Xitami Web Server version 2.5b4 remote buffer overflow exploit with egghunter shellcode.
73db261ddf9325903ce5ef0bdf12b3e24b054fe1f3131430c8e164a3ee276687Radiant Infotech Nepal version 2.x.x suffers from authentication bypass, cross site scripting, remote SQL injection, and local file inclusion vulnerabilities.
29203aa861f50cad3c37b90953891db2321344659ae53f0552deb39e94657a93Mandriva Linux Security Advisory 2011-106 - The mod_dav_svn Apache HTTPD server module will dereference a NULL pointer if asked to deliver baselined WebDAV resources which can lead to a denial of service. The mod_dav_svn Apache HTTPD server module may in certain scenarios enter a logic loop which does not exit and which allocates emory in each iteration, ultimately exhausting all the available emory on the server which can lead to a denial of service. The mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users.
db5fe256ef577b1b631f68ced08339d66969930e81aff27ca5f3917b3f80347aiMatix Xitami versions 5.0a0 and below suffer from a NULL pointer vulnerability.
ed4eb779232d0541e6a573825d43e2d1a268a434b65a1704fa33716fe9783002Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.
4a3c94efc7660656109478c65e743f5ae24476b819bea142f1eb86d1b67dc0e9Debian Linux Security Advisory 2253-1 - Ulrik Persson reported a stack-based buffer overflow flaw in FontForge, a font editor. When processed a crafted Bitmap Distribution Format (BDF) FontForge could crash or execute arbitrary code with the privileges of the user running FontForge.
a78a7887ca3ae781ff5d52f652ab27f07aefeae94529ddb7e87bcaf7fe2420d1VSR identified multiple vulnerabilities in VMware Tools, a suite of utilities shipped by VMware with multiple product offerings, as well as by open-source distributions as the open-vm-tools package. The first of these issues results in a minor information disclosure vulnerability, while the second two issues may result in privilege escalation in a VMware guest with VMware Tools installed.
1af05a5d5b02a34bd95ed4566b81d89008382e496b13d51cebc3c4a6458acab9Zero Day Initiative Advisory 11-171 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase OneBridge Mobile Data Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iMailGatewayService server process (ECTrace.dll) which listens for encrypted requests by default on TCP port 993 (IMAP) and port 587 (SMTP). The process fails to properly sanitize malformed user string inputs before passing to the authentication logging function. By providing a specially crafted string with format specifiers this can be leveraged to trigger a format string vulnerability which can lead to arbitrary code execution in the context of the server process.
a410ba0444ff1d0c5ccea3857849e0c17ef6827ca9dd2863653955ceeb92998fThis Metasploit module exploits a vulnerability in the TinyMCE/tinybrowser plugin. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.
994760c641a41fc78995bb5801db1891f8f0693000ac3809936de86c907824f8iDefense Security Advisory 06.01.11 - Remote exploitation of a design error within Cisco Systems Inc's AnyConnect VPN client allows attackers to execute arbitrary code with the privileges of a user running Internet Explorer. Cisco AnyConnect VPN client versions prior to 2.3.185 for Windows, 2.5.3041 and 3.0.629 for Linux and Apple Mac OS X are vulnerable.
96607ad5bdb47410c34ae00de556f9b206fa53b2e1d72debfc2be9cac1c836fdvBulletin version 3.x.x with the vBExperience add-on suffers from a cross site scripting vulnerability.
e924dae1d3bbb435c119d685e197c46a03bae17d96c4120bcd85abab9559991f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed