what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 44 RSS Feed

Files Date: 2010-12-27

CruxCMS 3.0.0 Bypass / Shell Upload / SQL Injection / XSS / LFI
Posted Dec 27, 2010
Authored by Janek Vind aka waraxe | Site waraxe.us

CruxCMS version 3.0.0 suffers from cross site scripting, local file inclusion, authentication bypass, shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, xss, sql injection, file inclusion
SHA-256 | 5375e0a5494a05b2ea69af210a5d3d1856065f95387bd5c4db520a4274857a70
Pligg 1.1.2 Cross Site Scripting / SQL Injection
Posted Dec 27, 2010
Authored by Michael Brooks

Pligg version 1.1.2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | a4b977de49aa1f010340248f34dafceb8357165d75c9d7d5b3a405ab75de0860
Asan Portal SQL Injection
Posted Dec 27, 2010
Authored by Securitylab Security Research | Site securitylab.ir

Asan Portal suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 466d652bd90858c69426408bbe2e8972b048bc168cb7c25484b1faad4b1f0204
LiveZilla Cross Site Scripting
Posted Dec 27, 2010
Authored by Rodrigo Rubira Branco

LiveZilla versions prior to 3.2.0.2 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2010-4276
SHA-256 | f6edeefe91536b6d753f952535513ed99b5fedfaf49618dcb53bf3a41941f022
Zero Day Initiative Advisory 10-300
Posted Dec 27, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-300 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the nipplib.dll component used by the the Mozilla and Internet Explorer browser plugins for iPrint client. When parsing an HTTP response the Connection response length is in sufficiently validated before being copied into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, web, arbitrary
SHA-256 | b5172e44a55440caca829a0e3c9c9bff6d4ce99f97233fc051e0705a09738a92
DD-WRT 24-preSP2 Information Disclosure
Posted Dec 27, 2010
Authored by Craig Heffner | Site devttys0.com

Remote attackers can gain sensitive information about a DD-WRT router and internal clients, including IP addresses, MAC addresses and host names. This information can be used for further network attacks as well as very accurate geolocation. This is exploitable even if remote administration is disabled. Version 24-preSP2 is affected.

tags | exploit, remote, info disclosure
SHA-256 | 7102053c920ae264843dc40d0a21522a645ecbba49d6f4df097245cfdadc92f8
Zero Day Initiative Advisory 10-299
Posted Dec 27, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-299 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the nipplib.dll component which is used by both the Mozilla and IE browser plugins for iPrint Client. When handling an IPP response from a user provided printer-url the process does not properly validate the size of the destination buffer and copies user supplied data of an arbitrary length into a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary
SHA-256 | a2dc5261e2ebca49ad9b9e56b4a8249c7cad6f31d98330db68fcf278f1a1b1db
Zero Day Initiative Advisory 10-298
Posted Dec 27, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-298 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the npnipp.dll Mozilla browser plugin for iPrint client. When assembling a URL using the user supplied call-back-url, the value is passed into a urlencode function where it is copied into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary
SHA-256 | 0aedc93a06314c97bfd0b51a3074c516453bf76cee04807f000703bc99639072
HP Security Bulletin HPSBST02619 SSRT100281 2
Posted Dec 27, 2010
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02619 SSRT100281 2 - A potential security vulnerability has been identified with HP StorageWorks Storage Mirroring. This vulnerability could be exploited remotely to execute arbitrary code. Revision 2 of this advisory.

tags | advisory, arbitrary
SHA-256 | aaa0797dfb14d4c1908eaee02d181801c6ace74cf07fe336cc296364f5d6415c
OpenClassifieds 1.7.0.3 Chained: Captcha Bypass -> SQL Injection -> XSS on Frontpage
Posted Dec 27, 2010
Authored by Michael Brooks

OpenClassifieds version 1.7.0.3 chained exploit that leverages CAPTCHA bypass, remote SQL injection, and persistent cross site scripting on Frontpage.

tags | exploit, remote, xss, sql injection
SHA-256 | 6821ebbc330e3b9f6d23a296ea9c5198596f11f20095f0d1a2423f3880e93a21
Sigma Portal Denial Of Service
Posted Dec 27, 2010
Authored by Pouya Daneshmand

Sigma Portal suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 593b1cbc190866506dfcef5f9d9f43fa59e91023a3ad7d364d5ecf5288b68e9d
Zero Day Initiative Advisory 10-297
Posted Dec 27, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-297 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the nipplib.dll component which is used by both the Mozilla and IE browser plugins for iPrint Client. When handling an HTTP 301 response from a user provided printer-url the process attempts to copy the returned value within the Location HTTP header without ensuring that the destination buffer is adequately sized. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, web, arbitrary
SHA-256 | 65ced00f19a79e903c62e1325190e092c6ab2ede41c7a1d3bd23b17a3e2ba098
Zero Day Initiative Advisory 10-296
Posted Dec 27, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-296 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib.dll component which is used by both the Mozilla and IE browser plugins for iPrint Client. When handling an IPP response from a user provided printer-url the process does not properly validate the size of the destination buffer and copies user supplied data of an arbitrary length into a fixed length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary
SHA-256 | 98e4858550b4ef9237d6ad86f8954eeb693c4594e6e60b203817c71911209636
Zero Day Initiative Advisory 10-295
Posted Dec 27, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-295 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the both the Netscape (Firefox) and ActiveX (Internet Explorer) plugin components npnipp.dll and ienipp.ocx which are installed by default with the iPrint client. When handling the printer-state-reasons operation provided via the embed tag the module makes a request to the specified printer-url and performs insufficient validation of the size of the printer-state-reasons status response. The process then copies this user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary, activex
SHA-256 | 1a444b90128533e815e8cfb508e60327b810b7bd2bb1a698ab98b745fc9317a3
Writing Simple Buffer Overflow Exploits
Posted Dec 27, 2010
Authored by D4rk357

Whitepaper called Writing Simple Buffer Overflow Exploits.

tags | paper, overflow
SHA-256 | b6a068f95d8506debdbb0b649228a40f2892304ec1e6abf7820a0602965ef614
Web@All 1.1 Remote Admin Settings Change Exploit
Posted Dec 27, 2010
Authored by giudinvx

Web@All versions 1.1 and below remote administrative settings changing exploit.

tags | exploit, remote, web, add administrator
SHA-256 | f8d27969b53893e2eb3f8f56f6ca3224588ae76337b77ecd6eecd6f3410fd24a
OpenEMR 3.2.0 SQL Injection / Cross Site Scripting
Posted Dec 27, 2010
Authored by Blake

OpenEMR version 3.2.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 9ca836e02286319ce83ae42b646fda3eb4771e29dac9f5fdfbd9b81bc55b9b34
Pecio CMS 2.0.5 Cross Site Request Forgery
Posted Dec 27, 2010
Authored by P0C T34M

Pecio CMS version 2.0.5 add administrator cross site request forgery exploit.

tags | exploit, csrf
SHA-256 | aa4f3f2558703c6dc1c93477d8b7a03b960e61c9beff6517dc9c299ce2589987
Redmine SCM Repository Arbitrary Command Execution
Posted Dec 27, 2010
Authored by joernchen | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the Redmine repository controller. The flaw is triggered when a rev parameter is passed to the command line of the SCM tool without adequate filtering.

tags | exploit, arbitrary
advisories | OSVDB-70090
SHA-256 | b07063132a30d982b8374ebb512a724b5c8499987169c5fc9e3ffb5ff0057e46
Secunia Security Advisory 42702
Posted Dec 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Square CMS, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 68cb445da4b71c308aef5fbd3debc7e88291d518ac301fca565c728866d1f359
Secunia Security Advisory 42655
Posted Dec 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in CubeCart, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
SHA-256 | 34b4874ece03f62524a86107bbd47d5e0607c38f7fd1ebee8c5f47dedcc4e858
Secunia Security Advisory 42670
Posted Dec 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Kerio has acknowledged a vulnerability in Kerio Control and Kerio WinRoute Firewall, which can be exploited by malicious people to poison the HTTP cache.

tags | advisory, web
SHA-256 | 60806d7e305791681313f8dd74031e4034d7c8736c49a6db72836db88288bdf8
Secunia Security Advisory 42698
Posted Dec 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in MyBB, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 88baca055d6995c0a960d9df0e1f349138bb79e3f3cac484ef4048562869d727
Secunia Security Advisory 42364
Posted Dec 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Radius Manager, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | 6404950790eeefff293c3157b9aad2b06f835c6b5bc020bb67109b4b0193ba02
Secunia Security Advisory 42649
Posted Dec 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some weaknesses and vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose system information, cause a DoS (Denial of Service), and potentially gain escalated privileges, and by malicious people to cause a DoS.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux
SHA-256 | b2ddf0a562133e798101041289ed33e02427c39a5ffc366b1b62019cfc5f81be
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close