what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31 RSS Feed

Files Date: 2011-02-03

Podcast Generator 1.3 Cross Site Scripting
Posted Feb 3, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Podcast Generator version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2256a38f17173ed816fe7cabfff9c440395b4467ec256360e807f3753b51286d
SambaScan2 0.5.0
Posted Feb 3, 2011
Authored by Claudio Clemens | Site asturio.gmxhome.de

Sambascan2 allows you to search an entire network or a number of hosts for SMB shares. It will also list the contents of all public shares that it finds. The difference between sambascan2 and other SMB viewers and scanners is that it will search everything using TCP/IP, and it will not send a lot of broadcast messages, so it can be used over LAN boundaries. It only uses SMB to list the shares and their contents.

Changes: This release cleans up the code, removing old debug style. Many changes in the output and cleanup of errors, and the behavior can be controlled with -V. Another option to skip scanning hidden shares like C$ and D$. Options parsing is now done with getopt. Updated parsing of -a, -d and -g for working with getopts. Scans also on post 445. Generic auth support (using the same login and password for all hosts and shares, if no specific password is supplied). Some bugs were fixed.
tags | tool, scanner, tcp
systems | unix
SHA-256 | d5a0c533e34a8f2f940ca2ddca16bb43b19cbd98de73b58e83dea97d8972dd00
AOL Desktop 9.6 Buffer Overflow
Posted Feb 3, 2011
Authored by sickness

AOL Desktop version 9.6 buffer overflow exploit that creates a malicious .rtx file.

tags | exploit, overflow
SHA-256 | 043b3ebffbc5083cf90c8757c9af9f839bb8800fe52564f9e5949f2b1867c8f7
QuickShare File Share 1.2.1 Directory Traversal
Posted Feb 3, 2011
Authored by modpr0be

QuickShare File Share version 1.2.1 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | d7ed75e1d802259579a6e45360cb55024fc8640a7eee5794fb64b8a33fd89152
ReOS 2.0.5 Local File Inclusion / SQL Injection
Posted Feb 3, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

ReOS version 2.0.5 suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
SHA-256 | 5a8e5817823d30503230ffaff2b61bf1ddc51513d3fe38f7cc92c817b7954aae
WOOT 11 Call For Papers
Posted Feb 3, 2011
Site usenix.org

WOOT '11 Call For Papers - This will be held August 8th through the 9th, 2011, in San Francisco, CA. WOOT '11 is co-located with the 20th USENIX Security Symposium (USENIX Security '11), which will take place August 10th through the 12th, 2011.

tags | paper, conference
SHA-256 | 165d18aec7757220c2eb237ad9a6e63de84f0aa51c00170410040415c51b8f11
Firebook 3.100328 Cross Site Scripting / Disclosure
Posted Feb 3, 2011
Authored by MustLive

Firebook versions 3.100328 and below suffer from cross site scripting, information disclosure and anti-automation vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | 82487596fbff0b19a56bc44a59e6356477480e03b625ac49af35d2b485d946d2
VLC Media Player Memory Corruption
Posted Feb 3, 2011
Authored by Harry Sintonen

VLC Media Player suffers from a subtitle StripTags() function memory corruption vulnerability.

tags | exploit
advisories | CVE-2011-0522
SHA-256 | 1844be25e4af847b0acec66eb3fc23968dedba8261216ebd1b34ec5ac695ca3e
OpenSCAP Libraries 0.6.8
Posted Feb 3, 2011
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: OVAL 5.6 content is supported. XCCDF reporting was improved. CPE support was added to the oscap-scan utility. Many bugs were fixed.
tags | protocol, library
systems | unix
SHA-256 | c67a73acedd82066c52ecb7e2a83e08a1324c883f8ca2a9ef786bbc40c01442b
Podcast Generator 1.3 Local File Inclusion / Path Disclosure
Posted Feb 3, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Podcast Generator version 1.3 suffers from local file inclusion and path disclosure vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | 42566ebcc4b5ae95e763cf98fb96fc6858b012a187fc3171ed4149a47005d465
ReOS 2.0.5 SQL Injection
Posted Feb 3, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

ReOS version 2.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 770e563de457cac2b0557f5b025d956fa9790bafd506c72266092c57f6e30a0b
OemPro 3.6.4 SQL Injection / Shell Upload
Posted Feb 3, 2011
Authored by Ignacio Garrido

OemPro versions 3.6.4 and below suffer from remote shell upload and SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
SHA-256 | 2593f069770353df7120f32d0aa6f72b448cb80998b87d7bb4a1c1a8660e0d0b
VideoLAN VLC MKV Memory Corruption
Posted Feb 3, 2011
Authored by Dan Rosenberg | Site metasploit.com

This Metasploit module exploits an input validation error in VideoLAN VLC < 1.1.7. By creating a malicious MKV or WebM file, a remote attacker could execute arbitrary code.

tags | exploit, remote, arbitrary
advisories | CVE-2011-0531, OSVDB-70698
SHA-256 | 089c03cdcf6cbedcf40c0da3c8c00719db381e766eff4249410bb2a906521f96
Linux Security Checklist Tool 2.0.3
Posted Feb 3, 2011
Authored by situ

Linux Security Checklist is a perl script that audits a given Linux host and provides recommendations for security enhancements.

tags | tool, perl
systems | linux, unix
SHA-256 | b95fbf25b0b3c21107a5f4e00b5cab884b3c4b39a41ba33531e455870fe91952
SimpleSPA Single Packet Authorization Tool
Posted Feb 3, 2011
Authored by Chris Chrysler | Site sourceforge.net

SimpleSPA is an application that consists of a single packet authorization mechanism designed for the purpose of hiding semi-public services like a SSH server. There is a server side (Linux only) and a client side (Windows and Linux). This application is similar to FWKnop and more of an academic/proof of concept application as opposed to a full blown commercial quality application. involves a client that creates a packet with a payload encrypted with the public half of two different RSA keys. The idea is that one key would be shared by all users and it would encrypt the user name of the individual. A second key specific to each individual user would encrypt a pre-shared key (just any old string, nothing secret about it really) and a timestamp (to counter replay attacks). The server would receive this packet and decrypt this first half of the packet, which would give us the user name of the person sending the packet. The server would then know which user specific second key to use to decrypt the pre-shared key and time stamp to evaluate them for acceptability. If all is good, then the server would open up a port for the semi-public service we were trying to conceal for a brief amount of time to allow for a connection to be made. PDF included that explains everything. Written in Java.

tags | tool, java, scanner, proof of concept
systems | linux, windows, unix
SHA-256 | 378f5402ded74b2de9cd170f0b9807fe64089a1ec6ed3df52cbfb01b705fce3d
Hydra Network Logon Cracker 6.1
Posted Feb 3, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: More license updates, a fix for the configure script, checks added for libssh 0.4 and sshv1 support, merged all the latest crypto code in sasl files, and fixed SVN compilation issue on openSUSE.
tags | tool, web, imap
systems | cisco, unix
SHA-256 | 85fbcf53bc7d8ae99a8bd31dd09810abd9cf9397679a94aea52cd1b1c8e06ac0
Cisco Security Advisory 20110202-tandberg
Posted Feb 3, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Tandberg C Series Endpoints and E/EX Personal Video units that are running software versions prior to TC4.0.0 ship with a root administrator account that is enabled by default with no password. An attacker could use this account in order to modify the application configuration or operating system settings. Resolving this default password issue does not require a software upgrade and can be changed or disabled by a configuration command for all affected customers. The workaround detailed in this document demonstrates how to disable the root account or change the password.

tags | advisory, root
systems | cisco
advisories | CVE-2011-0354
SHA-256 | 0bf1d1a2a5073105e6e57bd85957a61f87e2f9a536784275c073ea397c43b70b
Secunia Security Advisory 43180
Posted Feb 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM Rational Build Forge, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | f5fe266a2800adeea0c6751dbc2fcdebd2463e8d1b035a8fc8727a07ddc62442
Secunia Security Advisory 42800
Posted Feb 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in SigPlus Pro ActiveX control, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability, activex
SHA-256 | e94ee9b0a8aa5ffaddb44fca537951393bc583ac47fd55111d5b0b7ce6d8b46a
Secunia Security Advisory 43105
Posted Feb 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for openoffice.org. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system.

tags | advisory, local, vulnerability
systems | linux, ubuntu
SHA-256 | 00e2c3580a5bf0aaffbc32a5e1b9cd82dba1662edb8daceee4faad7ae296b9a3
Secunia Security Advisory 43185
Posted Feb 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in the AES module for Drupal, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | 1bd0bafb451ec9f94ea41468c791264abeaf246944f667e619677ae28329e61e
Secunia Security Advisory 43158
Posted Feb 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in multiple TANDBERG products, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 08de09b45205522dd9db20f5336d1d84709662e254532c8543013610bd092adf
Secunia Security Advisory 43125
Posted Feb 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Michael Brooks has reported a vulnerability in Majordomo 2, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | e349b599b4afb09edbdd15abc1f4f21947856071df2fef4d8d4e0031dd82aa7a
Secunia Security Advisory 43184
Posted Feb 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Userpoints module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | 8f8664e4d251809340427d68972b677b45330b34645965a5b2052282e3812fec
Secunia Security Advisory 43182
Posted Feb 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Flag Page module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | fe19d5fe1d98ad00843f087f8bc077595054c2dd87c34ef4e66071bf4bb7cada
Page 1 of 2
Back12Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close