Rayzz Photoz suffers from a remote shell upload vulnerability.
382cc41a22b7d66207f7cc50e5656e535e1a17724fcb951a364e7c7e2310258eArpON (Arp handler inspectiON) is a portable ARP handler. It detects and blocks all ARP poisoning/spoofing attacks with the Static Arp Inspection (SARPI) and Dynamic Arp Inspection (DARPI) approaches on switched/hubbed LAN with/without DHCP protocol.
2bd50d936e2028d62d4d9688c20e3c73638187531d013b7e027c652b1dc14ee6SureThing CD Labeler .m3u / .pls unicode stack overflow proof of concept exploit.
aa13b35c3e9c5a5d370d4cbe2bdcaa8c6f66436d4e74ec8797e1c1715673df67Hotel / Resort Site Script with OnLine Reservation System suffers from a remote SQL injection vulnerability.
bf42d49a0ec0e263a990787a924dfc29f3c7edc24af5deba130dd88e8966c3acPaessler PRTG Traffic Grapher version 6.2.1.945 suffers from a cross site scripting vulnerability.
9928e64f93990e4430c1392f78428745b7beef46d2ffe1131f889e1ac13a103dBest Real Estate Script suffers from a remote SQL injection vulnerability.
836b8288543643d84c6ca9cd7259b2896a9d0c650f403337e93ebac4689170d6Zero Day Initiative Advisory 10-100 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application duplicates event listeners in .svg documents. Upon creating an AnimateTransform object, the library will create a timer to handle the transformation and duplicate the object's event listener into Webkit's "shadow tree" of the image. Upon destruction of the shadow tree and the original tree, the application will destroy the Element containing the event listener twice. This can lead to code execution under the context of the application.
7d0809e72c60007e344db72c24187f922e778eaf606c4c95a6c3a5200e7911aaZero Day Initiative Advisory 10-099 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with how WebKit inserts error messages into documents utilizing the SVG namespace. Upon a parsing error the library will attempt to access an element before repairing the XML. This will cause the library to access uninitialized memory which can lead to code execution under the context of the application.
c20cb2abc01288159002fd8573e829bcf9ef476e30bf40c52bfb1c94e6ff04e6Zero Day Initiative Advisory 10-098 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required in that a user must visit a website or open a malicious document. The specific flaw exists within the way Webkit implements the 'first-letter' css style. If a container with the first-color style has it's contents replaced with a particular element, the library will create a dual reference of the style in order to apply to its contents. Later when the element is freed, the dangling reference will still be applied to the style. Upon navigating the document's styles for either repainting or style recalculation, the application will access the freed memory which can lead to code execution under the context of the application.
f007afa348d79d097ee6a70aaf89ab0017c258dea3b9d8b4a50830fb69915052Zero Day Initiative Advisory 10-097 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required in that a user must be coerced into visiting a malicious website. The specific flaw exists within the way Webkit inserts an element into an editable container. Immediately before the actual insertion the library will manipulate the contents of the field in order to insert the new node. Upon traversal of the tree by the library, the application will attempt to access an uninitialized element that was created prior to the insertion. Successful exploitation can lead to code execution under the context of the application.
63fe84bb7a608f3bd41748f56f6322d810453567f8aa4fcdc50e92769d177925Zero Day Initiative Advisory 10-096 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the WebKit library handles recursively defined Use elements. Upon expanding the target of the use element within the tree, the application will create a dual-reference of a Use element. Upon page deconstruction the application will destroy the single reference and then attempt to destroy the second one that is currently occupying the recently freed memory. Successful exploitation can lead to code execution under the context of the application.
595b83060053efbb62ecec02378368332fc637e60bbcbfa576b4b80ab5ce27cfPre Web Host suffers from a remote SQL injection vulnerability.
4d258c05bccfc8021b020189e7800f73c6bc74f130fb2333f1e694d13da54aebCastripper version 2.50.70 .pls stack buffer overflow with DEP bypass exploit.
63f91da200ad01420a2dd356383697b73da42ae6b7788b473b6a33252406b0dfApple Safari WebKit suffers from a HTML button use-after-free vulnerability.
f36dcd883ac6b8ae5841337712b2ab864df2d80bbd1ba2cf60dff0d5f9bd52b2Mandriva Linux Security Advisory 2010-111 - Multiple vulnerabilities was discovered and fixed in glibc. The updated packages have been patched to correct these issues.
b67df34d081ca3c40a950f5fc06c07bbc5bc25a1e0a4984f6007c19901456d83EMO Realty Manager suffers from a remote SQL injection vulnerability.
b50e55ce7fa206d6662b760fc7a7469b4320d34bbbcec31cdac55eec725f1180Holiday Travel Portal suffers from a remote shell upload vulnerability.
206b1787088097e6f4e4d4c886a2bd2ddb4082b2dc9f7b91b27a4cf5bfe28f1bMotorola SB5101 Hax0rware event reset remote overflow exploit.
532fb9884b7cc9cda3a400d902285594780f8388a8a9e422be8e5b934d9f7dfbMotorola SB5101 Hax0rware Rajko HTTPd remote proof of concept denial of service exploit.
f11e4c8e042ceb2366c5e971c759cb7848d1150fcf836c96cb932f831a22d2e8Zero Day Initiative Advisory 10-095 - This vulnerability allows remote attackers to execute arbitrary code on software utilizing a vulnerable version of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way that Apple's Webkit handles the DOCUMENT_POSITION_DISCONNECTED attribute when a container is removed. This attribute is responsible for ensuring that a node is disconnected from it's container and is implementation specific regarding the order of each node. If the disconnected element is removed from a particular type of container, the next time the application attempts to reference that container, the application will access memory that has been free which can lead to code execution under the context of the application.
d9bdd0e4350682858ef5d04c4e0a7960393fc99fb82028448b9ce41f1926fe49Zero Day Initiative Advisory 10-094 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required in that a user must be coerced into viewing a website. The specific flaw exists within the way the library handles selections. If a particular element is selected by the application, an event can be triggered in order to interrupt execution handling a component of the selection. By modification of the elements contained in the selection by the interruption, an attacker can substitute contents of their own choosing in their place. This type switch can lead to code execution under the context of the application.
05da9f11778e7d70686cb92b4fae597e9a07cfcd9c5f6f7000e6bb97ae2b6573Zero Day Initiative Advisory 10-093 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Webkit's support of character sets. If the IBM1147 character set is applied to a particular element and that element has a text transformation applied to it, the application will attempt to access an object that doesn't exist in order to perform the transformation. Successful exploitation will lead to code execution under the context of the web-browser.
b8a274bc834495fd445173568c8f4b064aaf5f3189cf90061c14a5f304501f2cZero Day Initiative Advisory 10-092 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apples Webkit. User interaction is required in that the user must coerced into visiting a website or opening a malicious document. The specific flaw exists within how the library removes a particular container element containing another element holding the contentEditable attribute. Upon removal of the container during a particular event, the library will traverse the tree and access the contentEditable element that was freed. This can lead to code execution under the context of the application.
cbeec2ee36d4519812f27d727c23bd06313077dcf47f7a611196a4f46f9399fdZero Day Initiative Advisory 10-091 - This vulnerability allows remote attackers to execute remote code on vulnerable installations of Apple Webkit. User interaction is required in that a target must be coerced into visiting a malicious page. The specific flaw exists within Webkit's process for destructing attribute objects via the removeChild method. If an attribute's child object is accessed after the attribute was removed from the document, an invalid pointer is referenced. This can be exploited by an attacker to execute remote code under the context of the user running the browser.
f4afa92d20e5763b95c6abf19991774d188549e0017aeb5a33c8eb1db271a7b8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed