This Metasploit module exploits a vulnerability in the U3D handling within versions 9.x through 9.4.6 and 10 through to 10.1.1 of Adobe Reader. The vulnerability is due to the use of uninitialized memory. Arbitrary code execution is achieved by embedding specially crafted U3D data into a PDF document. A heap spray via JavaScript is used in order to ensure that the memory used by the invalid pointer issue is controlled.
958220f3112687e60ccfaeeb8830223cf29aa4ac4c24d29d128ae6cc845d5953Debian Linux Security Advisory 2380-1 - It was discovered that the foomatic-filters, a support package for setting up printers, allowed authenticated users to submit crafted print jobs which would execute shell commands on the print servers.
8d1c6967c42a4413bb90cb928fabf374654f58608e3beba8949f92912c5d5f31Debian Linux Security Advisory 2379-1 - It was discovered that the Key Distribution Center (KDC) in Kerberos 5 crashes when processing certain crafted requests.
86c78e53f20e5c9ad7fa89a4bc63ad1c87ac40109a63176b3411ffd508bd3e60Limny version 3.0.1 suffers from a cross site scripting issue in '/admin/login.php' that uses the 'PHP_SELF' variable. The vulnerability is present because there isn't any filtering to the mentioned variable in the affected script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
7b6a8335a1f8d7c5654df937e151cca19fb86f683c13b9fd435dbffc83896e41S.S.T (Save Typed Text) javascript proof of concept keylogging code.
3d93476f79d386daaf0081e819a0e2b9b68992bbd8af9ed271d5b909759e9021UBB Forum version 7.5.6 suffers from a cross site scripting vulnerability.
5d1c727c5e1d04f0f5f41c307184a14fec7277c27eed460262a65d9f9b2e6fe1PHP 4 hash collision proof of concept code that computes hash values for form parameters.
3d3bf041251739817bd2e288dbcb0d9939d030c50313a9b6ccde7df5b0e91a31Orchard versions 1.3.9 and below suffer from an open redirection vulnerability.
192e9b87eb0aeffabf617ac74724970dbdb7ea6620e725c034bfb05ac253e38eTypo3 versions 4.5 through 4.7 suffer from remote code execution vulnerabilities by leveraging local and remote file inclusion.
0bb7898ef5dbe4ce9650e23ee5837592fe177acddbfad98219e5f136d5c68825immediaC CMS suffers from a remote SQL injection vulnerability.
de38ddf4875c087d196de7705615810d764c73d01b4fe21e2186fe1194209d06Biz Technologies suffers from a remote SQL injection vulnerability.
49e25ce37e98e84cc037b36ed6912207786b701d154059f8faa9412bdff48831Ischianelweb suffers from a remote SQL injection vulnerability.
83a08816f523dc6e93174b9603c155aa12d3e1cade79fa3a8fbdb7806f93c9d6ImpressCMS version 1.3 Final suffers from cross site scripting and local file inclusion vulnerabilities.
26e84bfacb999830ae889786b3bb6072cb73e0fd403c3a62ec44f96785279992Logement Laval suffers from a remote SQL injection vulnerability.
45780e0ce039a1b53b28eac03f49e5414e048b9551c9aafebbfb1e09226f684fMediashaker suffers from a remote blind SQL injection vulnerability.
a968bb9e134047e84af855bc1527a5f589e012773e84989f47d97d4b3e6da4faEasyWebRealEstate suffers from a remote blind SQL injection vulnerability.
a88bbf00974a79031c65796ed4b2d823e9ca8d145399383d88b9d36e978787b9Otterware Statit4 suffers from a cross site scripting vulnerability.
11a79004188086d90cb187d7bfe126905fcc41f2582bdb519a2e097f5709cef5Posse Sports suffers from a remote SQL injection vulnerability.
1fa4eb3b09ffbe04f961aea9b3b369e86519c14382dadef1fb75cb3ecab84494SyriaNobles suffers from a remote SQL injection vulnerability.
e901e4ae859d4a83b3adb388fabcfa98af2d0bc4730e305cf58306680bafbf7bVLC Media Player version 1.1.11 local crash proof of concept exploit that creates a malicious .amr file.
3654b16d4f40690e87c6db730f6a6a8e8d68a8e12ea1c3ac542e32750b0de54aNetcut version 2.0 suffers from a denial of service vulnerability.
d61c68f9cc4b4fa0d53cf3ce20ab57fd0d8f0db731c6008b6eeac55e089cd632Textpattern CMS version 4.4.1 before change set 3612 suffers from a cross site scripting vulnerability.
caf423b9229fdd97872243c81b9025070f2924eb3658589f6e7bc52ca6f8921cUbuntu Security Notice 1317-1 - It was discovered that Ghostscript did not correctly handle memory allocation when parsing certain malformed JPEG-2000 images. If a user or automated system were tricked into opening a specially crafted image, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. It was discovered that Ghostscript did not correctly handle certain formatting operations when parsing JPEG-2000 images. If a user or automated system were tricked into opening a specially crafted image, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. Various other issues were also addressed.
1fcf7293472e791a0923b72c104ac27add330ec563ccfa26ed3174c631ebbd57Proof of concept WiFi cracking code for Guestek / Oneview systems as found in Extended Stay of America hotels.
2403e22ec2786784417aed238e2d1245788498cd2b5c9c1e8be22ee0466b44ebSecunia Security Advisory - A vulnerability has been reported in GraphicsClone Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
f043334f6681398c14d5e5dc2f3250adf42385b10db17543c57c70f78b46fee8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed