Trendnet TV-IP201 uses an embedded version of the GoAhead WebServer that is vulnerable to directory traversal and authentication bypass attacks. Read the rest of this entry »

Fonts Site Script suffers from a remote file disclosure vulnerability. Read the rest of this entry »

GameRoom suffers from a remote shell upload vulnerability. Read the rest of this entry »

ClassifiedUltra suffers from remote SQL injection and insecure cookie handling vulnerabilities. Read the rest of this entry »

BannerExchange suffers from an insecure cookie handling vulnerability. Read the rest of this entry »

ApartmentSearch suffers from remote SQL injection and insecure cookie handling vulnerabilities. Read the rest of this entry »

AdultBannerExchange suffers from an insecure cookie handling vulnerability. Read the rest of this entry »

SpiderLabs has documented view state tampering vulnerabilities in three products from separate vendors. Microsoft ASP.Net version 3.5, Apache MyFaces versions 1.2.8 and 1.2.7, and Sun Microsystems Mojarra versions 1.2_14 and 2.0.2 are all vulnerable. Read the rest of this entry »

This Metasploit module exploits a buffer overflow vulnerability in opcode 21 handled by rpc.cmsd on AIX. By making a request with a long string passed to the first argument of the rtable_create RPC, a stack based buffer overflow occurs. This leads to arbitrary code execution. Read the rest of this entry »

This Metasploit module can be used to execute a payload on IIS servers that have world-writeable directories. The payload is uploaded as an ASP script using a WebDAV PUT request. Read the rest of this entry »