what you don't know can hurt you
Showing 1 - 25 of 59 RSS Feed

Files Date: 2010-11-08

MOXA Device Manager Tool 2.1 Buffer Overflow
Posted Nov 8, 2010
Authored by Ruben Santamarta, MC | Site metasploit.com

This Metasploit module exploits a stack overflow in MOXA MDM Tool 2.1. When sending a specially crafted MDMGw (MDM2_Gateway) response, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
SHA-256 | d1dd4e7fce98d32b48eac6791f3f78990a4253f063ff4c36a0b84dd00ca14a1c
Libcap-NG Library 0.6.5
Posted Nov 8, 2010
Site people.redhat.com

The libcap-ng library is intended to make programming with POSIX capabilities much easier than the traditional libcap library. It includes utilities that can analyze all currently running applications to locate applications that may have too many privileges.

Changes: This release works around a problem in the Linux 2.6.36 kernel headers, fixes a segfault when using filecap on a specific file, and makes Python bindings optional.
tags | library
SHA-256 | 293e2e308f08d171f64e8387cdf48b505b0e78d786e2660efd285295e64d6620
Joomla Grants SQL Injection
Posted Nov 8, 2010
Authored by jos_ali_joe

The Joomla Grants component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ff0716322dcd089070d9f65e9502e6629289ccb509a7ec55f788e805f40db992
Joomla Forms Local File Inclusion / Download
Posted Nov 8, 2010
Authored by Th3 RDX

The Joomla Forms component suffers from local file inclusion and file download vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, info disclosure
SHA-256 | 31f24305966831647295b2c90728065f10dbd706939c8bec607d1ee9392f3287
Joomla Profile Local File Inclusion
Posted Nov 8, 2010
Authored by Th3 RDX

The Joomla Profile component suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | b013e678892f69b3c421f36c03e636ff228fc0c2d01263a5711ab4e81348037b
Zero Day Initiative Advisory 10-235
Posted Nov 8, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-235 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco ICM. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When handling the HandleUpgradeTrace packet type the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
systems | cisco
advisories | CVE-2010-3040
SHA-256 | 9de8bb9db58f410cba9f36172a081300ab267f70973d774a19e17e9ea6340d92
phpCow 2.1 Remote / Local File Inclusion
Posted Nov 8, 2010
Authored by ViRuS_HiMa

phpCow version 2.1 suffers from remote / local inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | 8ce0d207baea6546265843bd14944ef3bb07a5a7975951ed97b3762a905b3113
Joomla Realtyna SQL Injection
Posted Nov 8, 2010
Authored by Fl0riX

The Joomla Realtyna component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 71701fd502cf42ee319fab3ee755e399709c15338312e694062bd23161e0ad20
DIMVA 2011 Call For Papers
Posted Nov 8, 2010
Site dimva.org

Call For Papers for DIMVA 2011, the Eighth International Conference on Detection of Intrusions and Malware and Vulnerability Assessment. This conference will be held from July 7th through the 8th, 2011 in Amsterdam, The Netherlands.

tags | paper, conference
SHA-256 | c75e2843da8f4c54ec8bd6d6fee8fe3a2968a624088a151073723045cfc5cb48
Joomla eDir Local File Inclusion
Posted Nov 8, 2010
Authored by Th3 RDX

The Joomla eDir component suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | da37509e09301deef16d99cd5ff5ffb3a2744d72187879b533bd420f52765795
Zero Day Initiative Advisory 10-234
Posted Nov 8, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-234 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco ICM. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When handling the HandleQueryNodeInfoReq packet type the process blindly copies user supplied data into a fixed-length stack buffer. A remote attacker can abuse this to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
systems | cisco
advisories | CVE-2010-3040
SHA-256 | 5cbe58ed34ad87f5aa93ba702ac61a1010bb216f9a520eba2e46f3cc66f199dd
Zero Day Initiative Advisory 10-233
Posted Nov 8, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-233 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Unified ICM. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When handling the AgentUpgrade packet type the process blindly copies user supplied data to a fixed-length stack buffer. A remote attacker can abuse this to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
systems | cisco
advisories | CVE-2010-3040
SHA-256 | f50c89a735b8698ea7dd36a66c0253764cc5959089d83e80471d5b21e1d4798e
Zero Day Initiative Advisory 10-232
Posted Nov 8, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-232 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco ICM. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When processing the HandleUpgradeAll packet type an unchecked copy of user supplied data is performed into a stack-based buffer of a controlled size. Successful exploitation of this vulnerability leads to remote code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
systems | cisco
advisories | CVE-2010-3040
SHA-256 | 5e8f7b4cf0626e9ad39c153ec1a730efb4b2a13bd3b067d33125483afe17ff21
Zero Day Initiative Advisory 10-231
Posted Nov 8, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-231 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Juniper SA Series devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the meeting_testjava.cgi page which is used to test JVM compatibility. When handling the DSID HTTP header the code allows an attacker to inject arbitrary javascript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the device.

tags | advisory, remote, web, arbitrary, cgi, javascript, xss
systems | juniper
SHA-256 | 99b5f28f3dda214bda4fefa3c825879f71b46d2042476feb6389be98ef4324ba
Zero Day Initiative Advisory 10-230
Posted Nov 8, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-230 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Handheld Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within module ZfHIPCND.exe. This process is responsible for handling the data received on TCP port 2400. The module reads in the data stream and copies the specified amount of bytes into a fixed-length buffer located in the heap. An attacker can overflow this buffer and execute arbitrary code with SYSTEM privileges.

tags | advisory, remote, overflow, arbitrary, tcp
SHA-256 | b92fe75ecd9cb7f79d3088173131ddd1565e2a74ab4c37e792913b397aac69b0
Zero Day Initiative Advisory 10-229
Posted Nov 8, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-229 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ProFTPD. Authentication is not required to exploit this vulnerability. The flaw exists within the proftpd server component which listens by default on TCP port 21. When reading user input if a TELNET_IAC escape sequence is encountered the process miscalculates a buffer length counter value allowing a user controlled copy of data to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the proftpd process.

tags | advisory, remote, arbitrary, tcp
SHA-256 | 7431c58a12dec7ec81a1cb7105d04361591fe1e23f29451c020292509334b56c
Zeeways Adserver Cross Site Request Forgery / SQL Injection
Posted Nov 8, 2010
Authored by Valentin Hoebel

The Zeeways Adserver suffers from cross site request forgery, disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
SHA-256 | 4644425593b6f8e6e158f90457d3bb20482769bbcc0e0229c3b1149bf170a7c4
Joomla Connect Local File Inclusion
Posted Nov 8, 2010
Authored by Th3 RDX

The Joomla Connect component suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | a5d37e268572e9a3b3740e05538598e4af8056910bd289f5d21b1d5d9d8f888e
Joomla Dcnews Local File Inclusion
Posted Nov 8, 2010
Authored by Th3 RDX

The Joomla Dcnews component suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | ab9cf7a77db4c7668ce4d32710e90b1e1f854c690876f741b010f4601ae55d88
Tutorial Blind SQL Injection Referensi
Posted Nov 8, 2010
Authored by jos_ali_joe

Whitepaper called Tutorial Blind SQL Injection Referensi. Written in Indonesian.

tags | paper, sql injection
SHA-256 | e3aa7441ce7deb5e534679f40dc15f786367faa10e651b0d1a65433fca02f778
Xampp 1.7.3 Cross Site Scripting
Posted Nov 8, 2010
Authored by Sangteamtham

Xampp version 1.7.3 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | cfa75a86bb04fd0187323ca1520ef21ceb770a0cb9dc22d7071c54e13b557fb2
LEADTOOLS 11.5.0.9 Access Violation
Posted Nov 8, 2010
Authored by Matthew Bergin

LEADTOOLS version 11.5.0.9 suffers from multiple access violation vulnerabilities.

tags | exploit, vulnerability
SHA-256 | ad47384e005b5199ca5887e785e78dabc4104998e70c85a2a30fe4f479c2ec18
G Data TotalCare 2011 NtOpenKey Race Condition
Posted Nov 8, 2010
Authored by Nikita Tarakanov

G Data TotalCare 2011 suffers from a NtOpenKey race condition vulnerability.

tags | exploit
SHA-256 | 9f1feab0a328442b162f8104968fe25bd57a32efde392e06e7f6b5125ad53a02
PCSX2 0.9.7 Beta Denial Of Service
Posted Nov 8, 2010
Authored by 41.w4r10r

PCSX2 version 0.9.7 Beta suffers from a binary denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 3879f15fe3ec5f82fe4a4c0374da7ecb7d6f11a0bfb4e25fc01908d627f66178
G Data TotalCare 2011 Local Kernel Exploit
Posted Nov 8, 2010
Authored by Nikita Tarakanov

G Data Totalcare 2011 local kernel exploit.

tags | exploit, kernel, local
SHA-256 | da43e18bec79496110a6dc0bbaa56c4065a4f2694579e4ebb125fc8ce47db60a
Page 1 of 3
Back123Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close