what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 53 RSS Feed

Files Date: 2009-07-08

Fuzzgrind Automatic Fuzzing Tool
Posted Jul 8, 2009
Authored by Gabriel Campana | Site security-labs.org

Fuzzgrind is a fully automatic fuzzing tool, generating test files with the purpose of discovering new execution paths likely to trigger bugs and potentially vulnerabilities. It is based on the concept of symbolic execution. Thus, the tool starts from a file considered valid by the software under test, and analyses the execution path to extract any constraints tied to branch instructions followed by this software. By resolving constraints one by one, Fuzzgrind will alter the valid file to explore possible new branches of the software under test, in order to discover new vulnerabilities.

tags | vulnerability, fuzzer
SHA-256 | 1647ac2ac494e2a8033936f8ac52d252a482907419e181e11a74a9df3fc61c22
Online Guestbook Pro 5.1 Cross Site Scripting
Posted Jul 8, 2009
Authored by Moudi

Online Guestbook Pro version 5.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 316a7de722244a1fef251ad9b11895d95e9e08cea3261c3bfed2ed472ca791f3
JNM Guestbook 3.0 Cross Site Scripting
Posted Jul 8, 2009
Authored by Moudi

JNM Guestbook version 3.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 30d52832e26f1e63d77278530421a4b863521029fa4fe90f4284354a609c8af9
DB Top Sites 1.0 Cross Site Scripting
Posted Jul 8, 2009
Authored by Moudi

DB Top Sites version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 849204a499bf4692e8e04dd204e1b86936c82dfbe74a215c1aff20d909cb4e36
MySQL 5.0.45 Format String Vulnerability
Posted Jul 8, 2009
Authored by Kingcope

MySQL version 5.0.45 suffers from a format string vulnerability. Proof of concept demonstration code is provided.

tags | exploit, proof of concept
SHA-256 | 2d52aab1c12be86bae2773c2634920d09db2b48caae9a13142cc7e61c1976c38
Core Security Technologies Advisory 2009.0515
Posted Jul 8, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - A vulnerability was found in the way that WordPress handles some URL requests. This results in unprivileged users viewing the content of plugins configuration pages, and also in some plugins modifying plugin options and injecting JavaScript code. Arbitrary native code may be run by a malicious attacker if the blog administrator runs injected JavasScript code that edits blog PHP code.

tags | exploit, arbitrary, php, javascript
advisories | CVE-2009-2334, CVE-2009-2335, CVE-2009-2336
SHA-256 | 43efc5605f03f9b6b8bc960812c20a8df3e0ad4ba585ad37e94105a2c1f2b536
Core Security Technologies Advisory 2009.0519
Posted Jul 8, 2009
Authored by Core Security Technologies, Diego Juarez | Site coresecurity.com

Core Security Technologies Advisory - Awakening's Winds3D Viewer, which runs as a plugin within most popular web browsers, is vulnerable to a remotely exploitable arbitrary command execution vulnerability which can be triggered by making the user visit a malicious link/website. Versions 3.5.0.0 and 3.0.0.5 are vulnerable.

tags | exploit, web, arbitrary
advisories | CVE-2009-2386
SHA-256 | 9678ea739c83991289267c1a44276a19199e2657a49fbf488df9eccc5dd96d31
GNU Privacy Guard 2.0.12
Posted Jul 8, 2009
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: GPGSM now always lists ephemeral certificates if specified by fingerprint or keygrip. GPGSM now also returns information about smartcards. It is now made sure not to leak file descriptors if running gpg-agent with a command. The order of the confirmation questions for root certificates was changed, and negative answers are stored in trustlist.txt. Better synchronization of concurrent smartcard sessions was implemented. Support for 2048 bit OpenPGP cards and for Telesec Netkey 3 cards was added. A potential Mac OS X system freeze is now avoided.
tags | encryption
SHA-256 | 9633e104c519fade1c9fce5843d1f70439b156bcc446aa270ea8192d461d9cce
Whitepaper Called XSS And Iframe Phishing
Posted Jul 8, 2009
Authored by 599eme Man

This whitepaper discusses the use of cross site scripting and iframe injection when performing phishing attempts.

tags | paper, xss
SHA-256 | 92d2e388e627a22176d3cf95df9244027d7a33e2a5ee6c88c835f004ce97179e
Calendar Express 2 Cross Site Scripting
Posted Jul 8, 2009
Authored by 599eme Man

Calendar Express version 2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b79ec2d73f9ad3fce0bc1b68c7d0b62002bd71d09f720776ed6c718aea6ee069
Remote Web Workplace Attack Tool
Posted Jul 8, 2009
Authored by Mike Arnold

The Remote Web Workplace Attack tool will perform a dictionary attack against a live Microsoft Windows Small Business Server's "Remote Web Workplace" portal. It currently supports both SBS 2003 and SBS 2008 and includes features to avoid account lock out. It is written in Python and requires pycurl.

tags | remote, web, cracker, python
systems | windows
SHA-256 | 2b844771a4db3be8199e0c71c40dbca2fe50db3fa961396f158b36beae81c99b
Month Of Twitter Bugs - Twitterfall XSS
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - Twitterfall suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 65fb9c299abb8b929979fad6222bed58930a27ee64999561b72cba49ccc48252
Month Of Twitter Bugs - yfrog XSS
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The yfrog application suffered from a reflected cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 283cf7e1ae7038770924277e991ca2898b86c2b7153af6cd01f0d9b8a79318e5
Month Of Twitter Bugs - TwitPic Issues
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The TwitPic application suffered from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
SHA-256 | ac99bf0f99e3d52cee2f2163612083138e5101fe349bda2bad006174ab6c2e36
Month Of Twitter Bugs - TwitSnaps XSS
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The TwitSnaps application is susceptible to a reflect cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1aa2f141901738d38bfae80def5fd9ab666dedfd8d188000f20b7e448e099472
Month Of Twitter Bugs - BigTweet XSRF
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The BigTweet bookmarklet tool suffered from a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | 0b17f72c1dc2da7cf4f3ff5dff5cc5f6a402f6b6e6707938de5e4e5b56ba5e54
Month Of Twitter Bugs - TwitWall XSS
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The TwitWall application suffers from a persistent cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | a58a9c6d750d535f4ccee264e486a17f7058af99920ca033e156007ce493340c
Month Of Twitter Bugs - HootSuite XSS
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The HootSuite Twitter toolbox suffered from a reflected cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f28506907cd78635c4ac90b9095db2b20246930dc6c5c11faee949ae3b552812
Month Of Twitter Bugs - bit.ly XSS
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The bit.ly service suffered from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 31ec4a5275c9326490446d0db51bcc2382ae41ebdae9b9e899f219a573d60baa
RTL8169 NIC Driver Buffer Overflow
Posted Jul 8, 2009
Authored by Eric Dumazet

The RTL8169 NIC driver in the Linux kernel versions prior to 2.6.30 allows remote attacks to cause a denial of service.

tags | advisory, remote, denial of service, kernel
systems | linux
advisories | CVE-2009-1389
SHA-256 | 82796f6f344eec34a490a3fd53394663a4bec37a7e4511cbe63707a3e3e021e9
Spector - Automatically Analyzing Shell Code
Posted Jul 8, 2009
Authored by Mark Zielinski, Atul Prakash, Kevin Borders

Whitepaper called Spector: Automatically Analyzing Shell Code.

tags | paper, shell, shellcode
SHA-256 | 48ece968a47b6a78a543ac11868c445687fd0d92b816b6b54404c203b8529fcd
Sosblog Persistent Cross Site Scripting
Posted Jul 8, 2009
Authored by 599eme Man

Sosblog suffers from a persistent cross site scripting vulnerability in the article commenting section.

tags | exploit, xss
SHA-256 | f8b3729228555cb80129b445b9232179c50181885d8d8e57e953e4ae23d87702
Rentventory PHP Cross Site Scripting
Posted Jul 8, 2009
Authored by 599eme Man

Rentventory PHP suffers from cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
SHA-256 | 7187e4053bb9f1cf4c33c883fb5aff6d5c632b96e2cb644be3059ef55c03ed27
Big Sister File Exchange Server 0.03 Disclosure
Posted Jul 8, 2009
Authored by Septemb0x | Site cyber-warrior.org

Big Sister File Exchange Server version 0.03 suffers from a database configuration disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 426f9187c143c614a52d6c4e9875d9dc99cfee623b7fecbc906893a5611b234b
Linea 21 1.2.1 Cross Site Scripting
Posted Jul 8, 2009
Authored by 599eme Man

Linea 21 version 1.2.1 suffers from cross site scripting, iframe injection, and redirection vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | ce066d1bad9f58d3a6f4e66dc7edd935a57af3726c13fce5b2b4ee186c8a897e
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close