This Metasploit module exploits a file upload vulnerability found in Open Flash Chart version 2. Attackers can abuse the 'ofc_upload_image.php' file in order to upload and execute malicious PHP files.
b8a492ec3d568f27f3072ee7a134a2a0e51461ff46fb4b93914e0b100f645e82
Gentoo Linux Security Advisory 201310-15 - Multiple vulnerabilities have been found in GNU Automake, allowing local arbitrary command execution with the privileges of the user running an Automake-based build. Versions less than 1.11.6 are affected.
c4712ff82db88c59238cb2745a8aefc2c8dff9ef3b49bb02939e39dc4769bc18
Symantec Workspace Streaming version 7.5.0.493 suffers from a SWS streamlet engine invoker servlets remote code execution vulnerability. Proof of concept code included.
013fe724276f3efdcdb2e04f6e5462344632c6aeb84259e399b9fb314b8d088d
Onpub CMS versions 1.4 and 1.5 suffer from multiple remote SQL injection vulnerabilities.
29be76c26f70a0a77e21ebbba24a61a7fc1665dd3abf256dbbaa9777f05ae7cf
Gentoo Linux Security Advisory 201310-13 - Multiple vulnerabilities have been found in MPlayer and the bundled FFmpeg, the worst of which may lead to the execution of arbitrary code. Versions less than 1.1-r1 are affected.
08965766fcae25256090b4e385c2d0b3cb8116f70820f4e55055009d3309d422
Gentoo Linux Security Advisory 201310-12 - Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. Versions less than 1.0.7 are affected.
d23e903782e194c3e161da651dead966b61dd687650a2ec514384ffd8de17b78
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
7389dff4435dbb31612ceb1a4260cfd7383ed58182a216b128d8e1cfd34118f7
Gentoo Linux Security Advisory 201310-14 - Multiple vulnerabilities have been found in Groff, allowing context-dependent attackers to conduct symlink attacks. Versions less than 1.22.2 are affected.
4c8b8107de41173ce0db5640699699fd0f4ae5cfcb10a6a2cf1b52bf8d21c739
CA Technologies Support is alerting customers to a potential vulnerability in CA SiteMinder that can be mitigated by utilizing existing product functionality. The vulnerability can potentially allow a remote attacker to conduct a cross-site scripting attack and execute script in the security context of the SiteMinder domain. Customers should review their SiteMinder deployments to verify that the vulnerability mitigating functionality is enabled. Versions 12.51, 12.5, 12.0 and 6 Web Agents are affected.
7484ac45d17585798083790d7030a16af3adf9a7edd7018fd77567ee3e3aaf5c
WebCollab versions 3.30 and below suffer from an HTTP response splitting vulnerability.
a895d7c4a4695a9aeb270f6abf9d85d121c81cc0b634d6443284f1cfba111448
Feeder.co RSS Feeder version 5.2 for Chrome suffers from multiple cross site scripting vulnerabilities.
c227d9d9a4c7675cd2e18a765b40cd5955a316d3ece0b557dcc289f4c9d80f82
This is a Webwiz Rich Text Editor file upload page discovery module for Recon-NG.
865eb4c812edca67575bd0f50b8854c158f04d5a59f498bb0dcc994a35bcecf6
GenericRestaurantMenu is a discovery module for Recon-NG that looks for Menu Categories Editor page vulnerabilities including SQL injection.
f943a5ee2c3e7871721b443d21b01ae5f16ce393bf8c4fcfe241ffc0046144ff
Uploadify versions 3.2.1 and below suffer from remote shell upload and information disclosure vulnerabilities.
42181d90d3a59f79ebd60cc206e7db18525b5ce197976ea8e3cd7560476156fb
This is a vulnerability checking script for Recon-NG that looks for hosts with a Dot Net Nuke fcklinkgallery page that allows for a remote shell upload.
ed7c15cc25a3447557533bfd64be83d545b106112fe7ad39f81e52e6935755c3
JReport suffers from a cross site request forgery vulnerability.
f1edcf7336d77073aafbe4e97e41a339bab3dfa611e51b9971a3df90fe3b8995
WordPress GeoPlaces theme version 4.x suffers from a remote shell upload vulnerability.
4bb5ca362685571ea46f9b60300a56f3aa737abbf2c8551c66c53798de33803e
easyXDM library versions 2.4.16 and below suffer from cross site scripting and parameter injection vulnerabilities.
19287ecdc95f0de8cf7a407c73fe7767c29a4796809ff7e42f9f42c9b254d703
This tool is a proof-of-concept packer for .NET executables designed to provide a starting point to explain the basic principles of runtime packing.
00edbbabaeeafd89302340cee6a316b6a2882f9c7f305be53f952d2c234eaf60
Contexis CMS version 1.0 suffers from a cross site scripting vulnerability.
ab5e2108f93cfcf2603751d8a48b52da0ef3be80421319c493809fa7004539fb
Debian Linux Security Advisory 2783-2 - The update of librack-ruby in DSA-2783-1 also addressed CVE-2013-0183. The patch applied breaks rails applications like redmine (see Debian Bug #727187). Updated packages are available to address this problem.
7166a2e1c6865221cfe34af826a8c7a766cf04432e78842feb087c02e0f3fe25
Ubuntu Security Notice 2007-1 - Martin Carpenter discovered that Apport set incorrect permissions on core dump files generated by setuid binaries. A local attacker could possibly use this issue to obtain privileged information.
b01329a47b0a84943e0929f31ba03f709200ed7f5762f7a5ad9544c85128d498
Ubuntu Security Notice 2008-1 - Ralph Loader discovered that Suds incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions.
bf71a760565d6513e96914418c72277da4c645c885cd2d33c760bcdbfcb9f300
Ubuntu Security Notice 2006-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.72 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04 and Ubuntu 13.10 have been updated to MySQL 5.5.34. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
cb8de417ff7f62570e9cf059820b5b3e849c9637f24c9974857bfb156a0ab65f
Red Hat Security Advisory 2013-1459-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker could use this flaw to send specially crafted input data to GnuPG, making GnuPG enter an infinite loop when parsing data. It was found that importing a corrupted public key into a GnuPG keyring database corrupted that keyring. An attacker could use this flaw to trick a local user into importing a specially crafted public key into their keyring database, causing the keyring to be corrupted and preventing its further use.
66f4f380227d5284e4fe726da477005d273d6e0b0babb21afcad548a7d3c4cc5