Exploit the possiblities
Showing 1 - 25 of 953 RSS Feed

Files Date: 2008-12-01 to 2008-12-31

Bloofox CMS 0.3.4 Local File Inclusion
Posted Dec 30, 2008
Authored by fuzion

Bloofox CMS version 0.3.4 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 214f7790e54308adf9a9cf84f1a738ab
ClaSS 0.8.6.0 File Disclosure
Posted Dec 30, 2008
Authored by fuzion

ClaSS version 0.8.60 and below suffer from remote file disclosure vulnerabilities.

tags | exploit, remote, vulnerability
MD5 | 144eea27b6cb839650a81a85a418a621
Ubuntu Security Notice 700-1
Posted Dec 30, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-700-1 - Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives. If a user or automated system were tricked into opening a specially crafted tar file, a remote attacker could over-write arbitrary files. Tavis Ormandy and Will Drewry discovered that Perl did not correctly handle certain utf8 characters in regular expressions. If a user or automated system were tricked into using a specially crafted expression, a remote attacker could crash the application, leading to a denial of service. Ubuntu 8.10 was not affected by this issue. A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06 and 8.10 were not affected by this issue. A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected by this issue.

tags | advisory, remote, denial of service, arbitrary, local, perl
systems | linux, ubuntu
advisories | CVE-2007-4829, CVE-2008-1927, CVE-2008-5302, CVE-2008-5303
MD5 | 65a3adf90302db633e4eb6ec2740caba
Gentoo Linux Security Advisory 200812-24
Posted Dec 30, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-24 - Multiple vulnerabilities in VLC may lead to the remote execution of arbitrary code. Versions less than 0.9.8a are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5032, CVE-2008-5036, CVE-2008-5276
MD5 | afec13854b9f525ff9f43ffe0d228df1
Gentoo Linux Security Advisory 200812-23
Posted Dec 30, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-23 - A buffer overflow vulnerability has been discovered in Imlib2. Julien Danjou reported a pointer arithmetic error and a heap-based buffer overflow within the load() function of the XPM image loader. Versions less than 1.4.2-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2008-5187
MD5 | f36f76defa7313385c3af139d9d1c8ac
Gentoo Linux Security Advisory 200812-22
Posted Dec 30, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-22 - An insecure temporary file usage has been reported in Ampache, allowing for symlink attacks. Dmitry E. Oboukhov reported an insecure temporary file usage within the gather-messages.sh script. Versions less than 3.4.3 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2008-3929
MD5 | 6fe9149cb6c50424e826a2b986308f87
Gentoo Linux Security Advisory 200812-21
Posted Dec 30, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-21 - Two vulnerabilities in ClamAV may allow for the remote execution of arbitrary code or a Denial of Service. Moritz Jodeit reported an off-by-one error within the get_unicode_name() function in libclamav/vba_extract.c when processing VBA project files (CVE-2008-5050). Ilja van Sprundel reported an infinite recursion error within the cli_check_jpeg_exploit() function in libclamav/special.c when processing JPEG files (CVE-2008-5314). Versions less than 0.94.2 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5050, CVE-2008-5314
MD5 | 726a95c30e8603b9e4641b9ad06dadfa
STARS - A RATS Front-End Written In Python
Posted Dec 30, 2008
Authored by Benjamin Lull

STAR is a front-end written in Python for the Rough Auditing Tool for Security (RATS). This is the source release. Simply run "python setup.py install" and then run "star".

tags | python
systems | unix
MD5 | cf3770cc90560dea6635f166bc2d06fd
Getleft 1.2 Buffer Overflow
Posted Dec 30, 2008
Authored by koshi

Getleft version 1.2 proof of concept buffer overflow exploit that causes a denial of service condition.

tags | exploit, denial of service, overflow, proof of concept
MD5 | f8d426b4f7bf2ea99d8efc851ce81c3e
CMS NetCat 3.12 SQL Injection / XSS / LFI
Posted Dec 30, 2008
Authored by s4avrd0w

CMS NetCat versions 3.12 and below suffer from local file inclusion, blind SQL injection, cross site scripting, HTTP response splitting, and CRLF injection vulnerabilities.

tags | exploit, web, local, vulnerability, xss, sql injection, file inclusion
MD5 | 2b6d148eef3cc802aaa4fc47dd17ccf3
CMS NetCat 3.12 Blind SQL Injection Exploit
Posted Dec 30, 2008
Authored by s4avrd0w

CMS NetCat version 3.12 blind SQL injection exploit that makes use of password_recovery.php.

tags | exploit, php, sql injection
MD5 | 887d6bb05c24e7f99b98a407522f551e
Ubuntu Security Notice 677-2
Posted Dec 30, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-677-2 - USN-677-1 fixed vulnerabilities in OpenOffice.org. The changes required that openoffice.org-l10n also be updated for the new version in Ubuntu 8.04 LTS. Multiple memory overflow flaws were discovered in OpenOffice.org's handling of WMF and EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. Dmitry E. Oboukhov discovered that senddoc, as included in OpenOffice.org, created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS.

tags | advisory, remote, overflow, arbitrary, local, vulnerability
systems | linux, ubuntu
MD5 | c5ce60e29ca1d9ec61428d86ae3b05f8
Digital Defense VRT Advisory 2008.16
Posted Dec 30, 2008
Authored by Digital Defense, Corey LeBleu, r@b13$ | Site digitaldefense.net

The Citrix Broadcast Server administrative login page is vulnerable to trivial SQL injections via the txtUID HTTP POST parameter. An attacker could leverage this flaw to obtain unauthorized access to the web interface or to extract data from the database via blind SQL injection.

tags | advisory, web, sql injection
MD5 | 657e79ffbf7ce2e8ad204969e22dbf2f
Ubuntu Security Notice 698-3
Posted Dec 30, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-698-3 - It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.

tags | advisory, web, arbitrary, csrf
systems | linux, ubuntu
advisories | CVE-2008-5027, CVE-2008-5028
MD5 | a7ec34bbabf9efacbbc0c7554ba52dbb
PHPmotion 2.1 Cross Site Request Forgery
Posted Dec 30, 2008
Authored by Ausome1 | Site enigmagroup.org

PHPmotion versions 2.1 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 783a6277cf996e21f0403e1d8ef1706c
StormBoard 1.0.1 SQL Injection
Posted Dec 30, 2008
Authored by Samir-M

StormBoard version 1.0.1 suffers from a remote SQL injection vulnerability in thread.php.

tags | exploit, remote, php, sql injection
MD5 | 136d609447d36eadbdff7d693a028cb5
Psi Jabber Client Denial Of Service
Posted Dec 30, 2008
Authored by sha0

Psi Jabber Client remote denial of service exploit that targets tcp port 8010.

tags | exploit, remote, denial of service, tcp
MD5 | 2fe5e34619d03ee04a9aa3761396fcf8
PHP Desktop 9.0.6 Denial Of Service
Posted Dec 30, 2008
Authored by Evilcry | Site evilcry.altervista.org

PGP Desktop version 9.0.6 local denial of service exploit that uses PGPwded.sys.

tags | exploit, denial of service, local
MD5 | 8ff8418c7176bd8204f6f1379436f395
phpEmployment Arbitrary File Upload
Posted Dec 30, 2008
Authored by ahmadbady

phpEmployment suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | fef5a8cc65120272a034496d3d76d001
phpAdBoard Arbitrary File Upload
Posted Dec 30, 2008
Authored by ahmadbady

phpAdBoard suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 0aba44bc76b4c145f87ad365915ce683
phpGreetCards XSS / File Upload
Posted Dec 30, 2008
Authored by ahmadbady

phpGreetCards suffers from cross site scripting and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload
MD5 | 937ad3e4ddb4234285bafd4032e13057
PSI Integer Overflow Denial Of Service
Posted Dec 30, 2008
Authored by Jesus Olmos Gonzalez

PSI suffers from a remote integer overflow denial of service vulnerability. Proof of concept code is included.

tags | exploit, remote, denial of service, overflow, proof of concept
MD5 | 0237354cd81dac5592010af49e36942e
Password Ganking By Modifying PHP Code
Posted Dec 30, 2008
Authored by Rohit Bansal

Brief login form password theft tutorial showing how to backdoor php code once access has been gained to a system in order to not have to crack hashes.

tags | paper, php
MD5 | eb46ace10360dce7dd99941e63b26719
Google Chrome Parameter Injection
Posted Dec 30, 2008
Authored by Nine:Situations:Group | Site retrogod.altervista.org

The Google Chrome Browser suffers from a remote parameter injection vulnerability in relation to ChromeHTML://.

tags | exploit, remote
MD5 | 0be673fe20db3d4664ed1f183669423b
PowerStrip 3.84 Privilege Escalation Exploit
Posted Dec 30, 2008
Authored by Alex from NT Internals | Site ntinternals.org

PowerStrip versions 3.84 and below privilege escalation exploit that leverages pstrip.sys.

tags | exploit
MD5 | be63616f264ef26aa2cd8d263ceadf34
Page 1 of 39
Back12345Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    13 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close