exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2007-09-30

netkamp-sql.txt
Posted Sep 30, 2007
Authored by GeFORC3

Netkamp Emlak Scripti is susceptible to a SQL injection vulnerability.

tags | exploit, sql injection
MD5 | 479f21229fd30636abe00776856203c4
ohesa-sql.txt
Posted Sep 30, 2007
Authored by GeFORC3

Ohesa Emlak Portal is susceptible to a SQL injection vulnerability.

tags | exploit, sql injection
MD5 | 4ac9fe286f730946c3002dcd93578185
Ubuntu Security Notice 522-1
Posted Sep 30, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 522-1 - It was discovered that OpenSSL did not correctly perform Montgomery multiplications. Local attackers might be able to reconstruct RSA private keys by examining another user's OpenSSL processes. Moritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers function did not correctly check the size of the buffer it was writing to. A remote attacker could exploit this to write one NULL byte past the end of an application's cipher list buffer, possibly leading to arbitrary code execution or a denial of service.

tags | advisory, remote, denial of service, arbitrary, local, code execution
systems | linux, ubuntu
advisories | CVE-2007-3108, CVE-2007-5135
MD5 | 81a8377a3cae000f1224491d8f4272e7
Debian Linux Security Advisory 1378-2
Posted Sep 30, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1378-2 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian
advisories | CVE-2007-3731, CVE-2007-3739, CVE-2007-3740, CVE-2007-4573, CVE-2007-4849
MD5 | 04adbac7175324943e6ca6d65e6bbeae
gmailsteal_remote.scpt.txt
Posted Sep 30, 2007
Authored by poplix | Site px.dynalias.org

This script can be used to steal G-Mail's keychained password by injecting javascript into Safari. When executed it opens G-Mail's login page, reads the saved password and sends it to a logging server by creating an hidden iframe into G-Mail's page.

tags | exploit, javascript
MD5 | f25867c70c9f1546c6cf772d9272279f
gmailsteal_local.scpt.txt
Posted Sep 30, 2007
Authored by poplix | Site px.dynalias.org

This script can be used to steal G-Mail's keychained password by injecting javascript into Safari. When executed it opens G-Mail's login page, reads the saved password and prompts it into an alert box.

tags | exploit, javascript
MD5 | be54b1b330d258fc5c3ba6851cf17ef2
tor01216-rewrite.txt
Posted Sep 30, 2007
Authored by elgCrew

Tor versions below 0.1.2.16 ControlPort remote rewrite exploit.

tags | exploit, remote
MD5 | 77fb45cee39d5aa961bd1a6a6c903981
mxbb233-rfi.txt
Posted Sep 30, 2007
Authored by bd0rk | Site soh-crew.it.tt

mxBB module mx_glance version 2.3.3 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | f1a59522809926ca8a5303cd24e61e87
mambads-sql.txt
Posted Sep 30, 2007
Authored by Sniper456

Mambo component Mambads versions 1.5 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 565d5c84f94276d614a70859dfc5be3c
mdpro1076-sql.txt
Posted Sep 30, 2007
Authored by undefined1_ | Site undefl.com

MDPro version 1.0.76 remote SQL injection exploit.

tags | exploit, remote, sql injection
MD5 | be9f59bdeda566615762fe43be96f463
zomplog381-upload.txt
Posted Sep 30, 2007
Authored by InATeam | Site inattack.ru

Zomplog versions 3.8.1 and below suffer form an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | a2253be0b71c1d9a269546061ca4b6f5
pmm-rfi.txt
Posted Sep 30, 2007
Authored by 0in

Public Media Manager versions 1.3 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | f49a36f127f9c16d09d6e979010f8e84
phfito-rfi.txt
Posted Sep 30, 2007
Authored by w0cker

PhFiTo version 1.3.0 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | d18f9943c293e24203033ee2ea38b258
nmapstripper-1.3.1.tar.gz
Posted Sep 30, 2007
Authored by Marshall Whittaker | Site fluxnet.no-ip.org

Nmap Log Stripper is a Bash script intended to be a way to condense all, or some, of the IPs of a "random" (-iR) Nmap scan into a file for later usage. Common uses are to be able to feed the file back into nmap with the -iL switch, or feeding it into another port or vulnerability scanner of your choice. Stripper supports stripping the Nmap log of all but the IPs of hosts running a certain service, a version of a service, or even an arbitrary banner, and writing them to a file.

Changes: Various fixes including the removal of a backdoor.
tags | tool, arbitrary, nmap, bash
systems | unix
MD5 | 4be0eeb3d5c5dd7da75ebeedf2d020f6
Mandriva Linux Security Advisory 2007.190
Posted Sep 30, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability was discovered in KDM by Kees Huijgen where under certain circumstances and in particular configurations, KDM could be tricked into allowing users to login without a password.

tags | advisory
systems | linux, mandriva
advisories | CVE-2007-4569
MD5 | 9be7857e3066a43ebdd940e6aa5d3048
Ubuntu Security Notice 521-1
Posted Sep 30, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 521-1 - Luigi Auriemma discovered that libmodplug did not properly sanitize its input. A specially crafted AMF file could be used to exploit this situation to cause buffer overflows and possibly execute arbitrary code as the user.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2006-4192
MD5 | bc77e9b2d2f87a175182f634fa4a1e79
Trustix Secure Linux Security Advisory 2007.6
Posted Sep 30, 2007
Authored by Chris Clark | Site isecpartners.com

A vulnerability results from the Net::HTTPS library from Ruby versions 1.8.5 and 1.8.6 failing to validate the name on the SSL certificate against the DNS name requested by the user. By not validating the name, the library allows an attacker to present a cryptographically valid certificate with an invalid CN.

tags | advisory, web, ruby
MD5 | f43ab01ee2c728fcf04ea146cfb06364
Page 1 of 1
Back1Next

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    26 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    2 Files
  • 9
    May 9th
    2 Files
  • 10
    May 10th
    13 Files
  • 11
    May 11th
    17 Files
  • 12
    May 12th
    22 Files
  • 13
    May 13th
    11 Files
  • 14
    May 14th
    9 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close