This whitepaper discusses getting a shell via local file inclusion using the proc/self/environ method.
f44a0909a494a885dd582da411b77ae0a025e7893da8bff98c4c86167b3fbfa5Whitepaper discussing TCP/IP fragmented packets. Written in Turkish.
3eb1e736de2a73f79bf58ba7e0ca79b65320e7d285e2ea8ce67a094d96db1d1dThis whitepaper focuses on discussing how to use the SQL XFS deviation to execute cross site scripting attacks.
d5389cf7c67fab6b3327828f65c48169a619c6b29291a442aab792d853abc3f4Mandriva Linux Security Advisory 2009-192 - Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark. This update provides phpmyadmin 3.2.0.1, which is not vulnerable to this issue.
a25bc1c9c07bd970668c91dfa4f9027d4fd9f449949fee75b5faa6affc00bd11SUSE Security Announcement - A specially crafted Shockwave-Flash (SWF) file could cause a buffer overflow in the flash-player plugin. This buffer overflow can probably be exploited to execute arbitrary code remotely.
9c145062d4387103164347ba1fdb5070b4fa232183ed065f9d873ded408caf20Ubuntu Security Notice USN-811-1 - Juan Pablo Lopez Yacubian discovered that Firefox did not properly display invalid URLs. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. Furthermore, if the malicious website had a valid SSL certificate, Firefox would display the spoofed page as trusted.
fd214a085a63ba45443b5611745a693b150a444bf8e8a7728d48059d6966ffb6Silurus Classifieds suffers from cross site scripting vulnerabilities.
2b2f51aaf7864a4be12de605b50a787b5647bde22df6bf8ccb60b840195f9c16Virtue Shopping Mall suffers from a remote SQL injection vulnerability.
614d4ffc660f667c42ba5198c3e659c1fc05ca7dcd0cc2e365d4f8ea6a46a4b8Virtue News Manager suffers from a remote SQL injection vulnerability.
758a32c7596ffad2a73cc4859512c3cecee0e59a83d030c06418ae61b36f9824Virtue Book Store suffers from a remote SQL injection in detail.php.
8a54a0758a9a0dfb6813a0f73391a0236473ae9499909f1cf0c27efb022e0dafPalm Pre WebOS versions 1.0.4 and below suffer from an arbitrary html injection vulnerability.
388afe43695652de87e411d8ed175a52521f0c756bb18627debceeef7dedfaafTeam SHATTER Security Advisory - Oracle Enterprise Manager Database Control 11 (11.1.0.6, 11.1.0.7) and Oracle Enterprise Manager 10g Grid Control 10.2.0.4 (and previous patchsets) suffer from multiple SQL injection vulnerabilities.
1f9e8a8d70e706e7a333b2c2deb353c2994c4cfe3b579aeac098feb6ae91a71eThis is a brief tutorial on remote and local file inclusion attacks. Written in German.
4a3e6145d0a0a7301e5157b69be48a9913d2849e368c4a7e5d9a8eadfe0c6bcbThis is a brief write up discussing blind SQL injection attacks. Written in French.
850e44ffacd06e23d7caec378232e76af6b7f4ef2eb9209c89c61b21dba24190Whitepaper called Optimizacion de SQL Union Injection en MYSQL. Written in Spanish.
89d8781420c427ea8b45be477b8596c114134e005d430eea4c74bd2273a6baefPortel suffers from a blind remote SQL injection vulnerability.
bb36f49b8c5e8c632eca711b49aa7250fceecd8b91e98f1fa5000340b9e67833Irokez CMS 0.7.1 suffers from a remote SQL injection vulnerability.
ecbf28add8c7d8e84dc281315a74e8e12f3cf3a794ec7be70594fd308bd55e23Forum Script suffers from a persistent cross site scripting vulnerability.
a1eda262f0e2bbc874478635d8beec226eba3e0b1823e37dcc29a03b847f9041Directory Escort Script suffers from a cross site scripting vulnerability.
3f4d3e2c773b2c62067f9e1c6090bf12ddfda7cf8a08f09f639e41ce6976d5d0Auction Website Script suffers from a remote SQL injection vulnerability.
5e20baa8a39daf6b81ff212b4375a837aaeb106346735a10d6f7038da35a0cc2AJauctionPro Oopd version 3.0 suffers from a cross site scripting vulnerability.
023550e19dac3ab5bbd61fc7a7e8dfea73bffcdd64a040ef1854d29e3f9e0306CS-Cart versions 2.0.5 and below suffer from a remote SQL injection vulnerability.
f3932067a98b57e97ac08258f33afd7ef263341a7329fcec80132aae6b1aee04Ubuntu Security Notice USN-810-2 - USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site.
141dc865e1cc92a69424274d23598cd30ffe65f83e74c1fb4dd4182ff17a9887Ubuntu Security Notice USN-810-1 - Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site.
551f75cb720ebd7eaa1e942d3bd0085543b035e372926a826f94e7e0b94f1eb5In-Portal version 4.3.1 suffers from a local file inclusion vulnerability.
ee05a4c24b9d21334fd46c599e895ffa41d734a9e76825baf4cf1bc0054d43ec
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed