exploit the possibilities
Showing 1 - 25 of 44 RSS Feed

Files Date: 2008-09-10

fslint-2.28.tar.gz
Posted Sep 10, 2008
Authored by pixelbeat | Site pixelbeat.org

FSlint is a toolkit to find various forms of lint on a filesystem. At the moment it reports duplicate files, bad symbolic links, troublesome file names, empty directories, non stripped executables, temporary files, duplicate/conflicting (binary) names, and unused ext2 directory blocks.

Changes: Updated multiple translations. Various fixes and improvements added as well.
tags | tool
systems | unix
MD5 | e6a9946f7db9cbdb15f70a9fe79470fc
freebsd-passwd.txt
Posted Sep 10, 2008
Authored by suN8Hclf | Site dark-coders.pl

112 byte connect back.send.exit /etc/passwd shellcode for freebsd/x86.

tags | x86, shellcode
systems | freebsd
MD5 | ad40ce2cd1eeffef8b92f3bf97d31a30
Secunia Security Advisory 31760
Posted Sep 10, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities with unknown impacts have been reported in MyBB.

tags | advisory, vulnerability
MD5 | bd6375261c7cef37b63229edc1ceebc4
ephpcms-sql.txt
Posted Sep 10, 2008
Authored by Hussin X | Site tryag.cc

E-PHP CMS suffers from a remote SQL injection vulnerability in article.php.

tags | exploit, remote, php, sql injection
MD5 | e0f5a5437c1facad4b460eb67b644268
ISVA-080910.1.txt
Posted Sep 10, 2008
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - Microsoft Office OneNote suffers from a URL handling vulnerability.

tags | advisory
MD5 | ddc8f621352ec7a37eb5b9e91442b17b
mswin-wmf.txt
Posted Sep 10, 2008
Site assurent.com

A vulnerability has been discovered in the Graphics Rendering Engine (GRE) component of Microsoft Windows. Specifically this vulnerability is exposed by the Microsoft Windows GDI+ subsystem. The vulnerability is created by an error in parsing certain Windows Metafile (WMF) files, a standard image file format used by many commonly-used software applications. . A successful code execution attempt will result in arbitrary code to be executed within the security privileges of the currently logged in user. An unsuccessful attack attempt will result in abnormal termination of the program used for opening the malicious file.

tags | advisory, arbitrary, code execution
systems | windows
advisories | CVE-2008-3014
MD5 | bd3f12317c7aa31e6a2b2006da6222aa
wordpress261-admin.txt
Posted Sep 10, 2008
Authored by iso^kpsbr

Wordpress version 2.6.1 SQL column truncation admin account takeover exploit.

tags | exploit, add administrator
MD5 | 747cd989210b7227db943246b485f33c
zanficms-upload.txt
Posted Sep 10, 2008
Authored by S.W.A.T. | Site xmors.com

Zanfi CMS Lite / Jaw Portal Free suffer from a remote arbitrary file upload vulnerability.

tags | exploit, remote, arbitrary, file upload
MD5 | 3aa594d7ee79dbe50ff5027e884ed000
CVE-2008-2938.txt
Posted Sep 10, 2008
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2008-2938
MD5 | 2238064b9e6d25458d2fdd3cfbc5d33f
offensive-xss.txt
Posted Sep 10, 2008
Authored by IMC Graham Phisher | Site insanemasterminds.com

Offensive XSS 101 - A small write up discussing basic logistics and methodologies for cross site scripting.

tags | paper, web, xss
MD5 | ff743728769e4d19e29c5c93f8b006c1
phpvid11-sql.txt
Posted Sep 10, 2008
Authored by r45c4l | Site darkc0de.com

phpVID version 1.1 suffers from blind SQL injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
MD5 | f9dc607faca004fd1db04b989d76d40e
Secunia Security Advisory 31842
Posted Sep 10, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in various Horde products, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, vulnerability
MD5 | 50d6cbc7c330a36c949f31abf19784b2
iDEFENSE Security Advisory 2008-09-09.2
Posted Sep 10, 2008
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 09.09.08 - Remote exploitation of an integer overflow in Apple Inc.'s QuickTime could allow an attacker to execute arbitrary code in the security context of the current user. QuickTime is vulnerable to an integer overflow vulnerability when handling malformed PICT files. This issue results in heap corruption which can lead to arbitrary code execution. Apple Inc.'s QuickTime versions 7.4.5 and 7.4 have been confirmed to be vulnerable to this issue. Older versions are also suspected to be vulnerable.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2008-3614
MD5 | 94acb16d922a4c6d1b5f3c2d3557ab98
iDEFENSE Security Advisory 2008-09-09.1
Posted Sep 10, 2008
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 09.09.08 - Remote exploitation of an integer overflow vulnerability in multiple versions of Microsoft Corp.'s GDI+ could allow an attacker to execute arbitrary code within the context of the local user. The vulnerability specifically exists in the memory allocation performed by the GDI+ library. Certain malformed gradient fill input can cause the application to corrupt the heap, potentially allowing arbitrary code execution. iDefense Labs confirmed this vulnerability affects Internet Explorer 7 and Internet Explorer 6 on the Microsoft Windows XP SP2 platform.

tags | advisory, remote, overflow, arbitrary, local, code execution
systems | windows, xp
advisories | CVE-2007-5348
MD5 | 47d3ff7a323e1ca6088891deff626356
Zero Day Initiative Advisory 08-062
Posted Sep 10, 2008
Authored by Tipping Point, Subreption LLC | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of mov video files in QuickTimeH264.scalar. A maliciously crafted MDAT atom can cause a heap corruption resulting in the execution of arbitrary code under the context of the current user.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2008-3627
MD5 | 04af60ee75d56efe65d3005266207655
Zero Day Initiative Advisory 08-061
Posted Sep 10, 2008
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of MP4 video files in QuickTimeH264.qtx. A maliciously crafted MDAT atom can cause a heap corruption resulting in the execution of arbitrary code.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2008-3627
MD5 | 4071e5a6b1d13e51e0fa5f410995f260
Zero Day Initiative Advisory 08-060
Posted Sep 10, 2008
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of AVC1 atoms. An integer overflow condition is present that can result in a heap chunk being under-allocated. This heap corruption can be further leveraged to execute arbitrary code under the context of the current user.

tags | advisory, overflow, arbitrary
systems | apple
advisories | CVE-2008-3627
MD5 | 7ea76852f14aa48b40372f2768529f31
Zero Day Initiative Advisory 08-059
Posted Sep 10, 2008
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of STSZ atoms within the function CallComponentFunctionWithStorage(). When an entry in the sample_size_table is too large, a memory corruption occurs which can be further leveraged to execute arbitrary code under the context of the current user.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2008-3626
MD5 | 7996dc0e79ee79ec2c1779afe11470ba
Zero Day Initiative Advisory 08-058
Posted Sep 10, 2008
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of panorama track PDAT atoms. When the maxTilt, minFieldOfView and maxFieldOfView elements are corrupted, a stack buffer overflow occurs which can be further leveraged to execute arbitrary code under the context of the current user.

tags | advisory, remote, overflow, arbitrary
systems | apple
advisories | CVE-2008-3625
MD5 | 4462b8637f4be3a8f8905fba0b4eb6b5
Zero Day Initiative Advisory 08-057
Posted Sep 10, 2008
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of QuickTime files that utilize the Indeo video codec. A lack of proper bounds checking within QuickTimeInternetExtras.qtx can result in a stack based buffer overflow leading to arbitrary code execution under the context of the currently logged in user.

tags | advisory, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2008-3635
MD5 | 280d4a865b63a285591cc1ca996d8377
SQL_Smuggling.pdf
Posted Sep 10, 2008
Authored by Avi Douglen

This paper will present a new class of attack, called SQL Smuggling. SQL Smuggling is a sub-class of SQL Injection attacks that rely on differences between contextual interpretation performed by the application platform and the database server. While numerous instances of SQL Smuggling are commonly known, it has yet to be examined as a discrete class of attacks, with a common root cause. The root cause in fact has not yet been thoroughly investigated; this research is a result of a new smuggling technique, presented in this paper. It is fair to assume that further study of this commonality will likely lead to additional findings in this area.

tags | paper, root, sql injection
MD5 | afe9f129fa7215ce9fe77b55506e4f80
hotlinks-sql.txt
Posted Sep 10, 2008
Authored by r45c4l | Site darkc0de.com

Hot Links SQL-PHP versions 3 and below suffer from a remote SQL injection vulnerability in news.php.

tags | exploit, remote, php, sql injection
MD5 | 95101d606a76a667f061a16a15eed369
libera-sql.txt
Posted Sep 10, 2008
Authored by StAkeR

Libera CMS versions 1.12 and below suffer from a remote SQL injection vulnerability using the cookie.

tags | exploit, remote, sql injection
MD5 | 8682fb9bb723b4e0d1aceed7453320d8
zanficms-lfi.txt
Posted Sep 10, 2008
Authored by SirGod | Site insecurity.ro

Zanfi CMS lite version 1.2 suffers from multiple local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
MD5 | 28c1549101a4a1337a0b6cc15c42033e
kimwebsites-upload.txt
Posted Sep 10, 2008
Authored by Ciph3r

Kim Websites version 1.0 suffers from a remote arbitrary file upload vulnerability.

tags | exploit, remote, arbitrary, file upload
MD5 | d6b8937b7c5aa20ed739cf54e3de6a94
Page 1 of 2
Back12Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    11 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close