NFRAgent.exe, a component of Novell File Reporter (NFR), allows remote attackers to upload arbitrary files via a directory traversal while handling requests to /FSF/CMD with FSFUI records with UICMD 130. This Metasploit module has been tested successfully against NFR Agent 1.0.4.3 (File Reporter 1.0.2) and NFR Agent 1.0.3.22 (File Reporter 1.0.1).
6e8968d0aa343e5878b656cc49cedf13effdc0839611e2fbdacf11ca679628dfThis is a whitepaper called Guidelines for Pen-testing a Joomla Based Site.
7a8cac0307908cecd1cae37fd4ab169ed3f47a3751ee4d0d5a3576aeab6f0cbaFriendsinwar FAQ Manager suffers from a remote SQL injection vulnerability.
92e36cb7108edc9a74b69d10351949489ad7b525325db1dfa75164b9de07491dOpen-Realty versions 2.5.8 and below suffer from a cross site request forgery vulnerability.
92329b7043af1d4783fb11947d21277ddc61a87ca7d8cda419922fc9dd67a8c8This is a presentation given at Devoxx that goes into detail about the Oracle Java vulnerabilities discussed in SE-2012-01.
49d02139ee9c74682ac34a668af63077f0e2e4b0d473c32bb2104c25866d4982This is the technical report detailing the Oracle Java vulnerabilities originally noted in SE-2012-01.
d00c5da4cf880cde2e84ea74745b16dbc8e7132738d0d05fc29c596259008c0dSecunia Security Advisory - ABB has acknowledged a vulnerability in AC500 PLC, which can be exploited by malicious people to compromise a vulnerable system.
7f685a60dc4371e4910ac105b53ac1c57c4f9c282a5eadd6fba0b2486a29a90cSecunia Security Advisory - Core Security Technologies has reported a vulnerability in VMware ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service).
f3ff417e0c7e13fcace6e50795caf51f2642d6c8ae2577837c883cb0fa535149Secunia Security Advisory - SUSE has issued an update for xen. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.
f87a1d4bf36e8f926d22ed9716e1395eb296be66d0ac4472c47a59ef60778337Secunia Security Advisory - Multiple vulnerabilities have been reported in MYRE Vacation Rental Software, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
43dd8b7649be5bee5721898f47e15b107cafc695b7db1ca2c9a9ada503f1bcc8Secunia Security Advisory - Red Hat has issued an update forjava-1.7.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
a1911843ceb6406188cca01910c9f511da53af18ec7876f6d090fcbcc2263384Secunia Security Advisory - Red Hat has issued an update for java-1.6.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
fca1d3b0ebeaa083e8328fa24e3b3dede969feb9ae7019e5491032e8629abf04Secunia Security Advisory - Red Hat has issued an update for java-1.5.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
dce30a662104129d64c884674cb975c78c4970d5cdd7d3e11e596b4432bd28dbSecunia Security Advisory - Debian has issued an update for typo3-src. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks, bypass security restrictions, and conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
58222bafd4e557dba39c1a9b403b7dd0ea4aa2450141da0a80254814d32988faSecunia Security Advisory - Some vulnerabilities have been reported in VMware ESX Server, which can be exploited by malicious, local users to potentially disclose sensitive information and by malicious people to disclose potentially sensitive information, conduct spoofing and cross-site scripting attacks, and cause a DoS (Denial of Service).
4572fd073f059a8765bbd5d600597d938d3161f381a20b50df2f883b256aae4bSecunia Security Advisory - A vulnerability has been reported in MYRE Realty Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
966afe0a4282abd88f468580f88dfc99304d1dd6b9c4ff914fb776a9afa00e6fSecunia Security Advisory - A vulnerability has been reported in Hitachi Device Manager Software, which can be exploited by malicious people to cause a DoS (Denial of Service).
6337d6a116964be045f64c0c344ad2f5073d4bd79f28b849e991fab8fb1ee40aSecunia Security Advisory - A vulnerability has been reported in Myrephp Business Directory, which can be exploited by malicious people to conduct cross-site scripting attacks.
aa0a9da26f12b3a1466ca4136b336024aa40b9e361f67729db4c0838cd5c3f44Secunia Security Advisory - Ubuntu has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.
96fbb200250d6fb92a5a3dc0383f7b38f03c6e6459d65997c7f065db8a9e98b0Secunia Security Advisory - A weakness has been reported in the Table of Contents module for Drupal, which can be exploited by malicious people to disclose potential sensitive information.
e31d9a42381736ab185986289a38f920b3a5064cd3775c2f0950d50fd8daf898Secunia Security Advisory - A vulnerability has been reported in JP1/Automatic Job Management System, which can be exploited by malicious people to cause a DoS (Denial of Service).
cae98361bcfb5c078423578ef7cb4da488460515788564807250e83cee126ec1Secunia Security Advisory - Ubuntu has issued an update for python-django. This fixes a weakness, which can be exploited by malicious people to disclose potentially sensitive information.
09e817217bb2e3eb5b7277ffad57dc651b7392f557cd9f2ed28bb554b3353326Zero Day Initiative Advisory 12-186 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of RTF files. The code responsible for lexing control words from the input file does not properly validate that all objects are properly defined. By removing terminating values within an RTF file an attacker can cause the program to re-use a freed object. Combined with basic memory layout control an attacker can abuse this situation to achieve code execution under the context of the user running the application.
9335cf35112e6a5fa2f4b08c7f90e422e086a84a52fa98f66f3e2dbd9f174d4bZero Day Initiative Advisory 12-185 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. Authentication is not required to exploit this vulnerability. The flaw exists within the DirectoryService daemon. This process listens on TCP port 625 by default on Mac OSX Server pre 10.7. Request types to the service include a sComProxyData structure having a translate field which is responsible for describing the endianness of the payload. When passing a message to SwapProxyMessage for byte-reordering, multiple user controlled fields are trusted including lengths and offsets. When processing this data with DSSwapObjectData, the process will address memory out of the bounds of the allocated region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
13d8bba137d0ff0748960521e2c159cf7f506be7b33eda7dae1e4f8d440a588eApplicure dotDefender WAF versions 4.26 and below suffer from a format string vulnerability.
b0d30665e6fdf30c97b86937ab446b3cbc76ca5d1425fb453916aa7205a4a6cb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed