x10 Micro Blogging suffers from a remote SQL injection vulnerability.
3bcb5755407837acc10df472dfc3ddeecefa7ff31a2ec6561d3bc4ce854b401dThe Joomla Picasa component version 2.0 suffers from a local file inclusion vulnerability.
7c6bfad1583408e8edfc57cb4497eb4547da71eccdb3101c25890bc2a4232f07MassMirror Uploader suffers from remote file inclusion vulnerabilities.
7bc2691601f41ef72d479052fb4f83c0e7ff957a6000fc07449e7cab9c951025Zero Day Initiative Advisory 10-053 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the handling of MIDI streams. When the code responsible for creating a MixerSequencer object from a MIDI stream encounters an 0xFF byte, it assumes it has reached a metaEvent. It then proceeds to parse out a variable-length field. By abusing the way this structure is stored an attacker can corrupt a pointer address later allowing a NULL byte write to an arbitrary memory address. This can be leveraged to execute remote code under the context of the user running the applet.
ac325623580367d4f9c5f873964395991b1f2031d90d9591dff6ed684341144fZero Day Initiative Advisory 10-052 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within a function responsible for allocating objects in the com.sun.media.sound libraries. This function takes an integer parameter and adds a fixed amount to it before allocating from the heap. This can be exploited to gain arbitrary code execution by forcing a call to this allocator with a large enough integer parameter.
89c4c351106472677fadb1392ade75f9deab1da7910c157385c300dd990b219fZero Day Initiative Advisory 10-051 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Sun Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious website. The specific flaw exists within the deserialization of RMIConnectionImpl objects. Due to a lack of privilege checks during deserialization it is possible to supply privileged code in the ClassLoader of a constructor being deserialized. This allows for a remote attacker to call system level Java functions without proper sandboxing. Exploitation of this can lead to remote system compromise under the context of the currently logged in user.
41743433b0cfce1d04e74452a3bbe7893078442b7c65e649faedef9308ed90ceThe Joomla JP Jobs component suffers from a remote SQL injection vulnerability.
22b231166bb79a0d4b4a51008b74d435d2dfa85dd32565bd9492f5bee73c510cWolf CMS version 0.6.0a cross site request forgery exploit that changes the administrator password.
f3287a8a592bff5bf04b1472cb1fbec6e0bd3da4ab96a273f79f9f977a79f2c9Debian Linux Security Advisory 2027-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.
8a5256f8e41085ee974d4213fb8ec7be29ae9ce62b0d995be3d7548a75dbd4ceN'CMS suffers from a local file inclusion vulnerability.
5879ed81ed964482c60341571db5330190b6090a5125382dadd4569102a1a7f4MunkyScripts Simple Gallery suffers from a remote SQL injection vulnerability.
f66ef1ef5d9f53371163ba16fc519aaebb79968b0d2e367902f205c9b152b710Nodesforum version 1.033 suffers from a remote file inclusion vulnerability.
aa12acdac2c444e29f51d80dd79f183db7c42d609f7b42367c6b4f58f12c4116Uigaproxy suffers from a remote file inclusion vulnerability.
1204f9ea8c8eb62d15e44843c9565bbe357385f76668eb5baeb53ed3d5458089ttCMS version 5 suffers from a remote file inclusion vulnerability.
b78ae58e7b479f770c52b77ecdf47d30de395460c97e5a2cc55056ae2b030f03The Joomla Serie component suffers from a remote SQL injection vulnerability.
02bd5317364baf19e524988852b4d2e6c77b92d84d505ff563b6c82650a6ec16The Joomla Ranking component suffers from a remote SQL injection vulnerability.
ad2a933c60f5423f4c61b9968c8e5ed4c43f297c3c793739446301a5663c068aDualis version 20.4 local denial of service exploit that creates a malicious .bin file.
accc750ca490fb60aa8f19dd4e66b888adc7ad4e46601eacf91d1c14d8b6e46cPerl Cache-Cache version 1.06 suffers from an insecure permission vulnerability.
37ffab0c7b687666bcf779dfc51ce9d345e58e91e512e603ede4b5e82c37b6b5Bind prior to 8.2.3-REL remote root exploit - Includes instructions for finding the offset on linux. Tested against Redhat 6.1 8.2.2-P5 and Slackware. NOTE: This exploit is backdoored to also connect to 151.196.71.160 and dump information regarding the user running the exploit. User beware.
e5d79c60f4264849e22015211b28b4291acc39f85fa920c4f0d83f91c7a2da44Secunia Security Advisory - A weakness has been reported in PolicyKit, which can be exploited by malicious, local users to disclose certain system information.
88075876eaef020ea041438be4a867adeb6c9d08425dce89688e7989c24f4622Secunia Security Advisory - A vulnerability has been discovered in Uiga Proxy, which can be exploited by malicious people to compromise a vulnerable system.
4f37888ef7ac3eb38f3018017b0c41f7c02b4c3ea2e0a30653e13daedab1876cSecunia Security Advisory - Some vulnerabilities have been discovered in MassMirror Uploader, which can be exploited by malicious people to compromise a vulnerable system.
1fc6734810bf3f217086da881fa3939167bf3e2406e9a972fc370715657b2ddfSecunia Security Advisory - NoGe has discovered a vulnerability in the redTWITTER component for Joomla, which can be exploited by malicious people to disclose potentially sensitive information.
17ac3012d79d1c05c368f675e35e17e37dd22c819cdffe9a292a3b1b8a2b0729Secunia Security Advisory - Some vulnerabilities have been reported in Solutive CMS, which can be exploited by malicious people to conduct SQL injection attacks.
4974f06304ed2b3bcd394bd0c8eb748a26d65e524b687369f20fda3140ae67bfSecunia Security Advisory - A vulnerability has been discovered in eZip Wizard, which can be exploited by malicious people to compromise a user's system.
f462d5a181d13ffc6b2bb91b89b9a8ce89beb94503031bb34cb9559a6e1c3ec5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed