QuickShare version 1.0 suffers from a directory traversal vulnerability.
b3b36a25ff16c980477f17c77505abe7a02890463b94a6a2f66823c68477aa35NWS Classifieds 007 suffers from a local file inclusion vulnerability.
add5e9efe9d148d2c242c9f5c13d99e536d9ee81794af0b734376af69ed14c40Mollify version 1.6 suffers from a reflected cross site scripting vulnerability.
7ba39d56f689a19bd52a3969326f132f961d02c4f7dd1a8fba3e846b893a55b4Limny version 2.1 suffers from a reflected cross site scripting vulnerability.
5c850a196cbef60be7b5f7bc61de0bbad58d85e8d3b59481c0e44b14b9529399chillyCMS version 1.1.3 suffers from a shell upload vulnerability.
8092bc4c71fbc1807fab7aea3e035402d1b7472e4f27a5b85cc58cb906d81eeaCMScout version 2.0 with TinyMCE plugin IBrowser suffers from a local file inclusion vulnerability.
341688005015419c7887dba971b0c3fe6f4afb270471fdf6567745fd27db46feMultiple persistent and reflected Cross-Site Scripting (XSS) vulnerabilities were identified in Security Console (Admin Console), Message Center Classic and Message Center II services of Google Message Security (powered by Postini).
4afe5677cdfd29e4d7c9ef2558e97c6295dbe0e16ea2077747b64533242df2dcGoogle Message Center II service (build 6_24) was found vulnerable to SQL Injection attacks. When exploited by an attacker, the identified vulnerability could lead to Information Disclosure (map database structure, extract data from available tables), Denial of Service (consume server resources by injecting SQL heavy queries), etc.
a6eb9323bb800a93361c28c9efaa6f2934ac433339b54e4b5dd0840d5e579fc6Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid) and has 31 plugins for different types of hashes (md5, sha1, phpbb3, mysql, md5 (unix), des(unix), sha(unix), vbulletin, smf, etc). It is multithreaded and supports session save/restore.
c741c725023bcd6a30ae4767ea8e5d24f206168aa28aa6f3a452d350ceca979bZero Day Initiative Advisory 10-178 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Platespin Orchestrate. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application utilizes a bundled component for rendering graphs. The application will pass user-supplied arguments to this component without proper sanitization. An attacker can abuse this to specify arbitrary arguments to this tool. Successful exploitation will lead to code execution in the context of the graph component application.
acbbdd9617d3612a4ac79d0f6786dbae73fea305c874984277fbeba13860cbbfSerendipity version 1.5.3 suffers from a cross site scripting vulnerability.
dfdb9ab8ab610393e42bc1d11f4973852b9501ee090140b4d4fe915aad9a9bf2SantaFox version 2.02 suffers from cross site request forgery and cross site scripting vulnerabilities.
0286d38e8b82e271180e3cccb8c7aaf5c180ac6fd9ab7ad9411283bdc265d116AChecker version 1.0 suffers from a cross site scripting vulnerability.
bdc599b7e68e75fec6473f987535fa879d061d2c1999fdac51fdd48523d1b8d4ATutor version 1.0 suffers from cross site scripting vulnerabilities.
44d0f63e18b2d11f8b869895ed51038b93c47455e72b6c95dddc9661d964d0eeWhitepaper called Exploring IP Fragmentation for Fun and Profit. Written in Portuguese.
92fb6f0cbe5ead222a72d7af8ac38f707594c6728d026c442c8420bf9f32a5a6Month Of Abysssec Undisclosed Bugs - Ipswitch Imail server versions 11.01 and 11.02 suffer from a reply-to address memory corruption vulnerability.
a8be0448eb45e735efacb299f2d710f3c3a2cc8a7f637a05f0c44e29443ec03cMonth Of Abysssec Undisclosed Bugs - PHP MicroCMS versions 1.0.1 and below suffer from remote SQL injection and local file inclusion vulnerabilities.
a1ebf75592bb9367b1b7d45bcdb6812afcc8cf8f42f7df4e7e3477e340071494AContent version 1.0 suffers from multiple cross site scripting vulnerabilities.
8754a2f27413e292c58ef06a36111a6d298aa6b64038ec318c44abb6480690afAxigen Webmail version 7.4.1 suffers from a directory traversal vulnerability.
fd156b7255ad3a0fdd27ae410b59de955023a22561aaf98d5f43f050c02af463Month Of Abysssec Undisclosed Bugs - Ipswitch Imail server versions 11.01 and 11.02 suffer from a reply-to address memory corruption vulnerability.
7e35ec0d985d42dbf7c7e79528cc7ef3add92a936298c374352c63481137f840Month Of Abysssec Undisclosed Bugs - PHP MicroCMS versions 1.0.1 and below suffer from remote SQL injection and local file inclusion vulnerabilities.
54eda804b73c931d814fbdec6d3d904a638a2f09cff2ed7799f45154171a3e7eThis Metasploit module exploits a stack buffer overflow in Race river's Integard Home/Pro internet content filter HTTP Server. Versions prior to 2.0.0.9037 and 2.2.0.9037 are vulnerable. The administration web page on port 18881 is vulnerable to a remote buffer overflow attack. By sending an long character string in the password field, both the structured exception handler and the saved extended instruction pointer are over written, allowing an attacker to gain control of the application and the underlying operating system remotely. The administration website service runs with SYSTEM privileges, and automatically restarts when it crashes.
d01b8d0eccb2aec11afecf3d49371c3c926e2d006a81facbb808d6626fec7fa3MP3 Workstation version 9.2.1.1.2 SEH overwrite exploit that creates a malicious .pls file.
77a5e1e26e009e1306edb51c90145d6d25b43be9104180619354665e09ede8b2PixelPost version 1.7.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
964a98117c067bf77398f14b8b9aef9de71765eded42dede10e591d423c73e57Mandriva Linux Security Advisory 2010-183 - Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments. The updated packages have been patched to correct this issue.
ce4ec26320e3a54663217769dd4be57201ae58d59b01d7081e61695b78b5f974
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed