This Metasploit module exploits a file upload vulnerability found in Open Flash Chart version 2. Attackers can abuse the 'ofc_upload_image.php' file in order to upload and execute malicious PHP files.
b8a492ec3d568f27f3072ee7a134a2a0e51461ff46fb4b93914e0b100f645e82Gentoo Linux Security Advisory 201310-15 - Multiple vulnerabilities have been found in GNU Automake, allowing local arbitrary command execution with the privileges of the user running an Automake-based build. Versions less than 1.11.6 are affected.
c4712ff82db88c59238cb2745a8aefc2c8dff9ef3b49bb02939e39dc4769bc18Symantec Workspace Streaming version 7.5.0.493 suffers from a SWS streamlet engine invoker servlets remote code execution vulnerability. Proof of concept code included.
013fe724276f3efdcdb2e04f6e5462344632c6aeb84259e399b9fb314b8d088dOnpub CMS versions 1.4 and 1.5 suffer from multiple remote SQL injection vulnerabilities.
29be76c26f70a0a77e21ebbba24a61a7fc1665dd3abf256dbbaa9777f05ae7cfGentoo Linux Security Advisory 201310-13 - Multiple vulnerabilities have been found in MPlayer and the bundled FFmpeg, the worst of which may lead to the execution of arbitrary code. Versions less than 1.1-r1 are affected.
08965766fcae25256090b4e385c2d0b3cb8116f70820f4e55055009d3309d422Gentoo Linux Security Advisory 201310-12 - Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. Versions less than 1.0.7 are affected.
d23e903782e194c3e161da651dead966b61dd687650a2ec514384ffd8de17b78Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
7389dff4435dbb31612ceb1a4260cfd7383ed58182a216b128d8e1cfd34118f7Gentoo Linux Security Advisory 201310-14 - Multiple vulnerabilities have been found in Groff, allowing context-dependent attackers to conduct symlink attacks. Versions less than 1.22.2 are affected.
4c8b8107de41173ce0db5640699699fd0f4ae5cfcb10a6a2cf1b52bf8d21c739CA Technologies Support is alerting customers to a potential vulnerability in CA SiteMinder that can be mitigated by utilizing existing product functionality. The vulnerability can potentially allow a remote attacker to conduct a cross-site scripting attack and execute script in the security context of the SiteMinder domain. Customers should review their SiteMinder deployments to verify that the vulnerability mitigating functionality is enabled. Versions 12.51, 12.5, 12.0 and 6 Web Agents are affected.
7484ac45d17585798083790d7030a16af3adf9a7edd7018fd77567ee3e3aaf5cWebCollab versions 3.30 and below suffer from an HTTP response splitting vulnerability.
a895d7c4a4695a9aeb270f6abf9d85d121c81cc0b634d6443284f1cfba111448Feeder.co RSS Feeder version 5.2 for Chrome suffers from multiple cross site scripting vulnerabilities.
c227d9d9a4c7675cd2e18a765b40cd5955a316d3ece0b557dcc289f4c9d80f82This is a Webwiz Rich Text Editor file upload page discovery module for Recon-NG.
865eb4c812edca67575bd0f50b8854c158f04d5a59f498bb0dcc994a35bcecf6GenericRestaurantMenu is a discovery module for Recon-NG that looks for Menu Categories Editor page vulnerabilities including SQL injection.
f943a5ee2c3e7871721b443d21b01ae5f16ce393bf8c4fcfe241ffc0046144ffUploadify versions 3.2.1 and below suffer from remote shell upload and information disclosure vulnerabilities.
42181d90d3a59f79ebd60cc206e7db18525b5ce197976ea8e3cd7560476156fbThis is a vulnerability checking script for Recon-NG that looks for hosts with a Dot Net Nuke fcklinkgallery page that allows for a remote shell upload.
ed7c15cc25a3447557533bfd64be83d545b106112fe7ad39f81e52e6935755c3JReport suffers from a cross site request forgery vulnerability.
f1edcf7336d77073aafbe4e97e41a339bab3dfa611e51b9971a3df90fe3b8995WordPress GeoPlaces theme version 4.x suffers from a remote shell upload vulnerability.
4bb5ca362685571ea46f9b60300a56f3aa737abbf2c8551c66c53798de33803eeasyXDM library versions 2.4.16 and below suffer from cross site scripting and parameter injection vulnerabilities.
19287ecdc95f0de8cf7a407c73fe7767c29a4796809ff7e42f9f42c9b254d703This tool is a proof-of-concept packer for .NET executables designed to provide a starting point to explain the basic principles of runtime packing.
00edbbabaeeafd89302340cee6a316b6a2882f9c7f305be53f952d2c234eaf60Contexis CMS version 1.0 suffers from a cross site scripting vulnerability.
ab5e2108f93cfcf2603751d8a48b52da0ef3be80421319c493809fa7004539fbDebian Linux Security Advisory 2783-2 - The update of librack-ruby in DSA-2783-1 also addressed CVE-2013-0183. The patch applied breaks rails applications like redmine (see Debian Bug #727187). Updated packages are available to address this problem.
7166a2e1c6865221cfe34af826a8c7a766cf04432e78842feb087c02e0f3fe25Ubuntu Security Notice 2007-1 - Martin Carpenter discovered that Apport set incorrect permissions on core dump files generated by setuid binaries. A local attacker could possibly use this issue to obtain privileged information.
b01329a47b0a84943e0929f31ba03f709200ed7f5762f7a5ad9544c85128d498Ubuntu Security Notice 2008-1 - Ralph Loader discovered that Suds incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions.
bf71a760565d6513e96914418c72277da4c645c885cd2d33c760bcdbfcb9f300Ubuntu Security Notice 2006-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.72 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04 and Ubuntu 13.10 have been updated to MySQL 5.5.34. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
cb8de417ff7f62570e9cf059820b5b3e849c9637f24c9974857bfb156a0ab65fRed Hat Security Advisory 2013-1459-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker could use this flaw to send specially crafted input data to GnuPG, making GnuPG enter an infinite loop when parsing data. It was found that importing a corrupted public key into a GnuPG keyring database corrupted that keyring. An attacker could use this flaw to trick a local user into importing a specially crafted public key into their keyring database, causing the keyring to be corrupted and preventing its further use.
66f4f380227d5284e4fe726da477005d273d6e0b0babb21afcad548a7d3c4cc5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed