Way Of The Warrior versions 5.0 and below suffer from local and remote file inclusion vulnerabilities.
b4913562d35071063d68e9ddeeeec8ffed04819680270ffeaa74df2d3ed8b3d6A vulnerability allows remote attackers to execute code on vulnerable installations of Adobe Acrobat. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when processing malicious javascript contained in a PDF document. When creating a Collab object and performing a specific sequence of actions on it, memory corruption occurs potentially resulting in remote code execution. If successfully exploited full control of the affected machine running under the credentials of the currently logged in user can be achieved.
42374904d4b1208ff8703af67298c304e34bf7495b2cddcaac9b42494e5bc072A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious web address or open a malicious file. The specific flaw exists within the parsing of PDF objects defined in the file. When a specific object becomes malformed, a small memory corruption occurs which can be leveraged by an attacker to execute arbitrary code under the context of the current user.
83fcb2c8b363aecd0f52b7d84c9897263d7250d4ee9f6957c6eadeeccb666437A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of embedded Javascript code when opening a PDF. Adobe Acrobat has defined it's own set of Javascript functions that can be used in a PDF file. Due to improper parameter checking to one of these functions arbitrary memory can be over-written leading to remote code execution. If successfully exploited remote control of the target system can be gained with the credentials of the logged in user.
32057ab035963d55bca65f0262c3900d8b1ae3a4ff8d48a1d912e522ba19477cOnline Booking Engine suffers from a remote SQL injection vulnerability.
2a18094265fd228d848bd934119e96358d121176054653ff419ddcd8a831802bDHCart suffers from multiple variable and stored cross site scripting vulnerabilities.
2cc2ee1cebe2610ae27e21cfbccb8ffbfa599956d384eb909f25ad11777bef88iDefense Security Advisory 11.04.08 - Remote exploitation of a heap corruption vulnerability in Adobe Systems Inc.'s Acrobat Professional and Reader could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerable code is an AcroJS function available to scripting code inside of a PDF document. This function is used for HTTP authentication. By passing a long string to this function, it is possible to corrupt heap memory in such a way that may lead to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Acrobat Professional and Adobe Reader version 8.1.2. Previous versions may also be affected.
a68c90f63ac9868f9aebc1ff546acd3970b4d2503d3f2a2ce5fdfbfa73f12e69iDefense Security Advisory 11.04.08 - Remote exploitation of an out of bounds array access vulnerability in Adobe System Inc.'s Adobe Reader could allow an attacker to execute arbitrary code as the current user. The vulnerability specifically exists in code responsible for parsing Type 1 fonts. After allocating an area of memory, no bounds checking is performed. Subsequent access of this memory may result in modification of arbitrary memory, which in turn may result in arbitrary code execution. iDefense has confirmed the existence of this vulnerability in Adobe Reader version 8.1.1. Previous versions may also be affected.
535bcfb45222fcef1677636e3eccd5f01b7f0d1beaf872ff09641d7d8e2c9406iDefense Security Advisory 11.04.08 - Remote exploitation of a stack based buffer overflow vulnerability in NOS Microsystems Ltd.'s getPlus Download Manager, potentially used by multiple vendors, could allow an attacker to execute arbitrary code with the privileges of the current user. iDefense has confirmed the existence of this vulnerability in getPlus gp.ocx version 1.2.2.50, which is used in web based installations of Adobe Reader 8.1. Previous versions may also be affected.
f82cd5bb85b3a959d2c8d724ce4105aa767646e05a45b9d840a37588554309e9WEBBDOMAIN Post Cart versions 1.02 and below suffer from a SQL injection vulnerability that allows for authentication bypass.
37461192886fed11dc1c7eca9d7a35efd16e7e0f50ce5eec30c34204edccf2a5WEBBDOMAIN Webshop versions 1.02 and below suffer from a SQL injection vulnerability that allows for authentication bypass.
059304c2759b95cf12603cbe45f5129d7fc8fc99e0fff9fe6b49d8a36b325cfaWEBBDOMAIN Quiz versions 1.02 and below suffer from a SQL injection vulnerability that allows for authentication bypass.
f499f48a5d714eea5dce010abed6affe1d6e04c2db9bd329cc2095da713b7573WEBBDOMAIN Polls version 1.01 suffers from a SQL injection vulnerability that allows for authentication bypass.
251c6580e8a7d77651cea3cefa9e67b7d01fa19cb7fea122864b3c0a386318b3WEBBDOMAIN Petition versions 1.02, 2.0, and 3.0 suffer from a SQL injection vulnerability that allows for authentication bypass.
e80f21930d6292389e885d9bac5c34ef3b41461be781add1ae43eef36e996ab0FirmChannel Digital Signage version 3.24 suffers from a cross site scripting vulnerability.
bcb35fe0a2c40a10309b3795346c219cd63abc3846b20cc4b2ddf929a5a51479TR News versions 2.1 and below remote login bypass exploit that makes use of login.php.
493418d6d1dd913ffa106d667a19796cc778012055bc46d51fc928b2823b3d89sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more.
88fc937ae2b316657d98efae05bba9f15d3823c3a78d7a9f4c5a244f2333ddadTours Manager version 1 suffers from a SQL injection vulnerability in cityview.php.
d5201e7c1eafd9806fc0f6edab7b1c715a4e5b13d4f5f53e888f0dd87ce9b4efSimple Document Management System version 1.1.4 suffers from a SQL injection vulnerability that allows for authentication bypass.
10b46566d69c1c073344914d95684f415af5bd0d29b007b7b2a700d580bd64a6The Aruba Mobility Controller in ArubaOS version 3.3.2.6 suffers from a SNMP community string disclosure vulnerability.
f30235030c7d2b5d8b396e3e747d82f36e3c379d83f309d3c4d0182c84be4ab7HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Xserver. The vulnerabilities could be exploited remotely to execute arbitrary code.
ced5c6740042c0cd094d009d362b7d7685ebb91d5fe0e017b9aab934a40f69b1CMS-School 2005 suffers from a remote SQL injection vulnerability in showarticle.php.
4a40c0a4764f70fa3e49667b60718b8eec042b632f3283dc22018a9391d9d680Vibro-School CMS suffers from a remote SQL injection vulnerability.
70e4865a631c3f5aea90319b988075756bd2da7ae39097c6569d96a86c5dc3bbThe ProDesk Joomla component versions 1.0 and 1.2 suffer from a local file inclusion vulnerability.
a943b10e9b1e68e798cdd809248c8d0f21fa3a93d5afe57d6811f80ace2fe2a1Puglia Landscape suffers from a local file inclusion vulnerability.
8b2f776f420cbc87fe117b205b70792c4607e7550e41957005771e7b61df3876
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed