Archive for the ‘Exploits’ Category
hpopenview-multi.txt
Wednesday, April 9th, 2008
HP OpenView Network Node Manager versions 7.53 and below suffer from format string, buffer overflow, and denial of service vulnerabilities.
blogator-passwd.txt
Wednesday, April 9th, 2008
Blogator-script version 0.95 suffers from a change user password vulnerability.
CAarc-multi.txt
Wednesday, April 9th, 2008
CA Security Advisory - CA ARCserve Backup for Laptops and Desktops Server contains multiple vulnerabilities that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities. The first issue occurs due to insufficient bounds checking on command arguments by the LGServer service. The second issue occurs due to insufficient verification of file uploads by the NetBackup service. In most cases, an attacker can potentially gain
CAalert-multi.txt
Wednesday, April 9th, 2008
CA Security Advisory - CA Alert Notification Server service contains multiple vulnerabilities that can allow a remote authenticated attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities. The vulnerabilities are due to insufficient bounds checking in multiple procedures. A remote authenticated attacker or local user can exploit a buffer overflow to execute arbitrary code or cause a denial of service.
CORE-2007-0930.txt
Tuesday, February 26th, 2008
Core Security Technologies Advisory - A vulnerability was found in VMware's shared folders mechanism that grants users of a Guest system read and write access to any portion of the Host's file system including the system folder and other security-sensitive files. Exploitation of this vulnerability allows attackers to break out of an isolated Guest system to compromise the underlying Host system that controls it. Proof of concept code included.
pigyard-multi.txt
Tuesday, February 26th, 2008
Pigyard Art Gallery suffers from administrative bypass and SQL injection vulnerabilities.
philipsvoip-multi.txt
Friday, February 15th, 2008
The Philips VOIP841 DECT cordless phone with an embedded Skype client suffers from a hidden administrative interface with a default login, directory traversal, and cross site scripting vulnerabilities.
jspwiki-multi.txt
Friday, February 15th, 2008
An input validation problem in JSPWiki allows the execution of arbitrary local .jsp files. Cross site scripting vulnerabilities also exist. Versions 2.4.104 and 2.5.139 are vulnerable. Earlier versions may also be susceptible.
cacti087a-multi.txt
Wednesday, February 13th, 2008
Multiple security vulnerabilities such as cross site scripting and SQL injection have been discovered in Cacti versions 0.8.7a and below. Full exploitation details provided.