what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2009-04-17

Limbo CMS 1.0.4.2 Cross Site Request Forgery
Posted Apr 17, 2009
Authored by Alfons Luja

Limbo CMS version 1.0.4.2 cross site request forgery proof of concept exploit.

tags | exploit, proof of concept, csrf
SHA-256 | 47e85c04e1e5955077ba75b1f7d3b717ba5756af132107e06e092a769be3d40c
XRDP 0.4.1 Buffer Overflow
Posted Apr 17, 2009
Authored by Joe Walko

XRDP version 0.41 and below remote proof of concept buffer overflow exploit.

tags | exploit, remote, overflow, proof of concept
SHA-256 | 3850e56fcdf1147801a0b4e75c405946f3f28619ee595802594985b5ced6241c
cTorrent/DTorrent Buffer Overflow
Posted Apr 17, 2009
Authored by Michael Brooks

cTorrent version 1.3.4 and dTorrent version 3.3.2 buffer overflow exploit that creates a malicious .torrent file.

tags | exploit, overflow
SHA-256 | 0cabf0dc05b816f20a1c1c32fd253540eca55c949086c52a7967e4ace6f0749f
Fortinet Bypass And Evasion
Posted Apr 17, 2009
Authored by Thierry Zoller

The parsing engine in Fortinet can be bypassed by a specially crafted and formated archive file. The bug results in denying the engine the possibility to inspect code within the archive. There is no inspection of the content at all.

tags | advisory
SHA-256 | 7330e5a1ce82e9df459efa7a72231861338a5a8b8faa3988279a52bfc3e70f47
Nod32 Bypass And Evasion
Posted Apr 17, 2009
Authored by Thierry Zoller

The parsing engine in Nod32 can be bypassed by a specially crafted and formated RAR archive. The bug results in denying the engine the possibility to inspect code within the RAR archive. There is no inspection of the content at all.

tags | advisory
SHA-256 | d16a3930303232da6c6000c0a2a401a46a80e757ad3095cd2dae73fd1b647c35
AVAST Generic Evasion
Posted Apr 17, 2009
Authored by Thierry Zoller

The parsing engine in AVAST can be bypassed by a specially crafted and formated RAR archive. The bug results in denying the engine the possibility to inspect code within the RAR archive. There is no inspection of the content at all.

tags | advisory
SHA-256 | 71d1ca5d2a352a58e67248f0d06a4195472337d5f22e84e988c377d1a10de562
Bitdefender Bypass And Evasion
Posted Apr 17, 2009
Authored by Thierry Zoller

The parsing engine in Bitdefender can be bypassed by a specially crafted and formatted CAB archive. The bug results in denying the engine the possibility to inspect code within the CAB archive. There is no inspection of the content at all.The parsing engine in Bitdefender can be bypassed by a specially crafted and formatted CAB archive. The bug results in denying the engine the possibility to inspect code within the CAB archive. There is no inspection of the content at all.

tags | advisory
SHA-256 | ddecd2cf5fc9845db8845c9acc356945dc8128e6106ec9e79fbafd2c19b5fdd0
DNS Tools PHP Digger Interactive Shell
Posted Apr 17, 2009
Authored by Ricardo Almeida

DNS Tools PHP Digger remote command execution exploit that acts like an interactive shell.

tags | exploit, remote, shell, php
SHA-256 | aa7406f9682e67162c3d51325dfb9007e9a72cb7c6d2a38bb0fdbfb0cb4a1842
Blackberry Mobile Data Service XSS
Posted Apr 17, 2009
Authored by Michael Thumann

The Blackberry Mobile Data Service Connection is vulnerable to several cross site scripting attacks in the "Customize Statistics Page". All versions prior to 4.1.6 MR4 are vulnerable.

tags | exploit, xss
SHA-256 | 32a645ba20821c711d9b5be04daab2fb1198f6b02eca86a871e10c9d321e5366
Online Email Manager Insecure Cookie
Posted Apr 17, 2009
Authored by Hussin X | Site tryag.cc

Online Email Manager suffers from an insecure cookie handling vulnerability.

tags | exploit, insecure cookie handling
SHA-256 | b4668556242a49c8834b000f76f29d9c3e1530080f9666408fefae5487955aa1
Online Guestbook Pro SQL Injection
Posted Apr 17, 2009
Authored by Hussin X | Site tryag.cc

Online Guestbook Pro suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 68e5589cf2e281c07bd1ef1c99d7053d3a4c50e71c46fc831c626d50a6ce2976
Kosmix.com Cross Site Scripting
Posted Apr 17, 2009
Authored by Aseem Jakhar | Site null.co.in

Kosmix.com, the web search engine, suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | 8718783775cdb9e9ba414d910bb66769cf945a867d9e31c81ff4f99cc8e8a579
Dradis Information Sharing Tool 2.1.0
Posted Apr 17, 2009
Authored by etd | Site dradis.nomejortu.com

dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts.

Changes: The server component now features an import/export plugin architecture, import/export plugin generators, a sample WordXML export plugin, and a sample WikiMedia import plugin. The client component now features an import extension that allows nmap output to be imported, the ability to import a note from a plain text file, and more a powerful add extension that can add a note from the console.
tags | web
SHA-256 | 9698e24363a7d65cae731214e6a604f6137e86c4f67d24b20706cc5097f13aaa
RatProxy Security Audit Tool
Posted Apr 17, 2009
Authored by Michal Zalewski | Site code.google.com

ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.

Changes: This release adds new checks for Flash crossdomain.xml and Silverlight clientaccesspolicy.xml, and reverts HTTP/1.1 logic introduced in 1.55.
tags | tool, web, sniffer
SHA-256 | 51824925542ec9c1f2120b1b5cc8c0bfcf73bceeb9fb57026dc1ad012aa1f8c5
CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow
Posted Apr 17, 2009
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error in pdftops while decoding JBIG2 symbol dictionary segments. This can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file. Successful exploitation may allow execution of arbitrary code. CUPS version 1.3.9 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-0195
SHA-256 | 69cecc15d52272c8c8a0897ee8b9850da490e32c9e15ea296b4599e738188a11
Xpdf JBIG2 Symbol Dictionary Buffer Overflow
Posted Apr 17, 2009
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Xpdf, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error while decoding JBIG2 symbol dictionary segments. This can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file. Successful exploitation may allow execution of arbitrary code. Xpdf version 3.02pl2 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-0195
SHA-256 | fa077be3403b3929a797bfc8071d7acf1a0ec98e5d1dda45ab503f0dff7e7e5c
Tiny Blogr 1.0.0 RC4 SQL Injection
Posted Apr 17, 2009
Authored by Salvatore Fresta

Tiny Blogr version 1.0.0 RC4 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | f4d8663d74c8e0b57251e275478a038073bf27a9f0bb5fe9e6bdda3d79811dd9
Debian Linux Security Advisory 1774-1
Posted Apr 17, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1774-1 - It was discovered that ejabberd, a distributed, fault-tolerant Jabber/XMPP server, does not sufficiently sanitise MUC logs, allowing remote attackers to perform cross-site scripting (XSS) attacks.

tags | advisory, remote, xss
systems | linux, debian
advisories | CVE-2009-0934
SHA-256 | 2565b30c1941de7daad6848ebfdd5a37be2d8ebdd8d9a78a4ab8141c8830833a
Microsoft Media Player WAV Denial Of Service
Posted Apr 17, 2009
Site vulnhunt.com

Microsoft Windows Media Player crafted .wav file denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
systems | windows
SHA-256 | 0a5fdd4bdf56c261b9ba717bff3ec778f55d59214fdce4f0f79bdfdb110d8f35
Microsoft Media Player Denial Of Service
Posted Apr 17, 2009
Site vulnhunt.com

Microsoft Windows Media Player crafted .mid file denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
systems | windows
SHA-256 | 4e3232dfc6303b16f8ffa4ab6be185db168c83ec0a05625dc4991859f827893a
Microsoft GDI+ Denial Of Service
Posted Apr 17, 2009
Site vulnhunt.com

Microsoft GDI+ crafted .png file denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | 102ef9e2e3f4fc1485443ba38b935c4ee56a6f71803a062f2318d86b8ff21d06
Debian Linux Security Advisory 1773-1
Posted Apr 17, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1773-1 - It was discovered that the imagetops filter in cups, the Common UNIX Printing System, is prone to an integer overflow when reading malicious TIFF images.

tags | advisory, overflow
systems | linux, unix, debian
advisories | CVE-2009-0163
SHA-256 | 71fa135bd479dc9c0f4f14a237aa3f3703bbbf0bd2d8428c61f7db7c5544afdb
SAP Penetration Testing With Sapyto
Posted Apr 17, 2009
Authored by Mariano Nunez Di Croce

Whitepaper called SAP Penetration Testing with Sapyto.

tags | paper
SHA-256 | 74600147b1192eff71ef757b0e9db5e7916f75dcbe26c2c40be69feabefd314e
Secunia Security Advisory 34715
Posted Apr 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Apache Geronimo, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct script insertion, cross-site scripting, and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
SHA-256 | 5e4c6a38e17fe2c9f82879ae52d68c052a5cb76812033088f319c347ed9f61d0
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close