all things security
Showing 1 - 25 of 433 RSS Feed

Files

Packet Storm New Exploits For June, 2012
Posted Jul 2, 2012
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 433 exploits added to Packet Storm in June, 2012.

tags | exploit
systems | linux
MD5 | 0778a6e1308c1a0e229337282365cafa
IBM DeveloperWorks NCP 2.1 Information Disclosure
Posted Jun 30, 2012
Authored by BugsNotHugs

IBM DeveloperWorks ncp (Nigel's Capacity Planning) version 2.1 suffers from remote information disclosure vulnerabilities.

tags | exploit, remote, vulnerability, info disclosure
MD5 | bda451ef1986fd6616abd8f333d4aa19
IBM Edge Components Caching Proxy Cross Site Scripting
Posted Jun 30, 2012
Authored by BugsNotHugs

IBM Edge Components Caching Proxy suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4a9c6a54aa4b355c27df5b3ffad9ca9d
Basilic Remote Command Execution
Posted Jun 30, 2012
Authored by M.Razavi

Basilic, the automated bibliography server, suffers from a remote command execution vulnerability.

tags | exploit, remote
MD5 | 97dc11ba7d0c22360748d18183041393
Hadoop 1.0.3 Symlink
Posted Jun 30, 2012
Authored by Simon .

Hadoop version 1.0.3 suffers from a local privilege escalation symlink vulnerability.

tags | exploit, local
advisories | CVE-2012-2945
MD5 | ecbbc4966644371f61e31f36e9c255a4
Code Snippets 0.9 Insecure Session
Posted Jun 30, 2012
Authored by L3b-r1'z

Code Snippets version 0.9 fails to authenticate access to edit, add, and delete functionality.

tags | exploit
MD5 | 596c3baa372f247fdf6eb3ea9a2b39bb
Sun iPlanet Error Page Link Injection
Posted Jun 30, 2012
Authored by BugsNotHugs

Sun iPlanet suffers from an error page link injection issue.

tags | exploit
MD5 | 65bd55d9b4b7476c0cc6a17d7e0bb6c8
Zoom Player 4.51 Denial Of Service
Posted Jun 30, 2012
Authored by Dark-Puzzle

Zoom Player version 4.51 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 356c1a6b7b661d78542528b91618dea0
GIMP 2.8.0 Denial Of Service
Posted Jun 29, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

There is a file handling denial of service in GIMP (the GNU Image Manipulation Program) for the 'fit' file format affecting all versions (Windows and Linux) up to 2.8.0. A file in the fit format with a malformed 'XTENSION' header will cause a crash in the GIMP program. The flaw is triggered by opening a crafted 'fit' file or allowing the file explorer dialog to preview the file. Proof of concept included.

tags | exploit, denial of service, proof of concept
systems | linux, windows
advisories | CVE-2012-3236
MD5 | 9010e4009599ecb23e4c8ad1ffbd2957
Irfanview Plugins 4.33 Overflow
Posted Jun 29, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

IrfanView Formats PlugIn is prone to an overflow condition. The JLS Plugin (jpeg_ls.dll) library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, a context-dependent attacker could potentially execute arbitrary code. Proof of concept included. Irfanview Plugins version 4.33 is affected.

tags | exploit, overflow, arbitrary, proof of concept
systems | linux
advisories | CVE-2012-3585
MD5 | 19e2303aec22265a732c54a7f34abcc2
PHP Money Books 1.03 Stored Cross Site Scripting
Posted Jun 29, 2012
Authored by chap0

PHP Money Books version 1.03 suffers from stored cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
MD5 | 6b9da8d5a40f04f97fe6b20d8004ee1c
PC Tools Firewall Plus 7.0.0.123 Denial Of Service
Posted Jun 29, 2012
Authored by 0in

PC Tools Firewall Plus version 7.0.0.123 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | f6bac6e8c2b376f4ac64e15640be62af
SpecView 2.5 Build 853 Directory Traversal
Posted Jun 29, 2012
Authored by Luigi Auriemma | Site aluigi.org

SpecView versions 2.5 build 853 and below suffer from a remote directory traversal vulnerability.

tags | exploit, remote
MD5 | 9eef6ed8841e3f517eb5b136c095b3a7
PowerNet Twin Client 8.9 Stack Overflow
Posted Jun 29, 2012
Authored by Luigi Auriemma | Site aluigi.org

PowerNet Twin Client versions 8.9 and below suffer from a stack overflow vulnerability.

tags | exploit, overflow
systems | linux
MD5 | db43fc66775afd6136a274f67c10fd8e
Apple QuickTime TeXML Stack Buffer Overflow
Posted Jun 29, 2012
Authored by sinn3r, Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. The flaw is generally known as a bug while processing the 'transform' attribute, however, that attack vector seems to only cause a TerminateProcess call due to a corrupt stack cookie, and more data will only trigger a warning about the malformed XML file. This Metasploit module exploits the 'color' value instead, which accomplishes the same thing.

tags | exploit, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2012-0663, OSVDB-81934
MD5 | 85791f9a94c2dae702f38a6997745009
Openfire Admin Console Authentication Bypass
Posted Jun 29, 2012
Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in the administration console of Openfire servers. By using this vulnerability it is possible to upload/execute a malicious Openfire plugin on the server and execute arbitrary Java code. This Metasploit module has been tested against Openfire 3.6.0a. It is possible to remove the uploaded plugin after execution, however this might turn the server in some kind of unstable state, making re-exploitation difficult. You might want to do this manually.

tags | exploit, java, arbitrary, bypass
advisories | CVE-2008-6508, OSVDB-49663
MD5 | 99330c91d94ab9d7d7a596c52a05bf81
Lefigaro.fr Cross Site Scripting
Posted Jun 29, 2012
Authored by Th4 MasK

Lefigaro.fr suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6e8faccef683616e3637eedc903627c3
Internet Mobile Denial Of Service
Posted Jun 29, 2012
Authored by Dark-Puzzle

Internet Mobile suffers from a denial of service vulnerability that triggers an exception handler. Post exploitation the program must be reinstalled.

tags | exploit, denial of service
MD5 | 010b98b6e1dc049e70e99de23d774cfa
Hi-Media SQL Injection
Posted Jun 29, 2012
Authored by Mr.XpR

Hi-media suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 281c483dd8dcbac87a20b8c7c19321b0
B2CPrint Remote Shell Upload
Posted Jun 29, 2012
Authored by Mr.XpR

B2CPrint suffers from a remote ASP shell upload vulnerability.

tags | exploit, remote, shell, asp
MD5 | f5aa295b7d93548e976624a7ec2ec038
Kongregate.com Cross Site Scripting
Posted Jun 29, 2012
Authored by Th4 MasK

Kongregate.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5688558ef751c18e93484ecb651f6e7e
Ghana50.gov.gh Cross Site Scripting
Posted Jun 29, 2012
Authored by Th4 MasK

Ghana50.gov.gh suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 177a35367f04bee3be38baeec9dde872
TEMENOS T24 7 Cross Site Scripting
Posted Jun 29, 2012
Authored by Rehan Ahmed | Site rewterz.com

TEMENOS T24 Core Banking Solution System version 7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9ef09ea887f8fedb6c9c5c3657c1d560
Advanced MP3 Player Infusion 2.01 Shell Upload
Posted Jun 29, 2012
Authored by Sammy FORGIT

Advanced MP3 Player Infusion version 2.01 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 0c3acb88bd9551d03ba8fd4d82c8f5a6
JAKCMS 2.2.6 Shell Upload
Posted Jun 29, 2012
Authored by Sammy FORGIT

JAKCMS version 2.2.6 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 537ddf2f2d9b6fbbd7da2d4839e2ac41
Page 1 of 18
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Phishers Getting Smarter By Making Use Of User Location
Posted Oct 20, 2017

tags | headline, malware, cybercrime, fraud, phish
OSX Malware Spread Via Compromised Software Downloads
Posted Oct 20, 2017

tags | headline, malware, apple
Canadian Spooks Release Their Own Malware Detection Tool
Posted Oct 20, 2017

tags | headline, government, malware, canada, spyware
Judge: MalwareTech Is No Longer Under Curfew, GPS Monitoring
Posted Oct 20, 2017

tags | headline, hacker, government, malware, usa, conference
Microsoft Mocks Google For Failed Security Fix Deployment Methodology
Posted Oct 19, 2017

tags | headline, microsoft, flaw, google, chrome
Malicious Mineraft Apps In Google Play Enslave Your Device To A Botnet
Posted Oct 19, 2017

tags | headline, malware, microsoft, phone, botnet, google
OAIC Received 114 Voluntary Data Breach Notifications In Two Years
Posted Oct 19, 2017

tags | headline, hacker, privacy, australia, data loss
US-CERT Predicts Machine Learning To Become Security Risk
Posted Oct 19, 2017

tags | headline, flaw
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close