what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 78 RSS Feed

Files Date: 2009-12-21

Reading Mission Control Data Out Of Predator Drone Video Feeds
Posted Dec 21, 2009
Authored by Kingcope

Whitepaper called Reading Mission Control Data out of Predator Drone video feeds.

tags | paper
SHA-256 | 893c57808e275c209ff64f32529d4b5bf791b0ffdab61822c6d1f5362740359a
Joomla Hot Brackets Blind SQL Injection
Posted Dec 21, 2009
Authored by Fl0riX

The Joomla Hot Brackets component suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5650b3d67178c479b08111cf70529535b6db9b7636933f8b60e0c9e455c1e28b
PHPhotoalbum Shell Upload
Posted Dec 21, 2009
Authored by wlhaan Hacker

PHPhotoalbum suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 3bc070465e2c256fbeba1e5de7276923283dd12afa0f965a6d23d931f4170d7e
Gentoo Linux Security Advisory 200912-2
Posted Dec 21, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 200912-2 - Multiple vulnerabilities have been discovered in Rails, the worst of which leading to the execution of arbitrary SQL statements. Versions less than 2.2.2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2007-5380, CVE-2007-6077, CVE-2008-4094, CVE-2008-7248, CVE-2009-2422, CVE-2009-3009, CVE-2009-3086, CVE-2009-4214
SHA-256 | 16d8e364cfb92aed20ead8b90f7ddfb138996017dcb068bdfb6e381ed4b6eee8
Debian Linux Security Advisory 1960-1
Posted Dec 21, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1960-1 - It was discovered that acpid, the Advanced Configuration and Power Interface event daemon, on the oldstable distribution (etch) creates its log file with weak permissions, which might expose sensible information or might be abused by a local user to consume all free disk space on the same partition of the file.

tags | advisory, local
systems | linux, debian
advisories | CVE-2009-4235
SHA-256 | b36c83cc4622b6c42cb7aae2e6218e1d4abe11792e90f00c5524d35ac47bdb56
Ultimate Uploader 1.3 Shell Upload
Posted Dec 21, 2009
Authored by Master Mind

Ultimate Uploader version 1.3 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 2f4ed31e4cfbbbcc8518a1ed22f7d8a6f0f0f927bdded10ebb3d19f5e5475761
Pre Hotels And Resorts Management System SQL Injection
Posted Dec 21, 2009
Authored by Packetdeath | Site ssteam.ws

Pre Hotels and Resorts Management System suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | ccd917de16ae006850643af05572a502b28ab5ee8e16c9aa5a745eff9ef5628a
Social Web CMS XSS / XSRF
Posted Dec 21, 2009
Authored by cp77fk4r

Social Web CMS suffers from cross site scripting, cross site request forgery, path disclosure, and user redirection vulnerabilities.

tags | exploit, web, vulnerability, xss, csrf
SHA-256 | 96aba5ca15438fb64f35e68876edbc31b755dc427af8b72e6102712e9107cef1
GNU SIP Witch Telephony Server 0.5.12
Posted Dec 21, 2009
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: This release includes a rewrite of the user profile and SIP account system to help converge with system users. Man pages have been added to document all binaries. Support has been added for for user agents (such as telepathy) that communicate from ephemeral ports. Fully automatic subnet detection is supported. A fix was added for receiving inbound anonymous callers.
tags | telephony, protocol
SHA-256 | 55fed35a489fd20b949dbddcc1d479e67e92fa7be948202c058b1d4eae10476b
webCocoon's simpleCMS SQL Injection
Posted Dec 21, 2009
Authored by YNFAZCI

webCocoon's simpleCMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d31e6a1484406d78aa86a9addd59ae046219a84f49ad87d1b82846afa2de30bd
Debian Linux Security Advisory 1959-1
Posted Dec 21, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1959-1 - It was discovered that ganeti, a virtual server cluster manager, does not validate the path of scripts passed as arguments to certain commands, which allows local or remote users (via the web interface in versions 2.x) to execute arbitrary commands on a host acting as a cluster master.

tags | advisory, remote, web, arbitrary, local
systems | linux, debian
advisories | CVE-2009-4261
SHA-256 | 9de7728afbdb40275675ed1ab9d19384cb604d7333cdcd1f40f042ca1954497f
Simple Machines Forum 1.1.11 Cross Site Scripting
Posted Dec 21, 2009
Authored by IRCRASH | Site ircrash.com

SMF, or Simple Machines Forum, version 1.1.11 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 005540bee47c80baaed467e87a87cbb5c0707ee839dbf4a5bed5a359ba9d9b07
Angelo-emlak 1.0 Database Disclosure
Posted Dec 21, 2009
Authored by LionTurk

Angelo-emlak version 1.0 suffers from a remote database disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | 814e0afd4a1ddeefeec9b4ac71b19940f80d74bb461be15a18b23635bb251dea
Ubuntu Security Notice 874-1
Posted Dec 21, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 874-1 - Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox. If an NTLM authenticated user visited a malicious website, a remote attacker could send requests to other applications, authenticated as the user. Jonathan Morgan discovered that Firefox did not properly display SSL indicators under certain circumstances. This could be used by an attacker to spoof an encrypted page, such as in a phishing attack. Jordi Chancel discovered that Firefox did not properly display invalid URLs for a blank page. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. David Keeler, Bob Clary, and Dan Kaminsky discovered several flaws in third party media libraries. If a user were tricked into opening a crafted media file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, remote, denial of service, arbitrary, spoof, javascript
systems | linux, ubuntu
advisories | CVE-2009-3388, CVE-2009-3389, CVE-2009-3979, CVE-2009-3980, CVE-2009-3982, CVE-2009-3983, CVE-2009-3984, CVE-2009-3985, CVE-2009-3986
SHA-256 | 4ce1761d16df1c6ee9f51786f7a5bcc1315bd2c5e16f07360499c7f71471f4ab
Kasseler CMS 1.3.4 Lite Cross Site Scripting
Posted Dec 21, 2009
Authored by Gamoscu

Kasseler CMS version 1.3.4 Lite suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 94e73185b09ae4f60617fd8dda65b16c7b7c1f4f3e366c79f8fea63302e418ea
Absolute Shopping Cart SQL Injection
Posted Dec 21, 2009
Authored by Gamoscu

Absolute Shopping Cart suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b873650bd9f6d5f98665d33f1abeb585ace5284a0668f238107491a23d73d34f
PDQ Script 1.0 SQL Injection
Posted Dec 21, 2009
Authored by R3d-D3v!L

PDQ Script version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 378c6da640ba72ce6e079db9a17be0cf4bdbae691e8fc19b8f3e269a81e4c2de
Ubuntu Security Notice 873-1
Posted Dec 21, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 873-1 - Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox. If an NTLM authenticated user visited a malicious website, a remote attacker could send requests to other applications, authenticated as the user. Jonathan Morgan discovered that Firefox did not properly display SSL indicators under certain circumstances. This could be used by an attacker to spoof an encrypted page, such as in a phishing attack. Jordi Chancel discovered that Firefox did not properly display invalid URLs for a blank page. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack.

tags | advisory, remote, denial of service, arbitrary, spoof, javascript
systems | linux, ubuntu
advisories | CVE-2009-3979, CVE-2009-3981, CVE-2009-3983, CVE-2009-3984, CVE-2009-3985, CVE-2009-3986
SHA-256 | 8eaaba6dc798f53aa0cfdc9af6581d1658b9863011229fab65c636d57a06a8dc
HP OpenView Data Protector Cell Manager Heap Overflow
Posted Dec 21, 2009
Authored by Pedram Amini | Site dvlabs.tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Cell Manager Database Service, rds.exe, which binds to TCP port 1530.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2007-2281
SHA-256 | b35ddf22dfed2acfe23b890459bbb716db5b8a870f760c3daf55fac1b650ebad
Simplicity Of Upload 1.3.2 Shell Upload
Posted Dec 21, 2009
Authored by Master Mind

Simplicity Of Upload version 1.3.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 64b4697da7f8e272253f2c5eb9a01f1118c6e51122c6d072ab70f6bbae0cb29c
Advanced Biz Limited 1.0 SQL Injection
Posted Dec 21, 2009
Authored by PaL-D3v1L

Advanced Biz Limited versions 1.0 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 2be082a74f4110a8e5e426fdd7f9b495d5588cdb8651e2a21af4066a73984172
Explorer 7.20 Cross Site Scripting
Posted Dec 21, 2009
Authored by Metropolis

Explorer version 7.20 RC1 revision A suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3ce1da83732891b15c50124372e4da9f3a6226565203b6cb0c2c688128c32dd9
Ignition 1.2 Local File Inclusion
Posted Dec 21, 2009
Authored by cOndemned | Site condemned.r00t.la

Ignition version 1.2 suffers from multiple local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | fdbc2d80885ba37e6b668de4f279d116a36bffda8d03f70cdc0ba7b88075e5f9
Pandora FMS Monitoring Application SQL Injection
Posted Dec 21, 2009
Authored by Global-Evolution

The Pandora FMS monitoring application versions 2.1.x and 3.x suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b7bcb28f0cc3d2df0c21443a57cadde9039cdae2fb82858de85923652e70a42c
8pixel.net 2009 Database Disclosure
Posted Dec 21, 2009
Authored by LionTurk

8pixel.net 2009 suffers from a remote database disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | 2c80584a091671d1025df33cb89273b99f85f14ebe015eb414d28e6025b6cd62
Page 1 of 4
Back1234Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    36 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close