accept no compromises
Showing 1 - 25 of 974 RSS Feed

Files Date: 2010-02-01 to 2010-02-28

ARISg5 5.0 Cross Site Scripting
Posted Feb 27, 2010
Authored by Yaniv Miron

ARISg5 version 5.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 31ee3b935deda43414876672e6c79328
DZ Erotik Auktionshaus 4 SQL Injection
Posted Feb 27, 2010
Authored by Easy Laster

DZ Erotik Auktionshaus version 4 suffers from a remote SQL injection vulnerability in news.php.

tags | exploit, remote, php, sql injection
MD5 | 0f804f73b5d2ea3e5ff9eecdefab7091
Introduction To Win32 Shellcoding
Posted Feb 27, 2010
Authored by corelanc0d3r

Exploit writing tutorial 9 - Introduction to Win32 shellcoding.

tags | paper, shellcode
systems | windows
MD5 | 88c08e525c05cb0d3cc94dba9f370c4b
Win32 Egg Hunting
Posted Feb 27, 2010
Authored by corelanc0d3r

Exploit writing tutorial 8 - Win32 Egg Hunting.

tags | paper
systems | windows
MD5 | 24791ef6ee26679f2fca3cf39ed2e919
Ubuntu Security Notice 905-1
Posted Feb 27, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 905-1 - It was discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation of Ubuntu. It was discovered that sudo did not reset group permissions when the 'runas_default' configuration option was used. A local attacker could exploit this to escalate group privileges if sudo was configured to allow the attacker to run commands under the runas_default account. The runas_default configuration option is not used in the default installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2010-0426, CVE-2010-0427
MD5 | 230ebfb801c7dd3050506c6006b4fd98
Orbital Viewer 1.04 SEH Overflow
Posted Feb 27, 2010
Authored by mr_me

Orbital Viewer version 1.04 local universal SEH overflow exploit that creates a malicious .orb file. Comes complete with calc.exe, reverse shell, and bind shell execution options.

tags | exploit, overflow, shell, local
advisories | CVE-2010-0688
MD5 | fd49ef64d5a4993d0bb0e61caf30d7fa
SyScan 10 Call For Papers
Posted Feb 26, 2010
Site syscan.org

SyScan 10 Call For Papers - The Symposium on Security for Asia Network aims to be a very different security conference from the rest of the security conferences that the information security community in Asia has come to be so familiar and frustrated with. SyScan is a non-product, non-vendor biased security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia. This year SyScan will be held in Singapore, Hangzhou, Taipei, and Ho Chi Minh City.

tags | paper, conference
MD5 | b36bfc0a19b213fb2138302474a4b007
Mandriva Linux Security Advisory 2010-050
Posted Feb 26, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-050 - This release fixes several important issues to help prevent a detection bypass and denial of service attacks against ModSecurity. Quite a few small but notable bugs were fixed. The latest Core Ruleset (2.0.5) is included. This update provides mod_security 2.5.12, which is not vulnerable to these issues.

tags | advisory, denial of service
systems | linux, mandriva
MD5 | 0fccabbaf71e2011697935542bdec54c
FileExecutive File Disclosure / Path Disclosure / Shell Upload
Posted Feb 26, 2010
Authored by ViRuSMaN

FileExecutive suffers from file disclosure, path disclosure, shell upload, edit administrator and add administrator vulnerabilities.

tags | exploit, shell, vulnerability, add administrator, file inclusion
MD5 | b7ed8f259efee49af9d97576f6dc9dab
getPlus Insufficient Domain Name Validation
Posted Feb 26, 2010
Authored by Yorick Koster | Site akitasecurity.nl

getPlus suffers from an insufficient domain name validation vulnerability. A new Adobe Download Manager was released that resolves this issue.

tags | advisory
advisories | CVE-2010-0189
MD5 | 3fdb375f69fdba6afb5d299261d069a8
Asterisk Project Security Advisory - AST-2010-003
Posted Feb 26, 2010
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Host access rules using permit= and deny= configurations behave unpredictably if the CIDR notation /0 is used. Depending on the system's behavior, this may act as desired, but in other cases it might not, thereby allowing access from hosts that should be denied.

tags | advisory
MD5 | 96b5d56898cb42ff746d93184ad1b2cd
Internet Explorer 6 / 7 / 8 winhlp32.exe Command Execution
Posted Feb 26, 2010
Authored by Maurycy Prodeus | Site isec.pl

Internet Explorer versions 6, 7, and 8 suffer from an arbitrary command execution vulnerability related to winhlp32.exe.

tags | exploit, arbitrary
MD5 | 0158712ac4432a59112c1e0a8612ac46
Cybershade CMS 0.2b Session Hijacking
Posted Feb 26, 2010
Authored by JosS | Site spanish-hackers.com

Cybershade CMS version 0.2b suffers from a session hijacking vulnerability.

tags | exploit
MD5 | 5ce2049ea26b2667d01fde43abb66140
Mandriva Linux Security Advisory 2010-049
Posted Feb 26, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-049 - sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2010-0426
MD5 | ce54f70bd3712518207c76a2bbe77157
Apache Tomcat Directory Traversal
Posted Feb 26, 2010
Authored by indoushka

Apache Tomcat versions 4.1.0 through 4.1.37 and 5.5.0 through 5.5.26 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | a27952fc15cbdbe3599544b288d2b98e
AtACimo RC2 Cross Site Scripting
Posted Feb 26, 2010
Authored by sniper ip

AtACimo release candidate 2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e1c16156cfc77aed46a8d861a87d9536
Openwall tcb Suite 1.0.5
Posted Feb 26, 2010
Site openwall.com

The tcb suite implements the alternative password shadowing scheme on Openwall GNU/*/Linux (Owl) which allows many core system utilities (passwd(1) being the primary example) to operate with little privilege. It is being made available separately from Owl primarily for use by other distributions. This package contains three core components of the tcb suite: pam_tcb (a PAM module which supersedes pam_unix), libnss_tcb (the accompanying NSS module), and libtcb (a library for accessing tcb shadow files, used by the PAM and NSS modules as well as by user management tools on Owl).

Changes: The .data section size has been reduced by 256 KB when tcb is compiled against Linux 2.6 kernel headers.
systems | linux
MD5 | f76081990891c19e529f00f4b9477546
John The Ripper 1.7.5
Posted Feb 26, 2010
Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, and BeOS. Its primary purpose is to detect weak Unix passwords, but a number of other hash types are supported as well.

Changes: Support for the use of --format along with --show or --make-charset has been added. The choice of .rec and .log filenames has been made more intuitive. A new numeric variable has been added to the rules engine. Various other fixes and additions have been made.
tags | cracker
systems | windows, unix, beos
MD5 | f9cf7c1da9e0e8202637950407442331
Comptel InstantLink Cross Site Scripting
Posted Feb 26, 2010
Authored by thebluegenius

The Comptel InstantLink system suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4e59a6d642da4b0d3b730c8ef9f437dd
Oracle Siebel Loyalty 8.1 Cross Site Scripting
Posted Feb 26, 2010
Authored by thebluegenius

Oracle Siebel Loyalty version 8.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4f969044b54609676819c812f0d962f4
Joomla JoomlaConnect_be SQL Injection
Posted Feb 26, 2010
Authored by Snakespc

The Joomla JoomlaConnect_be component suffers from a remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 32ce44e64c0359cb57c8d30f04c505ef
OpenSCAP Libraries 0.5.7
Posted Feb 26, 2010
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, and CVSS.

Changes: This release adds a new Debian dpkginfo probe, improved RHEL5 support, a new OVAL scanner commandline tool, Fedora 12 OVAL content, documentation updates, and lots of bugfixes.
tags | protocol, library
MD5 | 0c72fb5549f71ea095e0fe537f8030e8
Mandriva Linux Security Advisory 2010-048
Posted Feb 26, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-048 - Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. The updated packages have been patched to correct this issue.

tags | advisory, remote, web
systems | linux, mandriva
advisories | CVE-2010-0464
MD5 | 603ea6e56f052454b43c7ca0c358fcc1
RedBanc.cl Cross Site Scripting
Posted Feb 26, 2010
Authored by Zerial

RedBanc.cl, the Chilean ATM / banking network, suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 162ddb7ca4173c97ba8cdfdcbb5e025d
WebAdministrator Lite CMS SQL Injection
Posted Feb 26, 2010
Authored by Ariko-Security

WebAdministrator Lite CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5d6c72289d8abe0f322f9839127b6a0b
Page 1 of 39
Back12345Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close