Spring Framework versions 3.0.0 to 3.0.5, 2.5.0 to 2.5.6.SEC02, and 2.5.0 to 2.5.7.SR01 suffer from an information disclosure vulnerability.
224237f28405fe41ce3d0e268c139c03The Liferay JSON service suffers from multiple remote information disclosure vulnerabilities.
3c5f1afdba23ca08b950d9a88615b1b8Liferay Calendar suffers from an exportFileName path manipulation vulnerability that allows for arbitrary JSP execution.
2faa1a7bf02d26bc805f48d874277af1New Atlanta Servlet Exec allows for the reading of system configuration files and unauthorized access to system information.
df4ae06c5cf59198b7ecfefc69022ad2This is a presentation called HTTP Parameter Pollution that focuses on manipulation and injection of HTTP GET/POST parameters.
c7bb70cc65ee5220083c5e6fcc81de7aTomcat versions 4.1.0 to 4.1.37, 5.5.0 to 5.5.26, and 6.0.0 to 6.0.16 all suffer from an information disclosure vulnerability.
02852ef14495eaadbd4c7409e8b05a39Internet Explorer 7 allows the overwrite of headers such as Content-Length, Host and Referer, exposing the browser to HTTP request splitting attacks.
0ba0b74eea72c57621a0aad45af45c2fInternet Explorer 7 allows the setting of header "Transfer Encoding: chunked" in setRequestHeader exposing the browser to HTTP request splitting/smuggling attacks.
79a4a9d6a18fb214f42a3063df7b678fmod_negotiation as shipped with Apache versions 1.3.39 and below, 2.0.61 and below, and 2.2.6 and below suffers from cross site scripting and http response splitting vulnerabilities.
e18caed342360e46f868a14e0dd9a259SWFIntruder (pronounced Swiff Intruder) is the first tool specifically developed for analyzing and testing security of Flash applications at runtime. Some features include predefined attack patterns, highly customizable attacks, semi-automated cross site scripting checks, and more.
24b530abb076f5682cf36581c94fd035By using a specially crafted "flv" video it is possible to trigger an integer overflow inside Adobe Flash interpreter which could lead to client/browser-plugin crash, arbitrary code execution or system denial of service.
b746354064d05658a8ac2541f856ee2fFirefox and Internet Explorer are prone to HTTP request splitting when Digest Authentication occurs.
5426a639741037c2c3ecdb00815e92d0PHP Nuke version 8.0, and possibly lower versions, are susceptible to a POST cross site scripting vulnerability.
3f22e872fea3c471242fa8fac6024d02PHP versions greater than or equal to 4.0.7 and less than or equal to 5.2.1 suffer from an arbitrary variable overwrite in import_request_variables().
7caa19415b07b0f1e5e2e58ca201d09dThe Adobe Acrobat Reader plugin is susceptible to session riding and cross site scripting vulnerabilities.
cdcfb7f0fe7c3c08289067140c9c2be4MySQL server versions 5.0.20 and below suffer from information leakage and arbitrary command execution flaws.
df9ba731c0a755f8f7abb79febe6c1eeExploit for MySQL server versions 5.0.20 and below which suffer from information leakage and arbitrary command execution flaws.
a6953bc6c6683d8ef234ab7e954aadfeMySQL server versions 4.1.18 and below and 5.0.20 and below suffer from an information leakage issue.
7ed8c8bcfe58eadc5089a85b1fdf8d50Proof of concept exploit that demonstrates an information leakage vulnerability in MySQL server version 4.1.18 and below and 5.0.20 and below.
13aefb173f330f70de42ba30561937f8Proof of concept exploit that makes use of functions in libc in order to gain MySQL user privileges. Version 4.1.10 and versions below and equal to 4.0.23 are affected.
03d076773b4edd27cd71264b66a9ea04If an authenticated user has INSERT and DELETE privileges on an mysql administrative database, it is possible, by using the CREATE FUNCTION command, to take advantage of functions from libc in order to gain mysql user privileges. Version 4.1.10 and versions below and equal to 4.0.23 are affected.
5cfad60ee180443cf9a873e46849dd96Proof of concept exploit that makes use of a library injection flaw in MySQL via the CREATE function. Version 4.1.10 and versions below and equal to 4.0.23 are affected.
0d778bbae9d865a9ba85379b9ed620feIf an authenticated user has INSERT and DELETE privileges on a mysql administrative database, it is possible to use a library located in an arbitrary directory using the CREATE function. Version 4.1.10 and versions below and equal to 4.0.23 are affected.
8a1165837393ec03c54a528723db2f41PHP shmop shared memory module has a leak that can lead to Safe Mode bypass. PHP versions 5.0.2 and below and 4.3.9 and below are susceptible.
99a70050f72c34784b76a9665223213fPHP proof of concept exploit that makes use of an arbitrary file upload flaw in PHP versions below 4.3.9 and 5.0.2.
82bbf54363bb3c8d4fb0c1e2add5924a
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed