IBM Lotus Domino versions 8.5.3 and 8.5.2 FP3 suffer from an authentication bypass vulnerability.
a2ec180c7015b665a8c09c5c87f819d86fe11a21748572b331a213d5403e5704PHP Inventory version 1.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
8ebe11c2190eb6eb4bb69b19db6d857a31629633ee830ea142db005190e42979The WordPress flash-album-gallery plugin suffers from a cross site scripting vulnerability.
c688bb0b8f202c7a6bc310458f0bf58c3de2ea24bb5ddaaaa3c66c574d93f542The WordPress 1-jquery-photo-gallery-slideshow-flash plugin suffers from a cross site scripting vulnerability.
2558a4d7ede8efa08cbd2de4b5277d0eb7759f89ded4b6086846dece6ddfac02oclHashcat+ Advanced GPU hash cracking utility that includes the World's fastest md5crypt and phpass crackers and has the first GPGPU-based rule engine. Focuses on highly iterated modern hashes, single dictionary-based attacks, and more. Linux and Windows binaries are included.
16202639d6c25483fc007261064759176b375ea82302ddc9fe653bef7541bc6eoclHashcat-lite Advanced GPU hash cracking utility that includes the World's fastest MD4, MD5, SHA1, and SHA256 cracker. It supports up to 16 GPUs and include binaries for both Linux and Windows.
cf261e6057a91ef30d95d1869f6022f1ac3b75883a004f83c9d23dd5c09dc635oclHashcat GPU hash cracking utility that has multi-GPU and multi-hash support. It supports dictionary-based and mask-attacks for hybrid cracking. Linux and Windows binaries are included.
fe094ffb3e721e9720c71df2777da4863813a3f3130e1e68a5c21baade226cc9Serv-U FTP server suffers from a remote jail breaking vulnerability.
69f0832074081c550ccae5d7f3afc1b4046cc0632090e235f13b3fc2d70e5155Remote root exploit for FreeBSD ftpd and ProFTPd on FreeBSD. It leverages the fact that /etc and /lib can be modified inside of the chroot.
f59b24d7a9bf8446fb65b25ad7046e1b91fd2198e39bf16f0a7f6d2431d9e848Whitepaper called Systematic Detection of Capability Leaks in Stock Android Smartphones. It discusses a weakness in the Android operating system that allows attackers to secretly record phone conversations.
5a42058e6ef874923ffe286bf518d8fd4920e14deee4daf20d620cad043d476bVoxsmart VoxRecord Control Centre version 2.7 suffers from a remote blind SQL injection vulnerability.
b233d577e2af4bd51137e11dd2e49abfffaaecec046f5ee3bb29090373476e66This Metasploit module exploits a vulnerability in the Rhino Script Engine that can be used by a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects version 7 and version 6 update 27 and earlier, and should work on any browser that supports Java (for example: IE, Firefox, Google Chrome, etc).
d91e779ec520d6b5000796fbb5510410cdd34ecb929017aa6bdbbf0c838eed04This Metasploit module exploits an unauthenticated remote root vulnerability within CTEK SkyRouter versions 4200 and 4300.
5e44a6afb2c0c358e26b3780e96612702111f90fcd3b8cfd6335fb6f309d516dWikkaWiki versions 1.3.2 and below suffers from remote SQL injection, unrestricted file upload, arbitrary file download, arbitrary file deletion, remote code execution and cross site request forgery vulnerabilities.
f5f16ff3f59901b3991fb94563c0b39bd9eee2fd825e6f8c81aec203ea470e7aGOM Player version 2.1.33.5071 unicode stack buffer overflow exploit that creates a malicious .asx file.
971fa225476af793630fed50acafc906d65f2a06c6b21985a2ea4f591586bbfeBugbear FlatOut 2005 buffer overflow exploit that creates a malicious .bed file.
bc3c99f35356951f3633ebafa0c89c0c906268e205967ca4a6f14d98b4168b1eMS11-080 privilege escalation exploit that leverages the fact that afd.sys does not properly validate user-mode input passed to kernel-mode.
050ef4e20cffa5096df95d3a92d67ec15bef3ea3848cd5b8824bbec9e2cb4338The AvidPhoneticIndexer.exe network daemon that ships with Avid Media Composer version 5.5 suffers from a remote stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory and a Metasploit module.
a6100e77da08ab7504d889909384925c152f4a923056b91aef442070ec7d5eebSecunia Security Advisory - SUSE has issued an update for puppet. This fixes multiple security issues and two vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious users to conduct spoofing attacks and compromise a vulnerable system.
e4fd3f9e0b08269df1cdd016e4923f4e0848ea7e16465785110bb8747075aee5Secunia Security Advisory - Dr. Marian Ventuneac has reported a vulnerability in CodeIgniter, which can be exploited by malicious people to conduct cross-site scripting attacks.
5a8ef81e21cde7b8456454f3c3d04d161c2f93d0a4760cbe036489321355de13StoryBoard Quick version 6 suffers from a file format stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory, a proof of concept and a Metasploit module.
a58071791bae0e9b02ab74ae8bc27fb0a782edd806f7f95a6330d6c8d53fb41cMuster Render Farm Management System version 6.1.6 suffer from an arbitrary file download issue due to a directory traversal vulnerability. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. The advisory in this archive includes exploitation details.
4c7c5caf872d4ace08b11d687019c73a366d5da96d3cb3fa5d8590c61b7d691aSecunia Security Advisory - Oracle has acknowledged a vulnerability in Gimp included in Solaris, which can be exploited by malicious people to potentially compromise a user's system.
5e7d04abadc65923a16f7aaece2d0663de54e4b8be1e314a9df4b8fdf81c4308Secunia Security Advisory - Luigi Auriemma has discovered two vulnerabilities in Siemens SIMATIC WinCC Flexible, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).
ef0bd80742863d9390beef99101a5572bc1fc990288fb26bc0ed7904418615b0Secunia Security Advisory - Ubuntu has issued an update for linux. This fixes a weakness and two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges.
24a22655ce6e480ba4e5f4b1078f4a1b7638debece589f2ce18d11d9e451d1ca
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed