This Metasploit module exploits a stack-based buffer overflow in versions 1.9.0.228, 1.8.0, and possibly other versions of AstonSoft's DeepBurner (Pro, Lite, etc). An attacker must send the file to victim and the victim must open the file. Alternatively it may be possible to execute code remotely via an embedded DBR file within a browser, since the DBR extension is registered to DeepBurner.
6aadc69d3bc6b1f7513f995d00471a16d1534088f0b0cfb9a3bbad503d044aa7This Metasploit module exploits a stack-based buffer overflow in Audiotran 1.4.1. An attacker must send the file to victim and the victim must open the file. Alternatively it may be possible to execute code remotely via an embedded PLS file within a browser, when the PLS extention is registered to Audiotran. This functionality has not been tested in this module.
fe48caf317027e30bd5da8dd119e9fa08b7127b8f16f258298a6f1979a6d973fThe LWRES dissector in Wireshark version 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allows remote attackers to execute arbitrary code due to a stack-based buffer overflow. This bug found and reported by babi. This particular exploit targets the dissect_getaddrsbyname_request function. Several other functions also contain potentially exploitable stack-based buffer overflows. The Windows version (of 1.2.5 at least) is compiled with /GS, which prevents exploitation via the return address on the stack. Sending a larger string allows exploitation using the SEH bypass method. However, this packet will usually get fragmented, which may cause additional complications. NOTE: The vulnerable code is reached only when the packet dissection is rendered. If the packet is fragmented, all fragments must be captured and reassembled to exploit this issue.
4de89142b8d7b4202dcd68c0c507d43dddc3083ed41852dd959d28c3bb4990efThis exploit dynamically creates an applet via the Msf::Exploit::Java mixin, converts it to a .jar file, then signs the .jar with a dynamically created certificate containing values of your choosing. This is presented to the end user via a web page with an applet tag, loading the signed applet. The user's JVM pops a dialog asking if they trust the signed applet and displays the values chosen. Once the user clicks 'accept', the applet executes with full user permissions. The java payload used in this exploit is derived from Stephen Fewer's and HDM's payload created for the CVE-2008-5353 java deserialization exploit. This Metasploit module requires the rjb rubygem, the JDK, and the $JAVA_HOME variable to be set. If these dependencies are not present, the exploit falls back to a static, signed JAR.
0a321c211183360c45f28f1eaba94bc547072aaead47439126cfa5aa2eeea4a3Interspire Knowledgebase Manager versions 5.1.3 and below suffer from information disclosure, cross site scripting and remote SQL injection vulnerabilities.
6063f1bdf943c0464e41a2f34c7223899b1a99d98730a637014e960ff81d08faRECON 2010 Call For Papers - RECON is a security conference taking place in downtown Montreal from July 9th through the 11th.
bb84fd2ebb3154fcaba9dcf94f2652a6c9c6122d6497dcf64b989c3f0c60339cAflam Online version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
119f035dddd73b993437e3d33dec4901c9514be7cefa377b0e5bebb41d874984Ipswitch IMail server version 11.01 suffers from a reversible encryption vulnerability.
7b1ac88e4630f7a30de7d379397fdad972c1d75f101b4c7dcd55c49f6971fe39Evalsmsi version 2.1.03 suffers from authentication bypass, cross site scripting and remote SQL injection vulnerabilities.
834cb18db01bac6d42973fa19f768087cfa19787f75c929e18d05a3e51acf628Odlican CMS version 1.5 suffers from an arbitrary remote file upload vulnerability.
8bffc96ee8c1fd6a86c0b27de927dd50dbac4c925840abff254934b88a934fd0Mandriva Linux Security Advisory 2010-033 - A vulnerability have been discovered and corrected in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15, which allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. This update provides a fix to this vulnerability.
5b52dc1c9bd80b688fcf88dae12b08000bf1a06b8775566a0e59b83df34976d4UplusFtp Server version 1.7.0.12 remote buffer overflow exploit that launches calc.exe.
eed065ff637217f32b5713329f2c0d3f9b0162aadcf4bc529193308b482896e6Secunia Research has discovered some vulnerabilities in libmikmod, which can be exploited by malicious people to potentially compromise a user's system. Successful exploitation may allow arbitrary code execution in the context of the process using the libmikmod library when opening a specially crafted module file. Version 3.1.12 is affected.
ffe2444e942bbb7f4e8c5effa7fc43640a7f9cca499c6911bd7cc5d8cc0be69fThe Joomla Sexy component suffers from a remote SQL injection vulnerability.
4a33c434f9be87ac86ef467120bc2382dd73a5cb928cca23d2cbd6fd92b51aacAudistats version 1.3 suffers from a remote SQL injection vulnerability.
b2c6e70cd22a1a023094b67140fc0953b6c2db4f7071474ca52db3094df657b3FoxPlayer version 1.7.0 local buffer overflow proof of concept exploit that creates a malicious .m3u.
87a2657ef12755916a3f67cdabea6478354c126b371012358525688feefd4268A remotely exploitable denial of service vulnerability has been found in the JavaScript Engine of the Apple Safari Browser (based on Webkit Engine). Versions 4.0.4 and below are affected.
2ba0632affdabfa20b35111f8625aedb43e2d6d6e35ec2a3b193de81c3c476b8Huski CMS suffers from a local file inclusion vulnerability.
ec30fc5451d0e24bddedc57c03caeaa442c80d489daa06985822633a96c23cecHuski Retail suffers from multiple remote SQL injection vulnerabilities.
69335d9c63a9dfb083dd9efcb2b456e33b27a0e9bbfd951dd22971b9bd6e4b5cThe Joomla Erotik component suffers from a remote SQL injection vulnerability.
6eef68f61d4a2d90d3c1eb6f8f9593fab2de0ea25167cf1d00dcf0d43020cce5HP Security Bulletin - A potential security vulnerability has been identified with HP System Management
71f2c519534a550d7937811433fbee63dc88373198ceaa46f589680460c0c624The Sterlite SAM300AX ADSL router suffers from a cross site scripting vulnerability.
ea13b3f42e97c90cb75d14122848df9010bb5a8bd33466c7263cbf7b187b24a7MASA2EL Music City version 1.0 suffers from a remote SQL injection vulnerability.
79c1b273f501a4147ca00870a2866bb45ddba532b1a9b63b145f98a5e218aa3cArab Network Tech CMS suffers from a remote SQL injection vulnerability.
61a21417797718c59c59c54b9010f3946352bfb8f732e22201958f4a0b4bd0a6Yara Hosting suffers from a remote SQL injection vulnerability.
b4156707c1d0ef17451da4346ae6b7e38dd3ee239b0169b7012f7d854272710f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed