exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 76 RSS Feed

Files Date: 2010-11-01

Mongoose Web Server 2.11 Directory Traversal
Posted Nov 1, 2010
Authored by nitr0us

Mongoose Web Server version 2.11 suffers from directory traversal vulnerabilities.

tags | exploit, web, vulnerability, file inclusion
SHA-256 | 74af731d1e007a43282f6effec2953ff20250a69d95957c35ab69e40d51f7fcd
MetInfo 3.0 PHP Code Injection
Posted Nov 1, 2010
Authored by Beach

MetInfo version 3.0 suffers from a php code injection vulnerability.

tags | exploit, php
SHA-256 | f753569c888d092712939d066e85867009003f957e4f5011efcd74e156b2492a
MetInfo 2.0 PHP Code Injection
Posted Nov 1, 2010
Authored by Beach

MetInfo version 2.0 suffers from a php code injection vulnerability.

tags | exploit, php
SHA-256 | f12a348c5ed6a4ea5e5bed74ea247b521f6d3b52506b12da76a4e8902fe5d3f6
PinkTrace ptrace() Wrapper 0.0.5
Posted Nov 1, 2010
Authored by Ali Polatel

PinkTrace is a lightweight C99 library that eases the writing of tracing applications. It consists of wrappers around different ptrace() requests, an API for decoding arguments and an experimental API for encoding arguments.

Changes: Multiple new functions. Support added for decoding Netlink socket addresses.
tags | tool
systems | unix
SHA-256 | 5d002d0fff437bedb4ffb8e7cf23770199fe24a71c37af572a8aaf54d6f4193d
Joomla Flipwall SQL Injection
Posted Nov 1, 2010
Authored by Fl0riX

The Joomla Flipwall component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2fc6f1966067b8aa245ca0420f7a934a66760fcfe9c3830461b583b598e97efa
Mandriva Linux Security Advisory 2010-215
Posted Nov 1, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-215 - Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service via a large ZSIZE value in a black-and-white RGB image that triggers an invalid pointer dereference. Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the expandrow function. The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.

tags | advisory, remote, denial of service, overflow, tcp, python
systems | linux, mandriva
advisories | CVE-2009-4134, CVE-2010-1449, CVE-2010-1450, CVE-2010-3492, CVE-2010-3493
SHA-256 | eaac600dd12a8079009e070b22fa4e731d6d01f52207ddf5ef9db27f19f96f29
Simpli Easy Newsletter 4.2 Cross Site Scripting
Posted Nov 1, 2010
Authored by p0deje

Simpli Easy Newsletter versions 4.2 and below suffer from cross site scripting and information leakage vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 62d55601bd8c8f67b08da3f1bfa7e1c0cb9ccd7a03872e45986bf5e290640bc7
HP Security Bulletin HPSBMA02605 SSRT100238
Posted Nov 1, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin HPSBMA02605 SSRT100238 - A potential security vulnerability has been identified in HP Insight Managed System Setup Wizard for Windows. The vulnerability could be exploited remotely to download arbitrary files. Revision 1 of this advisory.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2010-4103
SHA-256 | 610c40ddcef707331e2b7ed7da30300bad16427ec12843bc5d1473a12cdd5fb9
Zero Day Initiative Advisory 10-228
Posted Nov 1, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-228 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within code responsible for parsing Director files (.dir). When handling the 3D record type 0xFFFFFF89. The module trusts size fields within a substructure and can be forced to make a faulty memory allocation. This can be abused by a remote attacker to execute arbitrary code under the context of the currently logged-in user.

tags | advisory, remote, arbitrary
advisories | CVE-2010-4090
SHA-256 | 2bf79d660e35afb62e9c4701473fd62d24a794a9cd6566d6aef621d52a4ecaf0
Buffy 1.3 Directory Traversal
Posted Nov 1, 2010
Authored by Pr0T3cT10n

Buffy version 1.3 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | ff66056a17dbe1478d2636170c5b47f6988c0530d10ae1b463db4320181ac06b
SmallFTPD 1.0.3 Directory Traversal
Posted Nov 1, 2010
Authored by Pr0T3cT10n

SmallFTPD version 1.0.3 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | fa50e9cefa5f474e7a53303d086772c1f93c61c2930aa6c65c868083d7fd97cd
HP Security Bulletin HPSBMA02604 SSRT100320
Posted Nov 1, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin HPSBMA02604 SSRT100320 - Potential security vulnerabilities have been identified in HP Insight Recovery for Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS) or arbitrary file download. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability, xss
systems | windows
advisories | CVE-2010-4101, CVE-2010-4102
SHA-256 | f9ed9d84e5e0a052eaa995f5d9294a685bfc5548debaeb84d50f660679ea7593
Zoopeer 0.1 / 0.2 Shell Upload
Posted Nov 1, 2010
Authored by Net.Edit0r

Zoopeer versions 0.1 and 0.2 suffer from a shell upload vulnerability.

tags | exploit, shell
SHA-256 | ea9e6e9f559430ca29c4ae6d7b8d1d16aad2861b7895328f662ad029712292db
Joomla JFUploader Shell Upload
Posted Nov 1, 2010
Authored by Setr0nix | Site setr0nix.com

The Joomla JFUploader component suffers from a shell upload vulnerability.

tags | exploit, shell
SHA-256 | 0a11bbdccaf472815611dc9e5c71c11cc9cf804936ea1ac4f97197e65b1d98ff
RoSPORA 1.5.0 Remote PHP Code Injection
Posted Nov 1, 2010
Authored by EgiX

RoSPORA versions 1.5.0 and below remote php code injection exploit.

tags | exploit, remote, php
SHA-256 | 668adf9a0a8bbc0cf1cffe4b98ca4cc711d8d15491e0e69d9c3578ca272d6212
Xerox 4595 Denial Of Service
Posted Nov 1, 2010
Authored by chap0

Xerox 4595 remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | b1b86d2b1a0f5a53e725a5a29ee874deea3b4873022c5fdc9d1a02cc7fc874fa
Adobe Shockwave Player Memory Corruption
Posted Nov 1, 2010
Authored by Rodrigo Rubira Branco, Michael Golub

Adobe Shockwave Player suffers from multiple memory corruption vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2010-4086, CVE-2010-4087, CVE-2010-4088, CVE-2010-4089
SHA-256 | 11361a286c7fb83e25af1b9c1340df96ba726fed468d57467a1833d1809da8d7
Joomla MailChimpCCNewsletter Local File Inclusion
Posted Nov 1, 2010
Authored by jos_ali_joe

The Joomla MailChimpCCNewsletter component suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 529ad97b1d9f20767e5a10b38a23db35635098b66e001586e2e5f522eb040417
Front Accounting Persistent Cross Site Scripting
Posted Nov 1, 2010
Authored by Juan Manuel Garcia | Site cybsec.com

CYBSEC Security Advisory - Front Accounting version 2.3RC2 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 7ad6eec6de177732540eb94a6e3068b74bd94b850096ad3f764102b42e4866d2
Mandriva Linux Security Advisory 2010-214
Posted Nov 1, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-214 - A vulnerability in Linux kernel caused by insecure allocation of user space memory when translating system call inputs to 64-bit. A stack pointer underflow can occur when using the compat_alloc_user_space method with an arbitrary length input.

tags | advisory, arbitrary, kernel
systems | linux, mandriva
advisories | CVE-2010-3081
SHA-256 | fe95f56e09001ae57c4106c3e56e421c183ce28a1a6dec0d9a2d5220e0b853d3
Zero Day Initiative Advisory 10-227
Posted Nov 1, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-227 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for parsing Director movies. The .dir format is RIFF-based and is parsed mainly by the dirapi.dll module distributed with Shockwave. While parsing the Lnam chunk within a DIR file, the process attempts to extract a string into a fixed-length buffer located on the stack. The string is prefixed with a one byte size value. If the value is 0xFF the process blindly copies the following string until a NULL byte is found. This can be abused by an attacker to overflow the stack buffer and consequently execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-3655
SHA-256 | ac54dba056609851316a236f3105251463e0d59056cd90135319899b0135df0a
HP Security Bulletin HPSBMA02602 SSRT100317
Posted Nov 1, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin HPSBMA02602 SSRT100317 - Potential security vulnerabilities have been identified in HP Insight Control performance management for Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), privilege escalation, cross site request forgery (CSRF). Revision 1 of this advisory.

tags | advisory, vulnerability, xss, csrf
systems | windows
advisories | CVE-2010-4030, CVE-2010-4031, CVE-2010-4032
SHA-256 | 40568de651991c74fa385159104da87e2b46f791ffa1b7734750d6fd6797dbce
HP Security Bulletin HPSBMA02600 SSRT100239
Posted Nov 1, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin HPSBMA02600 SSRT100239 - A potential security vulnerability has been identified in HP Insight Control performance management for Windows. The vulnerability could be exploited remotely to download arbitrary files. Revision 1 of this advisory.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2010-4100
SHA-256 | e13ce46188562497758760318026232f3b5e8eab3dfb4c3883927b96ee779a70
Sensepost Go-Derper Memcached Utility
Posted Nov 1, 2010
Authored by Marco Slaviero | Site sensepost.com

go-derper.rb is a tool for hacking memcached servers, released as part of our BlackHat USA. It uses elements of the memcached protocol to derive full lists of keys stored on the memcached server, and can therefore extract the contents of the cache. In addition, it also supports basic searching of retrieved data via user-configurable regular expressions, fingerprinting of multiple caches, monitoring usage in caches as well as basic cache content manipulations such as value insertion, overwrites and deletion.

tags | tool, protocol
systems | unix
SHA-256 | 244cda8b11f13b2a097dc55c275911e305ea6a0949da46dc16992fb0ed1c6b4e
Packet Storm New Exploits For October, 2010
Posted Nov 1, 2010
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 284 exploits added to Packet Storm in October, 2010.

tags | exploit
SHA-256 | 109c7f81b0e2739d5ebe2f11c94eee497c45746c5c5de1adbd277418fd305e40
Page 1 of 4
Back1234Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close