Cisco ASA Ethernet Information Leak
This is the Cisco ASA ethernet information leak exploit that leverages the vulnerability noted in CVE-2003-0001. Versions prior to 8.4.4.6 and 8.2.5.32 are affected.
View ArticleConcrete5 CMS 5.6.1.2 Cross Site Request Forgery / Cross Site Scripting
Concrete5 CMS version 5.6.1.2 suffers from multiple cross site request forgery and cross site scripting vulnerabilities.
View ArticleDebian Security Advisory 2703-1
Debian Linux Security Advisory 2703-1 - Several vulnerabilities were discovered in Subversion, a version control system.
View ArticleDebian Security Advisory 2704-1
Debian Linux Security Advisory 2704-1 - It was discovered that applications using the mesa library, a free implementation of the OpenGL API, may crash or execute arbitrary code due to an out of bounds...
View ArticleMaxForum 2.0.0 Code Injection / LFI / Disclosure
MaxForum version 2.0.0 suffers from PHP code injection, local file inclusion, and credential disclosure vulnerabilities.
View ArticleLokboard 1.1 PHP Code Injection
Lokboard version 1.1 suffers from a remote PHP code injection vulnerability.
View ArticleSun Java Web Start Double Quote Injection
This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. Parameters intial-heap-size and max-heap-size in a JNLP file can contain a double quote which is...
View ArticleNanoBB 0.7 Cross Site Scripting / SQL Injection
NanoBB version 0.7 suffers from cross site scripting and remote SQL injection vulnerabilities.
View ArticleBuffalo WZR-HP-G300NH2 Cross Site Request Forgery
Buffalo WZR-HP-G300NH2 suffers from a cross site request forgery vulnerability. The demonstration payload changes the administrative password.
View ArticleWeathermap 0.97C Local File Inclusion
Weathermap versions 0.97C and below suffer from a local file inclusion vulnerability.
View ArticleJava Applet Driver Manager Privileged toString() Remote Code Execution
This Metasploit module abuses the java.sql.DriverManager class where the toString() method is called over user supplied classes, from a doPrivileged block. The vulnerability affects Java version 7u17...
View ArticleSynactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow
This Metasploit module exploits a vulnerability found in Synactis' PDF In-The-Box ActiveX component, specifically PDF_IN_1.ocx. When a long string of data is given to the ConnectToSynactis function,...
View ArticleExim and Dovecot Insecure Configuration Command Injection
This Metasploit module exploits a command injection vulnerability against Dovecot with Exim using the "use_shell" option. It uses the sender's address to inject arbitrary commands since this is one of...
View ArticleSelf-Bank Cross Site Scripting
Selfbank.es suffers from multiple cross site scripting vulnerabilities. The author has tried to contact them multiple times but they still have not addressed the issue.
View ArticleUbuntu Security Notice USN-1871-1
Ubuntu Security Notice 1871-1 - Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash,...
View Article