HP-UX swpackage buffer overflow exploit. HP-UX 'swpackage' contains an exploitable stack overflow in the handling of command line arguments. Specifically the problem occurs due to insufficient bounds checking in the "-S" optional argument. 'swpackage' is installed setuid root by default in HP-UX and allows for local root compromise when exploiting this issue.
02450b690464a6879577282db8258a809e36d37c3095b86ce73f246a5e8dae97Shellcode that execve() /bin/sh -c (user supplied command). Designed to evade tolower() and friends. requires %esio reference a valid writable address.
a8d80a1d3e6ed93ff7cfffd2ef34670d800df5da4fe9ec2e25e4138b7a0bf1c7WebAPP v0.9.9.2.1 apage.cgi remote command execution exploit.
570cbcdd4473796143ad45dea24ba9487d965bfb9e3539fb0df926476863622cGoogle Rower was created to automate google searches and retrieve the links. It can brute force searches to get more results by adding a letter or number to the end of each search. It then combines all the results found into one html file and removes the duplicates. It can be used to search an ip range using google's site operator, thus looking for backup/old http servers.
86f00a69b7a4f19042600ca8b3faa941f8e5a84be44902ff4121f04711fd7237Two vulnerabilities have been found in CruiseWorks. When exploited, the vulnerabilities allow an authenticated user to retrieve arbitrary files accessible to the web server process and to execute arbitrary code with privileges of the IIS IUSR_MACHINE account.
6ded8d2684f90a3812fd49e9f82867b5dc550992e640d71d72193a57d9bafc44ProgSys 0.151 and below suffer from multiple instances of cross site scripting.
12c2b4c1ca50ef10c00652fd6ecfdf01ebe996921db9a3af71195ad5e4a9260efsfuzzer (0.6-lmh): This is a filesystem fuzzer. This tool creates initial (valid) filesystem images and then manipulates their binary format and structure for detecting flaws/bugs/design problems in the parsing/handling code for that particular filesystem. Expects a /media directory and some base tools (util-linux, etc) as well as support for some filesystems in the kernel (fortunately it will add the filesystems that are supported on your system, if it finds the necessary tools available).
92f98b9deaa72c4d86a635c40039aa5d0b2567e49e623d4120f4ec8f374f15a6Possible Firefox 2.0 Iframe cross site scripting vulnerability.
e541d0cf9e93f13a4fdf465fdab9d26c2ac165299c6f22233c823ef7a6da8f71The INCA IM-204 Dsl router suffers from several directory traversal vulnerabilities.
d154a28851a5ecc232276eaba8aa654f16f4143959d76d61325fc495678c0f96SYM06-022 Symantec Device Driver Elevation of Privilege: Boon Seng Lim notified Symantec of a vulnerability in SAVRT.SYS which could allow a malicious user to use the output buffer of DeviceIOControl()to overwrite kernel addresses because the address space of the output buffer was not properly validated. A successful exploit could potentially allow a local attacker to execute code of their choice with elevated privileges, or to crash the system.
f5202c722020e111fddf5bf3e2bd2045903fbb7dc8ff2fb201d8425a9084b16bWikiNi suffers from several cross site scripting vulnerabilities.
cbcfca9ea57027397d41e1d395565f510b4bdfa73a403ae9fad24c5f94d90bc2WebAPP v0.9.9.2.1 suffers from a remote command execution vulnerability in apage.cgi.
a08b19149716526147cdd55205c40da852ad5ae42f7dadf506764debefc073a7Shop-Script suffers from multiple HTTP response splitting vulnerabilities. POC included.
6d26cc8e33feba6e5ec461f5967a7deebc9b5bd0abb14de790021141377573fbThe package XDB.DBMS_XDBZ0 contains SQL injection vulnerabilities in the procedure enable_hierarchy_internal [DB01], disable_hierarchiy_internal [DB15]. Oracle fixed this problem by using bind variables and verifying table names.
0bc0fcf44b3587488b47fde10758d3000967bf7dad61df65add1616a307eaa07The package SYS.DBMS_CDC_IMPDP contains SQL injection vulnerabilities. Oracle fixed this by using dbms_assert.
648ea5ceb80599a2e691a1cb28f91392a881db00ad56e55abda3cd3476411d08The package DBMS_SQLTUNE_INTERNAL contains SQL injection vulnerabilities. in I_SET_TUNING_PARAMETER and SELECT_SQLSET. Oracle fixed this by using bind variables in their dynamic SQL statements.
4069956a10c351e3cef1567cf88f9a1d8575c9c417fa3e3ffb5bbc73bd747a58The Oracle package MDSYS.SDO_LRS contains a SQL injection vulnerability in the first parameter of convert_to_lrs_layer. Oracle forgot to fix this problem with the April CPU. Oracle fixed these vulnerabilities with the package DBMS_ASSERT. To exploit this vulnerability it is necessary to have the privilege to create a PL/SQL-function.
e534a5773771e19c3b85bf82e2c954ea1824a79bf7333544191910efe07b0cfdThe Oracle Reports parameters showenv [REP01], parsequery [REP01], cellwrapper [REP02] and delimiter [REP02] are vulnerable against Cross-Site-Scripting.
6dc5d2078bd03101c9d465edd2759c33b1fbc60013e65092cefc7c6e9079c3efOracle 9i - 10g Rel.2 Advisory: Updates, deletes and inserts are possible with least-privilege via inline views. A user with create session only can insert/update/delete data (e.g. the dual table). This bug is similar but not identical to the bug which was fixed in the July 2006 CPU (Modify Data via views). No workarounds available.
1f9c0e6ff91688e81437a17159b854620002de70ed2b2f738ea364f727c081daThe list of values (LOV) in Oracle wwv_flow_utilities.gen_popup_list contains a SQL injection vulnerability. Depending of the APEX application it is possible to inject custom SQL statements.
31b98b197a3734d9bdbf1e6602233a75c9d700af6752b4ba006bad71a156b817The package WWV_FLOW_ITEM_HELP in Oracle APEX contains a cross site scripting vulnerability.
91ba505930f02bcbaefdcb8f89bfba0654ef85250394f1dfdaa6191eeeb5744fThe parameter NOTIFCATION_MSG in Oracle APEX NOTIFICATION_MSG contains a cross site scripting vulnerability.
39968f8da257a3d90ebd519ef0e6d6d1f40dce618c3be5c3b4e53ed0e7231646Smarty-2.6.1 suffers from a remote file inclusion vulnerability in test_cases.php.
0c251ac507b07521fca880f1e913df2aee85a60d2d2d05b022a9520a2844f003phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2006-002: Some scripts inside the admin interface were displaying parameters collected by the delivery scripts without proper sanitizing or escaping. The delivery scripts have public access, while the admin interface is restricted to logged in users. An attacker could inject HTML/XSS code which could be displayed/executed in a later time inside the admin interface.
2e25fc4dbd7f2e8667f215f5c7b29bcecfb4f2df299917ae69d01e51ba800864AROUNDMe 0.6.9 suffers from a remote file inclusion vulnerability in pol_view.tpl.php if register_globals = on.
8ac51c233edf05a96e26ba0f74edb8e780d0937a56c2b41dd80a1a4239d21203
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed