what you don't know can hurt you
Showing 1 - 25 of 44 RSS Feed

Files Date: 2010-12-27

CruxCMS 3.0.0 Bypass / Shell Upload / SQL Injection / XSS / LFI
Posted Dec 27, 2010
Authored by Janek Vind aka waraxe | Site waraxe.us

CruxCMS version 3.0.0 suffers from cross site scripting, local file inclusion, authentication bypass, shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, xss, sql injection, file inclusion
MD5 | 7e126bae40ea6b6b76f7bab2e6ecc16d
Pligg 1.1.2 Cross Site Scripting / SQL Injection
Posted Dec 27, 2010
Authored by Michael Brooks

Pligg version 1.1.2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 4b98838a0ce1f1e6e26519c247d605ea
Asan Portal SQL Injection
Posted Dec 27, 2010
Authored by Securitylab Security Research | Site securitylab.ir

Asan Portal suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 81dc71a7e4bad2e2b7b477300a1c8242
LiveZilla Cross Site Scripting
Posted Dec 27, 2010
Authored by Rodrigo Rubira Branco

LiveZilla versions prior to 3.2.0.2 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2010-4276
MD5 | 05c31fbf5eb788148dbf3c62282c69b1
Zero Day Initiative Advisory 10-300
Posted Dec 27, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-300 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the nipplib.dll component used by the the Mozilla and Internet Explorer browser plugins for iPrint client. When parsing an HTTP response the Connection response length is in sufficiently validated before being copied into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, web, arbitrary
MD5 | a581abfd471ea16a6632b494b91ca41b
DD-WRT 24-preSP2 Information Disclosure
Posted Dec 27, 2010
Authored by Craig Heffner | Site devttys0.com

Remote attackers can gain sensitive information about a DD-WRT router and internal clients, including IP addresses, MAC addresses and host names. This information can be used for further network attacks as well as very accurate geolocation. This is exploitable even if remote administration is disabled. Version 24-preSP2 is affected.

tags | exploit, remote, info disclosure
MD5 | f578fa34e93c6d161f93ffda8f027233
Zero Day Initiative Advisory 10-299
Posted Dec 27, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-299 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the nipplib.dll component which is used by both the Mozilla and IE browser plugins for iPrint Client. When handling an IPP response from a user provided printer-url the process does not properly validate the size of the destination buffer and copies user supplied data of an arbitrary length into a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary
MD5 | 50483ad0e289350c5440b0901ee95006
Zero Day Initiative Advisory 10-298
Posted Dec 27, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-298 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the npnipp.dll Mozilla browser plugin for iPrint client. When assembling a URL using the user supplied call-back-url, the value is passed into a urlencode function where it is copied into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary
MD5 | b383d77117bfc2988f63d37616e3a2df
HP Security Bulletin HPSBST02619 SSRT100281 2
Posted Dec 27, 2010
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02619 SSRT100281 2 - A potential security vulnerability has been identified with HP StorageWorks Storage Mirroring. This vulnerability could be exploited remotely to execute arbitrary code. Revision 2 of this advisory.

tags | advisory, arbitrary
MD5 | a04025e105b42e1fd796227dc78204e0
OpenClassifieds 1.7.0.3 Chained: Captcha Bypass -> SQL Injection -> XSS on Frontpage
Posted Dec 27, 2010
Authored by Michael Brooks

OpenClassifieds version 1.7.0.3 chained exploit that leverages CAPTCHA bypass, remote SQL injection, and persistent cross site scripting on Frontpage.

tags | exploit, remote, xss, sql injection
MD5 | 618bb4716403b90f645b92f12a78db29
Sigma Portal Denial Of Service
Posted Dec 27, 2010
Authored by Pouya Daneshmand

Sigma Portal suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 687f60df8bce748ff4659fa051ead197
Zero Day Initiative Advisory 10-297
Posted Dec 27, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-297 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. Authentication is not required to exploit this vulnerability. The flaw exists within the nipplib.dll component which is used by both the Mozilla and IE browser plugins for iPrint Client. When handling an HTTP 301 response from a user provided printer-url the process attempts to copy the returned value within the Location HTTP header without ensuring that the destination buffer is adequately sized. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, web, arbitrary
MD5 | 279766bd99b58442983a8ca5d5a6959c
Zero Day Initiative Advisory 10-296
Posted Dec 27, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-296 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib.dll component which is used by both the Mozilla and IE browser plugins for iPrint Client. When handling an IPP response from a user provided printer-url the process does not properly validate the size of the destination buffer and copies user supplied data of an arbitrary length into a fixed length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary
MD5 | 4317584140de61f72946e253893508b3
Zero Day Initiative Advisory 10-295
Posted Dec 27, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-295 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the both the Netscape (Firefox) and ActiveX (Internet Explorer) plugin components npnipp.dll and ienipp.ocx which are installed by default with the iPrint client. When handling the printer-state-reasons operation provided via the embed tag the module makes a request to the specified printer-url and performs insufficient validation of the size of the printer-state-reasons status response. The process then copies this user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary, activex
MD5 | 6671f16366c172530bab6ea37938aef0
Writing Simple Buffer Overflow Exploits
Posted Dec 27, 2010
Authored by D4rk357

Whitepaper called Writing Simple Buffer Overflow Exploits.

tags | paper, overflow
MD5 | cb453b6781820ae7c8b7f29f670602cb
Web@All 1.1 Remote Admin Settings Change Exploit
Posted Dec 27, 2010
Authored by giudinvx

Web@All versions 1.1 and below remote administrative settings changing exploit.

tags | exploit, remote, web, add administrator
MD5 | 4d308f23139631726000e5ec476c2a7c
OpenEMR 3.2.0 SQL Injection / Cross Site Scripting
Posted Dec 27, 2010
Authored by Blake

OpenEMR version 3.2.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 51cf8d357c914ae7544c92e0f251d618
Pecio CMS 2.0.5 Cross Site Request Forgery
Posted Dec 27, 2010
Authored by P0C T34M

Pecio CMS version 2.0.5 add administrator cross site request forgery exploit.

tags | exploit, csrf
MD5 | a3fbdfbe9846d221182e7676b2e7339e
Redmine SCM Repository Arbitrary Command Execution
Posted Dec 27, 2010
Authored by joernchen | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the Redmine repository controller. The flaw is triggered when a rev parameter is passed to the command line of the SCM tool without adequate filtering.

tags | exploit, arbitrary
advisories | OSVDB-70090
MD5 | 786ab1c4d70bf6985b3a787fcf48a0f6
Secunia Security Advisory 42702
Posted Dec 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Square CMS, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 62cfdaafb33e0a397eb183b625671e93
Secunia Security Advisory 42655
Posted Dec 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in CubeCart, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
MD5 | 905c848894300b2aa64ee42daf48e4ad
Secunia Security Advisory 42670
Posted Dec 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Kerio has acknowledged a vulnerability in Kerio Control and Kerio WinRoute Firewall, which can be exploited by malicious people to poison the HTTP cache.

tags | advisory, web
MD5 | c1b74d850bfe845f725581a37b796df9
Secunia Security Advisory 42698
Posted Dec 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in MyBB, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 6d2cfb99e3bf8b1b3d4b222566ed6326
Secunia Security Advisory 42364
Posted Dec 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Radius Manager, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory, vulnerability
MD5 | a74353d7b72b8b003b5ec3a5db095508
Secunia Security Advisory 42649
Posted Dec 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some weaknesses and vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose system information, cause a DoS (Denial of Service), and potentially gain escalated privileges, and by malicious people to cause a DoS.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux
MD5 | ba639ce39cb03faf828b6b4fda00eea1
Page 1 of 2
Back12Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    0 Files
  • 3
    Apr 3rd
    0 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close