Wiki Web Help version 0.28 suffers from a remote SQL injection vulnerability.
f50a808a514db936aad169cb76e09732e523222bc458638481d751b9c5564470Intuit Help System suffers from protocol file retrieval vulnerability.
65677d6250ef2ab1e9b970ddb24217950a01b3edbee65118c3e2ebe4ee508a3dIntuit Help System suffers from protocol URL heap corruption and memory leak vulnerabilities.
28c43548d0a76f1624a1a7bef0b4301fe6ec08af383b75c0a01f373d96370407Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
452514a1ec0be1416bfca93603e6c89deb91d1a3a19671c64b5a8868a3743dafKayako Fusion Help Desk Software suffers from a cross site scripting vulnerability.
565127ad9b187160e79043dbc0756f9abe1cadd29b782f144822a834134e3377Oracle Live Help On Demand Webcare suffers from a cross site scripting vulnerability.
7e4f2111017c66130c9ae165a74c12a728cbd0c8a2ff74c16cbbac908f8ac1a3Onapsis Security Advisory - If a specially crafted message is sent to the JDENET service (specifically to the SAW Kernel), a user can remotely change the JDE.INI configuration file. This situation might help the attacker to perform complex attacks that would lead in a full compromise of the system.
828b3a567c457e25def81aed87d84c454dc26926bd2577c4e6994f3c298a3a9dLiveHelpNow Chat suffers from a cross site scripting vulnerability.
c7da3d8a255a228bb5781872e2a24647b4693cab9c65d38e7ff8f7577d6f656eSecunia Security Advisory - A vulnerability has been reported in Adobe RoboHelp, which can be exploited by malicious people to conduct cross-site scripting attacks.
51fbeb602d6c380824bc1dfd4e80bd37295da025559b85fe23e5307197bfcabaThe help website for Electronic Arts suffers from a cross site scripting vulnerability.
c571c8119f124a2eb307b9bff308cb196f5c872e06e60285b26173c00eeaca04dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts.
acd6962974b366615d52eda38b9efa9e28463c266a80b88cccc0bfb5f0026deaThis is an automatic SQL Injection tool called FatCat. It has features that help you to extract the database information, table information, and column information from a web application.
d6543e663214a8df0076f59ba3d72d5f35619b7a0177b40574cb7a4a1d03b007The Joomla Fundhelp component suffers from a local file inclusion vulnerability.
b743797e485023b9f7f60e1e61c1353a031d3ff60593699ed0ff7cf1255150d2This malware report is part 1 of 2. This report is an effort to track, categorize, contain, understand root cause and infection vector of said user account/s, networked equipment or computer/s. This report pertains to all incidents reported by TIER II help desk, TIER III engineers, customer complaints or random IT Security audit/finding/pen test.
8ace29513474b3ae5ebf23335d1c8782b885f19d4f5db31bcf348fcb6e7db1b8Debian Linux Security Advisory 2374-1 - The information security group at ETH Zurich discovered a denial of service vulnerability in the crypto helper handler of the IKE daemon pluto.
2e3b194b94bdc4f7f0091e298a2cc51c679c239928c746db286a6f2f132d600bFirewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
22120de712844b5d89a3f2924964c16cc86f96f2156ace7c3f551bd0d713c94bIt seems that relatively few people realize that holding a JavaScript handle to another window allows the attacker to tamper with the location and history objects at will, largely bypassing the usual SOP controls. With some minimal effort and the help of data: / javascript: URLs or precached pages, this can be leveraged to replace content in a manner that will likely escape even fairly attentive users.
fcf6a2f8bd756f73ae0cea59488d296084adcdadeda5ca6d9e401595b8736f42Red Hat Security Advisory 2011-1526-03 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file.
8fcb821effd2130157bef6f3b9ef23b06ccb0069c78542c7e2046126393556b5XssScanner is a tool designed to help penetration testers find cross site scripting vulnerabilities. It analyzes a webpage to determine which are the payloads that could be used according to the position of the parameter. Then, for each selected payload, XssScanner sends a request using the payload and checks the returned page to find the payload. The major feature of XssScanner is its ability to detect many encodings that do not change the behavior of the payload (eg: double quote encoded into ").
beced1c0c47a2a50b77bc4b4d0a52f446464a99e5678cece598afbfae7977461rtspFUZZ is a real time streaming protocol server fuzzer. It uses 6 basic crafting techniques OPTIONS,DESCRIBE,SETUP,PLAY,GET_PARAMETER,TEARDOWN,PAUSE etc rtsp commands and 9 advanced crafting techniques to test any target application. It has the ability to fuzz with Metasploit Pattern (pattern_create.rb) which can be helpful for finding the offset.
b3f05d18dd413771887842b4ada5d866099b1674425ad0bca2f4323f6772668fUbuntu Security Notice 1265-1 - Marc Deslauriers discovered that system-config-printer's cupshelpers scripts used by the Ubuntu automatic printer driver download service queried the OpenPrinting database using an insecure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered packages and repositories.
359ddbd8a20109cf0cd0c50fb699368bbf5e8dbb3241a43302e56fbcca6dbd33Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
1db4bd2ca0c97c9afeaffcb6b692042479d67663172e6fc873ec367da67ecb4eLFI Fuzzploit is a simple tool to help in the fuzzing for, finding, and exploiting of local file inclusion vulnerabilities in Linux-based PHP applications. Using special encoding and fuzzing techniques, lfi_fuzzploit will scan for some known and some not so known LFI filter bypasses and exploits using some advanced encoding/bypass methods to try to bypass security and achieve its goal which is ultimately, exploiting a local file inclusion.
164c07ad86594aa9bfe0936cec79654856d45223f5354927c0eba3f0fca68942Wormtrack is a network IDS that helps detect scanning worms on a local area network by monitoring anomalous ARP traffic. This allows detection of scanning threats on the network, without having privileged access on a switch to set up a dedicated monitor port, nor does it require a constant updating of the rules engine to address new threats.
d14c1f13e9ebf372fff1196929b62f243ebe2d1b93e88472662a96e12abd305bThe Centreon supervision and monitoring tool provided by Merethis permits remote code execution from the command help web page allowing an attacker to execute arbitrary commands in the context of the webserver hosting the application. The system also uses a one-way hash without a salt. Versions 2.3.1 and below are affected.
8baa1a03e20514db0ebdff56296a1f3d2b0ea0473b7d740b7747c685e31fb6dfZero Day Initiative Advisory 11-318 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Software Packaging. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the function LaunchProcess exposed via the LaunchHelp.dll ActiveX Control (ProgID LaunchHelp.HelpLauncher.1). The first argument to LaunchProcess is a path to a command to execute, but the argument is not sanitized and is subject to directory traversal. This can be exploited to execute arbitrary commands on the user's system.
414aacdeaade097f375906131317048411d761ffbad30cc32727276540651352
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed