exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2011-02-25

Ubuntu Security Notice USN-1071-1
Posted Feb 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1071-1 - Tavis Ormandy discovered that the Linux kernel did not properly implement exception fixup. A local attacker could exploit this to crash the kernel, leading to a denial of service. Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. A local attacker could exploit this to cause the kernel to hang, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2010-3086, CVE-2010-3859, CVE-2010-3873, CVE-2010-3875, CVE-2010-3876, CVE-2010-3880, CVE-2010-4078, CVE-2010-4080, CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4160
SHA-256 | 138f0d9acd9028b53e4c02afea0172fcf4090c982287a6d77f401f9155e9023b
Exec2Shell Converter Tool
Posted Feb 25, 2011
Authored by C3lt1c

This is a simple executable to shellcode converter tool. Video for usage is included.

tags | shellcode
SHA-256 | 615bb76846010e2d9b02e6e2405d54049a777f9250aebb20c701cbffbd929de8
Altigen Gateway Service Heap Overflow
Posted Feb 25, 2011
Authored by Patrick Kelley

Altigen's Gateway Service suffers from a heap overflow vulnerability that can be triggered by a simple nmap portscan.

tags | advisory, overflow
SHA-256 | 75c19fef6c874b519ac2c9baf65be73e2f21b601e31e7302e468dff495e2082c
Joomla XCloner Remote Command Execution
Posted Feb 25, 2011
Authored by mr_me

Joomla XCloner component remote command execution exploit. This component also suffers from information disclosure, local file inclusion, denial of service, and cross site scripting vulnerabilities.

tags | exploit, remote, denial of service, local, vulnerability, xss, file inclusion, info disclosure
SHA-256 | bd1d11cc383f303dac4cb1520a59452b77f741b76b084b5ea0df94bb38723392
Linksys Cisco Wag120n Cross Site Request Forgery
Posted Feb 25, 2011
Authored by IRCRASH, Khashayar Fereidani | Site ircrash.com

The Linksys Cisco Wag120n suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
systems | cisco
SHA-256 | dd16115896453d01f25228f86f2b3ddaef343f8a7937d67e06a50aa3bf8827de
Website By MIC SQL Injection
Posted Feb 25, 2011
Authored by eXeSoul

Website By MIC suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e4812b17d0b37e224f232c9974a3e6126178f549ad85888d440cc4cebcbf0b57
Prestashop Cartium 1.3.3 - 0.246s SQL Injection
Posted Feb 25, 2011
Authored by Antonio San Martino

Prestashop Cartium version 1.3.3 - 0.246s suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 235ad64da715d21ee421f82520eb1abfa2e9936d9d965014f9cfda3d83de594a
glFusion CMS Blind SQL Injection
Posted Feb 25, 2011
Authored by H3X

glFusion CMS suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 002f00d412b223b8c47ffe2113ec5755cab7b22632218f1804e4baea4e8ae938
Pragyan CMS Code Execution / SQL Injection
Posted Feb 25, 2011
Authored by villy

Pragyan CMS versions prior to 3.0 rev 274 suffer from code execution and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, sql injection
SHA-256 | 8b9afe976dfc4540c9079a9bb30cb84209dbd90c3bd9da57324bcd80fe2a9762
web.go Insecure Cookie
Posted Feb 25, 2011
Authored by Nam Nguyen | Site bluemoon.com.vn

web.go suffers from an insecure cookie vulnerability. Their cookie is modeled after Tornado which had the same issue reported on in 2010.

tags | advisory, web, insecure cookie handling
SHA-256 | ee2dc2d011a705d23606558d2a5af6c6a4bbf9a22dfdf2f4a9697f1c61fde09f
RaksoCT SQL Injection
Posted Feb 25, 2011
Authored by p0pc0rn

RaksoCT Web Design suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, sql injection
SHA-256 | 9aab71f6692e60a432af4d062c8c8dc8f477dc4c6ca13435df0be45adaec494c
iPhone MyDocs 2.7 Directory Traversal
Posted Feb 25, 2011
Authored by IRCRASH, Khashayar Fereidani | Site ircrash.com

iPhone MyDocs version 2.7 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
systems | apple, iphone
SHA-256 | fae04cfee781085d2fd6f8575af3648f4d7585f0588a5efb5b7bb8d73098d99c
iPhone iFile 2.0 Directory Traversal
Posted Feb 25, 2011
Authored by IRCRASH, Khashayar Fereidani | Site ircrash.com

iPhone iFile version 2.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
systems | apple, iphone
SHA-256 | aff27d1aa9bc27dc2109e98973b6ef23d319663bb2a0db4d43129ef37389f697
iPhone Folders 2.5 Directory Traversal
Posted Feb 25, 2011
Authored by IRCRASH, Khashayar Fereidani | Site ircrash.com

iPhone Folders version 2.5 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
systems | apple, iphone
SHA-256 | 1062f972a62f2727426510070897b782cbcae9833e2586c9aff82fee5f8b0622
Edraw Office Viewer Component 7.4 Active-X Buffer Overflow
Posted Feb 25, 2011
Authored by Alexander Gavrun

Edraw Office Viewer component version 7.4 active-x related stack buffer overflow exploit.

tags | exploit, overflow, activex
SHA-256 | 0cb6d86d4889168c48cf40d301af90cb71f2d53474310ed6503c5096390544cd
Cewolf 1.1.4 Denial Of Service
Posted Feb 25, 2011
Authored by MustLive

Cewolf - Chart Enabling Web Object Framework versions 1.1.4 and below suffer from a denial of service vulnerability.

tags | advisory, web, denial of service
SHA-256 | 8638638ee3109eed0bea5b2326a39b8428de034acd9b0f2f5efad8022120a4b1
WATOBO Web Application Toolbox Auditor 0.9.6rev266
Posted Feb 25, 2011
Authored by Andreas Schmidt | Site watobo.sourceforge.net

WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.

Changes: Now supports one-time tokens. NTLM authentication added. FileFinder plugin added. Various other additions.
tags | tool, web, local, scanner, vulnerability, xss, sql injection
systems | unix
SHA-256 | 478a1566e4c6f7dc28d734eedcb6ba04390148a32396154c928a3e2488959054
PHPShop 0.8.1 Cross Site Scripting
Posted Feb 25, 2011
Authored by Aung Khant | Site yehg.net

PHPShop versions 0.8.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a25bef9b70e1ce9498c17a7a5c93f602c1a3332be03b85ec863193217dd67c26
glibc alloca() Memory Corruption
Posted Feb 25, 2011
Authored by Chris Evans | Site scarybeastsecurity.blogspot.com

Interesting blog entry that discusses how a glibc alloca()-based memory corruption vulnerability allowed for code execution.

tags | paper, code execution
SHA-256 | 6b372618ec2a21f674080b0819cbfb4ca8ee6bc398a1fbc24854277dc3dca356
CA HIPS Arbitrary Code Execution
Posted Feb 25, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies support is alerting customers to a security risk associated with CA Host-Based Intrusion Prevention System (HIPS). A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerability. The vulnerability is due to insecure method implementation in the XMLSecDB ActiveX control that is utilized in CA HIPS components and products. A remote attacker can potentially execute arbitrary code if he can trick a user into visiting a malicious web page or opening a malicious file. Versions prior to 8.1.0.88 are affected.

tags | advisory, remote, web, arbitrary, activex
advisories | CVE-2011-1036
SHA-256 | 1165984f0f9a0bde4ed83ed6d3943f818df52123eeb80a2f91a7d5dce511133b
Problems Faced By Cloud Computing
Posted Feb 25, 2011
Authored by L0rd CrusAd3r

Brief whitepaper discussing some problems faced when using cloud computing.

tags | paper
SHA-256 | 53a9ee31b17b5b3f1bb3226bfed1a087dce450306c1cb4d89f1193b47f77a5a5
oclHashcat GPU Hash Cracking Utility 0.25
Posted Feb 25, 2011
Authored by atom | Site hashcat.net

oclHashcat GPU hash cracking utility that has multi-GPU and multi-hash support. It supports dictionary-based and mask-attacks for hybrid cracking. Linux and Windows binaries are included.

tags | cracker
systems | linux, windows
SHA-256 | 19077748589c65f302bf68f488ac33ab55f6f1f62053087de4a1e3bbb3b370ce
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    8 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close