This Metasploit module executes an arbitrary payload through the SAP Management Console SOAP Interface. A valid username and password must be provided.
631d430623b1bdaf08c10284315fb2752c47e9e4c998de80b05ea83f243e5517This Metasploit module exploits a stack based buffer overflow found in Cytel Studio <= 9.0. The overflow is triggered during the copying of strings to a stack buffer of 256 bytes.
54cba2669ee78e390a6c7b20623fad6a9b5c9f2f49e59b8a55adc94afd84b482Debian Linux Security Advisory 2326-1 - Kees Cook of the ChromeOS security team discovered a buffer overflow in pam_env, a PAM module to set environment variables through the PAM stack, which allowed the execution of arbitrary code. An additional issue in argument parsing allows denial of service.
771fcceaab3f6197448e1213947aed4e74dbd5266078d423cdce7c53e7d97c25Core Security Technologies Advisory - When the install script for e107 CMS has not been removed, an attacker can "reinstall" the application using arbitrary parameters. If the attacker puts a valid MySql server followed a semicolon and PHP code, this will be executed when the config file gets requested. This parameters are stored in the config file "e107_config.php". Version 0.7.24 is affected.
f1aa6364a9b7aec87affa0e57cc0ec5d09d69d9a12a32fe5e884c8288d964039THC-SSL-DOS is tool to stress test the SSL handshake by triggering processor intensive RSA_encrypt() calls on the server side. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via a single TCP connection. Windows binary version.
ec82cd6af4177e4a8b85e8a626ee51b84eae5e08cf6958418b50d517c68148c9THC-SSL-DOS is tool to stress test the SSL handshake by triggering processor intensive RSA_encrypt() calls on the server side. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via a single TCP connection.
ed7020c0275df347123a0b49a345aa44b2ec9b2ac9b1471870303b8b95c7ef87Agnitio is a tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting. Both x86 and x64 versions are included in this archive.
ea8f8d900c63a5b4ffd55ccbaf931a5028774259ceed201a1ec6b7a1da68e984InverseFlow version 2.4 suffers from multiple cross site scripting vulnerabilities.
6d58621745c9445aa8e48b328ff3f2cbb28a3eddc45c49e3963eefaf7b723404Black Hat Academy has decided to go open source with the Bleeding Life 2 exploit pack. This is an exploit pack that affects Windows-based web browsers via Adobe and Java.
36303b4d6d25064a2ca162802f5dd9c42e121666c9a8518b0f3c3041b3c36994Debian Linux Security Advisory 2325-1 - Buffer overflow in the "linux emulation" support in FreeBSD kernel allows local users to cause a denial of service (panic) and possibly execute arbitrary code by calling the bind system call with a long path for a UNIX-domain socket, which is not properly handled when the address is used by other unspecified system calls.
bd606722c312b01cbd9cde3ca4809d0d695405f02e122b34b4f9587f53523509Gentoo Linux Security Advisory 201110-20 - Multiple vulnerabilities were found in Clam AntiVirus, the most severe of which may allow the execution of arbitrary code. Versions less than 0.97.3 are affected.
8a4cb5b5ff29de3a4a524379def9f673e2628a57bd1fb5f9d7b6f15abab93201Secunia Security Advisory - Gentoo has issued an update for rgmanager. This fixes two security issues, which can be exploited by malicious, local users to gain escalated privileges.
bd7c1a6e9a61a3f541384fac5bce5f7987c068c97bb014208e9966e7eb1dff42Secunia Security Advisory - A vulnerability has been reported in Pantech Link, which can be exploited by malicious people to conduct spoofing attacks.
cfdd15c209bb4dc30027871d31c05a18a3f70ddc2fb800ab43eb30f0f1144fa3Secunia Security Advisory - Fedora has issued an update for firefox and xulrunner. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
7d69e43146b863d5987fb37a8a9296a78eb77c5cc3f52afa2a94271dfde7e0acSecunia Security Advisory - A vulnerability has been reported in BaserCMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
e3c87aa1d49a17c3c3a8fc05ee17798998d0b0f75f7c4fbc1e1e274e3f28c647Secunia Security Advisory - Sitewatch has discovered a vulnerability in the Pixiv Custom theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
cf0fb57be2d8912cc3a8746104b55338d07eed20830ae134f0baedc7a8053ccfSecunia Security Advisory - Fedora has issued an update for drupal6-views_bulk_operations. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks.
11cd196bf412ee531e28681747f5d4a1977ac558a501e96dff3ecb6cc4d2b2cfSecunia Security Advisory - Multiple security issues have been reported in Puppet, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
5ae2a3c7cc319e8ef5dbde3f53ef40e34ca7bfd7b669873f6d901fcb18b30635Secunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, cause a DoS (Denial of Service), and gain escalated privileges and by malicious, local users in a guest virtual machine and malicious people to cause a DoS.
377904a61148454928988c5b08f4445aa45a16bf904d7e4d43471c873509ec86Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service).
310541a816f0dfcd6e28a6410a79e2c4263e4d97c28a0cba21343637803b551bSecunia Security Advisory - SUSE has issued an update for MozillaFirefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
c1a9d9169626b95660ab57e98e58186b1bf9761d22e1c23c6b4d4882aa8863d8Secunia Security Advisory - A vulnerability has been discovered in the WP-Polls plugin for WordPress, which can be exploited by malicious users to conduct SQL injection attacks.
9642aa644328900807c0cdb3884b2b92f70de23c5d038530273d954a0ff67de3Secunia Security Advisory - Sitewatch has discovered a vulnerability in the EvoLve theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
4b88941dbba24418c7a5539f8ef2a2aee65a566be1adc4f4c9f21729530aaa59Secunia Security Advisory - Ubuntu has issued an update for puppet. This fixes multiple security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
f8a95d9fe5061c506eb69950e89485d64615fba02391d8cb48d8ef28a7cd3f0cSecunia Security Advisory - A vulnerability has been reported in Perl, which can be exploited by malicious people to compromise a vulnerable system.
10ca5c28a3146dc10ca9fdaf31b0a9504c37519b8efb4763caa9da4ad3afa37e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed