FFS Colibri Controller Module version 1.8.19.8580 suffers from a directory traversal vulnerability.
a87aa8abfd280a35d3fd98a400df1281dc024fd9b3addee9607c290829ef1e64Secunia Security Advisory - SUSE has issued an update for perl-YAML-LibYAML. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the module.
c2591fd4454e96e7eccbd78fb20fae7cb9cd4ac857ef225bf7920faeb3c9f059This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.3.300.271. By supplying a corrupt Font file used by the SWF, it is possible to gain arbitrary remote code execution under the context of the user, as exploited in the wild.
b495613b72210817067894eb7ff5c08f46dcd44c9088ea935d0a7be729049d9aSecunia Security Advisory - Justin C. Klein Keane has reported two vulnerabilities in the HotBlocks module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and cause a DoS (Denial of Service).
fd66d289c29962cfb58bf6dff524d5a580cb93c94046532983e4247cd4e04963Secunia Security Advisory - Justin C. Klein Keane has reported a vulnerability in the Custom Publishing Options module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
cc35b5266f1d0b8ceb2030857739c796b62542e3b08fdf9ae6beacedabc27687Drupal Elegant Theme third party module version 7.x suffers from a cross site scripting vulnerability.
5cd009a2b5bb39d8473e502fc09119a2302b0d2363ca9167442d0a9f58ad5ea2Drupal Custom Publishing Options third party module version 6.x suffers from a cross site scripting vulnerability.
5c0dec500b232cd3c340e97fe90d0022a5f7a7cae9406845e963e1c4492c9de0Drupal Hotblocks third party module version 6.x suffers from cross site scripting and denial of service vulnerabilities.
3a4741a9e059e7fcb96a3197a8a6b543be251afe504d362ea481cb4229600a6bThis Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths: C:\program.exe, and C:\program files\hello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some softwares such as OpenVPN 2.1.1, or OpenSSH Server 5, etc... all have the same problem.
13ee2928c651d3a5639e180e5f2cafa4d077977aeeeb2da9a34de919ec969a8eThis Metasploit module exploits a stack-based buffer overflow vulnerability in version 2.1 of CuteZIP. In order for the command to be executed, an attacker must convince the target user to open a specially crafted zip file with CuteZIP. By doing so, an attacker can execute arbitrary code as the target user.
0eb1f8858ec5246ac33385d821777542b928e2d0bb98e4789b086a62b732d909Gentoo Linux Security Advisory 201208-5 - An insecure temporary file usage has been reported in the Perl Config-IniFiles module, possibly allowing symlink attacks. Versions below 2.710.0 are affected.
3bcd9906a91e0e60116a8e74a6871bf2c3d7a8bbd8baaef329447255da0a07b9This Metasploit module exploits a path traversal flaw in Novell ZENworks Asset Management 7.5. By exploiting the CatchFileServlet, an attacker can upload a malicious file outside of the MalibuUploadDirectory and then make a secondary request that allows for arbitrary code execution.
0b8fb5d16df4fc969d43e3061660de06ffdf0cfc0581883a9f80e8a04b40a600This Metasploit module exploits a SQL injection found in Cyclope Employee Surveillance Solution. Because the login script does not properly handle the user-supplied username parameter, a malicious user can manipulate the SQL query, and allows arbitrary code execution under the context of 'SYSTEM'.
943d1370d3c4c203bec054c6328adda12b9aa04b01b7010bb71dea9ec2bef8a7This Metasploit module exploits a vulnerability in TestLink versions 1.9.3 and prior. This application has an upload feature that allows any authenticated user to upload arbitrary files to the '/upload_area/nodes_hierarchy/' directory with a randomized file name. The file name can be retrieved from the database using SQL injection.
d7801d84f2c0b381a4eab2c495d1007bc1e69f64d876b88ff24732a4755a2f71Ubuntu Security Notice 1529-1 - A flaw was discovered in the Linux kernel's macvtap device driver, which is used in KVM (Kernel-based Virtual Machine) to create a network bridge between host and guest. A privileged user in a guest could exploit this flaw to crash the host, if the vhost_net module is loaded with the experimental_zcopytx option enabled. An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Various other issues were also addressed.
e952789bbefd461e15d40316c4fbdd6eac86480773556aab5265687085c3d735Ubuntu Security Notice 1514-1 - A flaw was discovered in the Linux kernel's macvtap device driver, which is used in KVM (Kernel-based Virtual Machine) to create a network bridge between host and guest. A privileged user in a guest could exploit this flaw to crash the host, if the vhost_net module is loaded with the experimental_zcopytx option enabled. An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Various other issues were also addressed.
e1c10bba69a8a49308a988c308242a9abe24b1f355d1cf1a0609f14097f65f5cSecunia Security Advisory - A vulnerability has been reported in the Better Revisions module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
f62062aede512bc747cdd5d29b74e01315eac8fffe61038b2bbc21406cf8c3c7Secunia Security Advisory - A vulnerability has been reported in the Shorten URLs module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
76acf0912fd1bef511287486226dc7a54eae854d0dfaacb2cde4ba270633690fSecunia Security Advisory - A security issue has been reported in the Mime Mail module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.
7dffba5850295137080314ec6ac3e23bd96a2335cdae30f3320024c3e23aecd4This Metasploit module exploits a vulnerability found in NetDecision 4.2 TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of user executing the TFTP Server.
0d13cee7943b511e1894639ec337c177f0900b866756b484b6bf6fa8eab38bedDrupal Mime Mail third party module version 6.x suffers from an access bypass vulnerability.
b0a039f3f8e50612edc18654e3f08fa0768e7cce033393312917b22dddb2ce6fDrupal Shibboleth Authentication third party module version 6.x suffers from an access bypass vulnerability.
e56e802811cdc559b6dff8457f24a6cff5246f7478e4aea1adf2290a3508efecDrupal Better Revisions third party module version 7.x suffers from a cross site scripting vulnerability.
706f0cf2a00a465418ab1fd8ca4abfcb890a16db89f027f30d26c3c20d1b13acSecunia Security Advisory - A vulnerability has been reported in the Chaos tool suite module for Drupal, which can be exploited by malicious users to disclose potentially sensitive information.
a8db0f30b9271f122f48329f760cb003e0fa1324a73e9ab0ac9e0d5b7ffcb8a1Drupal Short URLs third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.
2338b653ebbdca2d0e36655118d648626d3e1f46b55c30aef10e28f14326d139Drupal Chaos Tool Suite (ctools) third party module versions 6.x and 7.x suffer from cross site scripting and local file inclusion vulnerabilities.
12064a3019b369f44e0d7a14cf85b3ca9fa4586cade8f60da291fa6cfddc03ae
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed