what you don't know can hurt you
Showing 1 - 25 of 76 RSS Feed

Files Date: 2010-11-01

Mongoose Web Server 2.11 Directory Traversal
Posted Nov 1, 2010
Authored by nitr0us

Mongoose Web Server version 2.11 suffers from directory traversal vulnerabilities.

tags | exploit, web, vulnerability, file inclusion
MD5 | fc9a8b2b9543ec1130cce1c999feefc8
MetInfo 3.0 PHP Code Injection
Posted Nov 1, 2010
Authored by Beach

MetInfo version 3.0 suffers from a php code injection vulnerability.

tags | exploit, php
MD5 | 49ebadfe8a440c98479f13a32d177094
MetInfo 2.0 PHP Code Injection
Posted Nov 1, 2010
Authored by Beach

MetInfo version 2.0 suffers from a php code injection vulnerability.

tags | exploit, php
MD5 | 785064c828fae637d3bd8afa0217874a
PinkTrace ptrace() Wrapper 0.0.5
Posted Nov 1, 2010
Authored by Ali Polatel

PinkTrace is a lightweight C99 library that eases the writing of tracing applications. It consists of wrappers around different ptrace() requests, an API for decoding arguments and an experimental API for encoding arguments.

Changes: Multiple new functions. Support added for decoding Netlink socket addresses.
tags | tool
systems | unix
MD5 | 739bc711d7a10a152cfbeba8b3157922
Joomla Flipwall SQL Injection
Posted Nov 1, 2010
Authored by Fl0riX

The Joomla Flipwall component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ddb49e1022d14d4b409a54db0656a9c9
Mandriva Linux Security Advisory 2010-215
Posted Nov 1, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-215 - Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service via a large ZSIZE value in a black-and-white RGB image that triggers an invalid pointer dereference. Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the expandrow function. The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.

tags | advisory, remote, denial of service, overflow, tcp, python
systems | linux, mandriva
advisories | CVE-2009-4134, CVE-2010-1449, CVE-2010-1450, CVE-2010-3492, CVE-2010-3493
MD5 | b162c6596ed296946a62201f36edf713
Simpli Easy Newsletter 4.2 Cross Site Scripting
Posted Nov 1, 2010
Authored by p0deje

Simpli Easy Newsletter versions 4.2 and below suffer from cross site scripting and information leakage vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | a88be843202faec50bb83e7e7627ba1d
HP Security Bulletin HPSBMA02605 SSRT100238
Posted Nov 1, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin HPSBMA02605 SSRT100238 - A potential security vulnerability has been identified in HP Insight Managed System Setup Wizard for Windows. The vulnerability could be exploited remotely to download arbitrary files. Revision 1 of this advisory.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2010-4103
MD5 | bc657004d286c4661788d2d62e1ee38b
Zero Day Initiative Advisory 10-228
Posted Nov 1, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-228 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within code responsible for parsing Director files (.dir). When handling the 3D record type 0xFFFFFF89. The module trusts size fields within a substructure and can be forced to make a faulty memory allocation. This can be abused by a remote attacker to execute arbitrary code under the context of the currently logged-in user.

tags | advisory, remote, arbitrary
advisories | CVE-2010-4090
MD5 | 88210ebbbbb2c00af10c6783d9b4e6aa
Buffy 1.3 Directory Traversal
Posted Nov 1, 2010
Authored by Pr0T3cT10n

Buffy version 1.3 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | e2ee297440c3c89080daf865ad0ecee0
SmallFTPD 1.0.3 Directory Traversal
Posted Nov 1, 2010
Authored by Pr0T3cT10n

SmallFTPD version 1.0.3 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 9b2d53c1b3485e49798ea03224370d3c
HP Security Bulletin HPSBMA02604 SSRT100320
Posted Nov 1, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin HPSBMA02604 SSRT100320 - Potential security vulnerabilities have been identified in HP Insight Recovery for Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS) or arbitrary file download. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability, xss
systems | windows
advisories | CVE-2010-4101, CVE-2010-4102
MD5 | ab9c2d5a9082619ab74f886f402d2abb
Zoopeer 0.1 / 0.2 Shell Upload
Posted Nov 1, 2010
Authored by Net.Edit0r

Zoopeer versions 0.1 and 0.2 suffer from a shell upload vulnerability.

tags | exploit, shell
MD5 | 81f9dfd76b22e21e6d8a6e029b4f0cf5
Joomla JFUploader Shell Upload
Posted Nov 1, 2010
Authored by Setr0nix | Site setr0nix.com

The Joomla JFUploader component suffers from a shell upload vulnerability.

tags | exploit, shell
MD5 | 475e107dc9b34aa3c10633cc63a789a2
RoSPORA 1.5.0 Remote PHP Code Injection
Posted Nov 1, 2010
Authored by EgiX

RoSPORA versions 1.5.0 and below remote php code injection exploit.

tags | exploit, remote, php
MD5 | 63663915552e6f2345fe01ca5692f765
Xerox 4595 Denial Of Service
Posted Nov 1, 2010
Authored by chap0

Xerox 4595 remote denial of service exploit.

tags | exploit, remote, denial of service
MD5 | 33dfc42b96fa52d01beef79869626af2
Adobe Shockwave Player Memory Corruption
Posted Nov 1, 2010
Authored by Rodrigo Rubira Branco, Michael Golub

Adobe Shockwave Player suffers from multiple memory corruption vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2010-4086, CVE-2010-4087, CVE-2010-4088, CVE-2010-4089
MD5 | 26f21fbe5aa4e225b34522d257733b3c
Joomla MailChimpCCNewsletter Local File Inclusion
Posted Nov 1, 2010
Authored by jos_ali_joe

The Joomla MailChimpCCNewsletter component suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | ace6f3870a9cc1acb3b155c788b1bcda
Front Accounting Persistent Cross Site Scripting
Posted Nov 1, 2010
Authored by Juan Manuel Garcia | Site cybsec.com

CYBSEC Security Advisory - Front Accounting version 2.3RC2 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 55895e1a3379c2fdf7786a9c634c4c29
Mandriva Linux Security Advisory 2010-214
Posted Nov 1, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-214 - A vulnerability in Linux kernel caused by insecure allocation of user space memory when translating system call inputs to 64-bit. A stack pointer underflow can occur when using the compat_alloc_user_space method with an arbitrary length input.

tags | advisory, arbitrary, kernel
systems | linux, mandriva
advisories | CVE-2010-3081
MD5 | 5fe0152d9bc14e19754c9f0c28f744b8
Zero Day Initiative Advisory 10-227
Posted Nov 1, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-227 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for parsing Director movies. The .dir format is RIFF-based and is parsed mainly by the dirapi.dll module distributed with Shockwave. While parsing the Lnam chunk within a DIR file, the process attempts to extract a string into a fixed-length buffer located on the stack. The string is prefixed with a one byte size value. If the value is 0xFF the process blindly copies the following string until a NULL byte is found. This can be abused by an attacker to overflow the stack buffer and consequently execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-3655
MD5 | bf0bca60a5e024c918a65816351a9ac9
HP Security Bulletin HPSBMA02602 SSRT100317
Posted Nov 1, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin HPSBMA02602 SSRT100317 - Potential security vulnerabilities have been identified in HP Insight Control performance management for Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), privilege escalation, cross site request forgery (CSRF). Revision 1 of this advisory.

tags | advisory, vulnerability, xss, csrf
systems | windows
advisories | CVE-2010-4030, CVE-2010-4031, CVE-2010-4032
MD5 | bcec34322c02c5df1205778e83c1fc1f
HP Security Bulletin HPSBMA02600 SSRT100239
Posted Nov 1, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin HPSBMA02600 SSRT100239 - A potential security vulnerability has been identified in HP Insight Control performance management for Windows. The vulnerability could be exploited remotely to download arbitrary files. Revision 1 of this advisory.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2010-4100
MD5 | ec8610dc41348a68ae883ef51c4b7537
Sensepost Go-Derper Memcached Utility
Posted Nov 1, 2010
Authored by Marco Slaviero | Site sensepost.com

go-derper.rb is a tool for hacking memcached servers, released as part of our BlackHat USA. It uses elements of the memcached protocol to derive full lists of keys stored on the memcached server, and can therefore extract the contents of the cache. In addition, it also supports basic searching of retrieved data via user-configurable regular expressions, fingerprinting of multiple caches, monitoring usage in caches as well as basic cache content manipulations such as value insertion, overwrites and deletion.

tags | tool, protocol
systems | unix
MD5 | 3a4e4fc7b2085d077fe968f4b08673f8
Packet Storm New Exploits For October, 2010
Posted Nov 1, 2010
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 284 exploits added to Packet Storm in October, 2010.

tags | exploit
MD5 | 5242452c69eadf41342d2690d76a683c
Page 1 of 4
Back1234Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close