exploit the possibilities
Showing 1 - 25 of 94 RSS Feed

Files Date: 2010-04-15

Joomla Deluxe Blog Factory 1.1.2 Local File Inclusion
Posted Apr 15, 2010
Authored by AntiSecurity

The Joomla Deluxe Blog Factor version 1.1.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 528c89df49b2ddb5ebdc719b4e4c2d82
Joomla BeeHeard Lite 1.0 Local File Inclusion
Posted Apr 15, 2010
Authored by AntiSecurity

The Joomla BeeHeard Lite component version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 570e9fa7ce4213eade0352596337ba80
Mandriva Linux Security Advisory 2010-073
Posted Apr 15, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-073 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues. Packages for Mandriva Linux 2010.0 was missing with MDVSA-2010:073. This advisory provides packages for 2010.0 as well.

tags | advisory, remote, web, denial of service, local, xss
systems | linux, mandriva
advisories | CVE-2009-2820, CVE-2009-3553, CVE-2010-0302, CVE-2010-0393
MD5 | 0db35867e73b4b83c2d0f3301bd147e1
Mandriva Linux Security Advisory 2010-073
Posted Apr 15, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-073 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, denial of service, local, xss
systems | linux, mandriva
advisories | CVE-2009-2820, CVE-2009-3553, CVE-2010-0302, CVE-2010-0393
MD5 | 7e60061778ace181fb5c9ccd13cb4be5
Cisco Security Advisory 20100414-csd
Posted Apr 15, 2010
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Secure Desktop contains a vulnerable ActiveX control that could allow an attacker to execute arbitrary code with the privileges of the user who is currently logged into the affected system. Cisco has released a free software update that addresses this vulnerability.

tags | advisory, arbitrary, activex
systems | cisco
MD5 | b288bccd8be55ef39e3e44fa7f93c100
RJ-iTop Network Vulnerability Scanner SQL Injection
Posted Apr 15, 2010
Authored by Shennan Wang

RJ-iTop Network Vulnerability Scanner System version 3.0.7.x suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | bc6699ee7f9314e4787cc4b0fefd3e5b
6 Bytes DoS-Badget-Game Shellcode
Posted Apr 15, 2010
Authored by Magnefikko

6 bytes small DoS-Badget-Game shellcode.

tags | shellcode
MD5 | 2175a0ea2479fae266085584f5edd85f
25 Bytes execve("/bin/sh") Shellcode
Posted Apr 15, 2010
Authored by Magnefikko

25 bytes small execve("/bin/sh") shellcode.

tags | shellcode
MD5 | 2ba60ee0347bded39f02211bb6fa75df
36 Bytes chmod("/etc/shadow",0666) Shellcode
Posted Apr 15, 2010
Authored by Magnefikko

36 bytes small chmod("/etc/shadow",0666) shellcode.

tags | shellcode
MD5 | 69187d88cc380a9929614ace606840eb
Mandriva Linux Security Advisory 2010-072
Posted Apr 15, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-072 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, local, xss
systems | linux, mandriva
advisories | CVE-2009-2820, CVE-2010-0393
MD5 | f6fe7b75c2c9690d3b7b1a009123a45c
School Management System Pro 6.0.0 Backup Disclosure
Posted Apr 15, 2010
Authored by indoushka

School Management System Pro version 6.0.0 suffers from a backup disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 293c869e1f13f452c834e2fa45778f85
Almnzm 2.1 SQL Injection
Posted Apr 15, 2010
Authored by NeX HaCkeR

Almnzm 2.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ad589e6399f0fbafc169225e3a26af55
Bild Flirt 1.0 SQL Injection
Posted Apr 15, 2010
Authored by Easy Laster

Bild Flirt versions 1.0 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f7163d28c00f32aaaffff051804760a3
Bild Flirt System 2.0 SQL Injection
Posted Apr 15, 2010
Authored by Easy Laster

Bild Flirt System version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a642e3a8283ac1b6e538470c86012e5f
PhpMesFilms 1.8 SQL Injection
Posted Apr 15, 2010
Authored by indoushka

PhpMesFilms version 1.8 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 03efcbfc148d302a70949e91da741daf
Visualization Library DAT File Parsing
Posted Apr 15, 2010
Site secunia.com

Secunia Research has discovered some vulnerabilities in Visualization Library, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by boundary errors within the "vl::loadDAT()" and "vl::isDAT()" functions in src/vl/vlDAT.cpp. This can be exploited to execute arbitrary code by e.g. tricking a user into opening a specially crafted DAT file. Visualization Library version 2009.08.812 is affected.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2010-0994
MD5 | 19bf251a4b5b451128fe482b38029ecd
Sun Java Web Start Plugin Command Line Argument Injection
Posted Apr 15, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a flaw in the Web Start plugin component of Sun Java Web Start. The arguments passed to Java Web Start are not properly validated. By passing the lesser known -J option, an attacker can pass arbitrary options directly to the Java runtime. By utilizing the -XXaltjvm option, as discussed by Ruben Santamarta, an attacker can execute arbitrary code in the context of an unsuspecting browser user. This vulnerability was originally discovered independently by both Ruben Santamarta and Tavis Ormandy. Tavis reported that all versions since version 6 Update 10 "are believed to be affected by this vulnerability."

tags | exploit, java, web, arbitrary
MD5 | 7978de42024180d3eb9ce925a9229e45
Opentel Openmairie Tel 1.02 Local File Inclusion
Posted Apr 15, 2010
Authored by cr4wl3r

Opentel Openmairie Tel version 1.02 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | a3069dcf025fef5407ec41e2b98c4299
Openstock Facture 2.02 Local File Inclusion
Posted Apr 15, 2010
Authored by cr4wl3r

Openstock Facture version 2.02 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 696d5eeb38c6445361aa202b8ba0c46e
Microsoft Windows Media Services MMS Buffer Overflow
Posted Apr 15, 2010
Authored by Fabien Perigaud | Site lexsi.com

Cert-Lexsi discovered a critical vulnerability in Windows Media Services 4.1. The vulnerability is a stack-based buffer overflow when handling a specially crafted MMS TRANSPORT_INFO packet. It could be exploited to execute arbitrary code with NetShowServices privileges (which belongs to the Administrators group).

tags | advisory, overflow, arbitrary
systems | windows
advisories | CVE-2010-0478
MD5 | ba60adf5d0af37a181641ba494aadf10
Windows ANI LoadAniIcon() Chunk Size Stack Overflow (HTTP)
Posted Apr 15, 2010
Authored by H D Moore, Solar Eclipse, skape | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function in USER32.dll. The flaw can be triggered through Internet Explorer 6 and 7 by using the CURSOR style sheet directive to load a malicious .ANI file. The module can also exploit Mozilla Firefox by using a UNC path in a moz-icon URL and serving the .ANI file over WebDAV. The vulnerable code in USER32.dll will catch any exceptions that occur while the invalid cursor is loaded, causing the exploit to silently fail when the wrong target has been chosen. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.

tags | exploit, overflow
advisories | CVE-2007-0038
MD5 | 7f81f603a6854e3ccdd3b055f6fe853e
Internet Explorer Winhlp32.exe MsgBox Code Execution
Posted Apr 15, 2010
Authored by Maurycy Prodeus | Site metasploit.com

This Metasploit module exploits a code execution vulnerability that occurs when a user presses F1 on MessageBox originated from VBscript within a web page. When the user hits F1, the MessageBox help functionality will attempt to load and use a HLP file from an SMB or WebDAV (if the WebDAV redirector is enabled) server. This particular version of the exploit implements a WebDAV server that will serve HLP file as well as a payload EXE. During testing warnings about the payload EXE being unsigned were witnessed. A future version of this module might use other methods that do not create such a warning.

tags | exploit, web, code execution
advisories | CVE-2010-0483
MD5 | 317587418271b63d4af3fa73c57f7319
Micropoint Proactive Defense 1.3.10123.0 Privilege Escalation
Posted Apr 15, 2010
Authored by MJ0011

Micropoint Proactive Defense Mp110013.sys versions 1.3.10123.0 and below local privilege escalation exploit.

tags | exploit, local
MD5 | a6ed22ed3c84ab3581dfdbb7ce52a039
HP Security Bulletin HPSBUX02517 SSRT100058
Posted Apr 15, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities has been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely for unauthorized information disclosure, unauthorized data modification, and to create a Denial of Service (DoS).

tags | advisory, denial of service, vulnerability, info disclosure
systems | hpux
advisories | CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740
MD5 | 77e589d6c79ad215aec9070fcc11b072
Imperva SecureSphere Bypass
Posted Apr 15, 2010
Authored by Scott Miles

Imperva SecureSphere Web Application Firewall and Database Firewall products can be bypassed by appending specially crafted data to requests. Protection provided by the Imperva device against attacks such as SQL injection and Cross-Site Scripting is negated, allowing unfiltered requests through to protected applications.

tags | advisory, web, xss, sql injection
advisories | CVE-2010-1329
MD5 | 87864ecd1c73311b36c76ad414210a6b
Page 1 of 4
Back1234Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close