what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files Date: 2012-12-28

CubeCart 5.0.7 Insecure Backup Handling
Posted Dec 28, 2012
Authored by Aung Khant | Site yehg.net

CubeCart versions 5.0.7 and below suffer from an insecure backup file handling vulnerability.

tags | exploit
SHA-256 | 4ad0bade6b43f93bb55527eb3f44f901936684bc818abacd7c7a8ba1a7d090bb
tcgetkey 0.1
Posted Dec 28, 2012
Authored by gat3way

tcgetkey is a set of tools that deal with acquiring physical memory dumps via FireWire and then scan the memory dump to locate TrueCrypt keys and finally decrypt the encrypted TrueCrypt container using the keys. It is a proof of concept and only works against TrueCrypt running on Linux hosts.

tags | tool, proof of concept
systems | linux, unix
SHA-256 | fd1ca946bf249034b70df9e906adf2257e7c7ba2d5c950bee07fc421f5efa391
RealPlayer RealMedia File Handling Buffer Overflow
Posted Dec 28, 2012
Authored by suto | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow on RealPlayer versions and below. The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section. This Metasploit module generates a malicious rm file which must be opened with RealPlayer via drag and drop or double click methods. It has been tested successfully on Windows XP SP3 with RealPlayer

tags | exploit, overflow
systems | windows
advisories | CVE-2012-5691, OSVDB-88486
SHA-256 | f1c623bc1dcad36e79d57718a63066d97b024a30199457832d62e68170935185
WordPress Asset-Manager PHP File Upload
Posted Dec 28, 2012
Authored by Sammy FORGIT | Site metasploit.com

This Metasploit module exploits a vulnerability found in WordPress plugin Asset-Manager versions 2.0 and below. By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.

tags | exploit, arbitrary, php, code execution
advisories | OSVDB-82653
SHA-256 | 81b75da9229bb9ea397205ad2f8f36a7be52ab7edb32882060a059e87e819740
Mptcp Packet Manipulator 1.9.0
Posted Dec 28, 2012
Authored by Khun | Site hexcodes.org

Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.

Changes: Added support for Display Packet Content (tcpdump style). More hard compiler optimizations. Full support for Darwin OS. Various other additions and improvements.
tags | tool, scanner, tcp
systems | unix
SHA-256 | 877f0fde7a1b9bb0cdd0999db9a608db6beb44a3c5860736fcb665139c816ff8
SonicWall Email Security 7.4.1.x Cross Site Scripting
Posted Dec 28, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

SonicWall Email Security version 7.4.1.x suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7b65bbace4bdb5f0e1d2c16ffbaaeb17804008aad4232e2101248a191518d805
Log Analyzer 3.6.0 Cross Site Scripting
Posted Dec 28, 2012
Authored by Mohd Izhar Ali, Vulnerability Laboratory | Site vulnerability-lab.com

Log Analyzer version 3.6.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f987ab8bbed2ee70d4fd2071548210b7b53ce96342dea67455f31fb3d9addeb1
Malheur Malware Analyzer 0.5.3
Posted Dec 28, 2012
Authored by Konrad Rieck | Site mlsec.org

Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.

Changes: The tool's persistent state is stored in the local state directory for better maintenance. Several minor bugs have been fixed.
tags | tool, forensics
systems | unix
SHA-256 | feffed3a6f9712581d6d3919879040b1a1af45225b1010a4993bf862650b8bd0
Polycom HDX Video End Points Cross Site Scripting
Posted Dec 28, 2012
Authored by Fara Denise Rustein

The Polycom HDX Video End Points web management interface suffers from a cross site scripting vulnerability.

tags | advisory, web, xss
advisories | CVE-2012-4970
SHA-256 | c33a77f2c171969139be48d5bb5f627a19f1a2eb5aac6100b6844b72341d03ac
Debian Security Advisory 2591-1
Posted Dec 28, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2591-1 - Multiple security issues have been found in Mahara, an electronic portfolio, weblog, and resume builder, which can result in cross-site scripting, clickjacking or arbitrary file execution.

tags | advisory, arbitrary, xss
systems | linux, debian
advisories | CVE-2012-2239, CVE-2012-2243, CVE-2012-2244, CVE-2012-2246, CVE-2012-2247, CVE-2012-2253, CVE-2012-6037
SHA-256 | 390bb5471860b52761704077ff7b8ecce39f0e34112b25385a74becd6479363d
Insecure Authentication Control In J2EE
Posted Dec 28, 2012
Authored by Ashish Rao

This is a whitepaper discussing insecure authentication control in J2EE implemented using sendRedirect().

tags | paper, java
SHA-256 | b2a82a30b0720aba342064d33edf9fea0ba6e7a76c0c2af4a6533a79e5904233
Page 1 of 1

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By