AltConstructor suffers from a cross site scripting vulnerability.
ce0746ea314fc460565eefd10ae6a839ae82cd3f578836de4e1718b413de13b5The Joomla Polix component suffers from a local file inclusion vulnerability.
2884fb26dfa049499f7b4054faa888728e5994d396e54babd506c4f6927c426cThe Joomla MGM component suffers from a remote file inclusion vulnerability.
f2ed94372297db2f9a306586e4c593ddb388a9e6306d0631aa4f971649affe0cMicrosoft SQL Server supports so called CLR Stored Procedures which are written in a .NET language and are run directly inside MS SQL Server. If an hijacked account has appropriate permissions, it can be used to run a native payload (inject native code into a new thread) or to tunnel a TCP connection or a shell via the SQL port (needed if the database server is properly firewalled). They can also be combined to tunnel a reverse_tcp payload. Additional permissions, like xp_cmdshell, are not required. This file is a proof of concept that demonstrates this ability.
b402c616b5be94e40d281a86dd3349dc0c78b5d4578e9d551c39743f9a054e27Zero Day Initiative Advisory 10-194 - This vulnerability allows remote attackers to execute arbitrary SQL queries on vulnerable installations of Tivoli Provisioning Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TCP to ODBC gateway component which listens by default on TCP port 2020. Authentication is not required to issue SQL queries to the service. A remote attacker can abuse this to read, modify, or create records within the database.
6fb7bea61db2d7333c362a0069c826d0daa4bfb395f3d77cd854604bb685cadeSecunia Security Advisory - Fedora has issued an update for seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, or to compromise a user's system.
cf05363d9459119f89c991605d3a6bf635d5a6f671aa0565f68f9ba4b7a2411dFTP Voyager version 15.2.0.11 suffers from a directory traversal vulnerability.
320c25486ed694a877385ca2c0bece00b84725fcb8d4e8f61fcd2c849331b66dFilterFTP version 2.0.3 suffers from a directory traversal vulnerability.
87d5b76f45a6095e8a5bf2d22db88ca5504ecaeba23dfdb825a068152dd05464Expression suffers from multiple cross site scripting vulnerabilities.
e985402f569ffe5bd2deee6e2deeb8b59ee2daaa79e929e0f06a6183124dcfaaExpression suffers from a cross site scripting vulnerability.
e985402f569ffe5bd2deee6e2deeb8b59ee2daaa79e929e0f06a6183124dcfaaDebian Linux Security Advisory 2118-1 - Kamesh Jayachandran and C. Michael Pilat discovered that the mod_dav_svn module of subversion, a version control system, is not properly enforcing access rules which are scope-limited to named repositories. If the SVNPathAuthz option is set to "short_circuit" set this may enable an unprivileged attacker to bypass intended access restrictions and disclose or modify repository content.
becf445f09e09cb6217b01a48324f62f562360bee3c71eb67d6592ff061444c6Joomla 1.5.20 suffers from a cross site scripting vulnerability.
7c8c41e8e3b3daeb1e0a380f42d7c3fb123159bd9579ebfe4ab10cc21669b0a7Lantern CMS suffers from multiple cross site scripting vulnerabilities.
adb0ec8b069851f5237fb95ab056df0ed20523eaf35ad67dbf4a968b7bb91404Flex Timesheet suffers from a remote SQL injection vulnerability that allows for authentication bypass.
10644486942f6e92c8481f43aaf25d6c08f87415e83df623643949c57221c2a0PHP Hosting Directory version 2.0 suffers from an insecure cookie vulnerability that allows for administrative bypass.
8b150cf2936f99115684a3763f8f6bc8f9d49535e8f94782cfb587b14f4f239bIsoBuster version 2.7 build 2.7.0.0 DLL hijacking exploit.
da56d1ff331f902b85b3c055a077b78eecd81e3a177c563bb92d86be91ee6adbMicrosoft Visio 2007 DLL hijacking exploit.
cbc7240c14893d5a2d3cb69d4a033634c7551160da10f156f2cfbca5741583d4UltraVNC Viewer - Connection 105 DLL hijacking exploit.
8edc2cc3fc734c45aefd2d5d3c1d2b800170f62d12625b7b66f43b68a61d88a7Adobe Dreamweaver CS4 version 10.0 build 4117 DLL hijacking exploit.
51c35e523de2430e9bbbcbc6e11bc3a669f29d472e215ec021c92745196a32acNetStumbler version 0.4.0 DLL hijacking exploit.
4e96b5f3b2e82f9a4f64f2da1e554804db24ec2d82d33dfc96508feb057aa576Microsoft Windows Live Mail 2009 DLL hijacking exploit.
3a4d76dc3587f90acd688b938e668e805b8c54547837944539904e6134dcbc35The Joomla Community Builder Enhanced (CBE) component suffers from a local file inclusion vulnerability.
7469505a83863ff10a04ae163c3862d44d806fee380e0b0fbfa9e2a1ee6149f3xWeblog version 2.2 remote SQL injection exploit that leverages arsiv.asp.
2beb8637b0aa0f7f69b2ae512185d2c8383071f4524d3e6accbb57361fc1a1d1xWeblog version 2.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a5ed97f24a65335ec6dd349c5b4573929fd9d971c9ece9a9e7758901368fc406xWeblog version 2.2 suffers from an insecure cookie handling vulnerability.
0edb6c5031d4434a62eeffe6ebafd5a92c5fcbf7222aa354e90bafe19567dbda
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed