Graphic for the Hackademy.
62358939a7dabe715a659eeecd9e8e3a1de06f3b48d7044769da752bb14e9fa7Squirrelcast PHP Shopping Cast is susceptible to SQL injection attacks. Sample exploitation details provided.
9034a1b7791dbb49ea62cba1ba3aa5f0d0c0d09c6551a60c8ca3c2d2764fd09eAdventia Chat Server Pro 3.0 suffers from cross site scripting flaw.
f5be810e51ce7ac691078c31fe2d121af2db6850a6b2fbc89c05a553bf3508c8E-Data 2.0 is susceptible to cross site scripting flaws in its search functionality.
820a3a8cc04faebb9fe783b48bdadd595291f8984a989a7e12280e2bbcad577ePunBB versions 1.2.2 and below remote authentication bypass exploit.
ae265851ac47823f8ae76c95583aa8683a2e45db1ec2b9babba2ec70b81b77e7Secunia Security Advisory - 3nitro has reported two vulnerabilities in Ublog Reload, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
10aebd341e8a60eb3e674d5a292f31736cbbc58fa4718d45614c627b0f8a3913NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
1776e30d2079769e3a08efea35463b17c1ce136acb09aabd7852de0cd1f6c3b0Ubuntu Security Notice USN-102-1 - Shaun Colley discovered a buffer overflow in shar that was triggered by output files (specified with -o) with names longer than 49 characters. This could be exploited to run arbitrary attacker specified code on systems that automatically process uploaded files with shar. Ulf Harnhammar discovered that shar does not check the data length returned by the 'wc' command. However, it is believed that this cannot actually be exploited on real systems.
00f1a684d836d6e46b8902d1fa6d9f92e60ec000ed6ad8978b2ccbddf266b3f1Linux kernel versions 2.6.10 and below denial of service exploit.
938cc0299f8a4057e16222de326a4e09e4ce59ed72d62a04d8344ba4c46e8be4Cyrus IMAPd versions 2.2.4 through 2.2.8 remote exploit. Original flaw discovered by Stefan Esser.
e0f255c75d311de10a643e7710b403966a0b5738defe2ce707e360a1e03945bcmtftp versions 0.0.3 and below remote root exploit.
498f2cbb403d9f8b15e0a4ef0ec615248865a0c321b8ca6787cd4b8a8b8edb3aSecunia Security Advisory - 3nitro has reported a vulnerability in Chatness, which can be exploited by malicious people to conduct script insertion attacks.
a7f4877916ce136f5e9ea9958b2d00a497d4005fca940c822b28b9151c5bd269Tripod.com suffers from multiple cross site scripting flaws.
5e26ffe5df8029d71eaf9663f809a5b324b485a87e40fab11d05f233ebdef46eDebian Security Advisory 698-1 - An unfixed buffer overflow has been discovered by Andrew V. Samoilov in mc, the midnight commander, a file browser and manager. This update also fixes a regression from DSA 497.
f5dfdd2c884d038ad50759ea5988802dc7a0204e09e7e0721087fdbaedd2b223Absinthe is a gui-based tool that automates the process of downloading the schema and contents of a database that is vulnerable to Blind SQL Injection. This is the same tool that was released as SQueaL at Defcon 12 and Blackhat USA 2004. Mac OS X version.
6d0507e7664151f65415759c55cb1a8a7879b3c99a49b859952b3d324f7cd0ccAbsinthe is a gui-based tool that automates the process of downloading the schema and contents of a database that is vulnerable to Blind SQL Injection. This is the same tool that was released as SQueaL at Defcon 12 and Blackhat USA 2004. Windows version.
270cc0d92bfd0dd7c514299861b77f2a82f117d4a0048d8796d96b959753781eAbsinthe is a gui-based tool that automates the process of downloading the schema and contents of a database that is vulnerable to Blind SQL Injection. This is the same tool that was released as SQueaL at Defcon 12 and Blackhat USA 2004. Linux version.
c153337d7ec7025eca51a2bb830a3f57729095cd23935b4701b8f1953ed2c37cInvision Power Board version 2.0.3 is susceptible to cross site scripting attacks.
db5664b11a593a45b23e7ca9e1159b41da75111a7eb23b377c6b10b2e17caef8phpBB versions 2.0.12 and below Change User Rights authentication bypass exploit.
49b95a2b8882c99a45d27963477f2fa9d92b975c42322da9b1635fcc4ee30c68Secunia Security Advisory - Diabolic Crab has reported some vulnerabilities in various Esmi Studio products, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
088884991745122bc25767f3e4b6e700776acdc370a25da652e2d5fcf7c20b52Secunia Security Advisory - Diabolic Crab has reported two vulnerabilities in E-Store Kit-2 PayPal Edition, which can be exploited by malicious people to conduct cross-site scripting attacks and potentially compromise a vulnerable system.
4d4a9aa45ebe9ac10c47b2209dd50def09ec49c02ef5b8b7e8ae98a54062166eSecunia Security Advisory - mircia has reported two vulnerabilities in CPG Dragonfly CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
f3d690bb3f92d734d3c59db4050125ba3babc9a414eb09831b83c37b3e6c8c64Secunia Security Advisory - Maty Siman has reported some vulnerabilities in BugTracker.NET, which can be exploited by malicious people to conduct SQL injection attacks.
12f69ae8000326e1db293cb7f0a41274b93ba747500590bf29e9fedfeb7bb217Secunia Security Advisory - A vulnerability has been reported in Horde, which can be exploited by malicious people to conduct cross-site scripting attacks.
642de7ce7912e2d00204dc4f85101ca2078045937a0ff902d3af1a3c6f36dea7Secunia Security Advisory - A vulnerability has been reported in WebAPP, which can be exploited by malicious people to disclose potentially sensitive information.
f67c58f2ddcb1f9125045e73d99a0c880342ef502bd8de206ee547df7064ec19
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
