652582d94c91f0bcd8762925ec57fc01Debian Security Advisory DSA 780-1 - A bug has been discovered in the font handling code in xpdf, which is also present in kpdf, the PDF viewer for KDE. A specially crafted PDF file could cause infinite resource consumption, in terms of both CPU and disk space.
ce6384e72221bfe424ed552304717cf159ac00f8e1405d6926e72bc9d892ac06Nephp Publisher 3.04 is susceptible to a cross site scripting flaw.
1d081010ca3a84ead988217f1cca903619d59c9dc585ead46ae2ebeeb302d95fProof of concept information for a flaw in BBCode that works against vBulletin and phpBB.
94843d7ff0778e8c4170306b6848ce07f2ab594e70024f618f1bfa2e3c1ad680Netquery 3.11 remote command execution proof of concept exploit.
ebbd45f6a4eb2be2c2e2cba30ff4b25caf26e00264de978fcd9a96b770df8427The Web Wiz Forum software is susceptible to a cross site scripting flaw.
a1ff655dbb70889b76ebd5f5636abef9f1d93f4d88856f87d09225d8149e1840Some small 31 byte shellcode.
0be833ffce21105355d8d9f357f70f0bfddba9ccce3dfd035700075afe211f00SaveWebPortal 3.4 suffers from remote code execution, admin check bypass, remote file inclusion, and cross site scripting flaws. Full exploitation details provided.
b98042d8d7316b6509cb8bf9e5842312514a4a50080cc4f92a232919b0164f25Debian Security Advisory DSA 779-1 - Several problems have been discovered in Mozilla Firefox, a lightweight web browser based on Mozilla.
509c3a848c567a6d3fa6ef5cceee0837f1aca869dc269e3704521d3917a85261Woltlab Burning Board versions 2.3.3 and below suffer from SQL injection flaws in modcp.php.
882abd39c581ea18c1569c4b56b85424dda2014055c7bf18ae2d0d0014779c4eElm versions 2.5 PL5 through PL7 suffer from a remotely exploitable buffer overflow when parsing the Expires header of an e-mail message. Patch Included.
a0048706263ba22986c98fc1ac407ea2c9fe958fe2e09c38222c4cd1ea0a4505Bugs Land Down Under version 800 is susceptible to multiple SQL injection and cross site scripting bugs.
6c75f1ae4a55a77ff9fe557ba2062a755752ffbc1d69f4df4e53e63b9988f661MyBulletinBoard (MyBB) versions 1.00 RC1 through RC4 suffer from SQL injection flaws. Perl exploit included.
fe2fc9ea1a9d3ca26e36ececae8ea5a4828ff84288af709d8aa6c453755cdd16Local exploitation of a buffer overflow vulnerability in WinAce 2.6.0.5 allows attackers to execute arbitrary code. Exploit included.
bdad9505e8ee75c208b54f83a3cc991e44dd27b94d4cdb241c613c952997999045 Byte /bin/sh sysenter Opcode Array Payload.
f97806cb20a9213227e7d015f8eaebd94a89db8e8add8024473fade051245bfdEnd users can bypass the mandatory installation of the Cisco Clean Access Agent by changing the User-Agent string of their browser. This allows them to connect to the network without the host-based checks being run. If configured, remote checks are still run. Versions affected: This works in at least 3.5.3.1 and 3.5.4.
dfbfb8c209ba68e8a2cde2af75fd0af1b5df01de4618948be2c9d2437020a94bUbuntu Security Notice USN-170-1 - Serge Mister and Robert Zuccherato discovered a weakness of the symmetrical encryption algorithm of gnupg. When decrypting a message, gnupg uses a feature called 'quick scan'; this can quickly check whether the key that is used for decryption is (probably) the right one, so that wrong keys can be determined quickly without decrypting the whole message.
316285c5e7f8da83ca9ff2f4241d200e0ee398d878390031e94125fecbe5ba34Debian Security Advisory DSA 778-1 - Two security related problems have been discovered in Mantis, a web-based bug tracking system. The bugs related to arbitrary HTML and SQL injection flaws.
66399fa36baef0dcd20bb6617eaab029be6ba7317c605800b6806bbc09cceee5Secunia Research has discovered a vulnerability in various HAURI anti-virus products, which can be exploited by malicious people to write files to arbitrary directories. Affected versions: ViRobot Expert 4.0, ViRobot Advanced Server, ViRobot Linux Server 2.0, HAURI LiveCall.
54f7332ae5674ac7c9ad8cc8d1584cf53cec751854734aab799ee6e2323ba4e3Gentoo Linux Security Advisory GLSA 200508-11 - A buffer overflow has been reported within a core application plug-in, which is part of Adobe Reader. Versions less than 7.0.1.1 are affected.
800cdc7844284ff08d581c460b2eb7a0d29fe49cbfecaface8aca3efbd6d6a37Ubuntu Security Notice USN-169-1 - Ubuntu has released a kernel update for over a half dozen vulnerabilities in linux-source-2.6.10.
5cd2d578e4b7d2e227646dbfc111a595499f5221319dc24028ffa0c15ec23991Gentoo Linux Security Advisory GLSA 200508-10 - Kismet is vulnerable to a heap overflow when handling pcap captures and to an integer underflow in the CDP protocol dissector. Versions less than 2005.08.1 are affected.
0e3fa2762fdbc60f882db944357ae0a917d405f887d5a1d29def503aefb9f148Operator Shell (osh) 1.7-12 local root exploit. New version of an old exploit. This version has the shellcode trimmed down to 9 bytes thanks to Andrewg.
93c7051b9b8e5fc758a98373d2984054e773f1047fd7a891921e608d15228270
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed