Gustavo Antunez suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
45dfa21d4ac27c3193e728f09f57cf8b6e0c05492520c836b22a6db5684f2392
Secunia Security Advisory - Ubuntu has issued an update for openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
3c44ee83dddcbfb80fc5517d3eee6f33d15700af2d180cf7e50b658ee8fd166f
Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Paid Memberships Pro plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
c8b65d266f849f90b0cbe4024ec817f695b2914b4aeb3a510284629b0fd6245a
Secunia Security Advisory - Some vulnerabilities have been reported in HP AssetManager, which can be exploited by malicious users to conduct script insertion attacks.
06c1275f12b89f1e6b2af209d69535023a91316c3ed61b06a47688380bf81402
Secunia Security Advisory - Ubuntu has issued an update for puppet. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain sensitive information, by malicious users to disclose and manipulate certain data, and by malicious people to bypass certain security restrictions.
adfbb5c9bc31c77b0aeb8ac72e0c728cad0708ff38fe66fdf4620e094c306c27
Secunia Security Advisory - A vulnerability has been reported in multiple Hitachi JP1 products, which can be exploited by malicious, local users to gain escalated privileges.
837e89ba979f876b91180a76dd45f30c4128d3dc3e85e6305c0dd927c873b952
Secunia Security Advisory - Debian has issued an update for extplorer. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site request forgery attacks.
b7c549f56ab20c75c4d89bcf90a3a29ce6c8da1e42a9898d04ada3363f19be2e
Secunia Security Advisory - VMware has acknowledged multiple vulnerabilities in VMware ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
93e428c53413983bf35aca0c5787aaca597fd468e44ede6570097574a3e2ecc9
Zero Day Initiative Advisory 12-120 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 85 (0x55) and subcode 22 (0x16), the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. This vulnerability can be leveraged to execute code under the context of the SYSTEM user.
965c5ab755d2b7879ae5ac4267e6bd5cba51d7a1684cbedcabca3e0569dc73b1
MultiObfuscator is a professional cryptography tool that offers double encryption, csprng based scrambling, csprng based whitening, and more. Documentation provided.
f7fb28d42040f25c6a5ec261633f0c897d3b6c465fb6c7f5b13676b342117f5c
Zero Day Initiative Advisory 12-119 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 65 (0x41) and subcode 00, the vulnerable function uses a uninitialized stack variable in calculating a memory pointer. Also, the function uses signed extension and signed comparison when checking the uninitialized stack variable, which allows arbitrary negative values to bypass the check. This could result in corruption of a controlled memory location, which can be leveraged to execute code under the context of the SYSTEM user.
2fca778924705af40b57af80b858febce97f9007f8a7d7eeb17a8180102c1040
Zero Day Initiative Advisory 12-118 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 03 and subcode 04, the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. This vulnerability can be leveraged to execute code under the context of the SYSTEM user.
1dbe651ec7e0ee6c405bc46ecc0d35313f72a8a88af287572719bff63db9c760
Zero Day Initiative Advisory 12-117 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 50 (0x32) and subcode 02, the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. This vulnerability can be leveraged to execute code under the context of the SYSTEM user.
96194fc2f686d02a95bb2d46aeeccdfbc00294c4f7634b88db32f3d38f87892d
OpenPuff is a professional military-strength steganography tool that supports 16 algorithms, has a strong random number generator, supports many carrier formats, and more.
2f80a5742d36ad596c1b2de51eae10ec6f370c8b5a34e6ef6640dbc5ee087a83
61 bytes small Unix/x86 reverse shell TCP port 30 shellcode.
a9c4dce2bac819a7c3727dbb9373b2ad7d3a42ec3a4b4326b3d68c91e79d8c9d
Xoops module extgallery version 1.0.8 suffers from shell upload and file download vulnerabilities.
efd88a83367f65c5f985484f2a284435e4bff9c2448221292782b342964edd58
This Metasploit module exploits an arbitrary PHP File Upload and Code Execution flaw in some WordPress blog software plugins. The vulnerability allows for arbitrary file upload and remote code execution POST Data to Vulnerable Script/File in the plugin.
b0f467c2f9513aea9fd89d25f94d00be23be09c42cfc54f3bbc14d023bf918cf
This Metasploit module exploits a command injection vulnerability found in Hastymail 2.1.1 RC1 due to the insecure usage of the call_user_func_array() function on the "lib/ajax_functions.php" script. Authentication is required on Hastymail in order to exploit the vulnerability. The module has been successfully tested on Hastymail 2.1.1 RC1 over Ubuntu 10.04.
fbe0eb9dcf16cdfa75230cc4026bda4f995b4a74618b8b0e9dd91eba2de87e03
Chyrp version 2.1.2 suffers from shell upload and blind SQL injection vulnerabilities.
e287513c0cbb0dcc32a8b6b9e7fb601aed6506581291ac9d0276249d744f6812
Zero Day Initiative Advisory 12-116 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 50 (0x32) and subcode 04, the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap. This user supplied value is also used to determine how many times a loop will parse the data into the buffer. Combined, the vulnerable code will allow for the heap to be corrupted. This vulnerability can be leveraged to execute code under the context of the SYSTEM user.
458727a417921660c14dfe6156176e05c73d8a83bea38f4f7593e567c80373f2
Zero Day Initiative Advisory 12-115 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Performance Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coda.exe process which listens on a random TCP port by default. The process trusts a value within a GET request as a size. It then proceeds to copy that many bytes of user-supplied data into a fixed-length buffer on the stack. Remote unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
c9606355a08972518402ac1fafd98121062c0703e35f6006ae3b6d731e987779
Zero Day Initiative Advisory 12-114 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Performance Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coda.exe process which listens on a random TCP port by default. The process trusts a value within a GET request as a size. It then proceeds to copy that many bytes of user-supplied data into a fixed-length buffer on the stack. Remote unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
21f28ee6541bbbadf7aa3cc36ae5e8fc0a20145e2684d1d7704e00827d524a58
RSA Authentication Manager version 7.1 suffers from cross site scripting and open redirection vulnerabilities.
7b098ce8c358c50145c58f82d8298ac118b949396b3359fd82e5b28d210a7e2f
Debian Linux Security Advisory 2510-1 - John Leitch has discovered a vulnerability in eXtplorer, a very feature rich web server file manager, which can be exploited by malicious people to conduct cross-site request forgery attacks.
7a307ddf24090eefa041b944a0af6e44012d5cbdc1073972a4d8197542e67756
Ubuntu Security Notice 1505-1 - It was discovered that multiple flaws existed in the CORBA (Common Object Request Broker Architecture) implementation in OpenJDK. An attacker could create a Java application or applet that used these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that multiple flaws existed in the OpenJDK font manager's layout lookup implementation. A attacker could specially craft a font file that could cause a denial of service through crashing the JVM (Java Virtual Machine) or possibly execute arbitrary code. Various other issues were also addressed.
d9174e9a4ed57d8cbb518a50151cad98d40855786e4a1d98cef9256e2cf24668