Mistress in an 'Application Sadism Environment' and can also be called a fuzzer. It is written in Python and was created for probing file formats on the fly and protocols with malformed data, based on pre-defined patterns. It is recommended that the project site be visited for further documentation and use cases.
8f1644949d6e28abd23dcd7e39f1895f3db11b73a3c7f690dd3821b1bf423415PerlBlog versions 1.09b, 1.09, and 1.08 have been discovered as being susceptible to arbitrary file creation, directory traversal, and cross site scripting flaws. Exploit details provided.
72ed92e21a0f91bb5af613c13b654c8efae4c552a39aac79386469c49866df5bDirectContact version 0.3b is susceptible to a classic directory traversal attack.
34922012bb4c31ade3163c42cd6ddfec78315b1faa3a02f8841fd373069632e5PixelArtKingdom TopSites version 0.x is susceptible to remote command execution.
e8b456151b2369ba09b7281f5492fa0c27ff67140c46a38addfe3977a382bc19Debian Security Advisory DSA 982-1 - Derek Noonburg has fixed several potential vulnerabilities in xpdf, which are also present in gpdf, the Portable Document Format (PDF) viewer with Gtk bindings.
ecd04898dd71c08f61d72c31e004846a9a592b7c8cd180724889713453b5eb88Secunia Research has discovered a vulnerability in ArGoSoft Mail Server Pro, which can be exploited by malicious people to conduct script insertion attacks. ArGoSoft Mail Server Pro version 1.8.8.5 is affected. Earlier versions may also be affected.
455394478eab464bfee5faea35ff3a9da617d60b91b89c9b5632c2ba4fcde5f7Wifitap is a proof of concept for communication over WiFi networks using traffic injection. It basically allows one to communicate over an open or WEP 802.11 network without being associated, thus bypassing any AP side restriction such as MAC address filtering or station isolation.
ba64f56e98f411583e3330a8e61ee4778678003e2ddf9723138ea6467b0653bbNuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
6801eb0df55196e2c4807af09568ef5b684d59350473784830e74869c32e861aUbuntu Security Notice USN-258-1 - Akio Ishida discovered that the SET SESSION AUTHORIZATION command did not properly verify the validity of its argument. An authenticated PostgreSQL user could exploit this to crash the server.
57873ab7e9b478058d4c6aca095ab68a34bec2d9b3a33db4203726210b27371bSquirrelMail versions 1.4.5 and below suffer from an IMAP injection flaw. Versions 1.2.7 and below suffer from a SMTP injection flaw. Details provided.
14cc0b04e833bc5ee62ab6fe916d63fc4a302e2b75777de081e7a43462ff2d3fLinux /bin/sh 68 byte shellcode.
727886c14674a5ae03305d4c8c892b63383ba08ebaa572f4c99650eb00adf801CGI Calendar version 2.7 is susceptible to cross site scripting attacks.
3402e18974a01457ecd614d70c7c1c223bfea1a5e76ee4a485091b540dcff0baD3Jeeb Pro 3 is susceptible to multiple SQL injection attacks.
7cd43cd2c0678f9c77a386f75f71e594fca7936f57dfefbcfd009a77c4c089f2Fantastic News version 2.1.1 is susceptible to multiple SQL injection attacks.
6707cf4bf5c2ba3e4bf1ee1d8ed83e06a68668df00faace1cdaf9b15546e4fc6ArGoSoft FTP server versions 1.4.3.5 and below remote denial of service exploit.
37840dc5e7614f6dacb3b057a5b527ff414a8f2e14adad675f4f68481ade620cbttlxeForum version 2.x is susceptible to cross site scripting attacks.
9e24d3a0d1ad1855b159b0e1444523e64bb18a2d60009d402bcb4db6bd617053phpRPC versions 0.7 and below suffer from a remote code execution flaw.
2cc289b5a0eae7208104836c1d8e959923fbaa86da1ac47f8b9d19538d5d159cGentoo Linux Security Advisory GLSA 200602-14 - Javier Fernandez-Sanguino has discovered that the lib/toascii.nw and shell/roff.mm scripts insecurely create temporary files with predictable filenames. Versions less than 2.9-r5 are affected.
f46989656ef293f2ca91f08034d55098c0c3d69853cdd3187ac29a52a8eb3e8fGentoo Linux Security Advisory GLSA 200602-13 - The SetImageInfo function was found vulnerable to a format string mishandling. Daniel Kobras discovered that the handling of %-escaped sequences in filenames passed to the function is inadequate in ImageMagick GLSA 200602-06 and the same vulnerability exists in GraphicsMagick. Versions less than 1.1.7 are affected.
11ad5ff113fd8c5cfb97d5483b8cd2e97068161e9ed96cbbc75acba015d7cafcQuirex versions 2.0 and below suffer from an arbitrary file disclosure vulnerability.
745945ff8b2e17ebefc0ad107dc6634c129580f50bcc5661a7db44bd9ed11fcaArchangel Weblog version 0.90.02 is susceptible administrator authentication bypass and remote file inclusion flaws.
ba2edc1bffcb38f03d488ab68d47e753aaf0cf1301a1eb4685b54f633cdba663The Thomson SpeedTouch 500 series modem is susceptible to cross site scripting attacks.
37a9a8a8e2c68208a87c0184eb240279c5d337c9fb2a7826f1d68f6ec54ff34cThe Netgear WG602 wireless router contains a default administrative account.
e7c1364173223fd99edfa42f7091a92a0cc16cd779ffe3e2a28aa0d09eaf1683MySQL versions 5.0.18 and below suffer from a query logging bypass flaw.
7e1967516440d73fa1a3f10d68c0811102cd228516f451ad259cb74d246b3c24Mail Transport System Professional is susceptible to an open relay vulnerability.
f1849261532e58795eb1d382872e14eb93fc6f2991ce37d09c315d9b1b15025b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed