Whitepaper called How to Create an ASCII Shellcode.
e324ab8a719a7f3c7be8dee8ff73a2e7d15dac6817490cd7aa8367f3abdcc9c8Scholarship Award System suffers from denial of service and remote SQL injection vulnerabilities.
b867b47d49ec9079304db4176a48c5df61eac61497c0142f57ad10bb84aa4ff0Zero Day Initiative Advisory 10-112 - This vulnerability allows remote attackers to upload arbitrary files on vulnerable installations of Novell Access Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PortalModuleInstallManager component of the Novell Management Console which exists within the servlet located within nps.jar. Due to a failure to sanitize '../' directory traversal modifiers from a parameter an attacker can specify any filename to upload arbitrary contents into. Successful exploitation can result in code execution under the context of the service.
2cb7c5bba9de39e113539364b91c22f85f014b081befb1c66f13a92f3430fab3Zero Day Initiative Advisory 10-111 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the connect method exposed via the ActionScript native object number 2200. If this function is called several times with differing strings, a memory corruption issue can be triggered. This can be exploited by remote attackers to execute arbitrary code under the context of the user running the web browser.
29b634a18ba5304ea43a70b6b27bbb1bf73bf16fed0ea42837e0c45c04b7da5bJeroen Guliker Site Pro suffers from a remote SQL injection vulnerability.
1333223373b3d349707515b518c2911d5d8142538127bf3b78d6946066b6649fMandriva Linux Security Advisory 2010-120 - A vulnerability was reported in the SquirrelMail Mail Fetch plugin, wherein (when the plugin is activated by the administrator) a user is allowed to specify (without restriction) any port number for their external POP account settings. While the intention is to allow users to access POP3 servers using non-standard ports, this also allows malicious users to effectively port-scan any server through their SquirrelMail service (especially note that when a SquirrelMail server resides on a network behind a firewall, it may allow the user to explore the network topography (DNS scan) and services available (port scan) on the inside of (behind) that firewall. As this vulnerability is only exploitable post-authentication, and better more specific port scanning tools are freely available, we consider this vulnerability to be of very low severity. It has been fixed by restricting the allowable POP port numbers. The updated packages have been patched to correct this issue.
c1ce6e51e0ff12140212416d19ef3ad63953447820df46e81f81e6daad09bd74Baby Primo Site Pro suffers from a remote SQL injection vulnerability.
0598d8cdb88ad24a85896029c314cbe63d653efb922b81fce5143a9a1c831548Linker IMG version 1.0 suffers from a remote file inclusion vulnerability.
84e8f2a21c4bb29eeb1194037d1d1add83139c2e08808cfc364c549c04a2e251myUPB versions 2.2.6 and below suffer from backup related and local file inclusion vulnerabilities.
4fc0bd6b5ff6a7da33c3905788f5d628e6fe864f72b7b1f4bd94005c7d20923cSuzuki suffers from a remote SQL injection vulnerability.
45e20def909d25e7c2e008a83ed3072276cce7784bb6edb2c35bfa830e731e83[whem]-UPLoad version 7.0 suffers from an insecure cookie handling vulnerability.
0dfbaa34900640ff9b695ee269bcd5eb86802a80ce344d78485a92f282eebdaeThe Joomla Jomestate component suffers from a remote file inclusion vulnerability.
7d5cd2a89085027552c250594c7020997fb3f10834b8fb3dc89cac37a9a890c5Sysax Multi Server version 5.25 suffers from denial of service vulnerabilities.
38e28b8ca34f7d09b76c40fd944821c5776f8cfafd638821d08b74cf4dd71b62Gcms Generator suffers from a remote SQL injection vulnerability.
841d8d128f448b5d3623276b19022c23c60951862a055ad3cbd8831864fe7dfeMandriva Linux Security Advisory 2010-121 - Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. Packages for 2008.0 and 2009.0 are provided as of the Extended https://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue.
f5e37817beaf60607a398d430cbcd45ddff318f0aa54fec0030969790a9fb0dcKarkia suffers from a remote SQL injection vulnerability.
15c0fdfb829c21b89904eda6a3358f4651cfdfbad6c9c9f98e2fb2aa288659f6synType CMS suffers from cross site scripting vulnerabilities.
9d6af60cbccc2772c551d103eba54bf7d0e52ff64c41fadd5d4938a4bab897a8Boat Classifieds suffers from a remote SQL injection vulnerability.
70bc60822873a7bc35d7a2d5eaee8a4bc888c7ffa644fa285fce172947db311eThe Joomla Community component suffers from a persistent cross site scripting vulnerability.
6806d0ab2b913f030a6ce42d072b4ccf05835ee9167727350f008074d2a189c5Wing FTP version 3.1.2 suffers from a denial of service vulnerability.
716dbdce046552f06c005af0b689e2b30994f0ccfb799f41a279babe469c8964Whitepaper called Tab Napping Short Code. Written in Spanish.
66ac51f7ae17d0dad779fe54ef29a672b407f89cb9d7e87e1ecfced627d733caThe Joomla component JE Ajax event calendar suffers from a remote SQL injection vulnerability.
dfda533b6bfaf39e4cdf023f1acb1006b9b5a8368744ac31744820d4f648dbb5This is a simple script that attempts to check if a CGI script suffers from an input validation command execution vulnerability.
ee39234eb7bfde6be7b06a471b85c22615c756334e75f9853f44970c002c335bScribe CMS suffers from a cross site scripting vulnerability.
f806f60634a9c2e5d1a724155618fa9ae4ec19f37ebf62a4fa48eecb35ecba45Rising Tide Media LLC CMS suffers from a remote SQL injection vulnerability.
651a4d6096c3f4f3956225bccfd18416fcfc95affe538f5a1b1d91c308d16773
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed