Dell SonicWALL Secure Mobile Access SMA version 8.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
9c6e1e62011dc14636b4f5849d5f84a87d42f3acec586620f4296ac473fb6a89Secunia Security Advisory - A vulnerability has been reported in McAfee SmartFilter Administration, which can be exploited by malicious people to compromise a vulnerable system.
a703b1a95357d6c56e78153fecfe2423f047d759e2a36648b9be443b22464153Zero Day Initiative Advisory 12-140 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee SmartFilter Administration Server. Authentication is not required to exploit this vulnerability. The flaw exists within the Remote Method Invocation (RMI) component which is exposed by SFAdminSrv.exe process. This process exposes various RMI services to TCP ports 4444 (JBoss RMI HTTPInvoker), 1098 (rmiactivation), 1099 (rmiregistry). Requests to these services are not authenticated and can be used to instantiate arbitrary classes or to upload and execute arbitrary archives. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
6d44dbf9f816ae47b69459fc6a3ae55af8b47454af0c493a2b31bcdd640effcbSecunia Security Advisory - A vulnerability has been discovered in SmarterMail, which can be exploited by malicious people to conduct script insertion attacks.
3f5608ec4dbfea645beb2b22ad9b62864b4c15427459039d6d1f2e563caba091This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).
d858c8b6d6fe0d0ffc9d06afc12e482599a5ca2b027ef372734fa46886a66c4dISMA Online Translator version 1.2 and ISMA Agnet version 1.1 suffers from cross site scripting and html injection vulnerabilities. ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ suffers from cross site scripting, and html injection vulnerabilities.
411f5617606b2ca82327c9da33b7ff101c4d6c3fedc64438adc9cbc62ef01b87PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
04d68118540aa72d1079d73c6cbd5d757435496db0dd4e260130a127a8844be7Secunia Security Advisory - A vulnerability has been reported in GraphicsMagick, which can be exploited by malicious people to cause a DoS (Denial of Service).
ce2d96febab9d285a0c7b8898d763fbe22798cc34f246e7ea8c4d5c34500afe683 bytes small Linux/x86 ASLR deactivation shellcode.
3c4799dd92e003e39ce50560912dd05104d6cce8bc4f1ce4a42be3063c322af257 bytes small Linux x86 chmod 666 /etc/passwd and /etc/shadow shellcode.
590e152e8000ac65c31808f69843049356045877a386919811bea3db71213bd428 bytes small Linux x86 execve("/bin/sh") shellcode.
e76c6cfce6e63e2e04ebe2418e31f5cc54c5925f41db12525c88204ca0278b05Termineter is a framework written in python to provide a platform for the security testing of smart meters. It implements the C12.18 and C12.19 protocols for communication. Currently supported are Meters using C12.19 with 7-bit character sets. Termineter communicates with Smart Meters via a connection using an ANSI type-2 optical probe with a serial interface.
8c72b50832476f3e05267e7d4f72848ea822e3c27a9f383258782999f96bcc12This php script is a small tool for performing proxy checks.
335c6bc3f7508bd7388fd3b9f2a8c061fae18e1b4e0260668b4a1b074b9587a361 bytes small Unix/x86 reverse shell TCP port 30 shellcode.
a9c4dce2bac819a7c3727dbb9373b2ad7d3a42ec3a4b4326b3d68c91e79d8c9dU3-Pwn is a tool designed to automate injecting executables to Sandisk smart usb devices with default U3 software install. This is performed by removing the original iso file from the device and creating a new iso with autorun features.
51498ab2e7ba0c102e682ae6e8f6fca0fcc3c25cbe6926456c2c6aeb1049c326This Metasploit module exploits a function prototype mismatch on the CQOle ActiveX control in IBM Rational ClearQuest versions prior to 7.1.1.9, 7.1.2.6 or 8.0.0.2 which allows reliable remote code execution when DEP is not enabled.
387ecb02a357ac85525e1e50243fe56012c1987ea3f8ba4a3ee336ab0fb98ed5strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
1a7ed98015df32e7412caf37391105af25a9dc66a0e357a1c92ccd5a9f18029858 bytes small Linux/x86 rm -fr / shellcode.
f97ca9b35911145e544f8f2c9253eb7646968fcbab53346ae763b8c0513a2b5aZero Day Initiative Advisory 12-113 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational ClearQuest. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CQOle ActiveX control. A function prototype mismatch in an ActiveX wrapper results in an extra argument to be pushed onto the stack, thereby misaligning the stack offset. When the function returns, it can be made to jump to a memory address provided via the ActiveX method call. This can be leveraged to execute arbitrary code under the context of the user running the browser.
ee2420a705a26ed773b1354114c6612b6c63f17469cb4b7177fbc350de395af5HP Security Bulletin HPSBPI02794 SSRT100542 - A potential security vulnerability has been identified with certain HP Photosmart printers. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
f39d009e7e352d2b9f93664bf49c7618a7dae15b4a79bf85fdcb5948f6e58f93Secunia Security Advisory - A vulnerability has been reported in multiple HP Photosmart printers, which can be exploited by malicious people to cause a DoS (Denial of Service).
8b99dfe771fa4444681df851b7362066df6524e6b0b1f3df12e81b47ca3b85f1Smart-Info Limited suffers from a remote SQL injection vulnerability.
fd8d900d1d9226ba67668c5ebc99aa5973e1e8553b048072a11e2817bfb018bcSecunia Security Advisory - A vulnerability has been reported in SmallPICT, which can be exploited by malicious people to conduct cross-site scripting attacks.
523389ffbb38c3d758f1e75c1afcf2012ff4ccbb9b67b988c10c0dd0429e1af9The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
36ea3627ca945f7c7e5d36e2cf2f4151341760f14dc63b2acc36e37c0b639bc0Smallbiz suffers from a remote SQL injection vulnerability.
0fcfc4f0b435df6d2a9d946a9c55177e726adcb25df3baec36c7d0e40cdd54c0PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
74b9505aefce9b9b5e02bc6eb31e0b44de771b4a3fd5c73edbb8c4870f56a7d2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed