Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.
144d89e555b859344c96a178d2e801d84b6fd6e8093a73373959bb3e613f6d3bThe Joomla Noticia component suffers from a cross site scripting vulnerability.
999004b8fcfb25c02147ab0218b9407025331872c9b2ac10fef79b402b7e105cMandriva Linux Security Advisory 2009-345 - The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack. This update provides a fix for this vulnerability.
19f470ee17791ac109a1255ca226370d567f85e36fde4a87dae2c59dcd792426eStore version 1.0.2 suffers from a remote SQL injection vulnerability.
fff03c16dc9b0141b52c4f35e247a2d7e65ff4f1e46867aed868a03aee54b0cbMandriva Linux Security Advisory 2009-146 - Security vulnerabilities has been identified and fixed in University of Washington IMAP Toolkit.
7d4cf5f5853a965d4cb5684b8a5cd31bb2f6df434ea4e84c2a8c04a5925e5280Quick Player version 1.2 unicode buffer overflow exploit that creates a malicious .m3u file and binds a shell to port 4444.
2644115892e7617f45b3af34bbca173e85cb216c51a8666c991785577ba5af9fMini-Stream Ripper version 3.0.1.1 universal buffer overflow exploit. Written in Python.
fe18ecda779763101c96667165f5b3ff90dd51da4847cb5a88196f64e89f558bSoritong version 1.0 universal buffer overflow exploit. Written in Python.
fb1f6b6dd51b3b99f911a7bde8d3340607b5b540c67bd3bb4c4a8342e7f7faa7This exploit is a simple malicious file creator that will help the users to create jpg images with metasploit shellcode. The file created must be browsed and then a shell will be bound to tcp/31337.
3951e4d38ce2fbd2a74fe1c2298d117fcdff1053e5434ddda7f24fd0890d02b5BigAnt Server version 2.52 SEH overflow exploit that binds a shell to port 4444.
b77adcc621ad15f1ab95c3ee91f3eaa526a5f33005c6ce85504b8e740b7e4f89Mandriva Linux Security Advisory 2009-189 - SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x allows remote attackers to execute arbitrary SQL commands via multibyte character encodings for unspecified input. This update provides fixes for this vulnerability. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
317773726398782e7f4264dc97c5b1722f8601814a2f8ced01acc6edfe1030a123 bytes small Win32/XP SP2 (EN + AR) cmd.exe shellcode.
03a66fa62d8143703c139e3ea3cacafd2402f6bde842533736d9c1d3416059d1Mini-Stream Ripper versions 3.0.1.1 and below local universal buffer overflow exploit that creates a malicious .pls file.
263b75cac2b3b8c44601fecaf6ac77ec606e586a9e6a9caa4c5ebf44c3aabbe2Mini-Stream buffer overflow exploit that creates a malicious .pls file.
ced73ba9c1d02b9f9366aa17c0311aefce09dd31876e61f25fbe2192fded9451M.J.M. Quick Player version 1.2 stack buffer overflow exploit that creates a malicious .m3u file.
85d1dfa1e061e767ced38cff60f6e57cc0f9f53e044e47d7c5d19097a437a8bbMIT krb5 Security Advisory 2009-003 - A null pointer dereference can occur in an error condition in the KDC cross-realm referral processing code in MIT krb5-1.7. This can cause the KDC to crash. This is an implementation vulnerability in MIT krb5, and is not a vulnerability in the Kerberos protocol.
492697d164ff8839715b475976bfa5ce3d9f4e7467ed101685ba6316dbd549a1This code was released to mitigate the Microsoft IIS semi-colon vulnerability. It's intended for IIS 4.0, 5.x, and 6.0.
258979f3104b310429262a5ee76831642e3256b938d895463e1848938fa31d00Mandriva Linux Security Advisory 2009-344 - Heap-based buffer overflow in the DBD::Pg module for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides a fix for these vulnerabilities.
a463c62713330f38a115bd343b5b7308c9d6b0617aa8908f335b48f18dd7ef6eSunbyte e-Flower suffers from a remote SQL injection vulnerability.
a474d4af33977175c243d7411e2894fcb147d0888451a308a9c9ece997aa4376Mandriva Linux Security Advisory 2009-244 - Xfig in Debian GNU/Linux, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID. This update provides a solution to this vulnerability. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
e86ce2890fe703719128ff05880d8f431bb0ce9ada6da393046a78c514e14ab3The Joomla If Nexus component suffers from a local file inclusion vulnerability.
e3d658354d5941fc56169833db8e64866ee5d3fe642a5f0e2c893a0d3600efd2Joomla version 1.5.x suffers from a local file inclusion vulnerability in index.php.
cdbeee8109124d4a304c782f1b6dc5ca2551180432a91e3b175d460cd9d70003Debian Linux Security Advisory 1957-1 - It was discovered that aria2, a high speed download utility, is prone to a buffer overflow in the DHT routing code, which might lead to the execution of arbitrary code.
5391543f064f2428f6fc00cb15ada4d317f03d96a2ebdd6cf69e0e5f713a34b8Yonja suffers from a remote shell upload vulnerability.
b3b63a750b7f539e0dfa19314584f3b681c0ca253ca4a9cfb6ff3c1a90b368bdCalendar Express version 2.0 suffers from a remote SQL injection vulnerability.
be278c384d2d3f0342a841a4f2385baf72e24d8a1383a51e916a603bd2506405
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed