PsychoStats version 3.2.2b suffers from a remote SQL injection vulnerability.
6939fa06a31241d32f01ab10763e0f55e5a577b21d1456f8fa1c91b354697f10Konftel 300IP SIP-based conference phone versions 2.1.2 and below remote bypass reboot exploit.
9e507e381e6d3283aca016657d917380e4a9531c10b62c0736789e6838811a3fSlackware Security Advisory - New dhcp packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-2266.
863cc58feb36ee13f39bbaf2e6dfc10aac80a162251030487d679e1f6fefcbf3Atmail WebMail versions 7.0.2 and below suffer from a reflective cross site scripting vulnerability.
ff5341ba2491f38ee1944030bf777bbf3463e21753cdd0caff3312068641c1b0HP Security Bulletin HPSBUX02857 SSRT101103 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.
6892130ed5ebb8b6ff22fb91977bf86f18307a331290e7af9035764ba196688eThis Metasploit module exploits a vulnerability in the JCE component for Joomla!, which could allow an unauthenticated remote attacker to upload arbitrary files, caused by the fails to sufficiently sanitize user-supplied input. Sending specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system. This Metasploit module has been tested successfully on the JCE Editor 1.5.71 and Joomla 1.5.26.
d551a16563e5797049076716bcbb1d33f994204c2b5f2e12601d1eac4daa07b1EMC Smarts Network Configuration Manager (NCM) version 9.2 contains fix for a vulnerability that could allow a malicious user to call certain supported Java Remote Method Invocation methods remotely without authentication. In addition, NCM System Management (SysAdmin) Console has known security vulnerabilities and EMC strongly advises customers to disable and not use this console until there is alternative solution from EMC.
0874e51f0ca690050aecbd9f317a22a366230b83c340be3b95f6baca5690e1b0Ruby Thumbshooter Gem version 0.1.5 suffers from a remote command execution vulnerability due to passing unsanitized user-supplied data to the shell.
0652702d6e2f7b3bc1f88941a17af3a1b29f12b8f34ed087c62a57ec0db99e81HP Security Bulletin HPSBOV02852 SSRT101108 - Potential security vulnerabilities have been identified in HP SSL for OpenVMS. These vulnerabilities could allow remote Denial of Service (DoS), unauthorized disclosure of information, unauthorized modification. Revision 1 of this advisory.
cb5cb5dfdeca2640750b4857366f5e36f9ac5ae17d59f19e92b7294ff275963cKNet Web Server remote buffer overflow structure exception handler (SEH) exploit that binds a shell to port 4444.
47691f149ab5a7936c21a7a8e27d067ba1468489b8a9fa89e9fe67cf5e7c24dfLotus Domino versions 8.5.4 and below suffer from multiple cross site scripting vulnerabilities.
341d00e048b74b02c865cf233315d109c732984dccad4ca99ee5119609246fa4GoldenEye is a python script that is meant for testing HTTP denial of service conditions leveraging HTTP Keep Alive and NoCache.
f090e3454b0b8316183543c6e506a7d017615ac25c8b09f6a55b5012cb2ef17cUsernamer is a penetration testing tool to generate a list of possible usernames/logins (ex: John Doe Doeson) for user enumeration or bruteforcing. This tool also supports text-files with one name per line as input.
75f2d3ac161fa0569232e5ce8b802ea530d7b3e34e503645d5c1cf8301c9a8ecDebian Linux Security Advisory 2653-1 - It was discovered that Icinga, a host and network monitoring system, contains several buffer overflows in the history.cgi CGI program.
188c6990c5d7d4e8af29ece4784c5270cb5b7f19552d94beb18872c90df1f07bRed Hat Security Advisory 2013-0686-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. The latest packages for Subscription Asset Manager include a number of security fixes: When a Subscription Asset Manager instance is created, its configuration script automatically creates an RPM of the internal subscription service CA certificate. However, this RPM incorrectly created the CA certificate with file permissions of 0666. This allowed other users on a client system to modify the CA certificate used to trust the remote subscription server. All administrators are advised to update and deploy the subscription service certificate on all systems which use Subscription Asset Manager as their subscription service.
0963c8e1d61d8ac6df642de01a0698f0b64aa8bfa0d30d87859ee165ddb3111bRed Hat Security Advisory 2013-0685-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially-crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption.
ac3fdd7299785f237b23d812f30be939d6a7f1979b5d7e5891f630a611337ac3Ubuntu Security Notice 1781-1 - Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. A flaw was reported in the permission checks done by the Linux kernel for /dev/cpu/*/msr. A local root user with all capabilities dropped could exploit this flaw to execute code with full root capabilities. Various other issues were also addressed.
5d7a43744d14bb2c4370a49a10df8406ceaadc56d80d851f94fd355ecc51efccSynConnect suffers from a remote SQL injection vulnerability.
1d2086a1579126612368a2fdc3f6dd10002d80c1db58bebe694c8d37d17bc6afHP Security Bulletin HPSBPV02855 SSRT100512 - A potential security vulnerability has been identified with HP ProCurve 1700-8 (J9079A) and 1700-24 (J9080A) switches. The vulnerability could be remotely exploited to allow a cross site request forgery (CSRF). Revision 1 of this advisory.
2e61ba3966255a207f0b13b399cdac6e5f2c77f23523751c7a935394497465dbOrionDB Business Directory Script suffers from multiple cross site scripting vulnerabilities.
d5a995d9550ed2998a600c0436a270646bf6cd2312e8abcf82a134b7bf8727a0OWASP WAF Naxsi suffers from a bypass vulnerability.
086ae504afd9243fc50ad06efe7ad3f4780533c5b6293a8ed1470c10d736b667Voila CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
eb568c55d31a6a7aa5bae7695951f99bfa77f3f0839b3f1edebeef4d17193784Debian Linux Security Advisory 2652-1 - Brad Hill of iSEC Partners discovered that many XML implementations are vulnerable to external entity expansion issues, which can be used for various purposes such as firewall circumvention, disguising an IP address, and denial-of-service. libxml2 was susceptible to these problems when performing string substitution during entity expansion.
04ec56e7cfa9d1647f6ba4df2f17ae024aed83c6e87c37677e43bc3a80341400This Metasploit module exploits a vulnerability in ActFax Server 5.01 RAW server. The RAW Server can be used to transfer fax messages without any underlying protocols. To note significant fields in the fax being transferred, like the fax number or the recipient, ActFax data fields can be used. This Metasploit module exploits a buffer overflow in the handling of the @F506 fields due to the insecure usage of strcpy. This Metasploit module has been tested successfully on ActFax 5.01 over Windows XP SP3 (English).
d87e539151a571a848fa3efe35cc969a0ff60645c93035d902d039cfcf31fbc7This Metasploit module exploits a code execution flaw in HP Intelligent Management Center. The vulnerability exists in the mibFileUpload which is accepting unauthenticated file uploads and handling zip contents in a insecure way. Combining both weaknesses a remote attacker can accomplish arbitrary file upload. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.
079cdacb84dcb53ea2b286f73c46ecd3048ca724d4b7282c111b8be7672a2194
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed