FAA US Academy suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d7a7c911afa34199da4bbc3f3a843f8aeBank IT Online Banking suffers from a cross site scripting vulnerability.
b943436f778b07d5b2ca90bcfacf1310The Joomla Visa component suffers from local file inclusion and remote SQL injection vulnerabilities.
d2f47435abdb727fab6b0ad37b89d75eDGC suffers from a remote SQL injection vulnerability.
81f586badd50a7e58ed071f62fee619cThe Joomla Cmotour component suffers from a remote SQL injection vulnerability.
e8731f676f600895a9a49016ec8cd379Neda Rayaneh CMS suffers from a remote SQL injection vulnerability.
4fce8b30fa7e31fb8b6fa9506db9b881TND Media CMS suffers from a remote SQL injection vulnerability.
07c886016a0ff681687932eff1212beaThis is an automatic SQL Injection tool called FatCat. It has features that help you to extract the database information, table information, and column information from a web application.
4f817b144c8f53343c8aa637f785cfa7Silverstripe CMS suffers from a cross site scripting vulnerability in the page title module.
2214fd112af4a84325c1cf7a4cbc530cLifesystems suffers from a cross site scripting vulnerability.
8654305d1a8ee681e6ce0e6b9c813fa3Motigo Forums/Calendar/Guestbook suffers from a cross site scripting vulnerability.
3d3cc287c96a1a13d963c88faab688f3Gitorious versions prior to 2.1.1 suffer from a remote command execution vulnerability.
29144dc4f809ee2b0f9f56dd45971982This Metasploit module exploits a stack buffer overflow in HP Diagnostics Server magentservice.exe service. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by AbdulAziz Harir via ZDI.
e1ffea648751482c32e081239f6df96fThis Metasploit module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using Windows Media Player's ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causing the offset calculation being higher than how much is available on the heap (0x400 allocated by WINMM!winmmAlloc), and then allowing us to either "inc al" or "dec al" a byte. This can be used to corrupt an array (CImplAry) we setup, and force the browser to confuse types from tagVARIANT objects, which leverages remote code execution under the context of the user. At this time, for IE 8 target, JRE (Java Runtime Environment) is required to bypass DEP (Data Execution Prevention). Note: Based on our testing, the vulnerability does not seem to trigger when the victim machine is operated via rdesktop.
e13897802c519c03ae5164b1d2ecb919AdaCore Security Advisory - All AWS releases and wavefronts prior to 2012-01-21 suffer from hash collision vulnerabilities.
033eef4cea8ba40ff2b4c809bc9b264eStudio Manolibera's listarivisteuk.php suffers from a remote SQL injection vulnerability.
4e1aa19b0abc9ab60f206f8111eab36dDark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
889d6c7b94e9b4b4eca15f9e04ce9a86IBBY's nouvelles.php suffers from a remote SQL injection vulnerability.
a6f587d132fea09875b4d577871e6fb8
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed