Brief whitepaper detail authentication bypass using SQL injection. The paper also discusses how to get around magic_quotes.
40067ef97854c2d161d11307a2778c478ab760099a9a4acb512ebea16bb98bb5iDefense Security Advisory 03.30.10 - Remote exploitation of a buffer overflow vulnerability in Oracle Corp.'s (formerly Sun Microsystems Inc.) Java Runtime Environment (JRE) could allow an attacker to execute arbitrary code with the privileges of the current user. The JRE is a platform that supports the execution of programs that are developed using the Java programming language. It is available for multiple platforms, including Windows, Linux and MacOS. The JRE platform also supports Java Applets, which can be loaded from Web pages. During the processing of an image file, user-controlled data is trusted and can result in an undersized allocation of a heap buffer. A copy operation into the heap buffer can lead to a heap overflow condition within the JRE. This condition may allow a remote attacker to subvert execution control and execute arbitrary code.
c8136fdeea2fd3eee123f117e7725124c2bbfe3eb2d36469fe6bc5b899969b0fThe Struts-based web application uses the server-side session sattribute "context_vmdirect" to store various settings, including the URL to the XML web service backend. By default, the URL is http://localhost/sdk, but the web service URL can be manually set from a client browser in several locations. If wsUrl is changed to point at an external server, all SOAP calls for that session are sent to the specified server. This includes plaintext authentication credentials. An attacker could exploit this by tricking a user into following a link to /ui/vmDirect.do, with an attacker-controlled server passed in the "view" parameter.
fd01d4172df55b8994b34803311ab871ff8630ad51141bd4511fe4f4065759a2Optimal Archive version 1.38 SEH buffer overflow exploit that creates a malicious .zip file.
77fb9e0ccf1cd252328edffbde84cb2651b0590f09bd2094e6bb90bf409e62d3OSSIM version 2.2.1 suffers from a cross site scripting vulnerability.
6e4c14c8aec37791b959d328a1ff9ea0a8783eb80875f32046ccca8bb2a4c4efOpenDcHub version 0.8.1 remote code execution exploit.
52bac409f84810190d80d37762eff34565f4eb33694b323fd7d5ea0083b1640bThis Metasploit module exploits a use-after-free vulnerability within the DTML behaviors functionality of Microsoft Internet Explorer versions 6 and 7. This bug was discovered being used in-the-wild and was previously known as the "iepeers" vulnerability. The name comes from Microsoft's suggested workaround to block access to the iepeers.dll file. According to Nico Waisman, "The bug itself is when trying to persist an object using the setAttribute, which end up calling VariantChangeTypeEx with both the source and the destination being the same variant. So if you send as a variant an IDISPATCH the algorythm will try to do a VariantClear of the destination before using it. This will end up on a call to PlainRelease which decref the reference and clean the object." NOTE: Internet Explorer 8 and Internet Explorer 5 are not affected.
2050b221f455e1fa58a8d196ecf708064b18b0b04314d24c17d3d8356494d06eThis Metasploit module exploits a stack overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request to OvWebHelp.exe, an attacker may be able to execute arbitrary code.
55d170104143bc443ef2724ff037c2b870160add006e6725a9d78d69fe2baffbPiwik version 0.5.5 suffers from a cross site scripting vulnerability.
bfbc6eea5c3aa09e5746fdb11074f52035f786fa423cc75268c0130bc26f8546WM Downloader version 3.0.0.9 local buffer overflow exploit that creates a malicious .asx file.
ff70b99a932f338633be021295aaad315a7a44f58125671ca2fbc692f8ef14d3Huron CMS suffers from a remote SQL injection vulnerability that allows for authentication bypass.
18769d2bd41023b4c1d8863856e891e5fa6030aec380cadb3f8618fc4ca823cc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed