what you don't know can hurt you
Showing 1 - 25 of 47 RSS Feed

Files Date: 2008-11-20

Zero Day Initiative Advisory 08-076
Posted Nov 20, 2008
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to retrieve arbitrary files on systems with vulnerable installations of EMC Control Center SAN Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SAN Manager Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_SENDFILE requests the service does not validate the requestor allowing any remote attacker to download arbitrary files.

tags | advisory, remote, arbitrary, tcp
MD5 | 674545c3d3f0885dd630ad4bf3b66bd8
Zero Day Initiative Advisory 08-075
Posted Nov 20, 2008
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC Control Center SAN Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SAN Manager Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_CTGTRANS requests the process copies packet data into a fixed length stack buffer. Exploitation allows for arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
MD5 | baf5fcd61ddfffefe825752a5e5f8532
toursmanager-blindsql.txt
Posted Nov 20, 2008
Authored by XaDoS

ToursManager suffers from a blind SQL injection vulnerability in tourview.php.

tags | exploit, php, sql injection
MD5 | 5e27a04f7e19f49abc57d2ee531d4dae
phprsgal-sql.txt
Posted Nov 20, 2008
Authored by d3v1l

phpRS versions 2.6.x and 2.8.x suffer from a remote SQL injection vulnerability in gallery.php.

tags | exploit, remote, php, sql injection
MD5 | bd4ad4f70f69fe2928ed6db18879b1ab
Mandriva Linux Security Advisory 2008-233
Posted Nov 20, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2008-233 - A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code. In addition, the fixes for were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 (this was originally fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied. The updated packages have been patched to prevent these issues.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2005-0706, CVE-2008-5030
MD5 | 9c756b2e28e8d3771c77fdb2f9600b6d
java2-malware.pdf
Posted Nov 20, 2008
Authored by Aodrulez | Site aodrulez.blogspot.com

Whitepaper entitled Java 2 Micro Edition (J2ME or Java ME) Based Computer Malware Propagation Technique.

tags | paper, java
MD5 | cc003c84ac29ef11a21f2991097237f1
ora_dv_mem_off.c
Posted Nov 20, 2008
Authored by Jakub Wartak

Oracle Database Vault runtime disabler that uses ptrace.

tags | exploit
MD5 | 41a415aa82e8cb85c9d4f7d54f9cbc32
natterchat-sql.txt
Posted Nov 20, 2008
Authored by Stack | Site v4-team.com

Natterchat versions 1.12 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 2701b6b703102dcf9d76e5d299bf1b5c
php526-bypass.txt
Posted Nov 20, 2008
Authored by Maksymilian Arciemowicz | Site securityreason.com

PHP version 5.2.6 suffers from an error_log related safe_mode bypass vulnerability.

tags | exploit, php, bypass
MD5 | 087c3ce557a1ecebeee0cf1aab63fb5d
phpfusion7001-sql.txt
Posted Nov 20, 2008
Authored by irk4z

PHP-Fusion version 7.00.1 remote SQL injection exploit that makes use of messages.php.

tags | exploit, remote, php, sql injection
MD5 | d59e51b2dc5f5391687c97ac49e609f6
social-sql.txt
Posted Nov 20, 2008
Authored by David "Aesthetico" Vieira-Kurz

Social Engine versions 2.7 and below suffer from remote SQL injection and cookie manipulation vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 758d1b4945924dfe4bb76542988dab31
vbulletin-xssxsrf.txt
Posted Nov 20, 2008
Authored by Mx

The Visitor Messages add-on for vBulletin version 3.7.3 suffers from cross site scripting and cross site request forgery vulnerabilities. This is a worm exploit that takes advantage of these issues.

tags | exploit, worm, vulnerability, xss, csrf
MD5 | a4bd6a31749a23236f15aac1e67d2032
askpert-sql.txt
Posted Nov 20, 2008
Authored by TR-ShaRk

AskPert suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 12573dddae1f6c71d57f5d8527f8dcc1
return-to-libc-linux.txt
Posted Nov 20, 2008
Authored by Jeremy Brown | Site jbrownsec.blogspot.com

Brief whitepaper discussing return to LIBC exploitation on Linux.

tags | paper
systems | linux
MD5 | f26ae137d661666b5f6007106966c68a
stack-overflow-linux.txt
Posted Nov 20, 2008
Authored by Jeremy Brown | Site jbrownsec.blogspot.com

Brief whitepaper discussing stack overflow exploit on Linux.

tags | paper, overflow
systems | linux
MD5 | 543012dabf952e42181c2d4cb8c71714
backlinkspider-sql.txt
Posted Nov 20, 2008
Authored by d3v1l

The BackLinkSpider Exchange Links script suffers from remote SQL injection vulnerabilities in links.asp and links.php.

tags | exploit, remote, php, vulnerability, sql injection, asp
MD5 | 4a61726e2c223e482fc8c834067d96b7
exodus-injection.txt
Posted Nov 20, 2008
Authored by Nine:Situations:Group | Site retrogod.altervista.org

Exodus version 0.10 suffers from an URI handler arbitrary parameter injection vulnerability.

tags | exploit, arbitrary
MD5 | c0c091b687a3e2eccfb4d3201993ab31
wportfolio-upload.txt
Posted Nov 20, 2008
Authored by Osirys

wPortfolio versions 0.3 and below remote arbitrary file upload exploit.

tags | exploit, remote, arbitrary, file upload
MD5 | a6d0b79dc4160fd1a42267f9f46dbf37
smallest_setuid_execve_sc.c
Posted Nov 20, 2008
Authored by vlan7 | Site vlan7.blogspot.com

26 byte (the smaller) GNU/Linux x86 setuid/execve shellcode without NULLs.

tags | x86, shellcode
systems | linux
MD5 | 555182da9a4a0a07f261cc1b9a164f39
boastmachine-sql.txt
Posted Nov 20, 2008
Authored by IRCRASH | Site ircrash.com

BoastMachine version 3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a68e3a773a51a05f93575744cf367a59
HP Security Bulletin 2008-00.59
Posted Nov 20, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM).The vulnerabilities could be exploited remotely to allow cross site scripting (XSS).

tags | advisory, vulnerability, xss
advisories | CVE-2007-6388, CVE-2007-5000
MD5 | 95772fbd64f5296b53746839ca3c082f
punportal-lfi.txt
Posted Nov 20, 2008
Authored by StAkeR

PunPortal PunBB module version 0.1 local file inclusion exploit.

tags | exploit, local, file inclusion
MD5 | c74197b9cc2ffa66839c60e8759a6b6a
prejobboard-sql.txt
Posted Nov 20, 2008
Authored by R3d-D3v!L | Site ahacker.net

Pre Job Board suffers from a SQL injection vulnerability that allows for authentication bypass.

tags | exploit, sql injection
MD5 | cce036725cb757bbdfeadad1f0e18b75
Secunia Security Advisory 32820
Posted Nov 20, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in SystemImager, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
MD5 | 015e95b9af10a2ef3f6cb8c104b65310
Secunia Security Advisory 32800
Posted Nov 20, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HP has acknowledged some vulnerabilities in OpenView Network Node Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | fed2b7ef79706f48e592d7a740daed6a
Page 1 of 2
Back12Next

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close