DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.
b565474ab8ec094185c3cc0d027467bfdad87f3e9c5a2bd44f332997fdeb0b6eCore Security Technologies Advisory - A vulnerability found in the memory management of the Virtual Machine Monitor makes memory pages mapped above the 2GB available with read or read/write access to user-space programs running in a Guest operating system.
06e57ed0863415c369e25cbef95b7d726f955222074ae28cf5b2b20d11fdfe9dWindisc version 1.3 suffers from a stack buffer overflow vulnerability. Full exploit code included.
35273ce169912292844042a3d97dfc0662b96dd9a08ae743128e33f0a8217a9fFCKEditor version 2.0 RC3 suffers from a shell upload vulnerability.
0f67b325a6baa3b5929976a83d14a7b16e3645f4feab2aaaa8e8ba925828c49aUbuntu Security Notice 912-1 - It was discovered that Audio File Library contained a heap-based buffer overflow. If a user or automated system processed a crafted WAV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. The default compiler options for Ubuntu should reduce this vulnerability to a denial of service.
0b502f97154d452f8f94769ee6f50b5b80ad64e219e3e560f7486c91be5717ddZero Day Initiative Advisory 10-032 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP MaxDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the serv.exe process which listens by default on TCP port 7210. The process trusts a value from a handshake packet and uses it as a length when copying data to the stack. If provided a malicious value and packet data, this can be leveraged to execute arbitrary code under the context of the SYSTEM user.
cb40e39471d9ad0f5a69bb519489ffab8ee630fc8167d30b87e8067c788e5c6dClan Tiger CMS suffers from a cross site request forgery vulnerability.
00413d460a37c56be02b348ca47a2a8e1eaccf73ae0f2b3b8f5607377eb6581bChilly CMS suffers from a persistent cross site scripting vulnerability.
11456c3f691066f83e616c7e988e2151af0a9c2080155df90dba3da4b68c8219Chilly CMS suffers from a cross site request forgery vulnerability.
18882fe7f03d793e245d10395a0509c4fe3f749e2ac9ca591eaff91581b53241WFTPD version 3.3 remote unhandled exception denial of service exploit.
a2d0bc4b9fd783e5d528072b32ee00867bd6a96116ad439abba46b44a34ce958SugarCRM versions prior to 5.5.0a and 5.2.0l suffer from a cross site scripting vulnerability.
589558f8272dbb655838d522cc9d7e45795796d7c1686e097ad7fc2d61680e34Zero Day Initiative Advisory 10-031 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable software utilizing Apple's WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due to a failure to unregister a callback pointer during the destruction of a particular type of element when embedded inside a 'blink' container. The application dereferences the original resource which can can be leveraged by an attacker to execute arbitrary code under the context of the current user.
978aa1696e69705e418a2ef7e1040dfaa95eb83cc7989e4529645bc9b19e7138CYBSEC Security Advisory - EGroupware suffers from a remote command execution vulnerability. Versions 1.4.001 / 1.4.002 / 1.6.001 / 1.6.002 and Premium Line versions 9.1 and 9.2 are affected.
3466397f295950b24bff97a0cee044361200ce29c5b7a1d91b43a2823cc8cb53CYBSEC Security Advisory - EGroupware suffers from a reflected cross site scripting vulnerability. Versions 1.4.001 / 1.4.002 / 1.6.001 / 1.6.002 and Premium Line versions 9.1 and 9.2 are affected.
3975fad1bb46eca4d0023c780cf0920dfc6fb20955039a232c347c8e6f871d8bCYBSEC Security Advisory - OSSIM version 2.2 suffers from a remote command execution vulnerability.
fa7bc7dccfc1eea54e33881d98d9b73763826b24c23c03bff189b25b91634c35CYBSEC Security Advisory - OSSIM version 2.2 suffers from an arbitrary file upload vulnerability.
d10ef69aff7ea865577efe7a578f5fb3c7ed3de34bb0c20f737359d8187ea269CYBSEC Security Advisory - OSSIM version 2.2 suffers from an arbitrary file download vulnerability.
e29b9aeb2eeb3a569fddcaf311d34f8de151300ac2c2e8f59d863fcafe44dd56Online Community CMS By I-net suffers from a remote SQL injection vulnerability.
6330833ea35dc810e682231316831c43611616f09c9c61c10d7055dad6b86e86Zigurrat CMS suffers from a remote SQL injection vulnerability.
4602bb8a71d06414362c67aa19b2ba5d67ec0ce081f3a223d032c63f71572d47Pars CMS suffers from a remote SQL injection vulnerability.
6cfeb2c754f8d6e0e2e1b7e990d3e94fc26e2c9b16a374aca316f3af635593bfDebian Linux Security Advisory 2017-1 - Dan Rosenberg discovered that the PulseAudio sound server creates a temporary directory with a predictable name. This allows a local attacker to create a Denial of Service condition or possibly disclose sensitive information to unprivileged users.
68d7df806fbd3422841194b7a54354db4bd82c01fbed403c2b50d62a7f202770CuteNews version 1.4.6 suffers from an insecure cookie handling vulnerability.
2b696924860993e8b7a3b9a6023db148df92340d5a146e4bd8444ace1360c613Family Connections version 2.2 suffers from multiple remote SQL injection vulnerabilities.
932e4fe173014b2cdd8cb18dcf76db76665998ad415fe10ccb70b1436c237db3Zero Day Initiative Advisory 10-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari and other WebKit based browsers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of the run-in value for display CSS styles. A specially crafted web page can cause a use after free() condition in WebKit's WebCore::RenderBlock() method. This can be further leveraged by attackers to execute arbitrary code under the context of the current user.
68798d11271c59d7e7bfaf837933f005ae3ce6bf51e24d41c6fa3dd2c11cb90bFree Real Estate Contact Form version 1.09 suffers from a local file inclusion vulnerability.
9704856e0f082a62d5fa1de0e04b91c328256fa892fd19f381864f764e2835ea
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed