exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 141 RSS Feed

Files Date: 2010-04-19

Sydbox Sandbox 0.6.7
Posted Apr 19, 2010
Authored by Ali Polatel | Site projects.0x90.dk

Sydbox is a ptrace-based sandbox implementation. It intercepts system calls, checks for allowed filesystem prefixes, and denies them when checks fail. It has basic support for disallowing network connections. It has basic support to sandbox execve calls. It is based in part on catbox and strace.

Changes: This release fixes another regression introduced by 0.6.5.
tags | tool
systems | unix
SHA-256 | ebe0a46c14fc36c8f45761f468803a2d95bdd0942e2be8db4fdf207deb519df5
Cisco Template Manager 0.2.0
Posted Apr 19, 2010
Authored by Pavol Krigler | Site gelogic.net

Cisco Template Manager (CTM) is a set of tools that make it easy to manage Cisco configurations over a whole network based on your self-defined templates. Templates support regular expressions. It works with the C760x, C730x, C37xx, C35xx, C29xx, C28xx, C18xx, and C17xx series.

Changes: This is a stable version. The new configuration option "AVAILABLE_TEMPLATES" file will print a list of all available templates and roles when executing all CTM scripts. This provides a nice overview over your templates and roles. The new ctm-conf-checker.sh optional parameter "parseonly" will help you with defining new templates from an existing Cisco configuration file. Cisco\'s configuration is parsed to separated files and stored in your home directory. This will help you when creating new global, section, or service_id templates.
systems | cisco
SHA-256 | f560e70362b42cc1b7fcb4d3785693540d8ec9e9f0372788ec32fc0a30c47a37
Openreglement 1.04 Local File Inclusion / Remote File Inclusion
Posted Apr 19, 2010
Authored by cr4wl3r

Openreglement version 1.04 suffers from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | 6b5d59a0f9f58d71f69a358ad6e0879a5d97b0497a0c0470a04dc5cd91c4aaab
Kleophatra CMS Cross Site Scripting
Posted Apr 19, 2010
Authored by anT!-Tr0J4n

Kleophatra CMS suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b6a930668e68864fffdd94d67a04aa4982ce98f15d1e4d82ee491ff23c50c1dc
Joomla Contact Us Google Map 1.2 Local File Inclusion
Posted Apr 19, 2010
Authored by AntiSecurity

The Joomla Contact Us Google Map component version 1.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | f8bfc5c7c3e39a0881e141703df554df19c7e4ab432f955a269dfb6100185db0
Debian Linux Security Advisory 2038-1
Posted Apr 19, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2038-1 - Several remote vulnerabilities have been discovered in Pidgin, a multi protocol instant messaging client.

tags | advisory, remote, vulnerability, protocol
systems | linux, debian
advisories | CVE-2010-0420, CVE-2010-0423
SHA-256 | 1a90132295ee7fe139fe09b55a2bfc10846d8e660b12fc31aa7d62a279d8bf84
AVTECH Software Active-X Overflows
Posted Apr 19, 2010
Authored by LiquidWorm

The AVTECH Software Active-X controller (AVC781Viewer.dll) suffers from buffer overflow, integer overflow and denial of service vulnerabilities.

tags | exploit, denial of service, overflow, vulnerability, activex
SHA-256 | 7f6a0bb853da3f08e8acd4f1eb5daae71f417172a346b56ba78a04140eb6bb19
Ubuntu Security Notice 931-1
Posted Apr 19, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 931-1 - It was discovered that FFmpeg contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4637, CVE-2009-4639, CVE-2009-4640
SHA-256 | 859e5a3535ce170f31a765bc7551223cec71cd019e3c174afc0f87ad631f0ee5
Joomla Contact Us Draw Root Map 1.1 Local File Inclusion
Posted Apr 19, 2010
Authored by AntiSecurity

The Joomla Contact Us Draw Root Map component version 1.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, root, file inclusion
SHA-256 | 0709f9ff4bee8db3f97fe505cb43ada91a979f4258cd9375d372b8ba6cff82d0
N/X WCMS 4.5 Local File Inclusion / Remote File Inclusion
Posted Apr 19, 2010
Authored by eidelweiss

N/X WCMS version 4.5 suffers from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | a76cca56af9c6e18d5880c251dbb7dc28e18bfae1c48d2820c559ffe5dbcbd41
e107 Content Management Plugin Script Insertion
Posted Apr 19, 2010
Site secunia.com

Secunia Research has discovered a vulnerability in e107, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "content_heading" parameter to 107_plugins/content/content_manager.php while creating new content is not properly sanitized before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires authentication and that the Content Management plugin is enabled. e107 version 0.7.19 is affected.

tags | advisory, arbitrary, php
advisories | CVE-2010-0997
SHA-256 | 9e5427a42ec609184b91c787aba776dfd53753bbf2594f58df51f916c1df2df2
Debian Linux Security Advisory 2037-1
Posted Apr 19, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2037-1 - Sebastian Krahmer discovered that a race condition in the KDE Desktop Environment's KDM display manager, allow a local user to elevate privileges to root.

tags | advisory, local, root
systems | linux, debian
advisories | CVE-2010-0436
SHA-256 | 8cf38d43fdd1f0056423f6c0cc6d82bbabab5c5409e7f8a3ed1aed7b3d2dc866
Joomla Multiple Map Local File Inclusion
Posted Apr 19, 2010
Authored by AntiSecurity

The Joomla Multiple Map component version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | b9e3a3a0dc0ddec412050e41b776d763af2d48ce0c4e06e66873955757a244cc
Windows Media Services ConnectFunnel Stack Buffer Overflow
Posted Apr 19, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the Windows Media Unicast Service version 4.1.0.3930 (NUMS.exe). By sending a specially crafted FunnelConnect request, an attacker can execute arbitrary code under the "NetShowServices" user account. Windows Media Services 4.1 ships with Windows 2000 Server, but is not installed by default. NOTE: This service does NOT restart automatically. Successful, as well as unsuccessful exploitation attempts will kill the service which prevents additional attempts.

tags | exploit, overflow, arbitrary
systems | windows
advisories | CVE-2010-0478
SHA-256 | 4b384496a9fedaf168ba74cf8d8925d3e9590dc5accf8891f160d2def02e74d1
Sun Java Web Start Plugin Command Line Argument Injection
Posted Apr 19, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a flaw in the Web Start plugin component of Sun Java Web Start. The arguments passed to Java Web Start are not properly validated. By passing the lesser known -J option, an attacker can pass arbitrary options directly to the Java runtime. By utilizing the -XXaltjvm option, as discussed by Ruben Santamarta, an attacker can execute arbitrary code in the context of an unsuspecting browser user. This vulnerability was originally discovered independently by both Ruben Santamarta and Tavis Ormandy. Tavis reported that all versions since version 6 Update 10 "are believed to be affected by this vulnerability." In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled.

tags | exploit, java, web, arbitrary, root
advisories | CVE-2010-0886
SHA-256 | aed095959e7fb49ead9d940a99e35f4900f138562041229b74340d7ea5e82167
Joomla Multiple Root Local File Inclusion
Posted Apr 19, 2010
Authored by AntiSecurity

The Joomla Multiple Root component version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, root, file inclusion
SHA-256 | 77614708767585f6457bfadd79e7130b2d19e24da547b5414d73ad1d6b018152
Debian Linux Security Advisory 2036-1
Posted Apr 19, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2036-1 - It was discovered that the JasPer JPEG-2000 runtime library allowed an attacker to create a crafted input file that could lead to denial of service and heap corruption.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2007-2721
SHA-256 | cf5a0bb145b9c1b0113f2ecb2ccee344d98505ef365970176e918e35139cb418
JavaPayload - Platform Independent Java Stager Payloads
Posted Apr 19, 2010
Authored by Michael Schierl | Site schierlm.users.sourceforge.net

This archive contains a collection of pure Java payloads, from simple Shell and UpExec payloads (which need - to some degree - platform dependent parameters), to a JSh ("Java Shell") payload that supports an interactive shell to query system properties, run applications, open TCP connections, navigate the filesystem and read/write text files. Basic job control enables to run more than one command or TCP session via a single exploited session. These payloads are modular, consisting of three parts: loaders, stagers and stages. Loaders, stagers and stages can be combined arbitrarily, and the stages and stagers can also be used to integrate them into other exploit frameworks like Metasploit (if you are more Ruby-literate than me). There are also examples included how to call these payloads from standalone applications, signed Java applets, OpenOffice macros or via JDWP debug connections.

tags | java, shell, tcp, ruby
SHA-256 | 747a1606b26df9100754057d92a18c72898b1aac62e7ff7f66444ab2423ae003
Joomla Archery Scores 1.0.6 Local File Inclusion
Posted Apr 19, 2010
Authored by wishnusakti

The Joomla Archery Scores component version 1.0.6 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 61b8e4f35f31e5b7eac3beb2554ee5bfbf2551e99de6c8684d4b557beb01a702
33 Bytes chmod("/etc/shadow", 0777) Shellcode
Posted Apr 19, 2010
Authored by sm0k

33 bytes small chmod("/etc/shadow", 0777) shellcode.

tags | shellcode
SHA-256 | d39c286b2cae0d2462dd3871d669ada521862db9526ae5d52b041b496b3dd2d6
XM Easy Personal FTP Server LIST Denial Of Service
Posted Apr 19, 2010
Authored by Jeremiah Talamantes

XM Easy Personal FTP Server version 5.8.0 LIST buffer overflow denial of service exploit.

tags | exploit, denial of service, overflow
SHA-256 | b27c0c17170f7fdcefe17bf00de15211f39523c26cfede7b53a54fe45f7a4b0f
Mandriva Linux Security Advisory 2010-080
Posted Apr 19, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-080 - Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2008-3279
SHA-256 | 619b4790162f49b79b2e7fd0ee40aa9d2359f895d66d5c3bd534226a29dae00c
DL_Stats Cross Site Scripting / Admin Bypass / SQL Injection
Posted Apr 19, 2010
Authored by Valentin Hoebel

DL_Stats suffers from cross site scripting, arbitrary administrative access and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, xss, sql injection, add administrator
SHA-256 | b49294da943e5b8d608bb946787d49971337c245dfbbe4987112bcaa4cbe37bb
Joomla Matamko 1.01 Local File Inclusion
Posted Apr 19, 2010
Authored by AntiSecurity

The Joomla Matamko component version 1.01 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 6dddcfbc3ca27933bc297961d53ca786f483945bcd5757a6763ad205de9f8b6e
Mandriva Linux Security Advisory 2010-079
Posted Apr 19, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-079 - Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate. core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel. Additionally the updated packages disables the SSLv2 protocol and enables the SSLv3 and TLSv1 protocols for added security. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, arbitrary, spoof, protocol
systems | linux, mandriva
advisories | CVE-2010-1155, CVE-2010-1156
SHA-256 | 5bf19020b2a22a23698a50a955f08f0203d3d90d40004e4558016718772bd062
Page 1 of 6
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close