gAlan buffer overflow 0-day exploit. Spawns a shell on port 4444.
529fd011b70918966b4dc24d3212e6178ad12b168b2838b27dcd31f6bfb1cc5aPolipo version 1.0.4 remote memory corruption 0-day proof of concept exploit.
f0c3f97fb8cde0a5a5185ce0a01dc58d0b7e14232087ec8b44d18608edf9a268This Metasploit module exploits a stack overflow in HTML Help Workshop 4.74. By creating a specially crafted hhp file, an attacker may be able to execute arbitrary code.
58d0cc0ba356a48bbb6434e177d7ead00b68656e05229387c6a7a5d2c86894baThe Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
1c1f09545a58773c8a81cfab7351894a473484fa9530ddbc87125bf703ff941dThe page used to change the administrative password in XAMPP version 1.7.2 has no access restrictions in place.
632fd915fb3a1632c5e4271b01e7efb96cc07878cde952d35948092a5c19524dDebian Linux Security Advisory 1947-1 - Matt Elder discovered that Shibboleth, a federated web single sign-on system is vulnerable to script injection through redirection URLs.
5bfdb789cfaeedfa8dad3deff0dbca861aa27e9a315369ec50e6ff1fde6b37a3Illogator Shop suffers from a cross site scripting vulnerability.
c2a844535ce64f44b70187d6af904171ffbd409c9d920be64b2be9da1c4a1da2Mozilla Firefox suffers from spoofing and race conditions in relation to JavaScript functionality.
b2090c9012cb9380aa027790f71166c32e3b35dd2ca90482e19470b4408381a4Ubuntu Security Notice 865-1 - Michael Sinatra discovered that Bind did not correctly validate certain records added to its cache. When DNSSEC validation is in use, a remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.
0149473a66c4de1ead57ba197ae9f69890d06a60be7d8b470f10d01813d5d0c9Chipmunk Newsletter suffers from a persistent cross site scripting vulnerability.
a59073f33825451b33953ac65f2484f2fb01dd3aa226716d2530462679a8b575The iWeb HTTP server suffers from a directory traversal vulnerability.
e901b4aaf92e4c67a2a21146a146eccfa73fa9d8eafe00b393c23bddf64acd49MarieCMS version 0.9 suffers from local file inclusion, remote file inclusion, and cross site scripting vulnerabilities.
3e59302851a07630ec9f74b6be93f4111dac99def8de548a3179b40459219909CoreHTTP (up to and including version 0.5.3.1) employs an insufficient input validation method for handling HTTP requests with invalid method names and URIs. Specifically, the vulnerability is an off-by-one buffer overflow in the sscanf() call at file src/http.c line numbers 45 and 46.
7895bd2e72f372fafa55aa28a36ef0e28ef9cb2efb8c7b6720638cb0cee1feeeAdvanced Image Hosting version 2.2 suffers from a cross site scripting vulnerability.
7e60c2aff6d1621e72ccd082f6145698b01c2bada5dd5d5015ff9850d3c5235cProof of concept exploit for the VLC Media Player version 1.0.3 smb:// URI handling stack overflow vulnerability.
767d6f43bcd9f36c30425b5d2d15526afe7544a53c9dce0e06e4c05f44f0ea28Local buffer overflow exploit for IDEAL Administration 2009 version 9.7 that creates a malicious .ipj file that binds a shell to port 4444.
9f5c5dcba2f81bff55ee61949db3938b13ef630dc6841b4c30fc4c4acb7ae863Software from Elkagroup appears to suffer from a remote SQL injection vulnerability.
1079402b88f7fc27565f3e8370cc9423f5c042fd72a5f4c96e8a1473a2407ab3PhpShop version 0.8.1 suffers from remote SQL injection, blind SQL injection, cross site scripting, and cross site request forgery vulnerabilities.
8cdd6603293330907026a6bd3ba7622022c146928d030a8f850ddcc4a99e4fcdsshutout is a daemon that periodically monitors log files, looking for multiple failed login attempts via the Secure Shell daemon. The daemon is meant to mitigate what are commonly known as "dictionary attacks," i.e. scripted brute force attacks that use lists of user IDs and passwords to effect unauthorized intrusions. The sshutout daemon blunts such attacks by creating firewall rules to block individual offenders from accessing the system. These rules are created when an attack signature is detected, and after a configurable expiry interval has elapsed, the rules are deleted.
9e98e0c218cb5a93c55b93a21d9b95ab53d7eca9f240abe58905dd6f332e0a67AROUNDMe versions 1.1 and below suffer from a remote file inclusion vulnerability.
e604706f383bc5c3ee4440da20742ccb2d46982c62f7784cb8dbd436dea81e2cThe Joomla YOOOtheme component suffers from cross site scripting vulnerabilities.
97eae37014fc2225afedb44591561a89fbbae53eae8be987ffeb7be18f5800e6Mandriva Linux Security Advisory 2009-326 - Multiple vulnerabilities has been found and corrected in mysql. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides fixes for this vulnerability.
9206e9b5ad62079eab88cd261aeacc324cd78e7b929cb7e7acc5a4a3cfdb79cbMandriva Linux Security Advisory 2009-325 - ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.
e2077ce129461d0a497c42e86d0c3e3ab2181e15b32eb65c1f3946d4694469ccMandriva Linux Security Advisory 2009-199 - Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412. This update provides a solution to this vulnerability and in turn upgrades subversion where possible to provide additional features and upstream bugfixes and adds required dependencies where needed. Packages for 2008.0 are being provided due to extended support for Corporate products.
35f14e547986c134bc886a49f42bf2925249db96e8091e085536465b0d77f8fdMandriva Linux Security Advisory 2009-324 - Multiple vulnerabilities was discovered and corrected in php. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.
e3afdb1902dc3655ca41902b102924f73c6a2af7992eeefb617e4d6c17506ffa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed