Ziggurat CMS suffers from arbitrary file upload, arbitrary file download and cross site scripting vulnerabilities.
874c7427aa7a2638495b9b9d17e8d673ba082f4f464b3eac71f80f396b23ddabMocha LPD version 1.9 remote buffer overflow denial of service proof of concept exploit.
099a4af3c61fee3a7ffb30879dc26ba970befd43bfd5048944193ce77f98beb0The cross site scripting / input validation vulnerability in Apache OFBiz can also be leveraged to run arbitrary SQL commands. This archive has two javascript proof of concepts inside.
869b4a38f24b51ae270bb2efcdf64a5e06a74983af574cc256cfac9b7319620aZero Day Initiative Advisory 10-076 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Preview. User interaction is required in that a target must open a malicious file or visit a malicious page. The specific flaw exists within the routine TType1ParsingContext::SpecialEncoding() defined in libFontParser.dylib. While parsing glyphs from a PDF document, a malformed offset greater than 0x400 can result in a heap corruption which can be leveraged by an attacker to execute arbitrary code under the context of the current user.
4c922f3c07d9bd10745c111ce1d0a0948f99f2a5a1db6b6e4c416b58d4e77775Apache OFBiz suffers from multiple cross site scripting vulnerabilities.
5501fd94fda2e20c6ca17ba0bca565a5b103589958224155c187e9a10853c7d5The Joomla wgPicasa component version 1.0 suffers from a local file inclusion vulnerability.
3a90b41297a1502a2409072bcd97c17096e74c41ee6efea2870d1b6dbb3b744dThe Joomla S5 Clan Roster component suffers from a local file inclusion vulnerability.
b6337b415d10be34a8eb019add76240c5c83f3e7056fb7ce6ad242f1fc1d9d7eBook Library version 1.4.162 local denial of service exploit that creates a malicious .bkd file.
aec18ad366a51defd2eb60c4f76dd3bc30feb5582c61704726ac04ed620536baMovieLibrary version 1.4.401 local denial of service exploit that creates a malicious .dmv file.
010240d121e0a592d49afa1cbc32baaa08092587ddae732a968956cdbddf1a82VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. This vulnerability is caused by a buffer overflow error when processing malformed PNG data, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document.
8f92aa33be27270a73febb9b2cbd2e11d06f4d12cba56f22a94c3e7956792f04VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. This vulnerability is caused by a buffer overflow error when processing malformed JPEG data, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document.
e9d0702cdbb20963149b9f1501fb1fff56a6ebb1235cdbfbe481db507d3a630cVUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. This vulnerability is caused by a buffer overflow error when processing malformed GIF (Graphics Interchange Format) data, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document.
2e05145ed434a8f30e848a82a72d218f5439cc00fd76742b6735da9062bc4495VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. This vulnerability is caused by a buffer overflow error when processing malformed BitMap (BMP) data, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document.
c6cd8e23bde2c887f4bffe1411ad48c08b9a0b2efc7ede2c7418a28d8b0c674aVUPEN Web Vulnerability Research Team discovered 27 vulnerabilities in WebAsyst Shop-Script FREE. These issues are caused by input validation errors in various scripts when processing user-supplied data and parameters, which could allow local file inclusion, sql injection and cross site scripting attacks.
579654776cb543312df85db518c209df4b6f760d61838499c5d37ef57a0756e4YUI Images Script version 1.0 suffers from a shell upload vulnerability.
526af09a830f2d0cdc9d356f7733e6f4b6e3d9ee4a5c506549ddda6ae6ed5d2755 bytes small SLoc-DoS shellcode.
dc1e4d10eaeb1e01cf1c15e9db5b32aa36d027a14e67d579988b8f2b63e254f7The Joomla Photo Bottle component version 1.0.1 suffers from a local file inclusion vulnerability.
e39651e6e8d8a14ecdbec72053c2aef553db951eb188b525bb1bfc11f7cb1372The Joomla MT Fire Eagle component version 1.2 suffers from a local file inclusion vulnerability.
e88332505b90f47567f2762a01c68e66718c63b4e74fba5625a7d56da3b2c130The Joomla Media Mall Factory component version 1.0.4 suffers from a remote blind SQL injection vulnerability.
94d10c7538105f7b68060232b3930c05676c821b0c4989277285c006e781395fThe Joomla Love Factory component version 1.3.4 suffers from a local file inclusion vulnerability.
85e84b365fece2161df5fabdb627e3a3ecd7ac6797209300c52f3cf0db3f7ee6The Joomla JA Comment component suffers from a local file inclusion vulnerability.
b7ee11adda312fda79e427d20562af6c3da2842ba2c091a45956b09a835d82c3The Joomla Delicious Bookmarks component version 0.0.1 suffers from a local file inclusion vulnerability.
0c26eb82bc435813c949bf2c7af79e42b9c45849887232a9ab1dceeeadb2b9eeA vulnerability exists in the SMB client of Microsoft Windows 7 and Windows Server 2008 R2. This vulnerability allows an attacker to trigger a kernel stack overflow by sending a specific "SMB_COM_TRANSACTION2" response. Attacking the SMB client can be achieved by convincing a user to connect to a malicious SMB server. Alternatively, the attacker could attempt man-in-the-middle attacks (such as ARP spoofing, NBNS packet spoofing, etc.) to redirect legitimate SMB connections to a malicious SMB server. Successful exploitation of this issue may result in remote code execution with kernel privileges.
4634330c6b9a740411368733ef3422e5a35456f847e190d753c1af27f8b65e09A remotely exploitable vulnerability has been discovered in Adobe Acrobat Reader for Linux. Specifically, the vulnerability is due to an integer overflow when processing the "Shading Count" field in the CLOD Mesh Declaration block, which may lead to a heap based buffer overflow and execution of arbitrary code. Adobe Systems Acrobat Reader versions 8.1.6, 9.2 and 9.3 for Linux are all affected.
f385ef95e1573ac6a4f3c822fd3e9df546151e7422ff23e8cba084c3366032a6Zero Day Initiative Advisory 10-072 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the Secure Desktop Web Install ActiveX control (705EC6D4-B138-4079-A307-EF13E4889A82). The control fails to properly verify the signature of the downloaded executable being installed. By not verifying the executable a malicious attacker can force the user to download and run any code of their choosing. Successful exploitation leads to full system compromise under the credentials of the currently logged in user.
1f1d2f189d60548d5616e029e9798ad724801d97cc5e244ef8d01ba731375b1f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed