exploit the possibilities
Showing 1 - 25 of 70 RSS Feed

Files Date: 2009-12-07

gAlan Buffer Overflow
Posted Dec 7, 2009
Authored by Jeremy Brown | Site jbrownsec.blogspot.com

gAlan buffer overflow 0-day exploit. Spawns a shell on port 4444.

tags | exploit, overflow, shell
MD5 | 264cb70a25bbfdc3b2131463f247cad2
Polipo 1.0.4 Remote Memory Corruption
Posted Dec 7, 2009
Authored by Jeremy Brown | Site jbrownsec.blogspot.com

Polipo version 1.0.4 remote memory corruption 0-day proof of concept exploit.

tags | exploit, remote, proof of concept
MD5 | 51d1939bf82489772ecc54f6205ca35c
HTML Help Workshop 4.74 Buffer Overflow
Posted Dec 7, 2009
Authored by Encrypt3d.M!nd, loneferret | Site metasploit.com

This Metasploit module exploits a stack overflow in HTML Help Workshop 4.74. By creating a specially crafted hhp file, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
MD5 | 8716d118fb1328c2ed0ecd8a12ae8cc1
Metasploit Framework 3.3.1
Posted Dec 7, 2009
Authored by H D Moore | Site metasploit.com

The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

Changes: This release provides initial integration with Rapid7 NeXpose and fixes approximately 25 bugs. The Windows installer now bundles Nmap 5.10BETA1.
tags | tool, ruby
systems | unix
MD5 | 460b07be583d2c25f2a4405551aab020
XAMPP 1.7.2 Administrative Bypass
Posted Dec 7, 2009
Authored by bi0

The page used to change the administrative password in XAMPP version 1.7.2 has no access restrictions in place.

tags | exploit
MD5 | 68cafb0ccbc83fdaae8e85c670bdd3ea
Debian Linux Security Advisory 1947-1
Posted Dec 7, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1947-1 - Matt Elder discovered that Shibboleth, a federated web single sign-on system is vulnerable to script injection through redirection URLs.

tags | advisory, web
systems | linux, debian
advisories | CVE-2009-3300
MD5 | 0394d7547f9a06667696699e13cd6942
Illogator Shop Cross Site Scripting
Posted Dec 7, 2009
Authored by nojacipka4

Illogator Shop suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | d3235b44a9f8d977ec46c96dfe0fa6c1
Mozilla Firefox JavaScript Issues
Posted Dec 7, 2009
Authored by Topsec

Mozilla Firefox suffers from spoofing and race conditions in relation to JavaScript functionality.

tags | advisory, spoof, javascript
advisories | CVE-2009-4129, CVE-2009-4130
MD5 | 92900e1949d7f6946c937bea3d8cb77b
Ubuntu Security Notice 865-1
Posted Dec 7, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 865-1 - Michael Sinatra discovered that Bind did not correctly validate certain records added to its cache. When DNSSEC validation is in use, a remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.

tags | advisory, remote, web, spoof
systems | linux, ubuntu
advisories | CVE-2009-4022
MD5 | 27343673be619412f8a2ddbe730fe047
Chipmunk Newsletter Cross Site Scripting
Posted Dec 7, 2009
Authored by mr_me

Chipmunk Newsletter suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 650c67e5ddc4c6665e58299462c0c4a2
iWeb HTTP Server Directory Traversal
Posted Dec 7, 2009
Authored by mr_me

The iWeb HTTP server suffers from a directory traversal vulnerability.

tags | exploit, web, file inclusion
MD5 | 3087a4bde9ef769977aa8da9e8dbbc97
MarieCMS 0.9 LFI / RFI / XSS
Posted Dec 7, 2009
Authored by Amol Naik

MarieCMS version 0.9 suffers from local file inclusion, remote file inclusion, and cross site scripting vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, xss, file inclusion
MD5 | 1acf6570f2362c1d838d486ae0505803
CoreHTTP 0.5.3.1 Buffer Overflow
Posted Dec 7, 2009
Authored by Patroklos Argyroudis | Site census-labs.com

CoreHTTP (up to and including version 0.5.3.1) employs an insufficient input validation method for handling HTTP requests with invalid method names and URIs. Specifically, the vulnerability is an off-by-one buffer overflow in the sscanf() call at file src/http.c line numbers 45 and 46.

tags | advisory, web, overflow
advisories | CVE-2009-3586
MD5 | b1fc405a23881cb5dd981fce48a6ca50
Advanced Image Hosting 2.2 XSS
Posted Dec 7, 2009
Authored by aBo MoHaMeD | Site v4-team.net

Advanced Image Hosting version 2.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 071b6c98d502bc6bd270e52ed62d9b15
VLC Media Player 1.0.3 smb:// Stack Overflow
Posted Dec 7, 2009
Authored by Dr_IDE

Proof of concept exploit for the VLC Media Player version 1.0.3 smb:// URI handling stack overflow vulnerability.

tags | exploit, overflow, proof of concept
MD5 | f86bc49579441746b2a0df8cbb832df3
IDEAL Administration 2009 9.7 Local Buffer Overflow
Posted Dec 7, 2009
Authored by Dr_IDE

Local buffer overflow exploit for IDEAL Administration 2009 version 9.7 that creates a malicious .ipj file that binds a shell to port 4444.

tags | exploit, overflow, shell, local
MD5 | 42da86b422df3846575f640087501464
Elkagroup SQL Injection
Posted Dec 7, 2009
Authored by SadHaCkEr | Site tryag.cc

Software from Elkagroup appears to suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2f34e0bfd66bcc42607308ae5c7f2471
PhpShop 0.8.1 SQL Injection / XSS / XSRF
Posted Dec 7, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

PhpShop version 0.8.1 suffers from remote SQL injection, blind SQL injection, cross site scripting, and cross site request forgery vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | 3256962719f34b305a82d435760fa678
SShutout Log File Monitor 1.0.6
Posted Dec 7, 2009
Authored by Bil DuPree | Site techfinesse.com

sshutout is a daemon that periodically monitors log files, looking for multiple failed login attempts via the Secure Shell daemon. The daemon is meant to mitigate what are commonly known as "dictionary attacks," i.e. scripted brute force attacks that use lists of user IDs and passwords to effect unauthorized intrusions. The sshutout daemon blunts such attacks by creating firewall rules to block individual offenders from accessing the system. These rules are created when an attack signature is detected, and after a configurable expiry interval has elapsed, the rules are deleted.

Changes: This release fixes improper calls to open(). It increases the size of the line buffer used to read the configuration file. This allows for longer whitelists. It detects "UNKNOWN USER" signatures.
tags | shell, encryption
MD5 | 0d699bef09cf16a9c921181c19028abe
AROUNDMe 1.1 Remote File Inclusion
Posted Dec 7, 2009
Authored by cr4wl3r

AROUNDMe versions 1.1 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | c6d8ce2520f26d45d4524f091453ac18
Joomla YOOOtheme Cross Site Scripting
Posted Dec 7, 2009
Authored by andresg888 | Site bl4ck-p0rtal.org

The Joomla YOOOtheme component suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 0e7ae4c19da8b370d82d81c52ce3570f
Mandriva Linux Security Advisory 2009-326
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-326 - Multiple vulnerabilities has been found and corrected in mysql. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides fixes for this vulnerability.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-3963, CVE-2008-4098, CVE-2008-4456, CVE-2009-2446
MD5 | 26aee919fda962da30ae10ad393b57b8
Mandriva Linux Security Advisory 2009-325
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-325 - ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, ruby
systems | linux, mandriva
advisories | CVE-2009-0642, CVE-2009-1904
MD5 | d1801ae070b0338585927f225181773a
Mandriva Linux Security Advisory 2009-199
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-199 - Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412. This update provides a solution to this vulnerability and in turn upgrades subversion where possible to provide additional features and upstream bugfixes and adds required dependencies where needed. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, overflow, arbitrary
systems | linux, windows, mandriva
advisories | CVE-2009-2411
MD5 | af631787146035699121666af3cff601
Mandriva Linux Security Advisory 2009-324
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-324 - Multiple vulnerabilities was discovered and corrected in php. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2008-7068, CVE-2009-1271, CVE-2009-2687, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3546, CVE-2009-3557, CVE-2009-3558, CVE-2009-4017, CVE-2009-4018
MD5 | a89c4f4f4309a00aad6d14aaf7b52bda
Page 1 of 3
Back123Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    1 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    27 Files
  • 11
    Aug 11th
    11 Files
  • 12
    Aug 12th
    11 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close