This Metasploit module will execute an arbitrary payload on a Microsoft IIS installation that is vulnerable to the CGI double-decode vulnerability of 2001. NOTE: This Metasploit module will leave a metasploit payload in the IIS scripts directory.
641ff99aa7811add9ad4dcc768fb2145b5eaa76f8f0c9f211e656f570bea2703Secunia Security Advisory - Ubuntu has issued an update for glibc and eglibc. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to potentially compromise a vulnerable system.
e6d2c857318f5381c4a650765a9806f63517571e33404493427bef61e80f2c57Secunia Security Advisory - Fedora has issued an update for openssl. This fixes some vulnerabilities, where one has unknown impacts and the others can be exploited by malicious people to manipulate certain data or cause a DoS (Denial of Service).
c7e329acb67fffd4a0e166c0a11c3dbec8964bd58e59a80cb6097c0891164842Secunia Security Advisory - Fedora has issued an update for cacti. This fixes some vulnerabilities, which can be exploited by malicious users to conduct SQL injection attacks and compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks.
8b00fc8efbea4526b50dda19c6037803cf75bcd16315f3c2ffb59504e010c154Secunia Security Advisory - Fedora has issued an update for html2ps. This fixes a security issue, which potentially can be exploited by malicious people to disclose sensitive information.
cae33aae581de1e8cd2d8a20cb715972a1fdc5b711c180cdf105a3ec22e5c943Secunia Security Advisory - HP has acknowledged multiple vulnerabilities in HP Business Availability Center, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting and cross-site request forgery attacks, and potentially cause a DoS (Denial of Service).
538a765f61842a4f4c47b7017130989daf1079b43cb7786f83d5d866a937b165Secunia Security Advisory - Some vulnerabilities have been reported in Python, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
87d63086d4bf8081e97fd15906f22e47d92163532cfb75a90be8358624699a79Secunia Security Advisory - A vulnerability has been reported in IBM Communications Server for AIX, which can be exploited by malicious people to cause a DoS (Denial of Service).
982c112b33f2f74a6384659be1997254e5037e7d14d017c47452b90dd3574b45Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in razorCMS, which can be exploited by malicious users to conduct script insertion attacks.
80ac8eec129a202e294d1f7c7aef02f635f9b6a2ff2b4be0f529873c6ea61a31Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes two weaknesses and multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges and by malicious people to conduct spoofing attacks, manipulate certain data, cause a DoS (Denial of Service), bypass certain security restrictions, and potentially compromise a user's system.
9da9d333ce39b31e3dc60ba47ed0a21d6c22ba7df54fdc8e4028a80ab2dcdea4Secunia Security Advisory - A vulnerability has been reported in HP TestDirector for Quality Center, which can be exploited by malicious people to bypass certain security restrictions.
a00ab8e905af586f38af9361602f3c714ee73dd8460af925795305200b31eef1Secunia Security Advisory - epixoip has reported some vulnerabilities in Specialized Data Systems Parent Connect, which can be exploited by malicious people to conduct SQL injection attacks.
203bcdb7687a481046f81cfa313bf10c583b80944b6a926a18325e44a17c6f48Secunia Security Advisory - Giamo Casanunda has discovered a vulnerability in CuteSITE CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.
9a2a721c28ac6a5f2c6d374d26d27105d5179359d1b9701e15420baaf4bbf7e5106 bytes small Linux/x86 disable randomize stack address shellcode.
35d8630bd9123b26df4c95ebc2cc73d88c99017d32b061a3890cd84779c2f483Ubuntu Security Notice 944-1 - Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon function. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. (Ubuntu 10.04 was not affected.) Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges.
3912a2ecbd425f205230279f33dba703af4f372c3f17130c8ea1d9cf79a904f4Mandriva Linux Security Advisory 2010-107 - The server failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This could be exploited to bypass almost all forms of checks for privileges and table-level grants by providing a specially crafted table name argument to COM_FIELD_LIST. The server could be tricked into reading packets indefinitely if it received a packet larger than the maximum size of one packet. The server was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct these issues.
c4e7a351b4df255c2bcd254f120217884009c882c3d662a9f87f93f5cefee126Design by Web5000 suffer from a remote SQL injection vulnerability.
87444cbc402a3bfc34a4f917e23d240e33168d03ea09bd1fdac2e9e423797ae1Flock Web Browser version 2.5.6 remote memory corruption denial of service crash exploit.
7ef197701ddf5fce834d394de1ef5458520ee5509fb092bec9ad82205c220504Open and Compact FTP Server version 1.2 universal pre-auth denial of service exploit.
684440a1375687cbbed6a34317a123196df83653b157c3498e09d81c91f2b0deWebit CMS suffers from a remote SQL injection vulnerability.
81cdf9b8a8262be39c1200d2a74f6b3636c9d212bb5d1e62126345f3735f0187Webby Webserver version 1.01 suffers from a buffer overflow vulnerability.
c1efddb1b13c33f48bca2724a4a2cd55dd316b60fd3c13ef1e71beab2ce48b4eThe MKPortal Catphones module suffers from a cross site scripting vulnerability.
6ca0ec49a81b59b7080b28dc1d474161b1e0472fccae6a47fdb409d9e926cca6Simpleside suffers from a remote SQL injection vulnerability.
240ccd091fe4126ddd2937b1a201957f6ef37c53a9c91ca31c76fe4cdd835a27Debian Linux Security Advisory 2053-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
235a0a62a6c6d71e07f774851a912b83c30395263efd5ebe128f10b746878d05Nitro Web Gallery suffers from a remote SQL injection vulnerability.
021be5bdd0f4439a323b8c9b3344415c9024c4d57498f67c6770047df109000f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed