This Metasploit module exploits a vulnerability in the U3D handling within versions 9.x through 9.4.6 and 10 through to 10.1.1 of Adobe Reader. The vulnerability is due to the use of uninitialized memory. Arbitrary code execution is achieved by embedding specially crafted U3D data into a PDF document. A heap spray via JavaScript is used in order to ensure that the memory used by the invalid pointer issue is controlled.
0b78b73d96782aa18205e750b111a977Debian Linux Security Advisory 2380-1 - It was discovered that the foomatic-filters, a support package for setting up printers, allowed authenticated users to submit crafted print jobs which would execute shell commands on the print servers.
ae3ac06dc724bdf7ece5b0b0a5472516Debian Linux Security Advisory 2379-1 - It was discovered that the Key Distribution Center (KDC) in Kerberos 5 crashes when processing certain crafted requests.
e686ca5f9bce5541546ac1695b954944Limny version 3.0.1 suffers from a cross site scripting issue in '/admin/login.php' that uses the 'PHP_SELF' variable. The vulnerability is present because there isn't any filtering to the mentioned variable in the affected script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
6ffa488fe6a7a0cb4125d0deb6dc897eS.S.T (Save Typed Text) javascript proof of concept keylogging code.
80322d53bae1f81df3bae32d7ddf76cdUBB Forum version 7.5.6 suffers from a cross site scripting vulnerability.
1d2803253b408e9414ae323d8c6b2afbPHP 4 hash collision proof of concept code that computes hash values for form parameters.
ea16bf2c76f5634fa3f2084454c76ac7Orchard versions 1.3.9 and below suffer from an open redirection vulnerability.
50f40c6f8f019e5d899966e8058a1e73Typo3 versions 4.5 through 4.7 suffer from remote code execution vulnerabilities by leveraging local and remote file inclusion.
8ff731695fbfcede917872da831cd057immediaC CMS suffers from a remote SQL injection vulnerability.
0277fd53af9e598e4fa92c49d3b1443dBiz Technologies suffers from a remote SQL injection vulnerability.
591d0ede1b412f5caeeaa1897991fa98Ischianelweb suffers from a remote SQL injection vulnerability.
6a8692a2811d76a7baa14041eae6f5dbImpressCMS version 1.3 Final suffers from cross site scripting and local file inclusion vulnerabilities.
6f854723af5d4da1d5cd4770c4ba7b85Logement Laval suffers from a remote SQL injection vulnerability.
03c18349f5b10133e3d5068190924eb1Mediashaker suffers from a remote blind SQL injection vulnerability.
b6e3f7a353ddd96d06e81e6863c4aa70EasyWebRealEstate suffers from a remote blind SQL injection vulnerability.
0303bf504f5b24145693189344184851Otterware Statit4 suffers from a cross site scripting vulnerability.
c1c45b55dddbb10dfac40dc2d512c27dPosse Sports suffers from a remote SQL injection vulnerability.
04d6c0def1d6e7498453e2a1fb5251dfSyriaNobles suffers from a remote SQL injection vulnerability.
772906ecc907bd82199829132dafae52VLC Media Player version 1.1.11 local crash proof of concept exploit that creates a malicious .amr file.
4cc7f197937ce0cbcdcae6c426d00df2Netcut version 2.0 suffers from a denial of service vulnerability.
f7d6c56b3e04622c434e841c71ac5d9eTextpattern CMS version 4.4.1 before change set 3612 suffers from a cross site scripting vulnerability.
c1a8fa607d7e69ae3ed1115ee98c8e2fUbuntu Security Notice 1317-1 - It was discovered that Ghostscript did not correctly handle memory allocation when parsing certain malformed JPEG-2000 images. If a user or automated system were tricked into opening a specially crafted image, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. It was discovered that Ghostscript did not correctly handle certain formatting operations when parsing JPEG-2000 images. If a user or automated system were tricked into opening a specially crafted image, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. Various other issues were also addressed.
a8d6590574487c9c0fbd6b8d75b7c24fProof of concept WiFi cracking code for Guestek / Oneview systems as found in Extended Stay of America hotels.
cd58f968bb374c9c68857247dbf05792Secunia Security Advisory - A vulnerability has been reported in GraphicsClone Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
d15ee0640bbf6002c1dcb76b738cf41b
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed