exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 38 RSS Feed

Files Date: 2008-01-28

uninformed-vol9.tgz
Posted Jan 28, 2008
Authored by Matt Miller, warlord, I)ruid, Skywing, uninformed | Site uninformed.org

Uninformed is pleased to announce the release of its ninth volume. This volume includes 4 articles on reverse engineering and exploitation technology. These articles include - Engineering in Reverse: An Objective Analysis of the Lockdown Protection System for Battle.net. Exploitation Technology: ActiveX - Active Exploitation. Exploitation Technology: Context-keyed Payload Encoding. Exploitation Technology: Improving Software Security Analysis using Exploitation Properties.

tags | activex
SHA-256 | 23204c2fa4fa808fc62b756a27911c4c41e187e0ee04cf3d9b776e2b1c45f249
endian-xss.txt
Posted Jan 28, 2008
Authored by syniack | Site bsecure.net.pk

The Endian Firewall version 2.1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2761b01b4d40f21655e1a04883fb4031535e7c3d2f8e353ff184c18217f2aae1
vbmarketing-lfi.txt
Posted Jan 28, 2008
Authored by Sw33t h4cK3r

VB Marketing suffers from a local file inclusion vulnerability in tseekdir.cgi.

tags | exploit, local, cgi, file inclusion
SHA-256 | 386ad089962e0a331fc2aeb9419f01a49188ca0efac08136e45101a21a66e972
Core Security Technologies Advisory 2007.1219
Posted Jan 28, 2008
Authored by Core Security Technologies, Alfredo Ortega, Damian Frizza | Site coresecurity.com

Core Security Technologies Advisory - The Firebird database manager contains an integer overflow in the processing of certain tags on the XDR protocol used for communication with the server. Version vulnerable include Firebird SQL 1.0.3 and before, 1.5.5 and before, 2.0.3 and before, and 2.1.0 Beta 2 and before.

tags | exploit, overflow, protocol
advisories | CVE-2008-0387
SHA-256 | 049362d5b2e4e09658272b9a1503df66c276926189db05c55ad7bfdb78bb1d0c
wpfgallery-sql.txt
Posted Jan 28, 2008
Authored by H-T Team | Site no-hack.fr

The Wordpress fGallery plugin version 2.4.1 suffers from a SQL injection vulnerability in firmrss.php.

tags | exploit, php, sql injection
SHA-256 | 7d542e8ed1b55d65e6b49a54eb524cfc4a297f3172fd742fa758eb0b6d3a316c
wpcal-sql.txt
Posted Jan 28, 2008
Authored by H-T Team | Site no-hack.fr

The Wordpress WP-Cal plugin version 0.3 suffers from a SQL injection vulnerability in editevent.php.

tags | exploit, php, sql injection
SHA-256 | 047566e2c220544bab7a52769d11489d306d123733102300f4112747dccd8cb7
bubbling-lfi.txt
Posted Jan 28, 2008
Authored by Stack-Terrorist | Site v4-team.com

The Bubbling Library version 1.32 suffers from multiple local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | 69765615987118a20ea833a5b5af9cbff352a4acfd80efa2e16e3afc161c87bf
simple32-xss.txt
Posted Jan 28, 2008
Authored by tomplixsee

Simple Forum version 3.2 suffers from file disclosure and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c519964329b114e8d760a77e6a685612e9b12ead3d55187f74e177968841bad4
mambo-xssxsrf.txt
Posted Jan 28, 2008
Authored by AmnPardaz Security Research Team | Site bugreport.ir

Mambo version 4.6.3 suffers from path disclosure, cross site scripting, cross site request forgery, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, csrf
SHA-256 | 11fd34395ce14c48e3d329b487a2ffb8e5f8d0ce02bab9147296b7bf6926edd3
Secunia Security Advisory 28655
Posted Jan 28, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - nnposter has reported a vulnerability in F5 BIG-IP Application Security Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | debc1d44ad71170d2fba979b4a0714a585304778a24ac410eb1d780deeedc7d6
Secunia Security Advisory 28662
Posted Jan 28, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in CandyPress Store, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 3887f96914facdba972ec08deff6ad37812041b31bea294386285f5bc6fc802a
framework-3.1.tar.gz
Posted Jan 28, 2008
Authored by H D Moore | Site metasploit.com

The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

Changes: The latest incarnation of the framework includes a bristling arsenal of exploit modules that are sure to put a smile on the face of every information warrior. Notable exploits in the 3.1 release include a remote, unpatched kernel-land exploit for Novell Netware, written by toto, a series of 802.11 fuzzing modules that can spray the local airspace with malformed frames, taking out a wide swath of wireless-enabled devices, and a battery of exploits targeted at Borland's InterBase product line.
tags | tool, ruby
systems | unix
SHA-256 | dda9009180f2f6c72446afb6c8e1a755810698fee39e22d94bd033d712b69f84
clansphere-disclose.txt
Posted Jan 28, 2008
Authored by p4imi0

ClanSphere version 2007.4.4 suffers from a remote file disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | a7b24c05d9b1513e2fb809a2ba8b468ada1abdb15005daa3a9e8fa01cd5d3711
nipper-0.11.3.zip
Posted Jan 28, 2008
Authored by Ian Ventura-Whiting | Site nipper.titania.co.uk

nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing. This is the Windows version.

Changes: This release improves support for SonicWALL SonicOS firewalls, Cisco PIX / ASA / FWSM firewalls, CheckPoint Firewall-1 and Nokia IP firewalls.
systems | cisco, windows, juniper
SHA-256 | 47520bff7fb56027f4f9be5624fe8b097c9f7584e592d2c4d88351bae023e747
nipper-0.11.3.tgz
Posted Jan 28, 2008
Authored by Ian Ventura-Whiting | Site nipper.titania.co.uk

nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing.

Changes: This release improves support for SonicWALL SonicOS firewalls, Cisco PIX / ASA / FWSM firewalls, CheckPoint Firewall-1 and Nokia IP firewalls.
systems | cisco, juniper
SHA-256 | 1e09de2e8206bd86d6775b0b4c4a7fe4dcfe636dcb0821c1f5584fe4157b4e1d
eticket156-xss.txt
Posted Jan 28, 2008
Authored by Alessandro Tanasi | Site tanasi.it

eTicket version 1.5.6-RC4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5c28a89d9866f0b6b900fbca6c5f86e59645564048de68cb55ce474a307852ea
phpip-sql.txt
Posted Jan 28, 2008
Authored by Charles Hooper

phpIP version 4.3.2 suffers from numerous SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection
SHA-256 | 6c1a3c40f46f705114b15018c36dcbb0c5b9ff5e18e3124f43189359ffd1dfdc
aspired-sql.txt
Posted Jan 28, 2008
Site aria-security.net

ASPired2Protect suffers from a login bypass vulnerability via SQL injection.

tags | exploit, sql injection, bypass
SHA-256 | ca2eea31b502c72b6b8565b81bdc647fe49fddb0bb704fe7e5e21a056c7585f8
statcounter-expose.txt
Posted Jan 28, 2008
Authored by Gianni Amato

Statcounter.com was susceptible to a remote credential disclosure vulnerability.

tags | advisory, remote
SHA-256 | f78aa90af0b889ce27d5934a0084dc1edccdd2fee270b731cde7ef3e73249276
oracle-dropsql.txt
Posted Jan 28, 2008
Authored by Sh2kerr | Site dsecrg.com

Oracle 10g R1 xdb.xdb_pitrig_pkg.pitrig_drop SQL injection exploit that changes the system password.

tags | exploit, sql injection
SHA-256 | 09f212700f03bbc061c6451881af6f4f48e1044a3d2ee32a479c24063ef6a259
oracle-truncatesql.txt
Posted Jan 28, 2008
Authored by Sh2kerr | Site dsecrg.com

Oracle 10g R1 xdb.xdb_pitrig_pkg.pitrig_truncate SQL injection exploit that grabs password hashes.

tags | exploit, sql injection
SHA-256 | 86f4d3757762e79f037895d1489b92f16c57f753e5979972b0d765d12247fbfb
oracle-pitrigsql.txt
Posted Jan 28, 2008
Authored by Sh2kerr | Site dsecrg.com

Oracle 10g R1 xdb.xdb_pitrig_pkg.pitrig_drop SQL injection exploit that grabs password hashes.

tags | exploit, sql injection
SHA-256 | 4a5e9c7385fc08b30bdeda08fb53856cad444bdd11e613f300b8767e710c033c
oracle-xdboverflow.txt
Posted Jan 28, 2008
Authored by Sh2kerr | Site dsecrg.com

Oracle 10g R1 xdb.xdb_pitrig_pkg.pitrig_truncate buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
SHA-256 | 54d9ffbf19acfdb085440aa8eb8e8e04745be17094a93099bae803beefd4ff64
Fwknop Port Knocking Utility
Posted Jan 28, 2008
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Added ENABLE_OUTPUT_ACCESS keyword to access.conf file parsing. Added command line argument display to fwknop client --verbose mode. Various other extensive updates and additions.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | 9c097761644f7cbf79a72b6aadd95384ab2965187bb8d9f8346c7de9905db08d
phpress-sql.txt
Posted Jan 28, 2008
Authored by Hasadya Raed

PhPress version 0.3.0 leaks SQL information via allowing direct arbitrary access to the data.

tags | advisory, arbitrary, sql injection
SHA-256 | 0de7f6f8f0c7bdeceeb71a7a3c81f7bf6bb278635b03bc4b5aa46d06d3c3010d
Page 1 of 2
Back12Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close