exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files Date: 2009-09-19

Mandos Encrypted Root File System
Posted Sep 19, 2009
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: In the client, network interface renaming by "udev" is allowed. User-supplied plugins are now installed correctly. If usplash was used but the password was instead provided by the Mandos server, the usplash daemon used to ignore the first command passed to it. This has been fixed. The "--userid" and "--groupid" options in "plugin-runner.conf" now work. In the server, the LSB header in the init.d script has been fixed to make dependency-based booting work. A client receiving its password now also counts as if a checker was run successfully (i.e. the timeout timer is reset).
tags | remote, root
systems | linux
SHA-256 | 303bf98e0f591d6f709a970bdf9bd33719dfae48984e1ea32cd38ac777639434
PJBlog 3.0.6.170 Arbitrary File Upload
Posted Sep 19, 2009
Authored by Securitylab Security Research | Site securitylab.ir

PJBlog version 3.0.6.170 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | aa05c34403b18f8b8723e164837c13cb828217f0d5c82f9cc7952b3cc1ee74e1
Debian Linux Security Advisory 1890-1
Posted Sep 19, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1890-1 - Tielei Wang has discovered an integer overflow in wxWidgets, the wxWidgets Cross-platform C++ GUI toolkit, which allows the execution of arbitrary code via a crafted JPEG file.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2009-2369
SHA-256 | ed775f49cb58cbce91017bb067a323a636d2226e812c374bf0745a565ce2f3d7
Whitepaper Discussing Fake Exploits
Posted Sep 19, 2009
Authored by Tacettin Karadeniz

Whitepaper discussing fake exploits. Written in Turkish.

tags | paper
SHA-256 | a9816cb42db8a09cf2338dce8146f07ce05b40a6c5ce0563e4ec0f6e40866dd0
InstantGet 2.08 Denial Of Service
Posted Sep 19, 2009
Authored by the_Edit0r

InstantGet version 2.08 Active-X related denial of service exploit that leverages IGIEBar.dll.

tags | exploit, denial of service, activex
SHA-256 | bf5fb906e57bea803146e0b19068369581f30992d5aa97409d63bbdfb891e161
Charm Real Converter Pro 6.6 Denial Of Service
Posted Sep 19, 2009
Authored by the_Edit0r

Charm Real Converter Pro version 6.6 Active-X related denial of service exploit that leverages prct3260.ocx.

tags | exploit, denial of service, activex
SHA-256 | 1b6423e7f3691fb3e6474bfdfdb474a4c9dacedb9a5a9b3a6806e6605eed5c64
QNAP Systems Encryption Bypass
Posted Sep 19, 2009
Authored by Marc Heuse | Site baseline-security.de

QNAP Systems versions TS-239 Pro and TS-639 Pro suffer from a hard disk encryption bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2009-3200
SHA-256 | d98e39994db1caa438772f437692be94d96e576714f5aabef3a10313bb200adf
Horde Application Framework Horde_Form_Type_image File Overwrite
Posted Sep 19, 2009
Authored by Stefan Esser | Site sektioneins.de

Horde Application Framework versions 3.2.4 and below suffer from a Horde_Form_Type_image arbitrary file overwrite vulnerability.

tags | advisory, arbitrary
advisories | CVE-2009-3236
SHA-256 | 6b36254b02daaded256bbf6076bafdff753a55113f60cdbc47ec7d1dfe52ffb0
Avaya Intuity Audix LX Command Execution
Posted Sep 19, 2009
Authored by PAgVac

The Avaya Intuity Audix LX suffers from remote command execution, cross site scripting, and cross site request forgery vulnerabilities.

tags | exploit, remote, vulnerability, xss, csrf
SHA-256 | 1a3001936a103c3f421867c6c079d4255187d1bb1fb3aaea57235d8d2033c375
iPod/iPhone E-Mail Man In The Middle
Posted Sep 19, 2009
Authored by William Borskey

The standard e-mail application that comes with the iPod and iPhone suffers from a man in the middle vulnerability due to not validating SSL certificates.

tags | advisory
systems | apple, iphone
SHA-256 | bac88e063695c7f4ceb162add1f4a3f7f90de5e74efea5e40f7b28a7f59a10f9
Ubuntu Security Notice 833-1
Posted Sep 19, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-833-1 - It was discovered that KDE did not properly handle certificates with NULL characters in the Subject Alternative Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2009-2702
SHA-256 | 0594ede0e071d9102c30e1b4419f0a7390db6da2071555df71bb54d1c31b10a9
Iret #GP Pre-Commit Privilege Escalation
Posted Sep 19, 2009
Authored by Tavis Ormandy, Julien Tinnes

Iret #GP may suffer from a privilege escalation vulnerability due to a pre-commit handling failure.

tags | advisory
advisories | CVE-2009-2793
SHA-256 | 1d79c7e09132c4b89fc124aeed234ca587643164955bcf1f2e6c6711647530a3
FanUpdate 2.2.1 SQL Injection
Posted Sep 19, 2009
Authored by (In)Security Romania | Site insecurity.ro

FanUpdate version 2.2.1 suffers from a remote SQL injection vulnerability in show-cat.php.

tags | exploit, remote, php, sql injection
SHA-256 | 744db41b616dc547e50bf04601d1ead2180059f441afa0e30ada5c85911767e2
ClearSite 4.50 Remote File Inclusion
Posted Sep 19, 2009
Authored by EA Ngel | Site manadocoding.net

ClearSite version 4.50 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | ef83f8ca1dd2b6c85ea01cc32307f83f8a77e54153f9b1c5de6deba8034bad63
Gentoo Linux Security Advisory 200909-18
Posted Sep 19, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200909-18 - A buffer underflow vulnerability in the request URI processing of nginx might enable remote attackers to execute arbitrary code or cause a Denial of Service. Chris Ries reported a heap-based buffer underflow in the ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when parsing the request URI. Versions less than 0.7.62 are affected.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, gentoo
advisories | CVE-2009-2629
SHA-256 | 3e186b6e8020ac6e5882ce73b38aedf1a23f65065e34c0d65c214ea8519421aa
RADactive I-Load XSS / Disclosure / Upload
Posted Sep 19, 2009
Authored by Stefan Streichsbier | Site sec-consult.com

RADactive I-Load version 2008.2.4.0 suffers from cross site scripting, file disclosure, and file upload vulnerabilities.

tags | advisory, vulnerability, xss, file upload
SHA-256 | c73f8131d8b7af1c98eaee0158df5332fbfc1b52e29e3faae8acbe5a3fe2ab6f
BSD libc strfmon Multiple Vulnerabilities
Posted Sep 19, 2009
Authored by Maksymilian Arciemowicz | Site securityreason.com

BSD libc (strfmon) suffers from multiple vulnerability.

tags | advisory
systems | bsd
SHA-256 | fccb5f8d285758bce65b9c03fd85ecf25ea963a141c4934e423c11d0003e39da
MyBB 1.4.8 SQL Injection
Posted Sep 19, 2009
Authored by SqL_DoCt0r

MyBB version 1.4.8 suffers from a SQL injection vulnerability in search.php.

tags | exploit, php, sql injection
SHA-256 | e23e4b06ed3aec14e7d8684c59c3794726b6a66fc56c1a81a52e4ff020d1d521
Mambo Koesubmit 1.0.0 Remote File Inclusion
Posted Sep 19, 2009
Authored by Don Tukulesto | Site indonesiancoder.com

Mambo Koesubmit component version 1.0.0 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | efb5c9fea08d13b5a3b3bbf993d484a9aad392ec76f4a8866b888b284032c531
Joomla Album 1.14 Directory Traversal
Posted Sep 19, 2009
Authored by DreamTurk

Joomla Album component version 1.14 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 65817241473da6ff177187f92fe4b582bc77f8ed759d35e4612bfc11cd43e1f8
Joomla Budget Magic SQL Injection
Posted Sep 19, 2009
Authored by kaMtiEz | Site indonesiancoder.com

Joomla Budget Magic component versions 0.3.2 through 0.4.0 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5e3280dbc531b65cf29d14d162e42e5d67eb6cc1648eb201c5bb733d7e1030a0
Joomla Survey Manager 1.5.0 SQL Injection
Posted Sep 19, 2009
Authored by kaMtiEz | Site indonesiancoder.com

Joomla Survey Manager component version 1.5.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bbd3a4ddb1bca846385622baf657a229cca3c13ee21da1a0ebe58b7eaf7b853f
Xerver 4.32 Denial Of Service
Posted Sep 19, 2009
Authored by Dr_IDE

Xerver HTTP server version 4.32 suffers from a remote denial of service vulnerability.

tags | exploit, remote, web, denial of service
SHA-256 | 9c9327de27d1577ce15bcdec32ce35e2d171a741ef1d0327dc85b21a0d11478d
Ease Audio Cutter 1.20 Local Crash
Posted Sep 19, 2009
Authored by zAx

Easy Audio Cutter version 1.20 local crash proof of concept exploit that creates a malicious .wav file.

tags | exploit, local, proof of concept
SHA-256 | de3edf6b749226632d2f659d1496c04c485f6ec91726c7fc4f9f3241b0c5595c
Changetrack 4.3-3 Privilege Escalation
Posted Sep 19, 2009
Authored by Rick

Changetrack version 4.3-3 suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | 1a24316e8b2fab56fbbf912c6014e79a481b5a2ce5574ff448911085fa63e591
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close