This Metasploit module combines two separate issues within Support Incident Tracker versions 3.65 and below to upload arbitrary data and thus execute a shell. The two issues exist in ftp_upload_file.php. The first vulnerability exposes the upload dir used to store attachments. The second vulnerability allows arbitrary file upload since there is no validation function to prevent from uploading any file type. Authentication is required to exploit both vulnerabilities.
dbc7a2ae369700f4243579f8576c1fb42786b65ea5a9ec60c838072b7d4ea678Secunia Research has discovered some vulnerabilities in Lotus Notes, which can be exploited by malicious people to compromise a user's system. A boundary error within the HTML speed reader (htmsr.dll) when handling links in e.g. the "background" attribute of BODY tags can be exploited to cause a stack-based buffer overflow. A boundary error within the HTML speed reader (htmsr.dll) when handling e.g. the "src" attribute of IMG tags can be exploited to cause a stack-based buffer overflow. A boundary error within the HTML speed reader (htmsr.dll) when handling large chunks of data inside an HTML document can be exploited to cause a heap-based buffer overflow. Lotus Notes version 7.0.2 and 7.0.3 are affected.
4ef2c4b7110f3d7524e338fb87a79eae6cb65d96ff1cff9753bfb48edd809bb6Secunia Research has discovered a vulnerability in Lotus Notes, which can be exploited by malicious people to compromise a user's system. A boundary error within kvdocve.dll when processing overly long paths can be exploited to cause a buffer overflow via e.g. an overly long link inside the "src" attribute of an <IMG> tag in an HTML document. Lotus Notes versions 7.0.2 and 7.0.3 are affected.
ab50855d74e97eceb35e317b095d063f7955075bc8d82e7c523e3f1deb4a3d78Secunia Research 17/01/2006 - Secunia Research has discovered a vulnerability in Thunderbird, which can be exploited by malicious people to trick users into executing arbitrary programs.
3a68f9dd70465c25eb8e928688ffc045f8dd3474c75161d15f88b7b965515fe6Secunia Research has discovered some vulnerabilities in IceWarp Web Mail, which can be exploited by malicious users and by malicious people to disclose potentially sensitive information and to compromise a vulnerable system.
468316ce679c99742ba111c55cf9768dfd3f23c467d4ee76c196fe6c831eb720Secunia Research has discovered two vulnerabilities in Pegasus Mail, which can be exploited by malicious people to compromise a user's system.
54e7c14fe91c09b67b14fa60339a95d0b7b5c1159ce1efb8851f646535e36e5bSecunia Research has discovered some vulnerabilities in ZipGenius, which can be exploited by malicious people to compromise a user's system.
a06892cdcbe59aadbc48aa8c3d57e8c8c48c363ab4ec3944cd3e4f1b59bd74f9Secunia Research has discovered some vulnerabilities in MySource, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
b20aff27f2ff5fe5e74059ae65e4aa37d5e08883f20daf849c01042b8b016dc5Secunia research has discovered a vulnerability in Novell NetMail, which can be exploited by malicious people to compromise a vulnerable system.
216a4b9cd6b475818d0fb2dad4209215db856a48bff8ed34e60241ff5c088664Ahnlab V3 Antivirus suffers from multiple vulnerabilities including privilege escalation and security bypass.
2ae763edf25b4f62ff2f3ef50c76412d6dae1da0517c6a1e8125b2eeb7569a1b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed