There is a format string vulnerability in Tftpd32 software. When the Tftpd server returns a string containing a specific format, the Tftpd32 client processes this string and displays it in an error message, triggering the vulnerability. This may be leveraged to perform remote command execution and denial of service attacks.
The bn (multiprecision integer arithmetics) part of the OpenSSL library is prone to null ptr deref, off-by-one and other issues resulting in denial of service / crashes.
This Metasploit module exploits a vulnerability found in the the Wordpress theme OptimizePress. The vulnerability is due to an insecure file upload on the media-upload.php component, allowing an attacker to upload arbitrary PHP code. This Metasploit module has been tested successfully on OptimizePress 1.45.
This Metasploit module exploits a code execution flaw in Cisco Data Center Network Manager. The vulnerability exists in processImageSave.jsp, which can be abused through a directory traversal and a null byte injection to upload arbitrary files. The autodeploy JBoss application server feature is used to achieve remote code execution. This Metasploit module has been tested successfully on Cisco Prime Data Center Network Manager 6.1(2) on Windows 2008 R2 (64 bits).
This archive contains all of the 129 exploits added to Packet Storm in November, 2013.
Ruby Gem Sprout version 0.7.246 suffers from a command injection vulnerability.
HP Security Bulletin HPSBGN02942 2 - A potential security vulnerability has been identified with HP Service Manager and ServiceCenter. The vulnerability could be exploited remotely to allow remote code execution. Revision 2 of this advisory.
Call For Papers for Positive Hack Days IV which will take place May 21st through the 22nd, 2014 in Moscow, Russia.
Photo Transfer Wifi version 1.4.4 suffers from multiple script insertion vulnerabilities.
phpThumb version 1.7.12 allows for arbitrary request forgery server-side that can be used maliciously.
WordPress Blooog theme version 1.1 includes a jplayer.swf that suffers from a cross site scripting vulnerability.
Helpdesk Pilot suffers from cross site request forgery and cross site scripting vulnerabilities.