exploit the possibilities
Showing 1 - 25 of 59 RSS Feed

Files Date: 2011-02-09

Adobe Shockwave TextXtra Invalid Seek Remote Code Execution
Posted Feb 9, 2011
Authored by Logan Brown | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing a DEMX RIFF chunk within Director files. The logic within the TextXtra.x32 module fails to account for a specific condition and can be made to misallocate a buffer on the heap. By crafting specific values within DEMX substructures an attacker can corrupt memory leading to arbitrary code execution under the context of the user running the browser.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-0555
MD5 | 72b93df895984ddb9279642bcd065e01
rdesktop 1.6.0 Memory Corruption
Posted Feb 9, 2011
Authored by badc0re

rdesktop version 1.6.0 memory corruption proof of concept exploit.

tags | exploit, proof of concept
MD5 | b7f9356982aaa44eb3ae577bddd16c48
PHPXref 0.7 Cross Site Scripting
Posted Feb 9, 2011
Authored by MustLive

PHPXref version 0.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6ca6a22df0252bdf6e9aa6c5856ccde6
yInjector MySQL Injection Tool
Posted Feb 9, 2011
Authored by Osirys | Site y-osirys.com

yInjector is a MySQL injection penetration tool. It has multiple features, proxy support, and multiple exploitation methods.

tags | tool, scanner, sql injection
systems | unix
MD5 | 3c8129cb7775c78d98f97678430ea265
SourceBans 1.4.7 Cross Site Scripting
Posted Feb 9, 2011
Authored by Sw1tCh

SourceBans version 1.4.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 740d362e9b4e96e44abffcf534ec4275
HITB Magazine Volume 1 Issue 5
Posted Feb 9, 2011
Authored by hitb | Site hackinthebox.org

HITB Magazine Volume 1 Issue 5 - Topics include Investigating Kernel Return Codes with the Linux Audit System, Secure Shell Attack Measurement and Mitigation, Windows CSRSS Tips and Tricks, and more.

tags | shell, kernel, magazine
systems | linux, windows
MD5 | 08132c9b005bebc84b7999ac4e081d57
OATH Toolkit 1.4.6
Posted Feb 9, 2011
Site nongnu.org

The OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.

Changes: This release improves liboath portability by using more gnulib modules. It fixes some minor clang warnings.
tags | tool
systems | unix
MD5 | 2eb155d8667a7cd24eced9c9b3b5282e
MihanTools Script 1.3.3 SQL Injection
Posted Feb 9, 2011
Authored by WHITE_DEVIL

MihanTools Script version 1.3.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5ae657e88df08958a8c83a261875b2d7
LIGATT LocatePC SQL Injection
Posted Feb 9, 2011

LIGATT Security's LocatePC software version 1.05 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0a69ca517db708217c2b7a4228f72113
Mandriva Linux Security Advisory 2011-024
Posted Feb 9, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-024 - The MIT krb5 Key Distribution Center daemon is vulnerable to denial of service attacks from unauthenticated remote attackers.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-0281, CVE-2011-0282
MD5 | 86dc2d6a425edb122b1c29c972f65a62
Web 2.0 Social Network Freunde Community SQL Injection
Posted Feb 9, 2011
Authored by NoNameMT

Web 2.0 Social Network Freunde Community suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | 2d7da903329e0f4a6a9f7c266f20bfe9
Coppermine Photo Gallery 1.5.x Command Execution
Posted Feb 9, 2011
Authored by Sniper Site Hacker

Coppermine Photo Gallery version 1.5.x suffers from a remote command execution vulnerability.

tags | exploit, remote
MD5 | 2f898cb33b61427694c52cf4f0687534
xRadio 0.95b Local Buffer Overflow
Posted Feb 9, 2011
Authored by b0telh0

xRadio version 0.95b local buffer overflow exploit that creates a malicious .xrl file.

tags | exploit, overflow, local
MD5 | fba698c2e3f37400c306ec368d016eb9
tudou.com UTF7-BOM Cross Site Scripting
Posted Feb 9, 2011
Authored by 80vul | Site 80vul.com

tudou.com suffers from a UTF7-BOM cross site scripting vulnerability.

tags | exploit, xss
MD5 | b620f03e4f8f92a911ca3fe21ca6a492
WordPress Enable Media Replace SQL Injection / Shell Upload
Posted Feb 9, 2011
Authored by Ulf Harnhammar

Enable Media Replace WordPress plugin version 2.3 suffers from remote shell upload and SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
MD5 | d8ab9ca1efb8f8ac7e144a6c46d35973
iDEFENSE Security Advisory 2011-02-08.5
Posted Feb 9, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 02.08.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside of an Adobe Flash file. The problem exists in a certain ActionScript method. When the method is called with particular parameters, the ActionScript engine gets confused and takes a user supplied value as an object pointer which leads to an exploitable condition. iDefense has confirmed the existence of this vulnerability in the Flash Plugin version 10.1.82.76 and 10.1.85.3. A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-02.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0559
MD5 | e0491241831974bdea1d80572206a87d
iDEFENSE Security Advisory 2011-02-08.4
Posted Feb 9, 2011
Authored by iDefense Labs, Vitaliy Toropov | Site idefense.com

iDefense Security Advisory 02.08.11 - Remote exploitation of an integer overflow vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside an Adobe Flash file. The problem exists in the ActionScript method of the built-in "Function" class, which accepts an array object as a second parameter and uses this array's length multiplied by four for a memory allocation without any overflow checks. Then it writes the array's content into the allocated memory, which corrupts memory and leads to an exploitable condition. iDefense has confirmed the existence of this vulnerability in the Flash Plugin version 10.1.82.76 and 10.1.85.3. A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-02.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2011-0558
MD5 | 4983ad3404755868726af5999e57a87e
CGI IRC 0.5.10
Posted Feb 9, 2011
Site cgiirc.sourceforge.net

CGI:IRC is a Perl/CGI program that allows you to use IRC from a Web browser without having to have access to an IRC port. It does not use Java, but it does need a browser capable of rendering frames. It can be used on a Web page to allow users to chat, or it can be used to access chat from behind a firewall.

Changes: An XSS issue has been fixed.
tags | java, web, cgi, perl
systems | unix
advisories | CVE-2011-0050
MD5 | bfc7b7fb9f53748600f39aae310a0265
Unreal Tournament Buffer Overflow
Posted Feb 9, 2011
Authored by Fulcrum

Unreal Tournament remote buffer overflow exploit using SEH and written for Windows.

tags | exploit, remote, overflow
systems | windows
MD5 | 4827cf4e9ec0738971d257801a2be0e6
Adobe Shockwave dirapi.dll IFWV Trusted Offset Remote Code Execution
Posted Feb 9, 2011
Authored by Aaron Portnoy, Logan Brown | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DIRAPI.dll module distributed with the player. While parsing a director movie (.dir or .dcr) the code trusts the specified size of the IFWV chunk and uses it within a calculation to determine another offset within the file. By setting it to 0, the code jumps to the wrong location within the file. While parsing data at the new location, the code uses a value as a loop counter. Within the loop, the code copies data to a heap buffer. By crafting a file with a large enough size, this loop can be forced to corrupt memory. A remote attacker can abuse this logic to execute arbitrary code under the context of the user running the application.

tags | advisory, remote, arbitrary
advisories | CVE-2010-4188
MD5 | 170eb9e1def3f0b0a08815c7e0ecec71
iDEFENSE Security Advisory 2011-02-08.3
Posted Feb 9, 2011
Authored by iDefense Labs, Andrzej Dyjak | Site idefense.com

iDefense Security Advisory 02.08.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Shockwave Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability takes place during the processing of a malicious Adobe Director file. A malicious user could cause a memory corruption by including malformed data in a chunk. This condition may lead to arbitrary code execution. iDefense has confirmed the existence of this vulnerability in Shockwave Player version 11.5.8.612 and version 11.5.9.615 (the latest version at the time of testing). A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-01.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4187
MD5 | 9aaa729952ef328b8fa5f6f0f6eeda4b
iDEFENSE Security Advisory 2011-02-08.2
Posted Feb 9, 2011
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 02.08.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Reader could allow an attacker to execute arbitrary code with the privileges of the current user. JPEG2000 (JP2K) is an image file format similar to JPEG. In addition to JPEG markers, JP2K files also provide "boxes" that define different image properties. JP2K is one of the image formats supported by Adobe Reader and Acrobat. The vulnerability occurs when parsing a JPEG2000 file embedded inside of a PDF file. Several different JP2K record types are involved in the vulnerability. It is possible to increment a buffer index beyond the allocated data, and store pointers to file data at that location. This can result in the corruption of heap structures and application data, which leads to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Adobe Reader and Acrobat versions 9.4 and 8.2.5. A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-03.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0602
MD5 | 2633e3547d52fc57f50de1fe6fdedf70
EMC Replication Manager Remote Code Execution
Posted Feb 9, 2011
Site emc.com

EMC Replication Manager contains a potential vulnerability that may allow remote unauthenticated user to execute arbitrary code on vulnerable installations of the EMC Replication Manager. Affected products include EMC Replication Manager versions earlier than 5.3, EMC NetWorker Module for Microsoft Applications versions 2.1.x and 2.2.x.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0647
MD5 | cacf34540e855fa82945df98a20c5146
Secunia Security Advisory 43231
Posted Feb 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 46e1edeb7c0ab76fa49f0ede6d3dcfcf
Secunia Security Advisory 43235
Posted Feb 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Auto Database System module for PHP-Fusion, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, php, sql injection
MD5 | 5052155717b5d5e8d1cf2d6de44c5d03
Page 1 of 3
Back123Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close