After issuing fixes and an advisory regarding cross site scripting vulnerabilities in Cisco IOS, user input sanitization vulnerabilities still allow for more cross site scripting attacks. Proof of concept provided. Version 12.4(23) is affected.
4b8e1bda492dbd916cff67902a9c08759123ecbc5e870b2d27afc13135780d0eAmaya 11 remote stack overflow exploit for Windows Vista that makes use of the bdo tag.
e2a2d533c2ccd8fa575f2f8d933e131e2dc3f30b3543574bb3fb034ec5394986Amaya 11 remote stack overflow exploit for Windows XP that makes use of the bdo tag.
e49b4605d5ab57c5620fb675381e5a3726690a4cd9edc98d7bd070a91e4f751dLCPlayer proof of concept denial of service exploit that creates a malicious .qt file.
322d32d084c67fcef842b81ba6bfaf3d3e1270b57f006d85a60eb7afc17165bfGR Blog versions 1.1.4 suffers from remote file upload and authentication bypass vulnerabilities.
86b378c7ae8c58c73524e90124620acde3c589ae6a2fac9156118a503ef8c8a3Free Download Manager versions 2.5 and 3.0 stack buffer overflow proof of concept exploit.
39777be1f85065badba6635c5367e461cc771629596f5bf25851de9606d5ee2cNovell GroupWise versions 8.0 and below malformed RCPT command off-by-one exploit. Affects versions 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0.
cda22220d5d85f8227845ba12b4f38ab62b6cf123eb8fa3b922c51bdb0f2b0f1StreamDown version 6.4.3 local buffer overflow proof of concept exploit.
b8aea8bdd36d45bd058b105157c1a2525baf68768598c6f67b4570d5deb30151YapBB versions 1.2 and below remote blind SQL injection exploit.
4f1c5776d73f7cba4a9de65aac18bd8f9ac08ec74e969296c6cffe6991b5ceddMetaBBS version 0.11 change administrative password exploit.
0750ac5f62d737bb542f040c016f81681900634bfb0a0e5a00c6f579bcb3db66sqlmap is an open source command-line automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.
deea059d31091c2d800c35dbd47b454d15ccca8ffbad0c5ba4ba9e1b58746265QIP 2005 suffers from a remote denial of service vulnerability when receiving malformed RTF messages.
41563e1ce48d96ff203dbafc88910b7ea6513ec9f9389ab195e5adbe6f93681fPower System of Article Management version 3.0 suffers from database disclosure and cross site scripting vulnerabilities.
b9d0605fee5a8cc6c0f24014ea62c5527c65e94feab93643d63121ece1d8c0d9Team Board suffers from database disclosure and cross site scripting vulnerabilities.
fdb547a4f03315b5a1e23fb354a1bdc5522298d29d6f6a276c0dfd8906db3703Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco Wireless LAN Controllers (WLCs), Cisco Catalyst 6500 Wireless Services Modules (WiSMs), and Cisco Catalyst 3750 Integrated Wireless LAN Controllers. These include denial of service and privilege escalation flaws.
ceeba2fd08c41e8b3afe769edb0d1cb6c2f14f86ba37b2bae80efbb6831d3d2bThe HP-ChaiSOE/1.0 embedded web server on certain HP JetDirect printers allows a potential attacker to gain read only access to directories and files outside of the web root. An attacker can leverage this flaw to read arbitrary system configuration files, cached documents, etc. Information obtained from an affected host may facilitate further attacks against the host. Exploitation of this flaw is trivial using common web server directory traversal techniques. Verified vulnerable systems include the HP JetDirect 2420 and the HP JetDirect 4250.
be8fa162c08d4f572bcb2aef847e724d081ab534467549eef582a0eda6be899eGRBoard version 1.8 suffers from multiple remote file inclusion vulnerabilities.
54abd89d34714a2e954322e8b4ec21366e847400a2e4f97f6a510ac0b5e1c86argboard version 4 5p1 (07.07.27) suffers from cross site scripting, local file inclusion, and remote file inclusion vulnerabilities.
93f504f7406bef112d1c1b7cc575c5573fd377a9adf15cefe6a20ab71aff0eceMandriva Linux Security Advisory 2009-033 - A vulnerability has been identified in sudo which allowed a sudo-user to execute arbitrary shell commands as root. The updated packages have been patched to prevent this.
8844a007e1da129307fc0f7a7968ee532a16627ca30d81c29c81ace79c872b79Syntax Desktop version 2.7 suffers from a local file inclusion vulnerability.
0ff1a5099d31773b093269acb0731b50c0cae25e299ed3ce56d7568d6e584849HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.
98b02b39e8efb68d6c260ae6b528aaa0975fbbdee2d8d7324a63f20b0db19b90PHPbbBook version 1.3 local file inclusion exploit that leverages bbcode.php.
91442a85468196228259433d5c88831f522791e40bccaf649cd84e9e36240704Squid Proxy Cache Security Update Advisory SQUID-2009:1 - Due to an internal error Squid is vulnerable to a denial of service attack when processing specially crafted requests. Versions 2.7 up through STABLE5, 3.0 up through STABLE12, and 3.1.0.4 are affected.
35ff4b2f0ec1ca6a40c33d294aa23914b6f2ac816fc88f8652ef3a659b5fa52aEuphonics Audio Player version 1.0 buffer overflow exploit that creates a malicious .pls file and was written for Windows XP SP3.
1198ed8737a1ce7eccd302dbad114193b8d99483fba33e29c2a6c4e559486651Euphonics Audio Player version 1.0 universal buffer overflow exploit that creates a malicious .pls file and spawns calc.exe.
279931929b097b80444d5b8d9a7488114f73454042ea5eb36f60e643ca6ff669
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed