Avast Linux antivirus versions 1.0.5, 1.0.5-1 creates a temporary directory in an insecure manner. POC included.
3c0f40295482663d29e11d9feaa0018a2941b262c4da82fd946fc58f7bf2a7feThe microsoft DNS resolver hardcodes many hostnames such as go.microsoft.com, msdn.microsoft.com, windowsupdate.com, etc preventing the use of a hosts file.
dd72fe4f29bdb774b9ac30c94fc93b5f066aac5c8e15499913337583e477a296ZDI-06-009: Mozilla Firefox Tag Parsing Code Execution Vulnerability This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla/Firefox web browser and Thunderbird e-mail client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious e-mail.
eebf61747be88f6bb06ec2e9b02772b93cc01fdff10cfb4278f8f189b8ce5cf4ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla/Firefox web browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
3dffd581edfc8fae969152567b30518fea2689321f01495d398bb82bc62ca003ZDI-06-008: Novell GroupWise Messenger Accept-Language Buffer Overflow - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Novell GroupWise Messenger. Authentication is not required to exploit this vulnerability.
d220110f812525e744b48e805ca035f261d8c2171a383640c2722aeb2ecc0cb3There is a heap based buffer overflow in the rendering engine of .hlp files in winhlp32.exe which will allow some attacker the possibility of modifying the internal structure of the process with a means to execute arbitrary and malicious code.
261cc8c6cf2b5eda5136962d8d3719ae3cb6e8c675f3c02463a079710b8a439eFrontPage Server Extensions 2002 (included in Windows Sever 2003 IIS 6.0 and available as a separate download for Windows 2000 and XP) has a web page /_vti_bin/_vti_adm/fpadmdll.dll that is used for administrative purposes. This web page is vulnerable to cross site scripting attacks allowing an attacker to run client-side script on behalf of an FPSE user. If the victim is an administrator, the attacker could take complete control of a Front Page Server Extensions 2002 server. POC exploit examples included.
481c7a945450e48e78979147b05693402a43777326aca41596449f2f82aa8a32SEC-CONSULT Security Advisory 20060413-0 title: Opera Browser versions less than or equal to 8.52 CSS Attribute Integer Wrap and buffer overflow
dcd897dcb4d39d9b5637377385db693ba270ea31b7ef988a7b4ecf1ccb586ecbTalentSoft Web Shop v5.3.6 suffers from a full path disclosure vulnerability.
b881c2624800eaf65a9f178b16306489109beff4dec37a018f0277c8758f2ac0HPSBUX02108 SSRT061133 rev.6 - HP-UX running Sendmail, Remote Execution of Arbitrary Code
edee9f025360955988e3327828e0873bff12a444fd795d59d40448f67276cb73Secunia Advisory 13/04/2006 - Adobe Document Server for Reader Extensions Multiple Vulnerabilities
a3337d74ce3e7f7d86956b521ab2ed6bba9f699ed9207943d08bfdd241f2ce26Revoboard 1.8 suffers from XSS in its email tag obfuscation scheme.
8a5564004fe46f56554910ffff51490c93f52913d7f7f8040e6bdd3487547fc9Amaya versions less than or equal to 9.4 suffer from a stack overflow which could possibly lead to exploitation.
ae3820c53be2a9e1e1cdc3e9b6e09e27dc1bab23c4d2ab449785ce289189c117Amaya versions less than or equal to 9.4 suffer from a stack overflow which could possible lead to exploitation.
9c81d184b776ff7a36d6680e96aa4fcd16bd4672df6845f35d834947c33b1803It is possible to crash Mozilla Firefox versions less than or equal to 1.5.0.1 with specially crafted html.
9b66ed0425305ba1de35c949f74d69123bc46eaf20310462e684a9616b6f430aSimpleBBS v1.1(posts.php) remote command execution exploit.
519694ffe2172eff175adf5451805147e0e86baa066d584b0682a8f2a577a444PatroNet CMS suffers from XSS.
87d958b5d80ef151a47a5ca2d5709d03e7537fbc67d361fc1b2cc93c2dcfac42Multiple Vulnerabilities in MS IE 6.0 SP2: All of these bugs are located in 'mshtml.dll' and are caused by incorrect handling of specially crafted HTML documents. The severity of the first security issue (mshtml.dll#7d6d2db4) is low because it is a non-exploitable Null Pointer Dereference vulnerability and leads to DoS. The second (mshtml.dll#7d519030) and third (mshtml.dll#7d529d35) vulnerability are similar and the Microsoft Security Response Center rated them as critical because, on the face of it, they could produce an exploitable memory corruption.
a0c9d63ca315248d2da49f038f9ac3123946ce6116af766aef30807aac61330dYet another XSS vulnerability in MyBB 1.10.
a8d657d167a911cd69cb631fc2930612e68820e6e0ea8f0e70852546c4ff6b9fphpWebSite versions less than and equal to 0.10.1 suffer from an SQL injection vulnerability in topics.php.
9c47dd1a237d5caacf6b515cfa27dc0dbb4a7f33d48d453528fa61644c5499f1The FrontPage Server Extensions 2002 (included in Windows Sever 2003 IIS 6.0 and available as a separate download for Windows 2000 and XP) has a web page /_vti_bin/_vti_adm/fpadmdll.dll that is used for administrative purposes. This web page is vulnerable to cross site scripting attacks allowing an attacker to run client-side script on behalf of an FPSE user. If the victim is an administrator, the attacker could take complete control of a Front Page Server Extensions 2002 server.
9bed5d2ecd96d30a7fb28837f16eddf4efa80b59c02584519705acad729cc70dVBulletin ImpEx suffers from a remote file inclusion vulnerability. POC included.
b07054bd9ae1cd16abbfe504240781c9f708d9ffb2b3676d95edbe5e8410c498yahoo.com suffers from a XSS vulnerability which can be used to refresh to a fake mail account.
376db64b79edf1edf71e519935c56ec6c5a6f1164928cb8d0844881d8eb538eaCompaqHTTPServer/9.9 and HP System Management
4b1dab8814da47d54ea46f4645bed3644e6450a34f3eb537da81528a48ab4da8Secunia Security Advisory - r0t has reported some vulnerabilities in ModernBill, which can be exploited by malicious users to conduct SQL injection attacks.
5f1220f07ff11e9b4c207d44d0860de6fbd91267b3514fa72a1c0f8156e654df
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed