exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 40 RSS Feed

Files Date: 2009-05-08

Whitepaper - Native Thread Injection
Posted May 8, 2009
Authored by cross | Site x1machine.com

Whitepaper called Native Thread Injection - Into The Session Manager Subsystem. Source code included.

tags | paper
SHA-256 | c66f562259f6b604a11e6937e14eb5a4b6a246154c305ec466f8245efe23f378
MagpieRSS Cross Site Scripting
Posted May 8, 2009
Authored by Justin C. Klein Keane

MagpieRSS suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 9f9fc3f5aaf0c5225c3c590d26077fc3ec630079cb268330145efb47d97cbf05
Claroline 1.8.11 Cross Site Scripting
Posted May 8, 2009
Authored by Attila Gerendi

Claroline version 1.8.11 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | cc9f777b87e560479d68536db23f2f08d276690e03a34aa937506ece236168f4
TinyWebGallery 1.7.6 Local File Inclusion
Posted May 8, 2009
Authored by EgiX

TinyWebGallery versions 1.7.6 and below suffer from local file inclusion and remote code execution exploit.

tags | exploit, remote, local, code execution, file inclusion
SHA-256 | b2a0fcfe27833319bde059b8bf765c10d66df178feacbe30125003483b5bde85
RTWebalbum 1.0.462 SQL Injection
Posted May 8, 2009
Authored by YEnH4ckEr

RTWebalbum version 1.0.462 blind SQL injection exploit.

tags | exploit, sql injection
SHA-256 | 44d2de74471380ca901baefccdca9cbe87132938aa707fb4ef6ed779d6f25fb5
Battle Blog 1.25 File Upload
Posted May 8, 2009
Authored by Cyber-Zone | Site iq-ty.com

Battle Blog version 1.25 suffers from an arbitrary file upload vulnerability in uploadform.asp.

tags | exploit, arbitrary, asp, file upload
SHA-256 | 14a5eac36a88a16ccd29845ff8a4f1c2a0919986a955b3f33057c1944aa3cdf8
Luxbum 0.5.5 SQL Injection
Posted May 8, 2009
Authored by knxone

Luxbum version 0.5.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | aac71ab45f96478bff9f577d150fe0ab6106e781facf41a8925aabbd6399f42d
Realty Web-Base 1.0 SQL Injection
Posted May 8, 2009
Authored by ThE g0bL!N | Site h4ckf0ru.com

Realty Web-Base version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, web, sql injection
SHA-256 | 7f3c86306ae8fb57c1ec9442bafe8de9352edaa0838723ea37bf4ccad380d34c
The Recipe Script 5 SQL Injection
Posted May 8, 2009
Authored by TiGeR-Dz | Site h4ckf0u.com

The Recipe Script version 5 suffers from a remote SQL injection vulnerability that allows for authentication bypass. It also suffers from an arbitrary database backup vulnerability.

tags | exploit, remote, arbitrary, sql injection
SHA-256 | 85331df95f4cabd6b313193841ab64c211c2a52a4a8a28fa4e4b47019f4cd71a
Mortbay Jetty Denial Of Service
Posted May 8, 2009
Authored by Luca Carettoni | Site ikkisoft.com

Mortbay Jetty versions 7.0.0-pre5 and below dispatcher servlet denial of service exploit.

tags | exploit, denial of service
SHA-256 | f66271be2229a03b1932399b1b0b4487d492f57519db5138a2bb1f932b5197b8
Secunia Security Advisory 35027
Posted May 8, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for Pango. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

tags | advisory, denial of service
systems | linux, ubuntu
SHA-256 | 6530bdecf1a36a1645dec801671f40ae6a503b083157e3a6c008ad931d115e44
Secunia Security Advisory 35018
Posted May 8, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued updates for pango and evolution28-pango. These fix a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

tags | advisory, denial of service
systems | linux, redhat
SHA-256 | 173892dc24e8dbae02de459c6b450e10a478a1f3b13960f90f3d46d2c2f4e6c7
ViPlay3 3.0.0 Stack Overflow
Posted May 8, 2009
Authored by LiquidWorm | Site zeroscience.mk

ViPlay3 versions 3.00 and below local stack overflow proof of concept exploit that creates a malicious .vpl file.

tags | exploit, overflow, local, proof of concept
SHA-256 | 815c27d911c01427d69d36f16c5ff9edfa82da9c909f663ba028caa16b386634
Ubuntu Security Notice 773-1
Posted May 8, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-773-1 - Will Drewry discovered that Pango incorrectly handled rendering text with long glyphstrings. If a user were tricked into displaying specially crafted data with applications linked against Pango, such as Firefox, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-1194
SHA-256 | ae3bcada3fcd7503af5748a53372806736392b0a28c7228b3c32b379c4c12986
Ubuntu Security Notice 772-1
Posted May 8, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-772-1 - It was discovered that MPFR improperly handled string lengths in its print routines. If a user or automated system were tricked into processing specially crafted data with applications linked against MPFR, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0757
SHA-256 | 284ac9da1d975f688507f6d032b7744f2c39c90b413543ae5d6843b32e398520
Ubuntu Security Notice 771-1
Posted May 8, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-771-1 - It was discovered that libmodplug did not correctly handle certain parameters when parsing MED media files. If a user or automated system were tricked into opening a crafted MED file, an attacker could execute arbitrary code with privileges of the user invoking the program. Manfred Tremmel and Stanislav Brabec discovered that libmodplug did not correctly handle long instrument names when parsing PAT sample files. If a user or automated system were tricked into opening a crafted PAT file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 9.04.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-1438, CVE-2009-1513
SHA-256 | 9ff6c988eb56a3c4cf3f4443636f83112492538e511a0db40012074a8499c16b
Open Source CERT Security Advisory 2009.1
Posted May 8, 2009
Authored by Will Drewry, Open Source CERT | Site ocert.org

Pango suffers from an integer overflow during heap allocation size calculations.

tags | advisory, overflow
advisories | CVE-2009-1194
SHA-256 | 25824ba2d7dd0a37d1a590740cc4a39088732380d9d9c415e4dc4d4617ab7682
Debian Linux Security Advisory 1796-1
Posted May 8, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1796-1 - Tavis Ormandy discovered that the embedded GD library copy in libwmf, a library to parse windows metafiles (WMF), makes use of a pointer after it was already freed. An attacker using a crafted WMF file can cause a denial of service or possibly the execute arbitrary code via applications using this library.

tags | advisory, denial of service, arbitrary
systems | linux, windows, debian
advisories | CVE-2009-1364
SHA-256 | 274b56cbf75d50d4e41c7bc0e804a37ff8ed4411d41f2eb39cf4a32e4a1ad9be
Mandriva Linux Security Advisory 2009-108
Posted May 8, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-108 - A stack-based buffer overflow was found in the zsh command interpreter. An attacker could use this flaw to cause a denial of service (zsh crash), when providing a specially-crafted string as input to the zsh shell. The updated packages have been patched to prevent this.

tags | advisory, denial of service, overflow, shell
systems | linux, mandriva
advisories | CVE-2009-1214, CVE-2009-1215
SHA-256 | cb7e96c387b1ec939d520448475f556c358112eaa795ac4aa908df8d060b5373
Scannedonly Samba VFS Module
Posted May 8, 2009
Authored by Olivier Sessink | Site olivier.sessink.nl

Scannedonly is a samba VFS module that ensures that only files that have been scanned for viruses are visible and accessible to the end user. Scannedonly was developed because of scalability problems with samba-vscan. Scannedonly comes in two parts: a Samba VFS module and (one or more) daemons. The daemon scans files and marks them when they are known to be clean. The samba module simply filters out files that aren't marked clean.

Changes: This release adds compatibility for ClamAV 0.95. It also features a large performance improvement when opening a directory with a very large number of unscanned files. The network protocol between the samba VFS module and the scanning server has changed because of this.
tags | tool, scanner
systems | unix
SHA-256 | 295c9c8536bfbf130539ed16188c4751818f3277031ef59a8646a039f47c2b21
PHP Evaluation Replacement String
Posted May 8, 2009
Authored by 80vul | Site 80vul.com

PHP suffers from a mb_ereg(i)_replace() evaluate replacement string vulnerability.

tags | exploit, php
SHA-256 | 2ffb3d5ca2fd54a119f20ce701a5ac605ced35c7510645ef6777f01a6cec8829
ST-Gallery 0.1a SQL Injection
Posted May 8, 2009
Authored by YEnH4ckEr

ST-Gallery version 0.1a suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 5c559ec4be7446ab4f7d156aedd507d7cb6de8035ac788f4cc1cb59b458b7b51
VideoScript.us SQL Injection
Posted May 8, 2009
Authored by Snakespc | Site snakespc.com

VideoScript.us suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 50d7d931357d2811d6d6767bf898a45bbab90f2c9bd222e37246c2983361bae0
T-Dreams Job Career Package 3.0 Insecure Cookie
Posted May 8, 2009
Authored by TiGeR-Dz | Site h4ckf0u.com

T-Dreams Job Career Package version 3.0 suffers from an insecure cookie handling vulnerability.

tags | exploit, insecure cookie handling
SHA-256 | a429757ab9467f3fff0f50c0df20dfa903e39ab2a8da5805709fbb901fb59995
webSPELL 4.2.0e Blind SQL Injection
Posted May 8, 2009
Authored by DNX

webSPELL versions 4.2.0e and below remote blind SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | 52602a4c1f608c174a44f244cda4570580a6b8b0a3174459aacf601c70d89491
Page 1 of 2
Back12Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close