exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 61 RSS Feed

Files Date: 2012-06-29

Hewlett-Packard Data Protector DtbClsAddObject Parsing Remote Code Execution
Posted Jun 29, 2012
Authored by Aaron Portnoy, HP DVLabs | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dpwintdb.exe process which listens by default on TCP port 3817. When parsing data within a DtbClsAddObject request, the process copies data from the network into a fixed-length buffer on the stack via an unchecked loop. This can be leveraged by attackers to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2012-0123
SHA-256 | 556adc16dad6ca3f4873f33810b698ebf5dfd71151e2fd435143e01f45c5066c
Debian Security Advisory 2505-1
Posted Jun 29, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2505-1 - An XML External Entities inclusion vulnerability was discovered in Zend Framework, a PHP library. This vulnerability may allow attackers to access to local files, depending on how the framework is used.

tags | advisory, local, php, xxe
systems | linux, debian
advisories | CVE-2012-3363
SHA-256 | d45dbbe7fa51ef7a30834fdc072c235fb62211ea1d381d9c18fffe4027dd77c5
Ubuntu Security Notice USN-1493-1
Posted Jun 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1493-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2313, CVE-2012-2319, CVE-2012-2313, CVE-2012-2319
SHA-256 | 77525d18fe3903454b40d845ae40d20592c749585227b9b425eaaa4ee7df89b9
Ubuntu Security Notice USN-1492-1
Posted Jun 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1492-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2313, CVE-2012-2319, CVE-2012-2313, CVE-2012-2319
SHA-256 | 5c008bad4bf5b5e6f2d1edfe0b628bc54eaa408b4b6b43672c68f300dcd7c96c
Ubuntu Security Notice USN-1491-1
Posted Jun 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1491-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2313, CVE-2012-2319, CVE-2012-2313, CVE-2012-2319
SHA-256 | da9199238227f76fc593b9934eb5128793f02fc7a4f1b881de72ef364cf8b2fc
Ubuntu Security Notice USN-1490-1
Posted Jun 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1490-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges. A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS). Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2313, CVE-2012-2319, CVE-2012-2375, CVE-2012-2313, CVE-2012-2319, CVE-2012-2375
SHA-256 | 8f1a22f35dec0021c950b54a8ef4715f583605a9e928beaab4afd45ba2ffe802
Ubuntu Security Notice USN-1489-1
Posted Jun 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1489-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2012-2375
SHA-256 | a0160d2bf1976d1fe7a48540546da24d592052eae3d9e80102788a8201dfa773
Ubuntu Security Notice USN-1488-1
Posted Jun 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1488-1 - Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system privileges. A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS). Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2313, CVE-2012-2319, CVE-2012-2375, CVE-2012-2313, CVE-2012-2319, CVE-2012-2375
SHA-256 | 9ff2c344a22dd177a74b4584652f72e70cc7becfc17793c4eb7ac7dc1549d124
Ubuntu Security Notice USN-1487-1
Posted Jun 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1487-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2012-2375
SHA-256 | 818704e55d7a06e1a37274e59681ade1cd3395e22dd1ce9e2a161df2bcedfc23
Ubuntu Security Notice USN-1486-1
Posted Jun 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1486-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2012-2375
SHA-256 | ec7dfba0e891878772a737bc7291e76b065bb2ab7ad0105a3f6c7511633de311
GIMP 2.8.0 Denial Of Service
Posted Jun 29, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

There is a file handling denial of service in GIMP (the GNU Image Manipulation Program) for the 'fit' file format affecting all versions (Windows and Linux) up to 2.8.0. A file in the fit format with a malformed 'XTENSION' header will cause a crash in the GIMP program. The flaw is triggered by opening a crafted 'fit' file or allowing the file explorer dialog to preview the file. Proof of concept included.

tags | exploit, denial of service, proof of concept
systems | linux, windows
advisories | CVE-2012-3236
SHA-256 | 0341418c409c2905c278b5539d3f0236be8f96cdfce5f9140782b205443ab209
Irfanview Plugins 4.33 Overflow
Posted Jun 29, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

IrfanView Formats PlugIn is prone to an overflow condition. The JLS Plugin (jpeg_ls.dll) library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, a context-dependent attacker could potentially execute arbitrary code. Proof of concept included. Irfanview Plugins version 4.33 is affected.

tags | exploit, overflow, arbitrary, proof of concept
systems | linux
advisories | CVE-2012-3585
SHA-256 | cd8bb7da17eb6fd5c44d2f4ceac57a18c44aca435eea690d9247652a97f176d8
PHP Money Books 1.03 Stored Cross Site Scripting
Posted Jun 29, 2012
Authored by chap0

PHP Money Books version 1.03 suffers from stored cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
SHA-256 | 28c37410044d56ed3d43c475e197fffb8cafc605053dcc62a4fa1bfca5ebdb61
PC Tools Firewall Plus 7.0.0.123 Denial Of Service
Posted Jun 29, 2012
Authored by 0in

PC Tools Firewall Plus version 7.0.0.123 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 4447ecdb0363561495e738164aa0f707a038ec3388d0a37f183ac75f3c8b355d
SpecView 2.5 Build 853 Directory Traversal
Posted Jun 29, 2012
Authored by Luigi Auriemma | Site aluigi.org

SpecView versions 2.5 build 853 and below suffer from a remote directory traversal vulnerability.

tags | exploit, remote
SHA-256 | 37c481c86f91ff979c1f2a14452d4bc1fc45aaf6d60f55ae0b180aa752d19d99
PowerNet Twin Client 8.9 Stack Overflow
Posted Jun 29, 2012
Authored by Luigi Auriemma | Site aluigi.org

PowerNet Twin Client versions 8.9 and below suffer from a stack overflow vulnerability.

tags | exploit, overflow
systems | linux
SHA-256 | 01ee7bdceda2abbcd11f2723950b87df2788e5314ddad8946094bb92071a21fd
Apple QuickTime TeXML Stack Buffer Overflow
Posted Jun 29, 2012
Authored by sinn3r, Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. The flaw is generally known as a bug while processing the 'transform' attribute, however, that attack vector seems to only cause a TerminateProcess call due to a corrupt stack cookie, and more data will only trigger a warning about the malformed XML file. This Metasploit module exploits the 'color' value instead, which accomplishes the same thing.

tags | exploit, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2012-0663, OSVDB-81934
SHA-256 | c3e73b5fb622e5d0d8dee9cca23a811ec375673bedd92228a5733bc9287c407b
Openfire Admin Console Authentication Bypass
Posted Jun 29, 2012
Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in the administration console of Openfire servers. By using this vulnerability it is possible to upload/execute a malicious Openfire plugin on the server and execute arbitrary Java code. This Metasploit module has been tested against Openfire 3.6.0a. It is possible to remove the uploaded plugin after execution, however this might turn the server in some kind of unstable state, making re-exploitation difficult. You might want to do this manually.

tags | exploit, java, arbitrary, bypass
advisories | CVE-2008-6508, OSVDB-49663
SHA-256 | f96c770e59d9d05308428a0fe45cb31107b3064402edcf2653bd604b617ffe44
Lefigaro.fr Cross Site Scripting
Posted Jun 29, 2012
Authored by Th4 MasK

Lefigaro.fr suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2b6001bd8c7d5624b2c4fc19842dac3f602962123078d63d24ee986593e31640
Internet Mobile Denial Of Service
Posted Jun 29, 2012
Authored by Dark-Puzzle

Internet Mobile suffers from a denial of service vulnerability that triggers an exception handler. Post exploitation the program must be reinstalled.

tags | exploit, denial of service
SHA-256 | f62fb11dd66093bb0cdd30237cc9c4c7d0fce7078ef39c6a4be17144b9bcf514
Hi-Media SQL Injection
Posted Jun 29, 2012
Authored by Mr.XpR

Hi-media suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 17ee62de993a1e79a03aca02af14eae5006cd8b1e1305748e7941e113e0187e0
B2CPrint Remote Shell Upload
Posted Jun 29, 2012
Authored by Mr.XpR

B2CPrint suffers from a remote ASP shell upload vulnerability.

tags | exploit, remote, shell, asp
SHA-256 | 07aa64e3542baf26914c58bd60df81bce81243de8587811fbef33dcfab8b6757
Kongregate.com Cross Site Scripting
Posted Jun 29, 2012
Authored by Th4 MasK

Kongregate.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0b2d9442e574b62a25db9e9e8fe869f6944a116b8512276d2ea69ee2a436d646
Ghana50.gov.gh Cross Site Scripting
Posted Jun 29, 2012
Authored by Th4 MasK

Ghana50.gov.gh suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 73ada375439d3064c88ce6153b874b1a88c0ae18dcb6c12029f1bda5bb23ec25
Secunia Security Advisory 49755
Posted Jun 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Support Assistant, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

tags | advisory, vulnerability, xss
SHA-256 | 71c9253703bf5bf2d581cc9ee2ab76440afb59136515badd54ad8abcf4ac4b92
Page 1 of 3
Back123Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    16 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close