Joomla Matukio Events component version 7.0.5 suffers from a persistent cross site scripting vulnerability.
9584c12148fc8617de3641746b4f0230d3311b6572cc96e3b21fd7b640b96953
This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.3.300.271. By supplying a corrupt Font file used by the SWF, it is possible to gain arbitrary remote code execution under the context of the user, as exploited in the wild.
b495613b72210817067894eb7ff5c08f46dcd44c9088ea935d0a7be729049d9a
Zero Day Initiative Advisory 12-140 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee SmartFilter Administration Server. Authentication is not required to exploit this vulnerability. The flaw exists within the Remote Method Invocation (RMI) component which is exposed by SFAdminSrv.exe process. This process exposes various RMI services to TCP ports 4444 (JBoss RMI HTTPInvoker), 1098 (rmiactivation), 1099 (rmiregistry). Requests to these services are not authenticated and can be used to instantiate arbitrary classes or to upload and execute arbitrary archives. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
6d44dbf9f816ae47b69459fc6a3ae55af8b47454af0c493a2b31bcdd640effcb
Zero Day Initiative Advisory 12-139 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. Authentication is not required to exploit this vulnerability. The flaw exists within the ebus-3-3-2-7.dll component which is used by the crystalras.exe service. This process listens on a random TCP port. When unmarshalling GIOP ORB encapsulated data the process invokes a memcpy constrained by a user controlled value. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
b5cd95c093a6d7c698cda8f5b0501a67a51fa6615c044079dd187f2f91b82aa0
The Joomla Fireboard component suffers from a remote SQL injection vulnerability.
8d0c501fd44b32f026ce7af1a5f8051a166362be2831982e2e13f188b4977cdb
Secunia Security Advisory - A vulnerability has been reported in the En Masse component for Joomla!, which can be exploited by malicious people to compromise a vulnerable system.
60a963331192fcc92f50d2f9dd3c437bf5576a63b0c1cf60843bf0062447a34d
The uplay ActiveX component allows an attacker to execute any command line action. User must sign in, unless auto-sign in is enabled and uplay is not already running. Due to the way the malicious executable is served (WebDAV), the module must be run on port 80, so please ensure you have proper privileges. Ubisoft released patch 2.04 as of Mon 20th July.
b06a8a97e093f62b1f9d8ff1ae71702688d1cb47e94160036dd253ab69142e43
Joomla Enmasse component remote SQL injection exploit.
cf821d066145cc0aaa6bf61dac10e9bf55b1cb6536262dcf10639062c8982c56
Secunia Security Advisory - A vulnerability has been reported in the En Masse component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
86e058797cdebae4c518aed42b1eb24dfbbe687279be2bcf4f01d8696bb0b189
The Joomla Photo component suffers from a remote SQL injection vulnerability.
8fe953054e31882214e9fc9a64a5172e3e675a3dd3e4d88642f716cfb0aa5589
Debian Linux Security Advisory 2524-1 - Two denial of service vulnerabilities have been discovered in the server component of OpenTTD, a free reimplementation of Transport Tycoon Deluxe.
82de0800c15326cda8e2ec48a7a9ac834e43a7b5df1a83b728c5aa0d720510f6
Debian Linux Security Advisory 2523-1 - It was discovered that the GridFTP component from the Globus Toolkit, a toolkit used for building Grid systems and applications performed insufficient validation of a name lookup, which could lead to privilege escalation.
b6337585790cbaa70a41e8a15f2ad98e6536faf0969ee375b41118d80a7b921e
The Joomla Package component suffers from a remote SQL injection vulnerability.
8e0d07408dd254a57780cf1b916f1db843819bf3e73affbb15a99a5037a6688b
Zero Day Initiative Advisory 12-131 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Microsoft .NET handling of XAML Browser Applications (XBAP) graphics components. It is possible to cause an undersized allocation for a buffer which is populated with user-supplied glyph data, resulting in memory corruption which can be leveraged to remotely execute code.
2ba150accd380124e735108b1edaea64553b981dcdfde6e7789e26f7a74b150f
Secunia Security Advisory - A vulnerability has been reported in the Joomgalaxy component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
8b3ed7abae548ce9026010ff8ba933707b2d23b449e2236ec9fbee5b59a1e6d8
Mandriva Linux Security Advisory 2012-121 - A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.
f2ad581b2eb2a623f29ef94aceecd64aa6519150410652e8ff0180d2a6b74f2e
Joomla Joomgalaxy component version 1.2.0.4 suffers from remote shell upload and remote SQL injection vulnerabilities.
a888750b9ceb89e199e602d4d15951f68d359c9deab51b4b81286e8927d32431
Joomla Nice Ajax Poll component versions 1.3.0 and below suffer from a remote SQL injection vulnerability.
eb9f2498b2712b4c06f0df8709124960b7e70c6252b6b88c6df54785b9ebade9
Secunia Security Advisory - Two vulnerabilities have been reported in the RSGallery2 component for Joomla!, which can be exploited by malicious users to conduct script insertions attacks and by malicious people to conduct SQL injection attacks.
8f68a8b8ad0d3199333c07c436a3cd3930236a451b8673e1559d8fd15c48fc03
Secunia Security Advisory - A vulnerability has been reported in the Movm component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
59942a037456ced97fd18ae42d16cce6f3e542cdebbdb6767edc9bedbe268816
Joomla Movm component version 1.0 suffers from a remote SQL injection vulnerability.
e3427894cce8d8fa4ad201fc6f9ca8c75931c67318be35e15f273c5f4d5c3dc3
Joomla Odudeprofile component version 2.x suffers from a remote SQL injection vulnerability.
8b5536a92abeb5455576bdcda4e58fb09ea7f7b74b19c495050cdfec88ce5f79
Red Hat Security Advisory 2012-1109-01 - JBoss Application Server is the base package for JBoss Enterprise Portal Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.
78dd41f8b5b34025ec971ccb9596f9551cde8d2534b3816a8c8e07e50a8da9ef
The Joomla Hello component suffers from a local file inclusion vulnerability.
f473f0c61e9e8c0ec07cfd80bd2864d9cc825caedb6e1771e7d868909f818c36
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
ddcc7890a394d8154120a163c90b11119a0322b62d937ad1a3a14ef3fe6cf74e
Joomla web scanning perl script that gets the version, components and shows possible bugs.
0ab018e39405e6084e40c17103e2371d3366a4af2159ce098bae85b710b3f1ab