VP-ASP suffers from cross site scripting and remote SQL injection vulnerabilities.
03144e9c7692da406834dc7e125ff0f52a6114f18f5370f2ff5026b33c71728dZero Day Initiative Advisory 10-06 - This vulnerability allows remote attackers to execute code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a user must open a malicious file or visit a malicious web site. The specific flaw exists during the parsing of GIF files with forged chunk sizes. The player uses values from the file improperly when allocating a buffer on the heap. An attacker can abuse this to create and then overflow heap buffers leading to arbitrary code execution in the context of the currently logged in user.
3fce3b61a72c4ec2153f507559b7bb6126220250160813ce7c41e41b43f2eb93cPanel and WHM versions 11.25 (up to build 42174) allows CR injection that can be leveraged for HTTP response splitting attacks.
0b670ad065f6c4108376593723c9a29dc3176ab42c972663cc916ea7c24106a6Mandriva Linux Security Advisory 2010-022 - Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_free_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct thies issue.
5fab82dded984f2d28a43ce0b364ecbb0af960fb9cd65d21a63b32da93c43922RadASM version 2.2.1.5 .mnu file local unicode overflow proof of concept exploit.
a1288cd5958514bec6542dd8a9b0f2d9fbfe1b0a3b4766fcb20e68ed2092c684Zero Day Initiative Advisory 10-05 - This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious file or visit a malicious web site. The specific flaw exists during the parsing of files with improperly defined ASMRuleBook structures. A controllable memory allocation allows for an attacker to corrupt heap memory. Attacker controlled data from the corrupt heap is later used as an object pointer which can be leveraged to execute arbitrary code in the context of the currently logged in user.
5c6d1cc062494d8ea73b5a3732915836b9f6fb7683508db4b25f1456392114cbZero Day Initiative Advisory 10-04 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco CiscoWorks Internetwork Performance Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of CORBA GIOP requests. By making a specially crafted getProcessName GIOP request an attacker can corrupt memory. Successful exploitation can result in a full compromise with SYSTEM credentials.
67b1ac7c04e0e6edafe009f1aaeb1b1ea8eb95fc4b6f17009ed557c3bb4034cfDebian Linux Security Advisory 1975-1 - One year after the release of Debian GNU/Linux 5.0 alias 'lenny' and nearly three years after the release of Debian GNU/Linux 4.0 alias 'etch' the security support for the old distribution (4.0 alias 'etch') is coming to an end next month.
25113a03e29016ad5a216cedc8f90b92213057d1bf2ace2361a58e3d6d22e07fOpenX version 2.6.1 suffers from a remote SQL injection vulnerability.
0fc96d5c1a7a329f4f8f5d1c96d2bc72f039be74c4621bed8149a1a3b9415fbcThis Metasploit module exploits a stack buffer overflow in Oracle. When sending a specially crafted packet containing a long AUTH_SESSKEY value to the TNS service, an attacker may be able to execute arbitrary code.
e9967e777e3c8fe58c92669e0506711f78d2e29ac497889ccf38191214de029eThis Metasploit module exploits a stack overflow in HP OpenView Network Node Manager 7.53. By sending a specially crafted CGI request to ovalarm.exe, an attacker can execute arbitrary code. This specific vulnerability is due to a call to "sprintf_new" in the "isWide" function within "ovalarm.exe". A stack buffer overflow occurs when processing an HTTP request that contains the following. 1. An "Accept-Language" header longer than 100 bytes 2. An "OVABverbose" URI variable set to "on", "true" or "1" The vulnerability is related to "_WebSession::GetWebLocale()" .. NOTE: This exploit has been tested successfully with a reverse_ord_tcp payload.
e54d42cfbc8bbc738ef568c5e491af71d30811bb7fa5db456ba682b823955033
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed