exploit the possibilities
Showing 1 - 25 of 49 RSS Feed

Files Date: 2009-06-15

Netgear DG632 Denial Of Service
Posted Jun 15, 2009
Authored by Tom Neaves | Site tomneaves.co.uk

The Netgear DG632 router suffers from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
MD5 | 3ea7235afb1bf8d9e7732c3d144eb1ad
Netgear DG632 Authentication Bypass
Posted Jun 15, 2009
Authored by Tom Neaves | Site tomneaves.co.uk

The Netgear DG632 router suffers from a remote authentication bypass vulnerability.

tags | exploit, remote, bypass
MD5 | 4e97805ae8520e6ace344301fb1cde47
phpCollegeExchange 0.1.5c SQL Injection
Posted Jun 15, 2009
Authored by SirGod | Site insecurity.ro

phpCollegeExchange version 0.1.5c suffers from a remote SQL injection vulnerability in listing_view.php.

tags | exploit, remote, php, sql injection
MD5 | 1435b5e0946bec97b48d7ceefb95d72b
Joomla iJoomla RSS Blind SQL Injection
Posted Jun 15, 2009
Authored by XORON

Blind remote SQL injection exploit for the Joomla iJoomla RSS component.

tags | exploit, remote, sql injection
MD5 | 686ac400adcafb1c96e1339a3e5a3a1d
Zoki Catalog SQL Injection
Posted Jun 15, 2009
Authored by SmOk3

The Zoki Catalog is susceptible to a remote SQL injection vulnerability in the search form.

tags | advisory, remote, sql injection
MD5 | bb7e9538078a6aadd619cee8d94c9c0f
Apple QuickTime CRGN Atom Overflow
Posted Jun 15, 2009
Authored by webDEViL

Apple QuickTime CRGN Atom stack overflow exploit that creates a malicious .mov file.

tags | exploit, overflow
systems | apple
MD5 | 960a151888b6385f6673b834eda30cc2
vBulletin Radio And TV Player Cross Site Scripting
Posted Jun 15, 2009
Authored by d3v1l

The vBulletin Radio and TV Player add-on suffers from cross site scripting, iframe injection, and redirect vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 9d30bf5c833defd5e2234ff1d2a085be
Ubuntu Security Notice 788-1
Posted Jun 15, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-788-1 - Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. Yoshihito Fukuyama discovered that Tomcat did not properly handle errors when the Java AJP connector and mod_jk load balancing are used. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a temporary denial of service. D. Matscheko and T. Hackner discovered that Tomcat did not properly handle malformed URL encoding of passwords when FORM authentication is used. A remote attacker could exploit this in order to enumerate valid usernames. Deniz Cevik discovered that Tomcat did not properly escape certain parameters in the example calendar application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. Philippe Prados discovered that Tomcat allowed web applications to replace the XML parser used by other web applications. Local users could exploit this to bypass security restrictions and gain access to certain sensitive files.

tags | advisory, java, remote, web, denial of service, local, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783
MD5 | bc1b230d16aa5648a4fdd15ad3fd1766
TorrentTrader Classic 1.09 SQL Injection
Posted Jun 15, 2009
Authored by Janek Vind aka waraxe | Site waraxe.us

TorrentTrader Classic version 1.09 suffers from information leakage, forced database backup, and multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 3efb1d3b6eb1efe55bc19a375db2cc85
WordPress Photoracer SQL Injection
Posted Jun 15, 2009
Authored by Kacper | Site devilteam.pl

The WordPress Photoracer plugin version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b1d8ee75997910943b39ac151ab323de
Debian Linux Security Advisory 1815-1
Posted Jun 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1815-1 - It was discovered that the Rasterbar Bittorrent library performed insufficient validation of path names specified in torrent files, which could lead to denial of service by overwriting files.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2009-1760
MD5 | 4157a0551cd3772cd0537ed53833fa90
SugarCRM 5.2.0e Code Execution
Posted Jun 15, 2009
Authored by Francesco Ongaro, Antonio Parata, Giovanni Pellerano | Site ush.it

SugarCRM versions 5.2.0e and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | f81ce65d75a4b29de7ebbf23b6cb8179
Entropy Broker RNG
Posted Jun 15, 2009
Authored by Folkert van Heusden | Site vanheusden.com

Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.

tags | encryption
MD5 | dd369ca7182c7c399e9606377f63110d
AdaptWeb 0.9.2 LFI / SQL Injection
Posted Jun 15, 2009
Authored by SirGod | Site insecurity.ro

AdaptWeb version 0.9.2 suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
MD5 | ef34cc401c4229cd027748e7745a3394
Elvin BTS 1.2.0 XSS / LFI / SQL Injection
Posted Jun 15, 2009
Authored by SirGod | Site insecurity.ro

Elvin BTS version 1.2.0 suffers from remote SQL injection, cross site scripting, cross site request forgery, and local file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, xss, sql injection, file inclusion, csrf
MD5 | c13a26271db1a6d777a40ddf773a9989
DB Top Sites 1.0 Local File Inclusion
Posted Jun 15, 2009
Authored by SirGod | Site insecurity.ro

DB Top Sites version 1.0 suffers from a local file inclusion vulnerability in index.php.

tags | exploit, local, php, file inclusion
MD5 | 7276359065dc4404ab5b73e46eb1e570
DB Top Sites 1.0 Code Execution
Posted Jun 15, 2009
Authored by SirGod | Site insecurity.ro

DB Top Sites version 1.0 remote command execution exploit.

tags | exploit, remote
MD5 | 7c40b84001425d40461b8fff28bc115d
Impleo Music Collection 2.0 XSS / SQL Injection
Posted Jun 15, 2009
Authored by SirGod | Site insecurity.ro

Impleo Music Collection version 2.0 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 3314aaacab092a943b541c5e85581790
Evernew Free Joke Script 1.2 Password Changer
Posted Jun 15, 2009
Authored by Hakxer

Evernew Free Joke Script version 1.2 remote change password exploit.

tags | exploit, remote
MD5 | 52dcbd188b32e1b21aec358f84cf8d87
Debian Linux Security Advisory 1814-1
Posted Jun 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1814-1 - Two vulnerabilities have been found in libsndfile, a library to read and write sampled audio data.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-1788, CVE-2009-1791
MD5 | 7f93ca0f9930ba4d869cb1cee399f024
Apple Safari Remote Code Execution
Posted Jun 15, 2009
Authored by Thierry Zoller

Calling a CSS attr attribute with a large number leads to memory corruption in Apple Safari.

tags | advisory
systems | apple
MD5 | 239eae608801a793ff06d147365fbeb4
Apple Safari / QuickTime Denial Of Service
Posted Jun 15, 2009
Authored by Thierry Zoller

Apple Safari and QuickTime programs suffer from a denial of service vulnerability.

tags | exploit, denial of service
systems | apple
MD5 | b840c0443bcb3e3de842e1e1cf7af492
F-prot TAR Bypass / Evasion
Posted Jun 15, 2009
Authored by Thierry Zoller

The F-prot parsing engine can be bypassed by a specially crafted and formatted TAR archive.

tags | advisory
MD5 | a42f87225e85949db3a6b29608d84885
Norman Generic Evasion
Posted Jun 15, 2009
Authored by Thierry Zoller

Norman with decompression engine versions below 5.99.07 suffer from a RAR related bypass vulnerability.

tags | advisory, bypass
MD5 | 6a04a629931602a57fe538358c9d2b32
Ikarus CAB/RAR/ZIP Evasions
Posted Jun 15, 2009
Authored by Thierry Zoller

The Ikarus parsing engine versions below 1.1.58 suffer from CAB, RAR, and ZIP related bypass vulnerabilities.

tags | advisory, vulnerability
MD5 | 9df94167b6400befdf5b2e7d8cce8fdd
Page 1 of 2
Back12Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    0 Files
  • 3
    Apr 3rd
    0 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close