Apache OFBiz versions 11.04.01 through 11.04.04 and 12.04.01 through 12.04.03 suffer from a cross site scripting vulnerability.
fc343b2e9b0b222af9ed2172c74986902a356c06c28a09a1384b4dbecc1d0f5eRSA Archer GRC Platform 5.5 SP1 contains fixes for multiple security vulnerabilities such as privilege escalation, unauthorized access, cross site request forgery, inclusion of functionality, and embedded component issues.
c5cc67563b9eb44815aef96fb982b29d83d634418743e2ceb8f768330e9e1a6bMaligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
54cc82448620ff8fc47306299e2caad4c16257222f08c5ed03811709eb35c40bBlazeDVD Pro version 7.0 SEH buffer overflow exploit written in python.
28f2e7fae50adf7f22550261f04d46dcf3240ae06a9b830d634a727ddd95e19eBulletproof FTP Client 2010 SEH buffer overflow exploit written in python.
7a8c67f6731b5fc356c9ed27d17abe620d1f8a25301d9d30352e7e5587ee33c3EMC Documentum suffers from code execution, DQL injection, information disclosure, and multiple openssl vulnerabilities. Nicolas Gregoire provided the following PoC for the DQL injection: x'+UNION+ALL+SELECT+'z',user_os_name,user_name,default_folder+FROM+dm_user+ENABLE+(RETURN_TOP+10);
8519416c566585987d0c1b89564e5ddbeb78d80955a30917dd2386336520cb34EMC Documentum D2 contains a fix for a privilege escalation vulnerability that could be potentially exploited by malicious users to compromise the affected system. D2GetAdminTicketMethod and D2RefreshCacheMethod methods serve a superuser ticket to all requesting parties. A remote authenticated unprivileged user could potentially use these methods to request a superuser ticket and then use that ticket to escalate their privileges.
eb13a7c78f8146524ad5f310c49180d47fd88c3516da4b3e65ccb5913327a113Red Hat Security Advisory 2014-1076-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
4a3e5a1d3b5d3126257f308d67fc12e3821112ab46c5863333fd74aa06917520Red Hat Security Advisory 2014-1075-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
b35709ab7e9c9bdb86a3f0152027256f58d7211fa345248512524557c113b9bcMelkor is an ELF fuzzer that mutates the existing data in an ELF sample given to create orcs (malformed ELFs), however, it does not change values randomly (dumb fuzzing), instead, it fuzzes certain metadata with semi-valid values through the use of fuzzing rules (knowledge base). Written in C, Melkor is a very intuitive and easy-to-use fuzzer to find functional (and security) bugs in ELF parsers.
dd37ddae34290ee552fdb5daee71e308b3ff192171694e83af256441719509d2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed