Gustavo Antunez suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
45dfa21d4ac27c3193e728f09f57cf8b6e0c05492520c836b22a6db5684f2392Secunia Security Advisory - Ubuntu has issued an update for openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
3c44ee83dddcbfb80fc5517d3eee6f33d15700af2d180cf7e50b658ee8fd166fSecunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Paid Memberships Pro plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
c8b65d266f849f90b0cbe4024ec817f695b2914b4aeb3a510284629b0fd6245aSecunia Security Advisory - Some vulnerabilities have been reported in HP AssetManager, which can be exploited by malicious users to conduct script insertion attacks.
06c1275f12b89f1e6b2af209d69535023a91316c3ed61b06a47688380bf81402Secunia Security Advisory - Ubuntu has issued an update for puppet. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain sensitive information, by malicious users to disclose and manipulate certain data, and by malicious people to bypass certain security restrictions.
adfbb5c9bc31c77b0aeb8ac72e0c728cad0708ff38fe66fdf4620e094c306c27Secunia Security Advisory - A vulnerability has been reported in multiple Hitachi JP1 products, which can be exploited by malicious, local users to gain escalated privileges.
837e89ba979f876b91180a76dd45f30c4128d3dc3e85e6305c0dd927c873b952Secunia Security Advisory - Debian has issued an update for extplorer. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site request forgery attacks.
b7c549f56ab20c75c4d89bcf90a3a29ce6c8da1e42a9898d04ada3363f19be2eSecunia Security Advisory - VMware has acknowledged multiple vulnerabilities in VMware ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
93e428c53413983bf35aca0c5787aaca597fd468e44ede6570097574a3e2ecc9Zero Day Initiative Advisory 12-120 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 85 (0x55) and subcode 22 (0x16), the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. This vulnerability can be leveraged to execute code under the context of the SYSTEM user.
965c5ab755d2b7879ae5ac4267e6bd5cba51d7a1684cbedcabca3e0569dc73b1MultiObfuscator is a professional cryptography tool that offers double encryption, csprng based scrambling, csprng based whitening, and more. Documentation provided.
f7fb28d42040f25c6a5ec261633f0c897d3b6c465fb6c7f5b13676b342117f5cZero Day Initiative Advisory 12-119 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 65 (0x41) and subcode 00, the vulnerable function uses a uninitialized stack variable in calculating a memory pointer. Also, the function uses signed extension and signed comparison when checking the uninitialized stack variable, which allows arbitrary negative values to bypass the check. This could result in corruption of a controlled memory location, which can be leveraged to execute code under the context of the SYSTEM user.
2fca778924705af40b57af80b858febce97f9007f8a7d7eeb17a8180102c1040Zero Day Initiative Advisory 12-118 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 03 and subcode 04, the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. This vulnerability can be leveraged to execute code under the context of the SYSTEM user.
1dbe651ec7e0ee6c405bc46ecc0d35313f72a8a88af287572719bff63db9c760Zero Day Initiative Advisory 12-117 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 50 (0x32) and subcode 02, the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. This vulnerability can be leveraged to execute code under the context of the SYSTEM user.
96194fc2f686d02a95bb2d46aeeccdfbc00294c4f7634b88db32f3d38f87892dOpenPuff is a professional military-strength steganography tool that supports 16 algorithms, has a strong random number generator, supports many carrier formats, and more.
2f80a5742d36ad596c1b2de51eae10ec6f370c8b5a34e6ef6640dbc5ee087a8361 bytes small Unix/x86 reverse shell TCP port 30 shellcode.
a9c4dce2bac819a7c3727dbb9373b2ad7d3a42ec3a4b4326b3d68c91e79d8c9dXoops module extgallery version 1.0.8 suffers from shell upload and file download vulnerabilities.
efd88a83367f65c5f985484f2a284435e4bff9c2448221292782b342964edd58This Metasploit module exploits an arbitrary PHP File Upload and Code Execution flaw in some WordPress blog software plugins. The vulnerability allows for arbitrary file upload and remote code execution POST Data to Vulnerable Script/File in the plugin.
b0f467c2f9513aea9fd89d25f94d00be23be09c42cfc54f3bbc14d023bf918cfThis Metasploit module exploits a command injection vulnerability found in Hastymail 2.1.1 RC1 due to the insecure usage of the call_user_func_array() function on the "lib/ajax_functions.php" script. Authentication is required on Hastymail in order to exploit the vulnerability. The module has been successfully tested on Hastymail 2.1.1 RC1 over Ubuntu 10.04.
fbe0eb9dcf16cdfa75230cc4026bda4f995b4a74618b8b0e9dd91eba2de87e03Chyrp version 2.1.2 suffers from shell upload and blind SQL injection vulnerabilities.
e287513c0cbb0dcc32a8b6b9e7fb601aed6506581291ac9d0276249d744f6812Zero Day Initiative Advisory 12-116 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 50 (0x32) and subcode 04, the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap. This user supplied value is also used to determine how many times a loop will parse the data into the buffer. Combined, the vulnerable code will allow for the heap to be corrupted. This vulnerability can be leveraged to execute code under the context of the SYSTEM user.
458727a417921660c14dfe6156176e05c73d8a83bea38f4f7593e567c80373f2Zero Day Initiative Advisory 12-115 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Performance Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coda.exe process which listens on a random TCP port by default. The process trusts a value within a GET request as a size. It then proceeds to copy that many bytes of user-supplied data into a fixed-length buffer on the stack. Remote unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
c9606355a08972518402ac1fafd98121062c0703e35f6006ae3b6d731e987779Zero Day Initiative Advisory 12-114 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Performance Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coda.exe process which listens on a random TCP port by default. The process trusts a value within a GET request as a size. It then proceeds to copy that many bytes of user-supplied data into a fixed-length buffer on the stack. Remote unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
21f28ee6541bbbadf7aa3cc36ae5e8fc0a20145e2684d1d7704e00827d524a58RSA Authentication Manager version 7.1 suffers from cross site scripting and open redirection vulnerabilities.
7b098ce8c358c50145c58f82d8298ac118b949396b3359fd82e5b28d210a7e2fDebian Linux Security Advisory 2510-1 - John Leitch has discovered a vulnerability in eXtplorer, a very feature rich web server file manager, which can be exploited by malicious people to conduct cross-site request forgery attacks.
7a307ddf24090eefa041b944a0af6e44012d5cbdc1073972a4d8197542e67756Ubuntu Security Notice 1505-1 - It was discovered that multiple flaws existed in the CORBA (Common Object Request Broker Architecture) implementation in OpenJDK. An attacker could create a Java application or applet that used these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that multiple flaws existed in the OpenJDK font manager's layout lookup implementation. A attacker could specially craft a font file that could cause a denial of service through crashing the JVM (Java Virtual Machine) or possibly execute arbitrary code. Various other issues were also addressed.
d9174e9a4ed57d8cbb518a50151cad98d40855786e4a1d98cef9256e2cf24668
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed