This Metasploit module exploits a stack overflow in MOXA MDM Tool 2.1. When sending a specially crafted MDMGw (MDM2_Gateway) response, an attacker may be able to execute arbitrary code.
d1dd4e7fce98d32b48eac6791f3f78990a4253f063ff4c36a0b84dd00ca14a1cThe libcap-ng library is intended to make programming with POSIX capabilities much easier than the traditional libcap library. It includes utilities that can analyze all currently running applications to locate applications that may have too many privileges.
293e2e308f08d171f64e8387cdf48b505b0e78d786e2660efd285295e64d6620The Joomla Grants component suffers from a remote SQL injection vulnerability.
ff0716322dcd089070d9f65e9502e6629289ccb509a7ec55f788e805f40db992The Joomla Forms component suffers from local file inclusion and file download vulnerabilities.
31f24305966831647295b2c90728065f10dbd706939c8bec607d1ee9392f3287The Joomla Profile component suffers from a local file inclusion vulnerability.
b013e678892f69b3c421f36c03e636ff228fc0c2d01263a5711ab4e81348037bZero Day Initiative Advisory 10-235 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco ICM. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When handling the HandleUpgradeTrace packet type the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
9de8bb9db58f410cba9f36172a081300ab267f70973d774a19e17e9ea6340d92phpCow version 2.1 suffers from remote / local inclusion vulnerabilities.
8ce0d207baea6546265843bd14944ef3bb07a5a7975951ed97b3762a905b3113The Joomla Realtyna component suffers from a remote SQL injection vulnerability.
71701fd502cf42ee319fab3ee755e399709c15338312e694062bd23161e0ad20Call For Papers for DIMVA 2011, the Eighth International Conference on Detection of Intrusions and Malware and Vulnerability Assessment. This conference will be held from July 7th through the 8th, 2011 in Amsterdam, The Netherlands.
c75e2843da8f4c54ec8bd6d6fee8fe3a2968a624088a151073723045cfc5cb48The Joomla eDir component suffers from a local file inclusion vulnerability.
da37509e09301deef16d99cd5ff5ffb3a2744d72187879b533bd420f52765795Zero Day Initiative Advisory 10-234 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco ICM. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When handling the HandleQueryNodeInfoReq packet type the process blindly copies user supplied data into a fixed-length stack buffer. A remote attacker can abuse this to execute arbitrary code under the context of the SYSTEM user.
5cbe58ed34ad87f5aa93ba702ac61a1010bb216f9a520eba2e46f3cc66f199ddZero Day Initiative Advisory 10-233 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Unified ICM. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When handling the AgentUpgrade packet type the process blindly copies user supplied data to a fixed-length stack buffer. A remote attacker can abuse this to execute arbitrary code under the context of the SYSTEM user.
f50c89a735b8698ea7dd36a66c0253764cc5959089d83e80471d5b21e1d4798eZero Day Initiative Advisory 10-232 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco ICM. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When processing the HandleUpgradeAll packet type an unchecked copy of user supplied data is performed into a stack-based buffer of a controlled size. Successful exploitation of this vulnerability leads to remote code execution under the context of the SYSTEM user.
5e8f7b4cf0626e9ad39c153ec1a730efb4b2a13bd3b067d33125483afe17ff21Zero Day Initiative Advisory 10-231 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Juniper SA Series devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the meeting_testjava.cgi page which is used to test JVM compatibility. When handling the DSID HTTP header the code allows an attacker to inject arbitrary javascript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the device.
99b5f28f3dda214bda4fefa3c825879f71b46d2042476feb6389be98ef4324baZero Day Initiative Advisory 10-230 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Handheld Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within module ZfHIPCND.exe. This process is responsible for handling the data received on TCP port 2400. The module reads in the data stream and copies the specified amount of bytes into a fixed-length buffer located in the heap. An attacker can overflow this buffer and execute arbitrary code with SYSTEM privileges.
b92fe75ecd9cb7f79d3088173131ddd1565e2a74ab4c37e792913b397aac69b0Zero Day Initiative Advisory 10-229 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ProFTPD. Authentication is not required to exploit this vulnerability. The flaw exists within the proftpd server component which listens by default on TCP port 21. When reading user input if a TELNET_IAC escape sequence is encountered the process miscalculates a buffer length counter value allowing a user controlled copy of data to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the proftpd process.
7431c58a12dec7ec81a1cb7105d04361591fe1e23f29451c020292509334b56cThe Zeeways Adserver suffers from cross site request forgery, disclosure and remote SQL injection vulnerabilities.
4644425593b6f8e6e158f90457d3bb20482769bbcc0e0229c3b1149bf170a7c4The Joomla Connect component suffers from a local file inclusion vulnerability.
a5d37e268572e9a3b3740e05538598e4af8056910bd289f5d21b1d5d9d8f888eThe Joomla Dcnews component suffers from a local file inclusion vulnerability.
ab9cf7a77db4c7668ce4d32710e90b1e1f854c690876f741b010f4601ae55d88Whitepaper called Tutorial Blind SQL Injection Referensi. Written in Indonesian.
e3aa7441ce7deb5e534679f40dc15f786367faa10e651b0d1a65433fca02f778Xampp version 1.7.3 suffers from cross site scripting vulnerabilities.
cfa75a86bb04fd0187323ca1520ef21ceb770a0cb9dc22d7071c54e13b557fb2LEADTOOLS version 11.5.0.9 suffers from multiple access violation vulnerabilities.
ad47384e005b5199ca5887e785e78dabc4104998e70c85a2a30fe4f479c2ec18G Data TotalCare 2011 suffers from a NtOpenKey race condition vulnerability.
9f1feab0a328442b162f8104968fe25bd57a32efde392e06e7f6b5125ad53a02PCSX2 version 0.9.7 Beta suffers from a binary denial of service vulnerability.
3879f15fe3ec5f82fe4a4c0374da7ecb7d6f11a0bfb4e25fc01908d627f66178G Data Totalcare 2011 local kernel exploit.
da43e18bec79496110a6dc0bbaa56c4065a4f2694579e4ebb125fc8ce47db60a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed