exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 42 RSS Feed

Files Date: 2009-02-02

Free Download Manager Torrent Parsing Buffer Overflows
Posted Feb 2, 2009
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered some vulnerabilities in Free Download Manager, which can be exploited by malicious people to compromise a user's system. Multiple boundary errors exists in relation to torrent files allowing for arbitrary code execution.Free Download Manager versions 2.5 Build 758 and 3.0 Build 844 are affected.

tags | advisory, overflow, arbitrary, vulnerability, code execution
advisories | CVE-2009-0184
SHA-256 | 86565ed22b3c1b8dade154b897b1b8f0f21fa8a840a14b598b19f7b4178d642b
Free Download Manager Remote Control Server Buffer Overflow
Posted Feb 2, 2009
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Free Download Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the Remote Control Server when processing "Authorization" headers in HTTP requests. This can be exploited to cause a stack-based buffer overflow via an HTTP request containing an overly long "Authorization" header. Successful exploitation allows execution of arbitrary code. Free Download Manager versions 2.5 Build 758 and 3.0 Build 844 are affected.

tags | advisory, remote, web, overflow, arbitrary
advisories | CVE-2009-0183
SHA-256 | 2d6a98a1c54f3e78b5ee64d40212d81016ff64590c30aaee596d5b936675f6e2
Small HTTP Server 3.05.85 Directory Traversal
Posted Feb 2, 2009
Authored by H-T Team | Site no-hack.fr

Small HTTP Server versions 3.05.85 and below directory traversal exploit.

tags | exploit, web, file inclusion
SHA-256 | 682007293d9ec53a757ba070b2171fd3df99476a6df52154c2fb8436300f298d
phpslash 0.8.1.1 Code Execution
Posted Feb 2, 2009
Authored by DarkFig

phpslash versions 0.8.1.1 and below remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 662d1a5b90d0b1590026d37a8495f4800f94426aea13fcf80d044e5e24df7bcc
Zero Day Initiative Advisory 09-010
Posted Feb 2, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-010 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware Groupwise SMTP daemon. Authentication is not required to exploit this vulnerability. The specific flaw exists during the parsing of malformed RCPT verb arguments to the SMTP daemon. When an overly long e-mail address is received an off-by-one condition is triggered which minimally will cause a denial of service and can result in arbitrary code execution.

tags | advisory, remote, denial of service, arbitrary, code execution
SHA-256 | 16947b005107697a5043ffe2f056900f34ccc5c5be96831168dde8b40d5f21a1
RealVNC 4.1.2 Remote Code Execution
Posted Feb 2, 2009
Authored by Andres Lopez Luksenberg

RealVNC version 4.1.2 RFB protocol remote code execution proof of concept exploit that leverages vncviewer.exe.

tags | exploit, remote, code execution, protocol, proof of concept
SHA-256 | a3333c283bd28560b7a8f864055c05b6066368678e12275b9bc2f81fd7e82028
Kaspersky Klim5.sys Advisory
Posted Feb 2, 2009
Authored by Ruben Santamarta | Site wintercore.com

KIS 2008 and Kaspersky AntiVirus for Workstations suffer from a local privilege escalation vulnerability in Klim5.sys.

tags | advisory, local
SHA-256 | 986d0ad816e789cda1a3b6e60acf76a92dd2c3e35c8b13cf6af11184f8f77d00
Kaspersky Klim5.sys Privilege Escalation Exploit
Posted Feb 2, 2009
Authored by Ruben Santamarta | Site wintercore.com

KIS 2008 and Kaspersky AntiVirus for Workstations local privilege escalation exploit for Klim5.sys.

tags | exploit, local
SHA-256 | 85cd67d9a7dd14368a87ecb0b6e2697b18ac25ac9ed708ce4af6e323ab93fca8
Sourdough 0.3.5 Remote File Inclusion
Posted Feb 2, 2009
Authored by ahmadbady

Sourdough version 0.3.5 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | d7a953e96913edf059eb85b58c0f83f36f9cc8f9f628288f9ce3336e8b12065a
SMA-DB 0.3.12 RFI / XSS
Posted Feb 2, 2009
Authored by ahmadbady

SMA-DB version 0.3.12 suffers from remote file inclusion and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, file inclusion
SHA-256 | fbae7e0d7c2feb8ca5dd80a9561ca4ace6d15d5ac8782108923a4381cbee93f9
34 Bytes Shellcode For killall5
Posted Feb 2, 2009
Authored by Jonathan Salwan | Site shell-storm.org

34 bytes small Linux x86 shellcode for killall5 on System-V.

tags | x86, shellcode
systems | linux
SHA-256 | cb7ee4390ce63207cf66bb2b74cda1be6e9d28e447faac64cdceb3cac9a455fe
BruCON 2009 Call For Papers
Posted Feb 2, 2009
Site brucon.org

The BruCON 2009 Call For Papers has been officially announced. It will be held in Brussels, Belgium from September 18th through the 19th, 2009.

tags | paper, conference
SHA-256 | e904a7b8f04613bfacdecba37d93f121f9456052646509079b7f361370f93668
Flatnux XSS / IFrame Injection
Posted Feb 2, 2009
Authored by Alfons Luja

Flatnux 2009-01-27 cross site scripting / iframe injection proof of concept code.

tags | exploit, xss, proof of concept
SHA-256 | 0a271eacfa48bd24aedbaf1c8e34f4347461e219d0e8e15217ccf5fea7f68ba4
GNU SIP Witch Telephony Server
Posted Feb 2, 2009
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Fix for garbage collection. New thread managed cdr system. Ability to push error logging into plugins. Various other enhancements.
tags | telephony, protocol
SHA-256 | 1111cf07ff18327ca9c859386603f18d38212ecb93890788dacb89939ae6da6e
OpenHelpDesk 1.0.100 Code Execution
Posted Feb 2, 2009
Authored by LSO

This Metasploit module is for OpenHelpDesk version 1.0.100 that is vulnerability to php code execution to an improper use of eval().

tags | exploit, php, code execution
SHA-256 | 790a572fa2eaf8a14620e19f2985d1b25f1ddb1857ea163771dbd4fb5f3c3ffe
CMS Mini 0.2.2 Command Execution
Posted Feb 2, 2009
Authored by darkjoker | Site darkjokerside.altervista.org

CMS Mini versions 0.2.2 and below remote command execution exploit.

tags | exploit, remote
SHA-256 | 5aee8bfb785971f9f491d5f5d51f1a4246d16e312609ff7b61aca70659259db0
phpBLASTER 1.0 RC1 SQL Injection
Posted Feb 2, 2009
Authored by darkjoker | Site darkjokerside.altervista.org

phpBLASTER version 1.0 RC1 remote blind SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | 6e115427df40a13ae0f048c2578c31d985ec9f601c3778b4b9e8f1e5b3c093ca
WholeHogSoftware Ware Support SQL Injection
Posted Feb 2, 2009
Authored by ByALBAYX | Site c4team.org

WholeHogSoftware Ware Support suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | ea563c4447f105bb1e7119ea0228b3175266493197db51f918fddb8ec4f88513
AJA Portal 1.2 Local File Inclusion
Posted Feb 2, 2009
Authored by ahmadbady

AJA Portal version 1.2 on Windows suffers from multiple local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
systems | windows
SHA-256 | f51fd110d0e3b858fadaab744e6277870461f1fb1ccd23f14b419d48ec8dec91
WholeHogSoftware Password Protect SQL Injection
Posted Feb 2, 2009
Authored by ByALBAYX | Site c4team.org

WholeHogSoftware Password Protect suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | bc4cec2f042161b909315694bbdc204eed5ab4af635f4f00ffa4317fd20deb64
Elecard AVC HD Player Overflow
Posted Feb 2, 2009
Authored by AlpHaNiX

Elecard AVC HD Player local stack overflow proof of concept exploit that creates a malicious .m3u file.

tags | exploit, overflow, local, proof of concept
SHA-256 | adc386e5d5230ec9d591dd602fdd2bed27f534f85ccd7e20f82ae2f2b0a4f4fd
Secunia Security Advisory 33757
Posted Feb 2, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in the ImageField module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | 4b528acf6fec27f3d86bb55ca6d97ea6d66794679d685c055cb6797253874ce2
Secunia Security Advisory 33724
Posted Feb 2, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Enomaly ECP, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
SHA-256 | c9ae97de3a30444e26c428487095bb7e1dab57e3224cf850a0ed945cf02bb28d
Secunia Security Advisory 33728
Posted Feb 2, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Synactis ALL In-The-Box ActiveX control, which can be exploited by malicious people to compromise a user's system.

tags | advisory, activex
SHA-256 | 201aeb344625e91ad3aeaafbff900647824517934b24e845fe1fff1e60854a12
Secunia Security Advisory 33741
Posted Feb 2, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - nuclear has reported some vulnerabilities in ReVou Twitter Clone, which can be exploited by malicious people to conduct SQL injection attacks and malicious users to conduct script insertion attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 8ccf19ea8cf86a960b5f7136c793524c131f78f29b64edc1a6a30bd8373b4c35
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close