Secunia Security Advisory - Russ McRee has discovered some vulnerabilities in DFD Cart, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
265a0aa0813f6095ad614868b03ee89cf9ce45ea9b206f61c4d634a49e0864cbSecunia Security Advisory - Slackware has issued an update for openssl. This fixes some vulnerabilities, one of which has unknown impacts and others that can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).
78ced51aa28262b64942815dc3cd3ebc01e0f1179a2102673018609715c77424Secunia Security Advisory - Some vulnerabilities have been reported in Apache HTTP Server, where one has unknown impacts and others can be exploited by malicious people to gain access to potentially sensitive information or cause a DoS (Denial of Service).
6ede5d5fcccbbc5c319d6b59b27fbd0092e32ca213cd906d08382168113717b9NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
6173ebb132981a6b9577f4c7fb9a2c6062201f118d17f69e3a0d67f623d50f1dMcAfee LinuxShield versions 1.5.1 and below remote code execution proof of concept exploit.
d06d6fd6943d8a9711649f4fed45d0ff2d2d71cd45f67c4676a3b007c669a219McAfee LinuxShield suffers from remote and local code execution vulnerabilities. Versions 1.5.1 and below are affected.
6f765889b50a212dd66271f122872290dfb10b802d0b2b02035f85f140f0fa95Zero Day Initiative Advisory 10-024 - This vulnerability allows remote attackers to deny services on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NDS daemon's SOAP service. When a malformed request is made to the novell.embox.connmgr.serverinfo SOAP action, the daemon makes an illegal reference thereby resulting in a denial of service.
9e8481ec0fa8aa02fc1a3e88f79a85d0e72d57686f7a41a8078b50e00a3b6942Debian Linux Security Advisory 2006-1 - Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users database server.
704c320f7d43b84e5df70a4b83e40163de1691ddd6dbd158d2607111d35e2b0eWebRaider is a proof of concept quality tool to get a reverse shell out of SQL injection (MS-SQL) by using One Click Ownage.
745e39d9782621659e4b684fd301e6cd6374a5d4ec94298eadb8e858bdd7080dMandriva Linux Security Advisory 2010-053 - mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent after request headers indicate a request body is incoming; this is not a case of HTTP_INTERNAL_SERVER_ERROR. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
501dd74cf2121c19e60067a5829a581690c9cfb911714c4ed201ebe510c83907ProSSHD version 1.2 buffer overflow exploit with reverse shell shellcode.
984f787b1145abbe84a155bef9ca0d64f8657ddad2c80e451bd2410edaf06144Uploadify Sample Collection suffers from a shell upload vulnerability.
34c444919293fb7a8c83e6704ea3144264fddacad37359397f1c4f7648d11742PHP Advanced Transfer Manager version 1.10 suffers from a shell upload vulnerability.
9742ad4352fb10741d428c7610af1a4837e8e113cacb1c5599720134b5faa209iDefense Security Advisory 03.02.10 - Remote exploitation of a stack-based buffer overflow vulnerability in IBM Corp.'s Lotus Domino Web Access ActiveX control could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerable function takes an attacker-controlled URL, and copies it into a fixed-size stack buffer. No validation checks are performed on the length of the URL. By passing in a long URL string, it is possible to trigger a stack-based buffer overflow, resulting in the execution of arbitrary code.
d7bb11918744f40858388713a6cadb9a010141307cf776efd3f5a90a2856dc85The Sparta Systems TrackWise TeamAccess module suffers from a cross site scripting vulnerability.
52aeca03b84206b3c2b015722e3fbbb96730fc996397f673d8eb9f960cfe130d1024 CMS version 2.1.1 suffers from a remote blind SQL injection vulnerability.
9724c67e794c2377a5432c37ce4f57b88f8f80cfd1498dc8df827028799be722My Little Forum suffers from a remote SQL injection vulnerability.
8acf7a206d4d605e6b4bd19b5c2dd8879545c1b06c933ab2e1464a82b71f1ddbCYBSEC Security Advisory - The help section in IBM Lotus Domino version 7.0.2 suffers from a reflected cross site scripting vulnerability.
72903ba509e00eb29db00ca12641bb82767735d334ecdb962b8f56a08b2128d6osCSS version 1.2.1 suffers from a backup disclosure vulnerability.
3ad547824fa1b00b3925e2f0bb98e2db0fee7c0adf95e43500d60933753fef7bAl Sat Scripti suffers from a database disclosure vulnerability.
158705745a8c0c56b62e527904c3b8161c7df6bb396096802755afb67be05cc8Opera plenitude string crash exploit.
589bbfe26a6f9424f7d48ca61f77d3d2386707520e5a5d6228440b8d0cb73becMozilla Firefox version 3.6 plenitude string crash exploit.
514f458faede34b4232dc4469ae12e56221e370427f68669c2a3688d3e93397dEshbel Priority MarketGate module suffers from a cross site scripting vulnerability.
ba1eb4771be17163701c33bc9cd1834c5df42518f2f7cfe06aaa3c6efd2d9e92This Metasploit module exploits a buffer overflow in BaoFeng's Storm media Player ActiveX control. Versions of mps.dll including 3.9.4.27 and lower are affected. When passing an overly long string to the method "OnBeforeVideoDownload" an attacker can execute arbitrary code.
95ff9a57dc2d4014a3f0da453c07931f721900ab235ae3a9985a5dcf89bff4dcThis Metasploit module exploits a code execution vulnerability that occurs when a user presses F1 on MessageBox originated from VBscript within a web page. When the user hits F1, the MessageBox help functionality will attempt to load and use a HLP file from an SMB or WebDAV (if the WebDAV redirector is enabled) server. This particular version of the exploit implements a WebDAV server that will serve HLP file as well as a payload EXE. During testing warnings about the payload EXE being unsigned were witnessed. A future version of this module might use other methods that do not create such a warning.
f83f40fb588e34999fbe38619333368187e38c873789888c011448074585069e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed