exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 42 RSS Feed

Files Date: 2011-02-14

Conky Linux 1.8.0 Denial Of Service
Posted Feb 14, 2011
Authored by Arturo D'Elia

Conky Linux version 1.8.0 local denial of service proof of concept exploit.

tags | exploit, denial of service, local, proof of concept
systems | linux
SHA-256 | ef5013e007ebfeff01b8e5f75c6128692db721569636df04aa5eb3a61a611421
Moscrack WPA Cluster Cracker 1.01b
Posted Feb 14, 2011
Authored by Ryan Babchishin | Site moscrack.sourceforge.net

Moscrack is intended to facilitate the use of a WPA cracker on a cluster. Currently, it has only been used with Mosix (clustering software) and SSH nodes. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to separate processes that run in parallel. The parallel processes can then execute on different nodes in your cluster. All results are checked (to a degree) and recorded on your master node. Logging, error handling, etc. are all handled for you. Moscrack is designed to be run for long periods of time (days, weeks, or more).

Changes: Bug fixes.
tags | cracker
systems | unix
SHA-256 | f8937e68a9bd2310ef51ada559931442d443ed81fddcd3ca5b33dd8e43a602da
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux 4.5.1
Posted Feb 14, 2011
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: The RFC 5793 Posture Broker Protocol compatible with Trusted Network Connect (PB-TNC) was implemented. IKE and ESP proposals as well as CRL distribution points can be stored in an SQL database. Connections can be started or routed automatically via the start_action database field. The IKEv2 daemon supports the INITIAL_CONTACT notification.
tags | kernel, encryption
systems | linux, unix
SHA-256 | 631645e3769003c8bce92b4a712de00722eb45fcbe3bff698403133e45e479c5
Mandriva Linux Security Advisory 2011-027
Posted Feb 14, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-027 - Multiple vulnerabilities were discovered and corrected in OpenOffice.org. These range from directory traversal issues to use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2010-3450, CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, CVE-2010-3689, CVE-2010-4253, CVE-2010-4643
SHA-256 | 39e3e2a8580de5d1a92c57975fbd1a8a00c08da89794e06bdc6722de174205e9
RunCMS 2.2.2 Cross Site Scripting / Path Disclosure / SQL Injection
Posted Feb 14, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

RunCMS version 2.2.2 suffers from cross site scripting, path disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 3793b698af04151a932d7b23a7695b9ec52b335731e39e72ab65fc16418eb112
Microsoft Windows Shell Graphics biCompression Buffer Overflow
Posted Feb 14, 2011
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a buffer overflow error in the Windows Shell graphics processor when parsing the "biCompression" value within BMP images, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV location containing a specially crafted image.

tags | advisory, remote, overflow, shell
systems | windows
SHA-256 | e45dd38c15740c3e6e5ddc9d40c8fcbd4f3bb920137a89049bbe72c5ba971917
Microsoft Windows Shell Graphics BMP "height" Integer Overflow
Posted Feb 14, 2011
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the Windows Shell graphics processor when parsing the "height" value within BMP images, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV location containing a specially crafted image.

tags | advisory, remote, overflow, shell
systems | windows
SHA-256 | 9a72023ae91a8044eca541def5bf1939d6dd53c305c5ed8be72523cab22c8350
Debian Security Advisory 2161-2
Posted Feb 14, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2161-2 - It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack.

tags | advisory, java
systems | linux, debian
advisories | CVE-2010-4476, CVE-2009-3555
SHA-256 | a0ded925baff43a07590b4642526803be3c5f43236df53cf34ee4a2b37a08de7
Debian Security Advisory 2163-1
Posted Feb 14, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2163-1 - Several vulnerabilities were discovered in the django web development framework. For several reasons the internal CSRF protection was not used to validate ajax requests in the past. However, it was discovered that this exception can be exploited with a combination of browser plugins and redirects and thus is not sufficient. It was discovered that the file upload form is prone to cross-site scripting attacks via the file name.

tags | advisory, web, vulnerability, xss, file upload
systems | linux, debian
advisories | CVE-2011-0696, CVE-2011-0697
SHA-256 | 87f72613c0e91642c24a6eeecfcb0c3c15c5c30e179f7d4f7a4e7cdd06c9d13a
MG2 0.5.1 Cross Site Scripting
Posted Feb 14, 2011
Authored by LiquidWorm | Site zeroscience.mk

MG2 version 0.5.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | d9e1492757a88b8aae40695552fa07b4741b360277a7016b7540c93273f43c48
Microsoft Windows Server 2003 AD Pre-Auth Heap Overflow
Posted Feb 14, 2011
Authored by Cupidon-3005

Microsoft Windows Server 2003 AD pre-auth browser election remote heap overflow exploit.

tags | exploit, remote, overflow
systems | windows
SHA-256 | 26b98c4caee82d08f9885e35420ee124ecacaecd6ac16b0fd17e21036c739c64
McAfee Virusscan Antivirus Quarantined File Restore Utility 1.0
Posted Feb 14, 2011
Authored by Mert SARICA | Site mertsarica.com

McAfee Virusscan Antivirus Quarantined File Restore Utility is a useful python script that extracts a file quarantined with the BUP extension by McAfee Virusscan.

tags | tool, python
systems | unix
SHA-256 | b8d0534550bfc32234180545ca6a832d08dbbaef57550859d2a80ae9c79315e3
OpenSCAP Libraries 0.7.0
Posted Feb 14, 2011
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: OVAL 5.6 support was finalized. The ability to terminate plugins if a scan terminates on a signal was improved. Some important bugs were fixed.
tags | protocol, library
systems | unix
SHA-256 | b6d2274da8681f81d19fe74f770f71b70273a1d3d73151f797e21b2e05531e24
Ctunnel Cryptographic Tunnel Program 0.6
Posted Feb 14, 2011
Authored by Jess Mahan | Site nardcore.org

ctunnel is a program for tunneling and proxying TCP or UDP connections via a cryptographic tunnel. ctunnel can be used to secure any existing TCP or UDP based protocol, such as HTTP, Telnet, FTP, RSH, MySQL, VNC, DNS, XDMCP, NFS, etc. You can also chain or bounce connections to any number of intermediary hosts.

Changes: This release fixes high CPU utilization, lowers heap usage, and fixes a segfault.
tags | web, udp, encryption, tcp, protocol
systems | unix
SHA-256 | a07bb5f48987ec0cb01d01ae7eb2fc00a06a1928fa25afe3999ceb4398f0941a
Mandriva Linux Security Advisory 2011-026
Posted Feb 14, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-026 - Multiple vulnerabilities were discovered and corrected in phpmyadmin. When the files README, ChangeLog or LICENSE have been removed from their original place, the scripts used to display these files can show their full path, leading to possible further attacks. It was possible to create a bookmark which would be executed unintentionally by other users. The updated packages have been upgraded to the latest versions to mitigate these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2011-0986, CVE-2011-0987
SHA-256 | 036a323ea6db3929f3d454c237b38f78b082641a4877eecb061b1c6b10296d55
Access Denied - A Guide For Code Breakers
Posted Feb 14, 2011
Authored by Legion Of XTRemers

Whitepaper called Access Denied - A Guide For Code Breakers.

tags | paper
SHA-256 | 3d28c0b73d3a1ca635df5eae7c8f884e0751112cf1e4fc7784e166799a7264a1
Debian Security Advisory 2162-1
Posted Feb 14, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2162-1 - Neel Mehta discovered that an incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message. This allows an attacker to crash an application using OpenSSL by triggering an invalid memory access. Additionally, some applications may be vulnerable to expose contents of a parsed OCSP nonce extension.

tags | advisory
systems | linux, debian
advisories | CVE-2011-0014
SHA-256 | 85bafee235722d8c60461177c2d6712b574cd4b5ea8e903eae3e2d9a139f0ed8
Mac OS X FTPd Disclosure
Posted Feb 14, 2011
Authored by Kingcope

Mac OS X suffers from a ftpd related information disclosure vulnerability.

tags | exploit, info disclosure
systems | apple, osx
SHA-256 | c7e1f64cd4e638d0f9d91eb82e75faafba3b340b73fe38afbb8d624256f950a1
Debian Security Advisory 2161-1
Posted Feb 14, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2161-1 - It was discovered that the floating point parser in OpenJDK, an implementation of the Java platform, can enter an infinite loop when processing certain input strings. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack.

tags | advisory, java
systems | linux, debian
advisories | CVE-2010-4476
SHA-256 | f7a54b756633f9ade15bc8c34eca924676f0a37a207ea3bcf2a91205739bcc4a
Debian Security Advisory 2160-1
Posted Feb 14, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2160-1 - Several vulnerabilities were discovered in the Tomcat Servlet and JSP engine. It was discovered that the SecurityManager insufficiently restricted the working directory. It was discovered that the HTML manager interface is affected by cross-site scripting. It was discovered that NIO connector performs insufficient validation of the HTTP headers, which could lead to denial of service.

tags | advisory, web, denial of service, vulnerability, xss
systems | linux, debian
advisories | CVE-2010-3718, CVE-2011-0013, CVE-2011-0534
SHA-256 | 2a1315f00b8236ec986eb2d5b9be348185c3459b7a38920bda341559938be986
Microsoft Windows Shell Graphics BMP "width" Integer Overflow
Posted Feb 14, 2011
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the Windows Shell graphics processor when parsing the "width" value within BMP images, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV location containing a specially crafted image.

tags | advisory, remote, overflow, shell
systems | windows
SHA-256 | 424e76ac6176134b9620fc780ea75da7e66aee6adb5388e91cf75fdc7beeb515
Microsoft Internet Explorer "mshtml.dll" Dangling Pointer
Posted Feb 14, 2011
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a dangling pointer in the "mshtml.dll" library when handling certain object manipulations, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page. Internet Explorer versions 6, 7, and 8 are affected.

tags | advisory, remote, web, arbitrary
advisories | CVE-2011-0036
SHA-256 | 3ec085c704a69847706bc827f9318c129f1ec314e1cffd5e14399f41cbc973f2
WP Forum Server 1.6.5 SQL Injection
Posted Feb 14, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Plugin WP Forum Server version 1.6.5 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | b1cbe56c1f57bab1edc287852bd2ec3cb1646ae7e01e005aed69d1ad2c1ad709
Adobe Shockwave DIRAPI Lctx Chunk Memory Corruption
Posted Feb 14, 2011
Authored by Chaouki Bekrar, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Shockwave. The vulnerability is caused by a memory corruption error in the "DIRAPI.dll" module when processing the "LCTX" chunk within a Director File, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page. Adobe Shockwave Player versions 11.5.9.615 and prior are affected.

tags | advisory, remote, web, arbitrary
SHA-256 | a14685bc6080babb1b766400a94d5de2768c47bc73bcd035cb57c90a363fe819
AWCM 2.2 Final Cross Site Scripting
Posted Feb 14, 2011
Authored by _84kur10_

AWCM version 2.2 Final suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 24fc75930da464d66a164fa6e7210db0740002786f16f9d6089e06c18e51fede
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close