This Metasploit module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval(), in InstantCMS versions 1.6.
f892f3ba804eed45332252715f4d92a0ebdcd7ca8371e0832ec7162473120f06SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
7e75b73ed026d9c776cf93a1d7ed5ad247973c3ce94a6b3367f474f7a56117dbKasseler CMS version 2 r1223 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
12b1c13062d11a8309a56e262bd4c347eba49d379b6c1cbf8c2226e042152117OpenX version 2.8.10 suffers from cross site scripting and local file inclusion vulnerabilities.
d08e9e5a6bd82b06d1b3ad7f393924720a46ca189b23c473f598bd45b9eeed98Apple Security Advisory 2013-07-02-1 - Security Update 2013-003 is now available and addresses multiple arbitrary code execution vulnerabilities in QuickTime.
c9b13d54d297a2db3d423a575aded10be3fbd77b2ef2e80d714924e848546c51HP Security Bulletin HPSBUX02893 - Potential security vulnerabilities have been identified with HP-UX Apache running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform Cross Site Scripting (XSS). Revision 1 of this advisory.
a026ac31493a39f6f261c4aec7d39803b709c1fe4c6b7c6d2240611c6fa91a58HP Security Bulletin HPSBUX02889 SSRT101252 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.
b50420794c14b06ab55ad4945395d8ae2c7e9c3ca73b147fa80f486873254d64Opera 12.15 memory exhaustion denial of service proof of concept exploit.
e80bf0b28cac486ed8ed4c65a980b26f413e23a47119c3060562212b52f3126cRealtek Sound Manager AvRack crash proof of concept exploit.
5571c3274778602d5afbf29bf1a1f44fab2246bd70775144e79425502671e49dNokia 1280 phones suffers from a denial of service vulnerability when receiving a large SMS.
d9f25bc24431834e58b1a2f00204206fea4b065de403fb48237847e8901525edUbuntu Security Notice 1897-1 - Jibbers McGee discovered that PyMongo incorrectly handled certain invalid DBRefs. An attacker could use this issue to cause PyMongo to crash, resulting in a denial of service.
f7df6691afceec93e40d2b7c17cfe08566dab81217a8c75bf19fb9bb583a07c3Red Hat Security Advisory 2013-1014-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application.
1ea596445194e8038f13aa4fba7db27eb68b91237da76b94dea648c9dafd2f06Red Hat Security Advisory 2013-1013-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes.
4d8adaa9bcaef993e656ec1d999154261c28702c77c144918b0a2f0f34812afdRed Hat Security Advisory 2013-1011-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes.
cadd38f37fb1b46b32962ed1bb5969dfd435931e8d2d4a4d9dff2d5e6173a51cRed Hat Security Advisory 2013-1012-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes.
35427631191e8b8a15c2ccf348534c44c88f0f64d52cc8050a784c8592125f6cUbuntu Security Notice 1890-2 - USN-1890-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in Firefox using the wrong network proxy settings. This update fixes the problem.
846f7f1bf324cd93d4bdbadbe1398e3342216f1da6747b6cd738d2ecd16507c3Ubuntu Security Notice 1896-1 - Florian Weimer discovered that the Module::Signature perl module incorrectly loaded unknown ciphers from relative directories. An attacker could possibly use this flaw to execute arbitrary code when a signature is verified.
cd9b66aa4310380ddd651277bec994c6ab25f0629793f8f40a7b052a5a172fe4Debian Linux Security Advisory 2718-1 - Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches.
2b70fccd085f14980881182fe8865f3ab759e475f3afdd54e1319ff3a020960cLinksys versions EA2700, EA3500, E4200, EA4500 using lighttpd 1.4.28 and Utopia on Linux 2.6.22 suffer from an unauthenticated access vulnerability.
266da9dd8a7b398661ea49b23a60a0543c4ac5cb9c8e7faecc5ce203cbee23b6WordPress versions 3.5.1 and below suffer from multiple cross site scripting vulnerabilities.
399aaad0a5a0c95b905a8449580b6486f0eff6989d9a49975f44518cc7308ae9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed