exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files Date: 2011-02-19

Avira AntiVirus QUA File Crash
Posted Feb 19, 2011
Authored by KedAns-Dz

Avira AntiVirus local proof of concept exploit that creates a malicious QUA file.

tags | exploit, local, proof of concept
SHA-256 | e2ef3c0258d84a42617b7cddadf0129c7b654cd36d3ad3612bbf696e8749f11f
Nikto Web Scanner 2.1.4
Posted Feb 19, 2011
Authored by Sullo | Site cirt.net

Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.

Changes: Various fixes and changes.
tags | web, cgi
systems | unix
SHA-256 | 4d46cb9a03faca3b79fdbdb3c2a634031460c93e07750c58bc398ba8a0043c4c
HP Security Bulletin HPSBUX02628 SSRT090183
Posted Feb 19, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02628 SSRT090183 - A potential security vulnerability has been identified with HP-UX running CDE Calendar Manager. The vulnerability could be exploited remotely to execute arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
systems | hpux
advisories | CVE-2010-4435
SHA-256 | e23524d75371622d94a1139c07279983bcab41ccf37c863bcb305725889a81f5
Mandriva Linux Security Advisory 2011-031
Posted Feb 19, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-031 - Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery attacks via forged AJAX requests that leverage a combination of browser plugins and redirects, a related issue to CVE-2011-0447. Cross-site scripting vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload. Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / character in a key in a session cookie, related to session replays. The updated packages have been upgraded to the 1.1.4 version which is not vulnerable to these issues.

tags | advisory, remote, web, arbitrary, xss, file upload, csrf
systems | linux, windows, mandriva
advisories | CVE-2011-0696, CVE-2011-0697, CVE-2011-0698
SHA-256 | 35b66525c38b4cc2dbc7f00656d49770e63010bc4caa8000a032054d2a571b32
Mandriva Linux Security Advisory 2011-030
Posted Feb 19, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-030 - Multiple vulnerabilities has been found and corrected in tomcat5. When running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the intermediate files generated when compiling JSPs to Servlets. The location of the work directory is specified by a ServletContect attribute that is meant to be read-only to web applications. However, due to a coding error, the read-only setting was not applied. Therefore, a malicious web application may modify the attribute before Tomcat applies the file permissions. This can be used to grant read/write permissions to any area on the file system which a malicious web application may then take advantage of. This vulnerability is only applicable when hosting web applications from untrusted sources such as shared hosting environments. The HTML Manager interface displayed web application provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administrative user when viewing the manager pages.

tags | advisory, web, vulnerability
systems | linux, mandriva
advisories | CVE-2010-3718, CVE-2011-0013
SHA-256 | 050a770d28cff5d52b04cda5bec92927819bf2986938b64d3f0e874bd76b8b05
Netbios Share Scanner 0.6
Posted Feb 19, 2011
Authored by SecPoint | Site secpoint.com

This Python script is a tool that can be used to check windows workstations and servers if they have accessible shared resources.

Changes: Friendlier status codes.
tags | tool, scanner, python
systems | windows, unix
SHA-256 | 50f0cef89cbe41efc8027f56d96fd61b7164ec2daabfe90f151d7876f0f60c47
IBM Lotus Domino LDAP Remote Code Execution
Posted Feb 19, 2011
Authored by Francis Provencher

IBM Lotus Domino LDAP bind request remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2010-4323
SHA-256 | 46402f3ac39ee9e15c00c1a55880febf3a51331ae26d8997f960f98c07fdb606
Novell ZenWorks 10 / 11 TFTPD Remote Code Execution
Posted Feb 19, 2011
Authored by Francis Provencher

Novell ZenWorks versions 10 and 11 tftpd remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2010-4323
SHA-256 | 78181683877a61639444c420aefed5f9d978da3b270235598031a80ebca21bb4
Novell Iprint LPD Remote Code Execution
Posted Feb 19, 2011
Authored by Francis Provencher

Novell Iprint LPD remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2010-4328
SHA-256 | ae058abd9f7bac1e4a5b8fbb2d5aed21a602a517a2bb70ef19c5bca552bb9b15
Creepy Geolocation Gathering Tool 0.1.7
Posted Feb 19, 2011
Authored by Yiannis Kakavas | Site ilektrojohn.github.com

Creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown, accompanied with relevant information (i.e. what was posted from that specific location) to provide context to the presentation.

tags | tool
systems | unix
SHA-256 | f05620ee06971ff7ba55228bd0ff9e1c17acf57e5679f4084953cc64d4615773
Mozilla Firefox Interleaving document.write / appendChild Code Execution
Posted Feb 19, 2011
Authored by scriptjunkie | Site metasploit.com

This Metasploit module exploits a code execution vulnerability in Mozilla Firefox caused by interleaved calls to document.write and appendChild. This exploit is a metasploit port of the in-the-wild exploit.

tags | exploit, code execution
advisories | CVE-2010-3765, OSVDB-68905
SHA-256 | 843b760650dc1cd9d6f9a955b96d33b37fdcdd2f3d930a4d123bada5cd1bffd1
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close