exploit the possibilities
Showing 1 - 25 of 31 RSS Feed

Files Date: 2011-02-03

Podcast Generator 1.3 Cross Site Scripting
Posted Feb 3, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Podcast Generator version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7dfb9737e49d23177b0c0ed58ecb8418
SambaScan2 0.5.0
Posted Feb 3, 2011
Authored by Claudio Clemens | Site asturio.gmxhome.de

Sambascan2 allows you to search an entire network or a number of hosts for SMB shares. It will also list the contents of all public shares that it finds. The difference between sambascan2 and other SMB viewers and scanners is that it will search everything using TCP/IP, and it will not send a lot of broadcast messages, so it can be used over LAN boundaries. It only uses SMB to list the shares and their contents.

Changes: This release cleans up the code, removing old debug style. Many changes in the output and cleanup of errors, and the behavior can be controlled with -V. Another option to skip scanning hidden shares like C$ and D$. Options parsing is now done with getopt. Updated parsing of -a, -d and -g for working with getopts. Scans also on post 445. Generic auth support (using the same login and password for all hosts and shares, if no specific password is supplied). Some bugs were fixed.
tags | tool, scanner, tcp
systems | unix
MD5 | 7dcf9fe2286f91614f1dd37db3604809
AOL Desktop 9.6 Buffer Overflow
Posted Feb 3, 2011
Authored by sickness

AOL Desktop version 9.6 buffer overflow exploit that creates a malicious .rtx file.

tags | exploit, overflow
MD5 | 62cd12642cc40202ff417146505a6cef
QuickShare File Share 1.2.1 Directory Traversal
Posted Feb 3, 2011
Authored by modpr0be

QuickShare File Share version 1.2.1 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 0b8f50c6550aa0377785b09f3c0f12be
ReOS 2.0.5 Local File Inclusion / SQL Injection
Posted Feb 3, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

ReOS version 2.0.5 suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
MD5 | 49173b4107458041ae2b9ef845b3b8f0
WOOT 11 Call For Papers
Posted Feb 3, 2011
Site usenix.org

WOOT '11 Call For Papers - This will be held August 8th through the 9th, 2011, in San Francisco, CA. WOOT '11 is co-located with the 20th USENIX Security Symposium (USENIX Security '11), which will take place August 10th through the 12th, 2011.

tags | paper, conference
MD5 | ed0c2b927ccc28e29ab34f5794c4cd71
Firebook 3.100328 Cross Site Scripting / Disclosure
Posted Feb 3, 2011
Authored by MustLive

Firebook versions 3.100328 and below suffer from cross site scripting, information disclosure and anti-automation vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
MD5 | aff5934542cbb77cad9aaa6c801de2b4
VLC Media Player Memory Corruption
Posted Feb 3, 2011
Authored by Harry Sintonen

VLC Media Player suffers from a subtitle StripTags() function memory corruption vulnerability.

tags | exploit
advisories | CVE-2011-0522
MD5 | d1fd8f257e9c0871b1320c799e238d3d
OpenSCAP Libraries 0.6.8
Posted Feb 3, 2011
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: OVAL 5.6 content is supported. XCCDF reporting was improved. CPE support was added to the oscap-scan utility. Many bugs were fixed.
tags | protocol, library
systems | unix
MD5 | cfd4c77b9d3d0a69d9aaaedf965a6951
Podcast Generator 1.3 Local File Inclusion / Path Disclosure
Posted Feb 3, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Podcast Generator version 1.3 suffers from local file inclusion and path disclosure vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
MD5 | ce9dcf19deda389960320092acfc3f55
ReOS 2.0.5 SQL Injection
Posted Feb 3, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

ReOS version 2.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ed0d71fb49c1823d7faaa0d159308c6a
OemPro 3.6.4 SQL Injection / Shell Upload
Posted Feb 3, 2011
Authored by Ignacio Garrido

OemPro versions 3.6.4 and below suffer from remote shell upload and SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
MD5 | 2750a608518f0bfe2cf90b59e5ef2127
VideoLAN VLC MKV Memory Corruption
Posted Feb 3, 2011
Authored by Dan Rosenberg | Site metasploit.com

This Metasploit module exploits an input validation error in VideoLAN VLC < 1.1.7. By creating a malicious MKV or WebM file, a remote attacker could execute arbitrary code.

tags | exploit, remote, arbitrary
advisories | CVE-2011-0531, OSVDB-70698
MD5 | 4d6a2b2f0573ea87e21563982f295654
Linux Security Checklist Tool 2.0.3
Posted Feb 3, 2011
Authored by situ

Linux Security Checklist is a perl script that audits a given Linux host and provides recommendations for security enhancements.

tags | tool, perl, checklist, hardening
systems | linux, unix
MD5 | de61268c0257d238151dfd0a513a6d4c
SimpleSPA Single Packet Authorization Tool
Posted Feb 3, 2011
Authored by Chris Chrysler | Site sourceforge.net

SimpleSPA is an application that consists of a single packet authorization mechanism designed for the purpose of hiding semi-public services like a SSH server. There is a server side (Linux only) and a client side (Windows and Linux). This application is similar to FWKnop and more of an academic/proof of concept application as opposed to a full blown commercial quality application. involves a client that creates a packet with a payload encrypted with the public half of two different RSA keys. The idea is that one key would be shared by all users and it would encrypt the user name of the individual. A second key specific to each individual user would encrypt a pre-shared key (just any old string, nothing secret about it really) and a timestamp (to counter replay attacks). The server would receive this packet and decrypt this first half of the packet, which would give us the user name of the person sending the packet. The server would then know which user specific second key to use to decrypt the pre-shared key and time stamp to evaluate them for acceptability. If all is good, then the server would open up a port for the semi-public service we were trying to conceal for a brief amount of time to allow for a connection to be made. PDF included that explains everything. Written in Java.

tags | tool, java, scanner, proof of concept
systems | linux, windows, unix
MD5 | 6e010ca522aa62cc752a0f9c036e0d49
Hydra Network Logon Cracker 6.1
Posted Feb 3, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: More license updates, a fix for the configure script, checks added for libssh 0.4 and sshv1 support, merged all the latest crypto code in sasl files, and fixed SVN compilation issue on openSUSE.
tags | tool, web, imap
systems | cisco, unix
MD5 | 729360bed47fc98cb30234c5ede79c1c
Cisco Security Advisory 20110202-tandberg
Posted Feb 3, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Tandberg C Series Endpoints and E/EX Personal Video units that are running software versions prior to TC4.0.0 ship with a root administrator account that is enabled by default with no password. An attacker could use this account in order to modify the application configuration or operating system settings. Resolving this default password issue does not require a software upgrade and can be changed or disabled by a configuration command for all affected customers. The workaround detailed in this document demonstrates how to disable the root account or change the password.

tags | advisory, root
systems | cisco
advisories | CVE-2011-0354
MD5 | 146d02edeb87ff01b6f23b8d65e53e1f
Secunia Security Advisory 43180
Posted Feb 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM Rational Build Forge, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | fec0b3c1daa01fc4147cd142d0aa2495
Secunia Security Advisory 42800
Posted Feb 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in SigPlus Pro ActiveX control, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability, activex
MD5 | da6aee0ae4ffe370c903cb6524b02305
Secunia Security Advisory 43105
Posted Feb 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for openoffice.org. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system.

tags | advisory, local, vulnerability
systems | linux, ubuntu
MD5 | 0abb3c7e201f300beaede1139443dd3e
Secunia Security Advisory 43185
Posted Feb 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in the AES module for Drupal, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | 1e42ceff0c6b906a2d309e6101d2643c
Secunia Security Advisory 43158
Posted Feb 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in multiple TANDBERG products, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | 4d576f757291a012c01da64b71440dfa
Secunia Security Advisory 43125
Posted Feb 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Michael Brooks has reported a vulnerability in Majordomo 2, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | 23371c999ae9fe12dca24741624480a7
Secunia Security Advisory 43184
Posted Feb 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Userpoints module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
MD5 | 79e0ec30ce81205ca1c5a83522dfe77f
Secunia Security Advisory 43182
Posted Feb 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Flag Page module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
MD5 | 3eb9649054d36da8dda408d8935750bd
Page 1 of 2
Back12Next

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    15 Files
  • 10
    Dec 10th
    30 Files
  • 11
    Dec 11th
    8 Files
  • 12
    Dec 12th
    20 Files
  • 13
    Dec 13th
    6 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close