ASP-DEv XM Forums suffers from a remote SQL injection vulnerability.
6cda01504d8352fc8ddac7396911d7c2ASP-DEv XM Diary suffers from a remote SQL injection vulnerability.
87a17c06069c18fea14aeb9b6a3d9968This Metasploit module can be used to execute a payload on LANDesk Lenovo ThinkManagement Suite 9.0.2 and 9.0.3. The payload is uploaded as an ASP script by sending a specially crafted SOAP request to "/landesk/managementsuite/core/core.anonymous/ServerSetup.asmx" , via a "RunAMTCommand" operation with the command '-PutUpdateFileCore' as the argument. After execution, the ASP script with the payload is deleted by sending another specially crafted SOAP request to "WSVulnerabilityCore/VulCore.asmx" via a "SetTaskLogByFile" operation.
7e622d16202980709325aec7154b625cMicrosoft ASP.NET Forms versions 4.0.30319.237 and below suffer from an authentication bypass vulnerability.
74d23f9000afec3f9362934b375bf296Secunia Security Advisory - demonalex has discovered some vulnerabilities in Matthew1471's ASP BlogX, which can be exploited by malicious people to conduct cross-site scripting attacks.
e1333098826e6fab5e9c93e8ac40cbabMatthew1471s ASP BlogX suffers from a cross site scripting vulnerability.
7a48064467650d2e09e193cc4f679e48ASP Classifieds suffers from a remote SQL injection vulnerability.
edef36f0f6aa7d25d54afe0253129e0eLastguru ASP Guestbook suffers from a remote SQL injection vulnerability.
744bf60db36981363e3fd5bea54deccfAcidcat ASP CMS versions 3.5.1 and 3.5.2 suffer from multiple cross site scripting vulnerabilities.
b9690e647db54a97c35231a0971ed3dfASP.NET hash denial of service exploit payload. Includes 1mb and 4mb files.
33963c2fd6e029d6ca3d72771e9086b2Microsoft ASP.NET Forms suffers from a null byte termination authentication bypass vulnerability that exists in the CopyStringToUnAlingnedBuffer() function of the webengine4.dll library used by the .NET framework. The unicode string length is determined using the lstrlenW function. The lstrlenW function returns the length of the string, in characters not including the terminating null character. If the unicode string containing a null byte is passed, its length is incorrectly calculated, so only characters before the null byte are copied into the buffer.
63981257663cd145e7371de1db9fbfbeZero Day Initiative Advisory 11-354 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely create arbitrary files.
8d0d075c9270d3ca27e4079e36cc1eafZero Day Initiative Advisory 11-353 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPAUploader.dll file. An extended length string can be passed into scripts within the management website on port 80 (the 'uploadfile' multipart form data 'filename' parameter in Default.asp) and ultimately to MPAUploader.dll. As a static stack allocation is used to store the buffer and the string length is not handled properly, a remote attacker may overwrite the stack and ultimately execute remote code.
671ebea656ba9bc4875b4c9cf481f2dcQueCom Qortal User version 5.10.014 suffers from an ASP source code disclosure vulnerability.
d21d86512983c85718ce610afe65071eSecunia Security Advisory - A vulnerability has been reported in VP-ASP, which can be exploited by malicious people to conduct SQL injection attacks.
136cda02af0bcb0e0d8959fb90aaecb6Asp Basit Haber Script version 1.0 suffers from a remote SQL injection vulnerability.
f6145c18d08b80d5a81abc4f85e235bdPlaneteria Design ASP suffers from a remote SQL injection vulnerability.
f53787bb93013f57794e5df91ab50661Secunia Security Advisory - L0rd CrusAd3r has reported two vulnerabilities in CodeWidgets.com Pop-Over Login Form (ASP), which can be exploited by malicious people to conduct SQL injection attacks.
34e1691c3bf8815c79e07b840a0916efMagnon Solutions ASP suffers from a remote SQL injection vulnerability.
a0564b5e944f33b5bbca3dd3433a0adbSecunia Security Advisory - Two vulnerabilities have been reported in Multiple Question - Multiple Choice Online Questionaire (ASP), which can be exploited by malicious people to conduct SQL injection attacks.
5a85609dfda0a79839c139c6b2c3d1bfSecunia Security Advisory - A vulnerability has been reported in Aipo and Aipo ASP, which can be exploited by malicious users to conduct SQL injection attacks.
e88e8dc1f587d92c50d27afea438386bVirtual Consultant suffers from a remote SQL injection vulnerability in newsDetail.asp.
95bc5ae5b05384e27fc56f5968f1c9cfEMC SourceOne Email Management may allow the disclosure of application-sensitive information using ASP.NET Application Tracing. The ASP.NET application trace is enabled in affected versions of EMC SourceOne Email Management. This trace file may contain application-sensitive information that can be accessed by a remote user. Authentication is required to access the trace file.
52b444d82597464cd41c6e1c5a2e352dThe Uploadform ASP script suffers from a shell upload vulnerability.
6e89d47c37f5dc058220f8cb481bf813Ideas Factory PHP and ASP suffers from a remote SQL injection vulnerability.
a919ad0d6f018b22ff81ee9dd28b9a7f
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed