what you don't know can hurt you
Showing 1 - 25 of 76 RSS Feed

Files Date: 2010-01-07

JcomBand ActiveX Buffer Overflow
Posted Jan 7, 2010
Authored by D3V!L FucK3r, germaya_x

JcomBand Toolbar version 2.5 on Internet Explorer Active-X buffer overflow proof of concept exploit that spawns calc.exe.

tags | exploit, overflow, activex, proof of concept
MD5 | 2c65dc2a826f7c27345021073b900773
Zero Day Initiative Advisory 10-01
Posted Jan 7, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-01 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell iManager. Authentication is not required to exploit this vulnerability. The flaw exists in an application called by the iManager in order to handle importing/exporting of schema information. While importing/exporting from the schema, the sub-application fails to validate the length of its arguments while copying user-supplied data into statically allocated stack buffer. This can result in code execution under the privileges of the application.

tags | advisory, arbitrary, code execution
advisories | CVE-2009-4486
MD5 | 26747b5c0ae95b611556d82ee81a3ab2
TTPlayer 5.6Beta3 Denial Of Service
Posted Jan 7, 2010
Authored by t-bag

TTPlayer version 5.6Beta3 denial of service proof of concept exploit that creates a malicious .m3u file.

tags | exploit, denial of service, proof of concept
MD5 | 8a8f80122ed4233530ae4d3581d136b4
Read Excel 1.1 Shell Upload
Posted Jan 7, 2010
Authored by Yozgat.Us | Site yozgat.us

Read Excel version 1.1 suffers from a shell upload vulnerability.

tags | exploit, shell
MD5 | 79b98ca99bca85cf50afc007060992a7
Gridcc Script 1.0 Cross Site Scripting / SQL Injection
Posted Jan 7, 2010
Authored by R3d-D3v!L

Gridcc version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | a10dd902462c531120f441628613db82
Calendarix 0.7 Cross Site Scripting / Remote File Inclusion / SQL Injection
Posted Jan 7, 2010
Authored by TriCk

Calendarix version 0.7 suffers from cross site scripting, remote file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection, file inclusion
MD5 | d3308b2221d743fb8c433a3e7100f865
Match Agency Biz Cross Site Scripting
Posted Jan 7, 2010
Authored by R3d-D3v!L

Match Agency Biz suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 160ce980bea90c6cae30bdb552476df0
Cbse Class IV 1.0 Cross Site Scripting
Posted Jan 7, 2010
Authored by R3d-D3v!L

Cbse Class IV version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1529b60c7c74e2a5999b1f8f7ca00ae3
CopyWrite CMS 1.0 Cross Site Scripting
Posted Jan 7, 2010
Authored by R3d-D3v!L

CopyWrite CMS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6fca81c42f4d3a57bd248ce52409ffa4
Debian Linux Security Advisory 1967-1
Posted Jan 7, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1967-1 - Dan Rosenberg discovered that Transmission, a lightwight client for the Bittorrent filesharing protocol performs insufficient sanitising of file names specified in .torrent files. This could lead to the overwrite of local files with the privileges of the user running Transmission if the user is tricked into opening a malicious torrent file.

tags | advisory, local, protocol
systems | linux, debian
advisories | CVE-2010-0012
MD5 | e79878e82b0c8456e3ab0d9e82557fef
dotProject 2.1.3 Cross Site Scripting
Posted Jan 7, 2010
Authored by Justin C. Klein Keane

dotProject version 2.1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 925bb8c71c0569143c4bb5325141a21d
TPO Duyuru Insecure Cookie Handling
Posted Jan 7, 2010
Authored by Septemb0x | Site cyber-warrior.org

TPO Duyuru Scripti suffers from an insecure cookie handling vulnerability.

tags | exploit, insecure cookie handling
MD5 | a5f853c973c622570c599653b22e0ffd
SNadd Beta Cross Site Request Forgery
Posted Jan 7, 2010
Authored by Septemb0x | Site cyber-warrior.org

SNadd Beta suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 6df176c5f187324b7b783d3eb139c4db
VMware Security Advisory 2010-0001
Posted Jan 7, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - Service console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR) are updated to versions nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This patch fixes several security issues in the service console packages for NSS and NSPR.

tags | advisory
advisories | CVE-2009-2409, CVE-2009-2408, CVE-2009-2404, CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3380, CVE-2009-3382
MD5 | 35db47ed4bf8e21e78243971ea73fd74
FreeBSD Security Advisory - ZFS Insecure Permissions
Posted Jan 7, 2010
Site security.freebsd.org

FreeBSD Security Advisory - When replaying setattr transaction, the replay code in ZFS Intent Log would set the attributes with certain insecure defaults, when the logged transaction did not touch these attributes. A system crash or power fail would leave some file with mode set to 07777. This could leak sensitive information or cause privilege escalation.

tags | advisory
systems | freebsd
MD5 | 2a67eb6021b942c6c0fd652d8550c8a2
SearchFit PowerSearch Cross Site Scripting
Posted Jan 7, 2010
Authored by kaMtiEz | Site indonesiancoder.com

SearchFit PowerSearch suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 157241c06a62efaa72955e376a6c68d8
Mandriva Linux Security Advisory 2009-300
Posted Jan 7, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-300 - The Apache HTTP Server enables the HTTP TRACE method per default which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. This update provides a solution to this vulnerability. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

tags | advisory, remote, web, xss
systems | linux, mandriva
advisories | CVE-2009-2823
MD5 | 42b94f0a2ded687363fad43c92363120
AutoIndex PHP Script Directory Traversal
Posted Jan 7, 2010
Authored by R3d-D3v!L

AutoIndex PHP Script suffers from a directory traversal vulnerability.

tags | exploit, php, file inclusion
MD5 | 7c76272ff46eed79e9671c5a2f1332d8
Kantaris 0.5.6 Denial Of Service
Posted Jan 7, 2010

Kantaris version 0.5.6 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 3022878d43a13d477dda323ff1977606
FreeBSD Security Advisory - ntpd Denial Of Service
Posted Jan 7, 2010
Site security.freebsd.org

FreeBSD Security Advisory - If ntpd receives a mode 7 (MODE_PRIVATE) request or error response from a source address not listed in either a 'restrict ... noquery' or a 'restrict ... ignore' section it will log the even and send a mode 7 error response. If an attacker can spoof such a packet from a source IP of an affected ntpd to the same or a different affected ntpd, the host(s) will endlessly send error responses to each other and log each event, consuming network bandwidth, CPU and possibly disk space.

tags | advisory, spoof
systems | freebsd
advisories | CVE-2009-3563
MD5 | 3c29961c0b015462befccbfa761fa138
Mandriva Linux Security Advisory 2009-300
Posted Jan 7, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-300 - The Apache HTTP Server enables the HTTP TRACE method per default which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. This update provides a solution to this vulnerability. The wrong package was uploaded for 2009.1. This update addresses that problem.

tags | advisory, remote, web, xss
systems | linux, mandriva
advisories | CVE-2009-2823
MD5 | 5646335a510afbcb073b2246e3310de4
Joomla Regional Booking Blind SQL Injection
Posted Jan 7, 2010
Authored by Hussin X

The Joomla Regional Booking component suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 854fee0a99a7d390d2a594c37d157daa
Debian Linux Security Advisory 1966-1
Posted Jan 7, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1966-1 - Several vulnerabilities have been found in horde3, the horde web application framework.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2009-3237, CVE-2009-3701, CVE-2009-4363
MD5 | 66e93b919df3ce26e54b28755653fefc
Quick Player 1.2 Unicode Buffer Overflow
Posted Jan 7, 2010
Authored by sinn3r

Quick Player version 1.2 unicode buffer overflow exploit that binds a shell to port 4444 and creates a malicious .m3u file.

tags | exploit, overflow, shell
MD5 | 49a1f08defb5c62cae022f9bc97b7f0f
FreeBSD Security Advisory - BIND named Cache Poisoning
Posted Jan 7, 2010
Site security.freebsd.org

FreeBSD Security Advisory - BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. DNS Security Extensions (DNSSEC) provides data integrity, origin authentication and authenticated denial of existence to resolvers. If a client requests DNSSEC records with the Checking Disabled (CD) flag set, BIND may cache the unvalidated responses. These responses may later be returned to another client that has not set the CD flag.

tags | advisory, protocol
systems | freebsd
advisories | CVE-2009-4022
MD5 | 02ddb5c2c1012a828b2639d5d7f46626
Page 1 of 4
Back1234Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close