Whitepaper called Evading Antimalware Engines via Assembly Ghostwriting.
c69ca241db8929c1badf0a2febd49a571ceddd5755b5f32dd8ef44146ffadb5cThe Joomla Sgicatalog component version 1.x suffers from a remote SQL injection vulnerability.
7e6fab15f2a268c1137938fb9309a5f170d0acc7762964dcde58038e767631daThis Metasploit module exploits a stack-based buffer overflow vulnerability in the latest version 3.5 of TugZip archiving utility. In order to trigger the vulnerability, an attacker must convince someone to load a specially crafted zip file with TugZip by double click or file open. By doing so, an attacker can execute arbitrary code as the victim user.
dfd1d434ab7742db844f4361a73baede359a856715df5794ad3d96c86362e269The WordPress WP-SpamFree plugin version 3.2.1 suffers from a remote SQL injection vulnerability.
872940395fb43562df8533fff00f33859bbff0de3b2f6bf1464c7f15e9cecc42Red Hat Security Advisory 2011-1364-01 - The kdelibs packages provide libraries for the K Desktop Environment. An input sanitization flaw was found in the KSSL API. An attacker could supply a specially-crafted SSL certificate to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid.
42d57e16e44097171470596df1e3290bdb422e02da5b6b0fb5d50caa9a857888Whitepaper called Bypassing Windows 7 Kernel ASLR. In this paper, the author explains every step to code an exploit with a useful kernel ASLR bypass. Successful exploitation is performed on Windows 7 SP0 / SP1.
5c3994059d8384faf17163e5cb49cd471cedb061f14e2c2b7ef3cdb5ce5724aaCudoma suffers from a remote SQL injection vulnerability.
e43b96a3f7c6d5efacbe109185cff4c7644460261e78c88c815c2a5b219d0b14Ubuntu Security Notice 1227-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Various other issues were also addressed.
87d2aaa8ca6ba6b00c9ca09b32765eba40fef19b74fb5429c7386a7141501ba4Joomla JCE component version 2.0.10 shell uploading exploits written in PHP and Perl.
d1b4ac29ebde769a56c277231425f66928d9b1ae143eb1a76b6b2460dab7671aZOHO ManageEngine ADSelfService Plus version 4.5 Build 4521 suffers from an authentication bypass vulnerability.
f77c06fcc32f7f659b5cbeae7e9a84e98c2c34c9153d7d9897701d57dfb559d4Filmis version 0.2 Beta suffers from cross site scripting and remote SQL injection vulnerabilities.
635cc0c5fedf63470616e91144d46f5e705d459606e1f8eeb7bcad7f9a9506ebFilmis version 0.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
8b210a5c19e2f2ecfeb38873657519516d2e8337db4f6e5866e719b7d761b20aHP Security Bulletin HPSBMU02710 SSRT100601 - A potential security vulnerability has been identified with HP Onboard Administrator (OA). The vulnerability could be exploited remotely to gain unauthorized access. Revision 1 of this advisory.
8224be93c871c8c41eb80eb778a040f90039abdc72505dc40639b6913e85eaa7SilverStripe version 2.4.5 suffers from multiple cross site scripting vulnerabilities.
f4b756b891416720dcce945f3a627a076dbfa53794a000265f292275c636a60dContao version 2.10 suffers from multiple cross site scripting vulnerabilities.
eba693da943cfa776b5b0ec54e3b955c461838891e36136ceb646cd40b62344dABUS TVIP 11550/21550 suffers from arbitrary file read, file upload, and command execution vulnerabilities.
2f51d4760c8bd61052e7053ffd77dd4337c961386e2656f7ff4271440419c1b2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed