Express Burn Plus version 4.58 suffers from a vulnerability that is caused due to a boundary error in the processing of a project file, which can be exploited to cause a unicode buffer overflow when a user opens e.g. a specially crafted .EBP file. Successful exploitation could allow execution of arbitrary code on the affected machine.
08e7ff9e01fa59fc164d33e4e3df8f5a40ec708c92dcabf0c5283bfdfa23259aThis is a whitepaper detailing how to perform authentication bypass against Sage 50 Payroll 2012 version 18.00.031 using Immunity Debugger.
bf9e32ff6711bdd25f0473894bee2ccf852a964b8f3280f156abf18fd8f4ec99Wiki Web Help version 0.3.9 suffers from a stored cross site scripting vulnerability.
e68fce127757a39e865dc1d2314d2b2291059f24abc8dca32bd3b811ac595f4eConceptronic Grab’n’Go Network Storage and Sitecom Home Storage Center suffers from an authentication bypass vulnerability due to doing all cookie validation in javascript.
a8ced793b1d6580a69a234553e0bfa276e70ddada5bbd956902b6b3f8cdbd9b9XWiki version 4.2-milestone-2 suffers from multiple stored cross site scripting vulnerabilities.
c25959b05ad0c3c4ffa247f3a057eebafca9fa9ae6be574d7c1032d7c874d265VLinks version 2.0.3 suffers from a remote SQL injection vulnerability.
b23c5588697d4e2b9fed3c47f1cc90d681247e484cbd8dd9bc6554bd7c96e605CommPort version 1.01 suffers from an authentication bypass vulnerability.
f452f7ccb48a60edc5d99a67b983276202b6fae18cf2d19313b49d3c85e0732cSilly Fellow suffers from a persistent cross site scripting vulnerability.
0bf829fa089cb8954d682d2197a17e2c1bf6350d1c309d3ef4c73776304764e2CommPort version 1.01 suffers from a remote SQL injection vulnerability.
6721f54935455b70225444dccf2aed30092482422ee8ee5cc79fd86e61bd132eRed Hat Security Advisory 2012-1208-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation, strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code.
38c44f4e936f0865b778142043b48db215db036dcbf8504a5069e55ff3a39a6fRed Hat Security Advisory 2012-1207-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation, strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code.
b5de128de66826d4c69f820bb04f1b9544c7f8570dc56e96ecddcddd2799a810Red Hat Security Advisory 2012-1206-01 - Python Paste provides middleware for building and running Python web applications. The python-paste-script package includes paster, a tool for working with and running Python Paste applications. It was discovered that paster did not drop supplementary group privileges when started by the root user. Running "paster serve" as root to start a Python web application that will run as a non-root user and group resulted in that application running with root group privileges. This could possibly allow a remote attacker to gain access to files that should not be accessible to the application.
5c66d2db6e0682e8949f723061869cb26e0e9f0ed046838762d25a4250496f11Chamilo version 1.8.8.4 suffers from cross site scripting and file deletion vulnerabilities.
f6702243903936cbaa2e98f608ae5a643d456a1e780d4347484c278c5840d79eSlackware Security Advisory - New dhcp packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
a0be7f8440d79d39d97fd1aeb24830064dff9c06fada48bb6c8e52e85f74c1a2This document gives a brief practical insight on how to carry out a DNS-based phishing attack in public Wi-Fi hotspots to trick users into sharing their personal information such as passwords, credit card details etc.
dd9e8c0dd25eee649722c257d7f84bad82c374c3bf2c461cfa58657d5ad5b83dWhitepaper detailing the Microsoft Internet Explorer MSXML vulnerability as detailed in MS12-043. Written in Arabic.
bbcca47f94b388b571cd17325f08a2e5c0f7e08c14596c91a9db391a76d83227The WordPress Simple Forum third party plugin suffers from a remote shell upload vulnerability.
e1e39658b33451a7ab77fc9db250112689f1bfa7d4de2a6796d81114c8d1a500Mihalism Multi Host version 5.0 suffers from a cross site scripting vulnerability.
a1d8ecc401363d01dd82498c1cf7cc2cb8ee11beda361dd2366c89cdde8fc3f2CMS systems provided by Silentblast Interactive suffer from a remote shell upload vulnerability. Note that this finding houses site-specific data.
d76c471e226222540778870b238689c3374f836beaebb441943379bcfe6a0741Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
d5e18476351c15cadf4a4c449aee566b2e265d0424264cd5d1d72bcd319463cdIBN suffers from a cross site scripting vulnerability.
eccf3f90f95136a98a4ec6854e23d967e583a5087f812cbd32d9bcb9e530382dPaliz CMS suffers from a path disclosure vulnerability.
9259858bb11827528747b0365f0ef19b3803a6504756306efea494d6897e279aKhorshid Chehr suffers from a remote SQL injection vulnerability.
4bb49f76fdf9ac4a71bc4e6ae9a4d64b6379bddbd30b88a257473a59a6264a25Douran CMS suffers from a path disclosure vulnerability.
14e9166604e1c8932bbb85c6279444ac8580e5616b6d3b7a8a0b589be580b699Smartd0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors. It is based on darkd0rk3r.
05aec84072b9046e3fb81624c82100eff40f19cf90bb26d9aa1ce4a4ce8aca3c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed