CruxCMS version 3.0.0 suffers from cross site scripting, local file inclusion, authentication bypass, shell upload, and remote SQL injection vulnerabilities.
5375e0a5494a05b2ea69af210a5d3d1856065f95387bd5c4db520a4274857a70Pligg version 1.1.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
a4b977de49aa1f010340248f34dafceb8357165d75c9d7d5b3a405ab75de0860Asan Portal suffers from a remote SQL injection vulnerability.
466d652bd90858c69426408bbe2e8972b048bc168cb7c25484b1faad4b1f0204LiveZilla versions prior to 3.2.0.2 suffer from a cross site scripting vulnerability.
f6edeefe91536b6d753f952535513ed99b5fedfaf49618dcb53bf3a41941f022Zero Day Initiative Advisory 10-300 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the nipplib.dll component used by the the Mozilla and Internet Explorer browser plugins for iPrint client. When parsing an HTTP response the Connection response length is in sufficiently validated before being copied into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
b5172e44a55440caca829a0e3c9c9bff6d4ce99f97233fc051e0705a09738a92Remote attackers can gain sensitive information about a DD-WRT router and internal clients, including IP addresses, MAC addresses and host names. This information can be used for further network attacks as well as very accurate geolocation. This is exploitable even if remote administration is disabled. Version 24-preSP2 is affected.
7102053c920ae264843dc40d0a21522a645ecbba49d6f4df097245cfdadc92f8Zero Day Initiative Advisory 10-299 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the nipplib.dll component which is used by both the Mozilla and IE browser plugins for iPrint Client. When handling an IPP response from a user provided printer-url the process does not properly validate the size of the destination buffer and copies user supplied data of an arbitrary length into a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
a2dc5261e2ebca49ad9b9e56b4a8249c7cad6f31d98330db68fcf278f1a1b1dbZero Day Initiative Advisory 10-298 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the npnipp.dll Mozilla browser plugin for iPrint client. When assembling a URL using the user supplied call-back-url, the value is passed into a urlencode function where it is copied into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
0aedc93a06314c97bfd0b51a3074c516453bf76cee04807f000703bc99639072HP Security Bulletin HPSBST02619 SSRT100281 2 - A potential security vulnerability has been identified with HP StorageWorks Storage Mirroring. This vulnerability could be exploited remotely to execute arbitrary code. Revision 2 of this advisory.
aaa0797dfb14d4c1908eaee02d181801c6ace74cf07fe336cc296364f5d6415cOpenClassifieds version 1.7.0.3 chained exploit that leverages CAPTCHA bypass, remote SQL injection, and persistent cross site scripting on Frontpage.
6821ebbc330e3b9f6d23a296ea9c5198596f11f20095f0d1a2423f3880e93a21Sigma Portal suffers from a denial of service vulnerability.
593b1cbc190866506dfcef5f9d9f43fa59e91023a3ad7d364d5ecf5288b68e9dZero Day Initiative Advisory 10-297 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the nipplib.dll component which is used by both the Mozilla and IE browser plugins for iPrint Client. When handling an HTTP 301 response from a user provided printer-url the process attempts to copy the returned value within the Location HTTP header without ensuring that the destination buffer is adequately sized. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
65ced00f19a79e903c62e1325190e092c6ab2ede41c7a1d3bd23b17a3e2ba098Zero Day Initiative Advisory 10-296 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib.dll component which is used by both the Mozilla and IE browser plugins for iPrint Client. When handling an IPP response from a user provided printer-url the process does not properly validate the size of the destination buffer and copies user supplied data of an arbitrary length into a fixed length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
98e4858550b4ef9237d6ad86f8954eeb693c4594e6e60b203817c71911209636Zero Day Initiative Advisory 10-295 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the both the Netscape (Firefox) and ActiveX (Internet Explorer) plugin components npnipp.dll and ienipp.ocx which are installed by default with the iPrint client. When handling the printer-state-reasons operation provided via the embed tag the module makes a request to the specified printer-url and performs insufficient validation of the size of the printer-state-reasons status response. The process then copies this user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
1a444b90128533e815e8cfb508e60327b810b7bd2bb1a698ab98b745fc9317a3Whitepaper called Writing Simple Buffer Overflow Exploits.
b6a068f95d8506debdbb0b649228a40f2892304ec1e6abf7820a0602965ef614Web@All versions 1.1 and below remote administrative settings changing exploit.
f8d27969b53893e2eb3f8f56f6ca3224588ae76337b77ecd6eecd6f3410fd24aOpenEMR version 3.2.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
9ca836e02286319ce83ae42b646fda3eb4771e29dac9f5fdfbd9b81bc55b9b34Pecio CMS version 2.0.5 add administrator cross site request forgery exploit.
aa4f3f2558703c6dc1c93477d8b7a03b960e61c9beff6517dc9c299ce2589987This Metasploit module exploits an arbitrary command execution vulnerability in the Redmine repository controller. The flaw is triggered when a rev parameter is passed to the command line of the SCM tool without adequate filtering.
b07063132a30d982b8374ebb512a724b5c8499987169c5fc9e3ffb5ff0057e46Secunia Security Advisory - A vulnerability has been discovered in Square CMS, which can be exploited by malicious people to conduct SQL injection attacks.
68cb445da4b71c308aef5fbd3debc7e88291d518ac301fca565c728866d1f359Secunia Security Advisory - A vulnerability has been discovered in CubeCart, which can be exploited by malicious users to compromise a vulnerable system.
34b4874ece03f62524a86107bbd47d5e0607c38f7fd1ebee8c5f47dedcc4e858Secunia Security Advisory - Kerio has acknowledged a vulnerability in Kerio Control and Kerio WinRoute Firewall, which can be exploited by malicious people to poison the HTTP cache.
60806d7e305791681313f8dd74031e4034d7c8736c49a6db72836db88288bdf8Secunia Security Advisory - Two vulnerabilities have been reported in MyBB, which can be exploited by malicious people to conduct cross-site scripting attacks.
88baca055d6995c0a960d9df0e1f349138bb79e3f3cac484ef4048562869d727Secunia Security Advisory - Two vulnerabilities have been reported in Radius Manager, which can be exploited by malicious users to conduct script insertion attacks.
6404950790eeefff293c3157b9aad2b06f835c6b5bc020bb67109b4b0193ba02Secunia Security Advisory - Some weaknesses and vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose system information, cause a DoS (Denial of Service), and potentially gain escalated privileges, and by malicious people to cause a DoS.
b2ddf0a562133e798101041289ed33e02427c39a5ffc366b1b62019cfc5f81be
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed