Twenty Year Anniversary
Showing 1 - 25 of 141 RSS Feed

Files Date: 2010-04-19

Sydbox Sandbox 0.6.7
Posted Apr 19, 2010
Authored by Ali Polatel | Site projects.0x90.dk

Sydbox is a ptrace-based sandbox implementation. It intercepts system calls, checks for allowed filesystem prefixes, and denies them when checks fail. It has basic support for disallowing network connections. It has basic support to sandbox execve calls. It is based in part on catbox and strace.

Changes: This release fixes another regression introduced by 0.6.5.
tags | tool
systems | unix
MD5 | 8c68b83935988ea4cb238fb6d069efaf
Cisco Template Manager 0.2.0
Posted Apr 19, 2010
Authored by Pavol Krigler | Site gelogic.net

Cisco Template Manager (CTM) is a set of tools that make it easy to manage Cisco configurations over a whole network based on your self-defined templates. Templates support regular expressions. It works with the C760x, C730x, C37xx, C35xx, C29xx, C28xx, C18xx, and C17xx series.

Changes: This is a stable version. The new configuration option "AVAILABLE_TEMPLATES" file will print a list of all available templates and roles when executing all CTM scripts. This provides a nice overview over your templates and roles. The new ctm-conf-checker.sh optional parameter "parseonly" will help you with defining new templates from an existing Cisco configuration file. Cisco\'s configuration is parsed to separated files and stored in your home directory. This will help you when creating new global, section, or service_id templates.
systems | cisco
MD5 | c6edd7679b859e4a6e37621b85ad51fd
Openreglement 1.04 Local File Inclusion / Remote File Inclusion
Posted Apr 19, 2010
Authored by cr4wl3r

Openreglement version 1.04 suffers from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
MD5 | c3690d79e59bd0b1383b171f8954eda1
Kleophatra CMS Cross Site Scripting
Posted Apr 19, 2010
Authored by anT!-Tr0J4n

Kleophatra CMS suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b13d0d923e8b525371bf53d9e18f87e8
Joomla Contact Us Google Map 1.2 Local File Inclusion
Posted Apr 19, 2010
Authored by AntiSecurity

The Joomla Contact Us Google Map component version 1.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | e10c5701d997f7ec3c4b4e086c9a1498
Debian Linux Security Advisory 2038-1
Posted Apr 19, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2038-1 - Several remote vulnerabilities have been discovered in Pidgin, a multi protocol instant messaging client.

tags | advisory, remote, vulnerability, protocol
systems | linux, debian
advisories | CVE-2010-0420, CVE-2010-0423
MD5 | 2eeb2f774962a04da476f2e415b183bd
AVTECH Software Active-X Overflows
Posted Apr 19, 2010
Authored by LiquidWorm

The AVTECH Software Active-X controller (AVC781Viewer.dll) suffers from buffer overflow, integer overflow and denial of service vulnerabilities.

tags | exploit, denial of service, overflow, vulnerability, activex
MD5 | a42defd50217618d03a6f358f28db5f8
Ubuntu Security Notice 931-1
Posted Apr 19, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 931-1 - It was discovered that FFmpeg contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4637, CVE-2009-4639, CVE-2009-4640
MD5 | d1da809e9e6495c8b1863cca282ce45a
Joomla Contact Us Draw Root Map 1.1 Local File Inclusion
Posted Apr 19, 2010
Authored by AntiSecurity

The Joomla Contact Us Draw Root Map component version 1.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, root, file inclusion
MD5 | 02f3d8848048a6a23841b4cd33986169
N/X WCMS 4.5 Local File Inclusion / Remote File Inclusion
Posted Apr 19, 2010
Authored by eidelweiss

N/X WCMS version 4.5 suffers from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
MD5 | 39eef1966a19c8d307a8dc7a38004094
e107 Content Management Plugin Script Insertion
Posted Apr 19, 2010
Site secunia.com

Secunia Research has discovered a vulnerability in e107, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "content_heading" parameter to 107_plugins/content/content_manager.php while creating new content is not properly sanitized before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires authentication and that the Content Management plugin is enabled. e107 version 0.7.19 is affected.

tags | advisory, arbitrary, php
advisories | CVE-2010-0997
MD5 | 21941275e3cabe72984dab9134b3fb89
Debian Linux Security Advisory 2037-1
Posted Apr 19, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2037-1 - Sebastian Krahmer discovered that a race condition in the KDE Desktop Environment's KDM display manager, allow a local user to elevate privileges to root.

tags | advisory, local, root
systems | linux, debian
advisories | CVE-2010-0436
MD5 | 34d067a38b95acb14def6dc4fad6d3e6
Joomla Multiple Map Local File Inclusion
Posted Apr 19, 2010
Authored by AntiSecurity

The Joomla Multiple Map component version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 69268090a70c1e458f50242c467853a8
Windows Media Services ConnectFunnel Stack Buffer Overflow
Posted Apr 19, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the Windows Media Unicast Service version 4.1.0.3930 (NUMS.exe). By sending a specially crafted FunnelConnect request, an attacker can execute arbitrary code under the "NetShowServices" user account. Windows Media Services 4.1 ships with Windows 2000 Server, but is not installed by default. NOTE: This service does NOT restart automatically. Successful, as well as unsuccessful exploitation attempts will kill the service which prevents additional attempts.

tags | exploit, overflow, arbitrary
systems | windows, 2k
advisories | CVE-2010-0478
MD5 | c628ec8e8cdc6b02bba2239149b248fb
Sun Java Web Start Plugin Command Line Argument Injection
Posted Apr 19, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a flaw in the Web Start plugin component of Sun Java Web Start. The arguments passed to Java Web Start are not properly validated. By passing the lesser known -J option, an attacker can pass arbitrary options directly to the Java runtime. By utilizing the -XXaltjvm option, as discussed by Ruben Santamarta, an attacker can execute arbitrary code in the context of an unsuspecting browser user. This vulnerability was originally discovered independently by both Ruben Santamarta and Tavis Ormandy. Tavis reported that all versions since version 6 Update 10 "are believed to be affected by this vulnerability." In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled.

tags | exploit, java, web, arbitrary, root
advisories | CVE-2010-0886
MD5 | 497d4c86de502dbaa7ca516d3a23f53c
Joomla Multiple Root Local File Inclusion
Posted Apr 19, 2010
Authored by AntiSecurity

The Joomla Multiple Root component version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, root, file inclusion
MD5 | e84386404ccd0281fef1d1b0e48b0f27
Debian Linux Security Advisory 2036-1
Posted Apr 19, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2036-1 - It was discovered that the JasPer JPEG-2000 runtime library allowed an attacker to create a crafted input file that could lead to denial of service and heap corruption.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2007-2721
MD5 | ebc2f52c8f64068d0f91c23c4898f365
JavaPayload - Platform Independent Java Stager Payloads
Posted Apr 19, 2010
Authored by Michael Schierl | Site schierlm.users.sourceforge.net

This archive contains a collection of pure Java payloads, from simple Shell and UpExec payloads (which need - to some degree - platform dependent parameters), to a JSh ("Java Shell") payload that supports an interactive shell to query system properties, run applications, open TCP connections, navigate the filesystem and read/write text files. Basic job control enables to run more than one command or TCP session via a single exploited session. These payloads are modular, consisting of three parts: loaders, stagers and stages. Loaders, stagers and stages can be combined arbitrarily, and the stages and stagers can also be used to integrate them into other exploit frameworks like Metasploit (if you are more Ruby-literate than me). There are also examples included how to call these payloads from standalone applications, signed Java applets, OpenOffice macros or via JDWP debug connections.

tags | java, shell, tcp, ruby
MD5 | ea68471c19a1bcb2ce9752d5b4f90cb7
Joomla Archery Scores 1.0.6 Local File Inclusion
Posted Apr 19, 2010
Authored by wishnusakti

The Joomla Archery Scores component version 1.0.6 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 04e9331e3445c57018349c45f25617ec
33 Bytes chmod("/etc/shadow", 0777) Shellcode
Posted Apr 19, 2010
Authored by sm0k

33 bytes small chmod("/etc/shadow", 0777) shellcode.

tags | shellcode
MD5 | 4fac63961a58769b56d14803527384b6
XM Easy Personal FTP Server LIST Denial Of Service
Posted Apr 19, 2010
Authored by Jeremiah Talamantes

XM Easy Personal FTP Server version 5.8.0 LIST buffer overflow denial of service exploit.

tags | exploit, denial of service, overflow
MD5 | e1b8c16e7c81781310c6605af23d1ec5
Mandriva Linux Security Advisory 2010-080
Posted Apr 19, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-080 - Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2008-3279
MD5 | 75271f7c0bbff8bbf3fb61bde8aaabb3
DL_Stats Cross Site Scripting / Admin Bypass / SQL Injection
Posted Apr 19, 2010
Authored by Valentin Hoebel

DL_Stats suffers from cross site scripting, arbitrary administrative access and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, xss, sql injection, add administrator
MD5 | d5615d3d88b18178db8efb50b2706671
Joomla Matamko 1.01 Local File Inclusion
Posted Apr 19, 2010
Authored by AntiSecurity

The Joomla Matamko component version 1.01 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 1b16ac69725e3be14b13e52819c5e20e
Mandriva Linux Security Advisory 2010-079
Posted Apr 19, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-079 - Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate. core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel. Additionally the updated packages disables the SSLv2 protocol and enables the SSLv3 and TLSv1 protocols for added security. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, arbitrary, spoof, protocol
systems | linux, mandriva
advisories | CVE-2010-1155, CVE-2010-1156
MD5 | 57505815ca1014aab993cdb658b35729
Page 1 of 6
Back12345Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    5 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close