what you don't know can hurt you
Showing 1 - 25 of 53 RSS Feed

Files Date: 2011-01-25

Syslog-NG 2.0 / 3.0 / 3.1 / 3.2 Information Leak
Posted Jan 25, 2011
Authored by Steven Chamberlain

Syslog-NG versions 2.0, 3.0, 3.1, 3.2 OSE and PE suffer from information leak, access prevention and possible privilege escalation vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2011-0343
SHA-256 | 182c2c5d9650fa3c22f1331dab15f9344255b47637a2dceca52b21aed476a527
Oracle Document Capture Actbar2.ocx Insecure Method
Posted Jan 25, 2011
Authored by Sh2kerr, Dmitriy Evdokimov | Site dsecrg.com

Oracle Document Capture suffers from an insecure method vulnerability in Actbar2.ocx.

tags | exploit
advisories | CVE-2010-3591
SHA-256 | 03b34491ba00cddad42d1df6075c24902828638e56eeebc8ded920c1e03e8609
SAP Crystal Report Server 2008 Active-X Insecure Methods
Posted Jan 25, 2011
Authored by Sh2kerr, Dmitry Chastuhin | Site dsecrg.com

Insecure practices where found in the library scriptinghelpers.dll from SAP Crystal Report Server 2008. An attacker could construct a html-page containing a call insecure functions.

tags | advisory
SHA-256 | 29926d9586641116eb339bef4f9eb33eae55dfcd24cd7eb87a02a1fbbd8d02b7
Pivotx 2.2.0 Cross Site Scripting / Path Disclosure
Posted Jan 25, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Pivotx version 2.2.0 suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | 3955d4d22a67c983d281640f1e88c83b0453bb1e1cfa3c241e7193174290648b
Pixelpost 1.7.3 Cross Site Scripting / Disclosure
Posted Jan 25, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Pixelpost version 1.7.3 suffers from cross site scripting, path disclosure, and file content disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | ba5127fa07cebab40ddd462f88157cef02759b7aa0af5ba5aabbf6c7c60a8d11
RFC6093 - On The Implementation Of The TCP Urgent Mechanism
Posted Jan 25, 2011
Authored by Fernando Gont, A. Yourtchenko

This document analyzes how current TCP implementations process TCP urgent indications and how the behavior of some widely deployed middleboxes affects how end systems process urgent indications. This document updates the relevant specifications such that they accommodate current practice in processing TCP urgent indications, raises awareness about the reliability of TCP urgent indications in the Internet, and recommends against the use of urgent indications (but provides advice to applications that do).

tags | paper, tcp
SHA-256 | b464cc05058563fba89abf95ea23d58efab91513859c822b555850550c44806a
AB WEB CMS 1.35 Cross Site Scripting / SQL Injection
Posted Jan 25, 2011
Authored by Cr3w-D, Dr.0rYX

AB WEB CMS version 1.35 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, xss, sql injection
SHA-256 | 30443437cf899545d3855f387cfdf2dcfb368e4fc6a733c2b83a077c16c0dbc3
SAP Crystal Report Server 2008 Directory Traversal
Posted Jan 25, 2011
Authored by Sh2kerr, Dmitry Chastuhin | Site dsecrg.com

SAP Crystal Report Server 2008 suffers from a directory traversal vulnerability.

tags | exploit
SHA-256 | 5bebb637d7e51e2a0d9d84df5f7b28a6a33af536f8f0ea29e3bf80b431a7af0a
Opera Web Browser 11.00 Denial Of Service
Posted Jan 25, 2011
Authored by C4SS!0 G0M3S

Opera Web Browser version 11.00 suffers from a denial of service vulnerability.

tags | exploit, web, denial of service
SHA-256 | ce028c51926de87c430a7ea4ead9f4dba730628eb764baede9a8d03cb7a3495d
SAP Crystal Report Server 2008 Cross Site Scripting
Posted Jan 25, 2011
Authored by Sh2kerr, Dmitry Chastuhin | Site dsecrg.com

SAP Crystal Report Server 2008 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5bb33dcb865e51328736f78871bcaf01a2e663aac535fd2aa2d1af81cdfe13cd
Progress OpenEdge Enterprise RDBMS 10.2A Bypass
Posted Jan 25, 2011
Authored by Sh2kerr, Alexey Sintsov, Alexey Troshichev | Site dsecrg.com

Progress OpenEdge Enterprise RDBMS version 10.2A has some vulnerabilities that make it possible to enumerate UserID and bypass authentication.

tags | advisory, vulnerability
SHA-256 | 94f3ea7ac21edb9e58b5237ff7c2a7826e37b408dbacdbff22fb5468c6bdec38
Oracle Document Capture empop3.dll Insecure Methods
Posted Jan 25, 2011
Authored by Sh2kerr, Dmitriy Evdokimov | Site dsecrg.com

Oracle Document Capture contains ActiveX components that contains insecure methods in empop3.dll.

tags | exploit, activex
advisories | CVE-2010-3591
SHA-256 | d17d07c5e57b563c011ed3d0796b9e0b84d6136526dcd7ca890a49dc34f3c55b
Pligg CMS 1.1.3 Path Disclosure
Posted Jan 25, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Pligg CMS version 1.1.3 suffers from a path disclosure vulnerability.

tags | advisory, info disclosure
SHA-256 | 6b984ea8f5f5ae5f4016ca41219b784091c63f58ec6723c026db2e3fc3167876
Microsoft IIS 6 Parsing Vulnerability
Posted Jan 25, 2011
Authored by Pouya Daneshmand

The author of this file claims that naming a directory with a .asp extension on IIS 6 will causing all files inside of it to be executed as such.

tags | advisory, asp
SHA-256 | 7d3a817a22ee42fe51d188e334502eb335489a020414bfe1d8e9ebcb14d8ed1f
Oracle Document Capture Insecure READ Method
Posted Jan 25, 2011
Authored by Sh2kerr, Alexey Sintsov | Site dsecrg.com

EasyMail ActiveX Control (emsmtp.dll) that included into Oracle Document Capture distrib can be used to read any file in target system. The vulnerable method is "ImportBodyText()".

tags | exploit, activex
advisories | CVE-2010-3595
SHA-256 | e0290533ffa0e0be9cb707947d2fe37461961f3b2e54f7eb0baa68b865261ae8
LACSEC 2011 Call For Presentations
Posted Jan 25, 2011
Site lacnic.net

LACSEC 2011 Call For Presentations - The 6th Network Security Event for Latin America and the Caribbean will be held in Cancun, Mexico, within the framework of LACNIC's fifteenth annual meeting (LACNIC XV). This is a public call for presentations for that event.

tags | paper, conference
SHA-256 | dc5e7f4be00d6fa11b2bc722bb9a644e33ca817b936e23301948332572397b75
Ubuntu Security Notice USN-1048-1
Posted Jan 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1048-1 - It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2010-4172
SHA-256 | 89889f3f1ef8e9e23135999eb91d208da047c895f2d4effcebf3741b486acb04
Automated Solutions Modbus/TCP OPC Server Heap Corruption
Posted Jan 25, 2011
Authored by Jeremy Brown

Automated Solutions Modbus/TCP OPC server remote heap corruption proof of concept exploit.

tags | exploit, remote, tcp, proof of concept
SHA-256 | 7ae800a71fe8daeefaa450bea5c62d13d9d5ab75b738f8589eca89bcfcdeec1f
Kehorne CMS 1.0 Cross Site Request Forgery
Posted Jan 25, 2011
Authored by R3VAN_BASTARD

Kehorne CMS version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 7876c6ade34f65bc85f60b867431987f0053357523f0490c265157c3f171eb5a
Kehorne CMS 1.0 SQL Injection
Posted Jan 25, 2011
Authored by R3VAN_BASTARD

Kehorne CMS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6b799053274987d6f5d662823502eb3c04656999929dee3705f0035074fadfd8
Crystal Web Solutions SQL Injection
Posted Jan 25, 2011
Authored by R3VAN_BASTARD

Crystal Web Solutions suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
SHA-256 | 11868ae3fe5e959b787b3f7494e58d05c481ac0f1538d08dfd7838897a686cab
web@all CMS 1.1 Cross Site Scripting
Posted Jan 25, 2011
Authored by AutoSec Tools | Site autosectools.com

web@all CMS version 1.1 suffers from a reflective cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | 57bd3adca6030bc7c3fc88109e59e2ab1232833c9de24e4bdef53b9da971e6ed
WordPress Audio 0.5.1 Cross Site Scripting
Posted Jan 25, 2011
Authored by AutoSec Tools | Site autosectools.com

WordPress Audio plugin version 0.5.1 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | cd7fa092a8b932ea3319b4ea59b97dd12f6b2f7faef4a74f9b55dcf82c3f14fb
WordPress BezahlCode-Generator 1.0 Cross Site Scripting
Posted Jan 25, 2011
Authored by AutoSec Tools | Site autosectools.com

WordPress BezahlCode-Generator plugin version 1.0 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 17d80d447ea4607e8a5da85f1691a6e8bf7afc0b24c47560e4f2f1f5f25e2f22
Web Articles SQL Injection
Posted Jan 25, 2011
Authored by PenetraDz

Web Articles suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
SHA-256 | 649e8dcfa5b192c8f5efc8e2b94a94251a1cf063d3ea8c823130f623cf5de36b
Page 1 of 3
Back123Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close