exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2010-01-16

LetoDMS Local File Inclusion / Cross Site Request Forgery
Posted Jan 16, 2010
Authored by Daniel Fabian, Lukas Weichselbaum | Site sec-consult.com

LetoDMS versions 1.7.2 and below suffer from cross site request forgery and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
SHA-256 | c9b6e49cdbd9d24344a2e48a4b49a02dfc63f27df1f1c9790f6bea3a57ed26ab
Adobe Acrobat / Reader U3D Integer Overflow
Posted Jan 16, 2010
Authored by Nicolas Joly | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability affecting Adobe Acrobat and Reader. This vulnerability is caused by an integer overflow error in the U3D module when processing malformed data, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document. Versions 9.2 and below are affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-3959
SHA-256 | 1aa7c92056fdf6a92efa15fd83bcd82f7d102180f06fa7e2c1d656f2e3562927
Mandriva Linux Security Advisory 2010-009
Posted Jan 16, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-009 - The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. The updated packages have been patched to correct this issue.

tags | advisory, remote, php, xss
systems | linux, mandriva
advisories | CVE-2009-4142
SHA-256 | d1aeec67eec6887d76ca8f55deb110bf96caf2a2d7dc196f59f2420f47db0f9a
Joomla Uploader Shell Upload
Posted Jan 16, 2010
Authored by wlhaan Hacker

The Joomla Uploader component suffers from a shell upload vulnerability.

tags | exploit, shell
SHA-256 | e7a8ed914533ab8f44032d020abc9b1b5b343b92089b00cef55695849f9bd0db
Testlink TestManagement And Execution System Directory Traversal
Posted Jan 16, 2010
Authored by Prashant Khandelwal

Testlink TestManagement and Execution System suffers from directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion
SHA-256 | 83f339bed5abb1597662d74924888afa7fdc10c709333f7bf52d46be82a6cbe1
Testlink TestManagement And Execution System Cross Site Scripting
Posted Jan 16, 2010
Authored by Prashant Khandelwal

Testlink TestManagement and Execution System suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 8a208e2fc273c56399bdd1d85eaf21d90d1e06ad4d3f4357aba6e056b9c2bfd1
AthCon IT Call For Papers
Posted Jan 16, 2010
Site athcon.org

AthCon IT 2010 Call For Papers - This year the conference will take place in the Jockey's Country Club in Athens, Greece from June 3rd through the 4th, 2010.

tags | paper, conference
SHA-256 | aead2e21aa94d19811388ae9a86da1994a771a8921eb3a3aefcd6378e27670e1
Funk Gallery Cross Site Scripting
Posted Jan 16, 2010
Authored by LionTurk

Funk Gallery suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2693d7cb467c2c79d91050cdd91539afa12a10c282b339895ea1a798f93e07a0
Mandriva Linux Security Advisory 2010-008
Posted Jan 16, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-008 - The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.

tags | advisory, remote, php, xss
systems | linux, mandriva
advisories | CVE-2009-2626, CVE-2009-4142
SHA-256 | c5438a6562ebbc112246d9acf0442254a06cf7b21ae5ccf722fd2dc399400237
Packet Sniffing Whitepaper
Posted Jan 16, 2010
Site datairan.ir

This is a whitepaper called Packet Sniffing. Written in Persian.

tags | paper
SHA-256 | 28f05e70d4182aed3be7382328c2b3298d5cea3b1f552305a53bab3386bf7486
Mandriva Linux Security Advisory 2010-007
Posted Jan 16, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-007 - The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465. The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. The updated packages have been patched to correct these issues.

tags | advisory, remote, php, xss
systems | linux, mandriva
advisories | CVE-2007-5898, CVE-2009-2626, CVE-2009-4142
SHA-256 | a5e30a5cb2e7c44e5f7ca9485bed9a3fcf2dedcd62d54e21bee5b2d8140cdbab
Microsoft Animated Cursor .ANI Buffer Overflow
Posted Jan 16, 2010
Authored by Jacky

Microsoft Animated Cursor .ANI buffer overflow exploit written in Perl.Works on Windows XP SP2.

tags | exploit, overflow, perl
systems | windows
SHA-256 | 43aede19b0ac28f7f9411fea3b80041598e5233b0d8a97c97ff5aec340e5f6f5
OtsTurntables Free 1.00.047 SEH Overwrite
Posted Jan 16, 2010
Authored by Darkb0x | Site nullarea.net

OtsTurntables Free version 1.00.047 SEH overwrite exploit that generates a malicious .ofl file.

tags | exploit
SHA-256 | a7fdaa109e8fe81be46cdfcc3fb8311010c5f4907dea08453866bcf33b38e502
AB Micrologix Denial Of Service / Unauthorized Access
Posted Jan 16, 2010
Authored by Eyal Udassin | Site c4-security.com

Micrologix 1100 and 1400 controllers suffer from multiple vulnerabilities that allow unauthorized control of the PLC. Details of these vulnerabilities will be disclosed only to legitimate parties such as asset owners (utilities), after receiving the approval of the local CERT or any other local official entity.

tags | advisory, local, vulnerability
SHA-256 | 488ad569c5cecbf68d458ed4c08071d485ed70de51bbe59a8bd1260aa745c3cb
Surge FTP Admin Web Module Directory Traversal
Posted Jan 16, 2010
Authored by indoushka

Surge FTP's administrative web interface suffers from an Apache Tomcat 5.5.26 directory traversal vulnerability.

tags | exploit, web, file inclusion
SHA-256 | 5aa049891604b9dfa07b7722c2d65d120db87b6fa8bce970aa60b60c0e9d479d
Linux/x86 Overwrite MBR With LOL Shellcode
Posted Jan 16, 2010
Authored by root@thegibson

43 bytes small Linux/x86 MBR overwrite code that hits /dev/sda with LOL!

tags | x86, shellcode
systems | linux
SHA-256 | d5781e68ae3254e63aa024d28c5fa3b8bb4003a050b6fe75afadc434a7289359
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close