what you don't know can hurt you
Showing 1 - 25 of 42 RSS Feed

Files Date: 2010-02-17

Joomla AllVideos 3.1 File Disclosure
Posted Feb 17, 2010
Authored by Mehul Revankar

The Joomla AllVideos plugin version 3.1 suffers from a remote file download vulnerability.

tags | exploit, remote, info disclosure
MD5 | db81c2cf3e02fe5df667c57d027a9eb5
Pixel Portal SQL Injection
Posted Feb 17, 2010
Authored by Pouya Daneshmand

Pixel Portal suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | fffe10a909e905071cb3d7ffccbeaa54
Cisco Security Advisory 20100217-csa
Posted Feb 17, 2010
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Management Center for Cisco Security Agents is affected by a directory traversal vulnerability and a SQL injection vulnerability. Successful exploitation of the directory traversal vulnerability may allow an authenticated attacker to view and download arbitrary files from the server hosting the Management Center. Successful exploitation of the SQL injection vulnerability may allow an authenticated attacker to execute SQL statements that can cause instability of the product or changes in the configuration. Additionally, the Cisco Security Agent is affected by a denial of service (DoS) vulnerability. Successful exploitation of the Cisco Security Agent agent DoS vulnerability may cause the affected system to crash. Repeated exploitation could result in a sustained DoS condition. These vulnerabilities are independent of each other.

tags | advisory, denial of service, arbitrary, vulnerability, sql injection
systems | cisco
advisories | CVE-2010-0146, CVE-2010-0147, CVE-2010-0148
MD5 | b4e8c445dc7e8829dccbc0c6897ea4f0
Joomla ACStartSeite SQL Injection
Posted Feb 17, 2010
Authored by AtT4CKxT3rR0r1ST

The Joomla ACStartSeite component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d49fec76357c4c804dcaa39f29e6bad8
Mandriva Linux Security Advisory 2010-039
Posted Feb 17, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-039 - Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-4274
MD5 | b41b8ea3dffaad962b79530bac6f8d27
bbNew SQL Injection
Posted Feb 17, 2010
Authored by Easy Laster

bbNew suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3babc5a2115de137c0859900e0c17bdf
Joomla ACTeamMember SQL Injection
Posted Feb 17, 2010
Authored by altbta

The Joomla ACTeamMember component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b9a10aed5a79959cebcc0d0f7178c5f3
Auktionshaus 4 SQL Injection
Posted Feb 17, 2010
Authored by Easy Laster

Auktionshaus version 4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6f3811fb3689fe111062d1e532041033
iTunes 9.0 Buffer Overflow
Posted Feb 17, 2010
Authored by S2 Crew

iTunes file handling local buffer overflow exploit that creates a malicious .pls file. Affects version 9.0 on Mac OS X.

tags | exploit, overflow, local
systems | apple, osx
advisories | CVE-2009-2817
MD5 | 0a4b0f2d9d0193d1fb1dc261334d1bc4
PHPIDS 0.4 Remote File Inclusion
Posted Feb 17, 2010
Authored by eidelweiss

PHPIDS version 0.4 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 2d588bb3c839b05992aed904f4b0560e
LPRng use_syslog Remote Format String Vulnerability
Posted Feb 17, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a format string vulnerability in the LPRng print server. This vulnerability was discovered by Chris Evans. There was a publicly circulating worm targeting this vulnerability, which prompted RedHat to pull their 7.0 release. They consequently re-released it as "7.0-respin".

tags | exploit, worm
systems | linux, redhat
advisories | CVE-2000-0917
MD5 | 6d35b4aae06d6486bf87ed8f10cfbfb4
BruCON 2010 Call For Papers
Posted Feb 17, 2010
Site brucon.org

The BruCON 2010 Call For Papers has been officially announced. It will be held in Brussels, Belgium from September 24th through the 25th, 2010.

tags | paper, conference
MD5 | 3eb0ad0c2813172e8d0b4286365eaa40
hplip hpssd.py From Address Arbitrary Command Execution
Posted Feb 17, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a command execution vulnerable in the hpssd.py daemon of the Hewlett-Packard Linux Imaging and Printing Project. According to MITRE, versions 1.x and 2.x before 2.7.10 are vulnerable. This Metasploit module was written and tested using the Fedora 6 Linux distribution. On the test system, the daemon listens on localhost only and runs with root privileges. Although the configuration shows the daemon is to listen on port 2207, it actually listens on a dynamic port. NOTE: If the target system does not have a 'sendmail' command installed, this vulnerability cannot be exploited.

tags | exploit, root
systems | linux, fedora
advisories | CVE-2007-5208
MD5 | 4619e503f656a7ac14ba62f0c9ddb880
Auktionshaus Gelb 3 SQL Injection
Posted Feb 17, 2010
Authored by Easy Laster

Auktionshaus Gelb version 3 suffers from a remote SQL injection vulnerability in news.php.

tags | exploit, remote, php, sql injection
MD5 | fbd8145f709cc417f43f72a5808d418d
Worldweaver DX Studio Player <= 3.0.29 shell.execute() Command Execution
Posted Feb 17, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a command execution vulnerability within the DX Studio Player from Worldweaver. The player is a browser plugin for IE (ActiveX) and Firefox (dll). When an unsuspecting user visits a web page referring to a specially crafted .dxstudio document, an attacker can execute arbitrary commands. Testing was conducted using plugin version 3.0.29.0 for Firefox 2.0.0.20 and IE 6 on Windows XP SP3. In IE, the user will be prompted if they wish to allow the plug-in to access local files. This prompt appears to occur only once per server host. NOTE: This exploit uses additionally dangerous script features to write to local files!

tags | exploit, web, arbitrary, local, activex
systems | windows, xp
advisories | CVE-2009-2011
MD5 | a5e34c10bb1819af3e1f8e7223de5072
Command Stager Web Test
Posted Feb 17, 2010
Authored by bannedit | Site metasploit.com

This Metasploit module tests the command stager mixin against a shell.jsp application installed on an Apache Tomcat server.

tags | exploit, shell
MD5 | ada76d6bfbb9d95a55fb2653d4f77994
Erotik Auktionshaus SQL Injection
Posted Feb 17, 2010
Authored by Easy Laster

Erotik Auktionshaus suffers from a remote SQL injection vulnerability in news.php.

tags | exploit, remote, php, sql injection
MD5 | 94087ebe60fa48351fe09e9951e127de
Samba "username map script" Command Execution
Posted Feb 17, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a command execution vulnerability in Samba versions 3.0.0 through 3.0.25rc3 when using the non-default "username map script" configuration option. By specifying a username containing shell meta characters, attackers can execute arbitrary commands. No authentication is needed to exploit this vulnerability since this option is used to map usernames prior to authentication!

tags | exploit, arbitrary, shell
advisories | CVE-2007-2447
MD5 | 46bfc03e288419f9bc5b3e7317a34c3b
uGround 1.0b SQL Injection
Posted Feb 17, 2010
Authored by Easy Laster

uGround versions 1.0b and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 565e533b143d97c6fcf59a866e40c3c7
Nabernet SQL Injection
Posted Feb 17, 2010
Authored by AtT4CKxT3rR0r1ST

Nabernet suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 4d081605ed4cc385827fcf58fa47eed2
Intuitive SQL Injection
Posted Feb 17, 2010
Authored by AtT4CKxT3rR0r1ST

Intuitive suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a5674b2d9ac99b2cf64f7edf97721807
Trusteer Rapport Security Circumvention
Posted Feb 17, 2010
Authored by Andrew Barkley

Trusteer Rapport fails to protect any of its install settings allowing for easy disabling.

tags | advisory
MD5 | 4f221e04dfc17b292e1ade60b1c1891a
Huawei HG510 Cross Site Request Forgery
Posted Feb 17, 2010
Authored by Ivan Markovic

Huawei HG510 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 36cc6d87e6025e4a41263302b54985dc
Secunia Security Advisory 38602
Posted Feb 17, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for mysql. This fixes multiple security issues and a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious users to cause a DoS (Denial of Service) and by malicious people to conduct script insertion attacks.

tags | advisory, denial of service, local
systems | linux, redhat
MD5 | 842ea06ca4da5759a247dcc6c364e7f3
Secunia Security Advisory 38604
Posted Feb 17, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for mysql. This fixes multiple vulnerabilities and a security issue, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious users to cause a DoS (Denial of Service) and by malicious people to conduct spoofing attacks.

tags | advisory, denial of service, local, spoof, vulnerability
systems | linux, redhat
MD5 | 048a290978286772e84e82b74d365fb7
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close