This Metasploit module exploits a vulnerability found in Symantec Web Gateway's HTTP service. By injecting PHP code in the access log, it is possible to load it with a directory traversal flaw, which allows remote code execution under the context of 'apache'. Please note that it may take up to several minutes to retrieve access_log, which is about the amount of time required to see a shell back.
65a7306dea41b299aa10904fe0da0ef4f8feaaf8b06f2b42c12431d74226ce63This Metasploit module exploits a vulnerability found in ispVM System 18.0.2. Due to the way ispVM handles .xcf files, it is possible to cause a buffer overflow with a specially crafted file, when a long value is supplied for the version attribute of the ispXCF tag. It results in arbitrary code execution under the context of the user.
dd306ebaa1dbb06e60f50cd822da5c809e6e45d3a3bec14bed35322b5703fd6aMandriva Linux Security Advisory 2012-082 - Multiple vulnerabilities has been discovered and corrected in pidgin. A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests. Incoming messages with certain characters or character encodings can cause clients to crash. This update provides pidgin 2.10.4, which is not vulnerable to these issues.
8250736d53c4ff0aec14a41ffb644124cf6f919a74bff10c3a67955e6c661991This is a tutorial on using THC-Hydra version 2.1. Written in Portuguese.
e71cb404f49d35223cd71a6c6a7b8232e04fe44cd4cb72204cfa8868296caaa7This is a presentation called Security Vulnerabilities of Digital Video Broadcast Chipsets. It is from a talk given at the Hack In The Box security conference in Amsterdam in 2012.
b5085e8431fb1a7e2bbeb1de39c969addc0919c9cb22fbe8c72602adfcfcf41bThis is a presentation called Security Threats in the World of Digital Satellite Television. It is from a talk given at the Hack In The Box security conference in Amsterdam in 2012.
61103d4ce9bcf58777deab4ee4ff4c33b39828de0f9c1efaefc51fa159e8fffcPBBoard version 2.1.4 suffers from a local file inclusion vulnerability.
840dd61912dca2230c93d865025205fb5ad12c9b2ead84a1ac7013ffa24ea103Topics Viewer version 2.3 suffers from local file inclusion and remote SQL injection vulnerabilities.
240295b4314ae057413639f66d3ca5596b799d870b2492f4e019413946b893f4LibreOffice version 3.5.3 suffers from a FileOpen crash denial of service condition when handling rtf files.
a71da538901bbc0fa1d8228c151e5f1dd87314a31e0dae91254b0b30fc980d29PHP Volunteer Management System version 1.0.2 suffers from cross site scripting and shell upload vulnerabilities.
5dda1338ca319b4adddc456481f9f1b5cd07d77f0275192f85b5454e36568928PHP Volunteer Management System 1.0.2 suffers from multiple remote SQL injection vulnerabilities.
bbef50f00f1004c0c3b40f947efc42c825c2517b868db7747f70bf88487f9451Yamamah version 1.1.0 suffers from a database backup download vulnerability.
9ba02db21a83e5a8efab01c2d4243ac6d3bea9948f0e4020890e7d14d7469e10WinRadius 2009 suffers from a denial of service vulnerability.
6d6ac4e2be7fb63e9e680889df21e507bc3a56f9b855b5f2704f8a6297d58047Tftpd32 DNS server version 4.00 suffers from a denial of service vulnerability.
ae64a094bcfcc8018eb6bfa205de45c996bbf7910049e67596d1e1c0a5e3c12cGentoo Linux Security Advisory 201205-4 - Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Versions less than 19.0.1084.52 are affected.
ff3e26d594fbe9ebe0f7c6b33615b11c94efdd40088cde37f470df19d5578cc8WHMCS appears to suffer from a remote blind SQL injection vulnerability.
ffc1a03fc3a0f290ac1373d8d574a5ef3822f230c1fccb7c08eebe2405c0db9fSecunia Security Advisory - Multiple vulnerabilities have been reported in activeCollab, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.
3211ab70f37249942237af9b8155774403abbde239cc63210991daf73c349fb3Secunia Security Advisory - Two weaknesses have been reported in activeCollab, which can be exploited by malicious people to disclose sensitive information.
e10192ac30eb929306731b7e3b31fcfb16cdf2b251e11f954286a433f000d322Secunia Security Advisory - Gentoo has issued an update for chromium and v8. This fixes multiple vulnerabilities, where some have unknown impacts and others can be exploited by malicious people to compromise a user's system.
ca3b1944abeb4290b34f68ff8de7c795d1422fd86ae146f5522af387d4b78b7dSecunia Security Advisory - A vulnerability has been reported in VMware vMA, which can be exploited by malicious, local users to gain escalated privileges.
bad075b0c98097f9111dccbb27225e3a70c725278b9243d06d5522087ec0c044Secunia Security Advisory - Multiple vulnerabilities have been discovered in AzDGDatingMedium, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks.
208c4c27cea86819ee8fcb4478bf68231e5eb3d6d7f71c7f0cfa678928c0e491Secunia Security Advisory - A vulnerability has been reported in VMware vMA, which can be exploited by malicious, local users to gain escalated privileges.
9dcdfa7332f4c0c2d1c5828c5e538961406a9b0403f77482d1889052ee8546d0Secunia Security Advisory - A security issue has been reported in Seagate BlackArmor, which can be exploited by malicious people to compromise a vulnerable system.
d189fee91f25667fce724042289faee066d9469885f2e1d3426dccbda3bdfd0d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed