exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31 RSS Feed

Files Date: 2011-04-11

WordPress Spellchecker Local File Inclusion / Remote File Inclusion
Posted Apr 11, 2011
Authored by Dr Trojan

The WordPress Spellchecker plugin suffers from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | ab620182444da6e9e25bbd2ff29473475170a67f0693c1d08670c943b225dd1f
K-Rate Advanced Picture Rating Cross Site Scripting
Posted Apr 11, 2011
Authored by Andrea Bocchetti

K-Rate Advanced Picture Rating Script suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5f5a0236cacfa7f1c184fcecc519c08254a5557e2eac51a40ccf9a995b0adbc8
VeryTools Video Spirit Pro 1.70 Buffer Overflow
Posted Apr 11, 2011
Authored by corelanc0d3r, Acidgen | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Video Spirit versions 1.70 and below. When opening a malicious project file (.visprj), a stack buffer overflow occurs, resulting in arbitrary code execution. This exploit bypasses DEP and ASLR, and works on XP, Vista & Windows 7.

tags | exploit, overflow, arbitrary, code execution
systems | windows
SHA-256 | 9e121784ade83adde0ab90ab8fb328d34f02896d4228c84517683929d42c0b44
Zero Day Initiative Advisory 11-118
Posted Apr 11, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-118 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Asset Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within a servlet provided within the Novell Zenworks distribution for uploading files. When processing the path name for the file, the servlet will allow a user to inject path traversal entities into the filename. Then, when the servlet downloads the provided file, the destination will store it to the user-provided location. This can lead to code execution under the context of the service.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2010-4229
SHA-256 | 2b577bc17c0f8342ac6e6e9dfd42c71e762efe3b4ae44de771f057f8d5d89ed0
Zero Day Initiative Advisory 11-117
Posted Apr 11, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-117 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Firewall Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the code responsible for authenticating users. The GernalUtilities.pm file contains code to validate sessions by parsing cookie values without sanitization. The faulty logic simply checks for the existence of a particular file, without verifying its contents. By using a directory traversal technique an attacker can point the cgisess cookie value to an arbitrary file that exists on the server and thus bypass authentication.

tags | advisory, remote, arbitrary
SHA-256 | 484b7d2966d0efd9dfa5bcfca9f1b1a77fd8ff8ae233db8ccfa43063f51a9198
Elxis CMS eForum 1.1 File Upload
Posted Apr 11, 2011
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

Elxis CMS eForum component version 1.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 58b2a6b909a034aeee02869758ffbf3d70980bbfab04f276db39ed65066e18c7
Linksys WRT54G Password Disclosure
Posted Apr 11, 2011
Authored by RaFD

Linksys WRT54G with firmware version 7.00.1 suffers from an administrative password disclosure vulnerability via ftpd.

tags | exploit, info disclosure
SHA-256 | 29ac89d17267faf8260fc55d0bf0cea35b3acec9de7d42041acbc8aaabc40393
The Gazette Edition Cross Site Scripting
Posted Apr 11, 2011
Authored by MustLive

The Gazette Edition (theme for WordPress) versions 2.9.4 and below suffer from cross site scripting, denial of service, path disclosure and abuse of functionality vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
SHA-256 | 554e2b12eb7acbe0808897d2e279223beeade9555f821b00b156e5c83a058674
oclHashcat-lite GPU Hash Cracking Utility 0.02
Posted Apr 11, 2011
Authored by atom | Site hashcat.net

oclHashcat-lite Advanced GPU hash cracking utility that includes the World's fastest MD4, MD5, SHA1, and SHA256 cracker. It supports up to 16 GPUs and include binaries for both Linux and Windows.

tags | cracker
systems | linux, windows
SHA-256 | 9a98224224dfe503e6d645740cc8442831f25b3322e6d81534f567fe513eaf91
Mandriva Linux Security Advisory 2011-073
Posted Apr 11, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-073 - dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. Additionally for Corporate Server 4 and Enterprise Server 5 ISC DHCP has been upgraded from the 3.0.7 version to the 4.1.2-P1 version which brings many enhancements such as better ipv6 support.

tags | advisory, remote, arbitrary, shell
systems | linux, mandriva
advisories | CVE-2011-0997
SHA-256 | b869f67c871d88945a46206ca3939aac0496a05a47a2e9dc074ec6eff18ec5d4
SQLMAP - Automatic SQL Injection Tool 0.9
Posted Apr 11, 2011
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Rewritten SQL injection detection engine. Added full support for both time-based blind SQL injection and error-based SQL injection techniques. Various other support added.
tags | web, overflow, arbitrary, vulnerability, sql injection
systems | unix
SHA-256 | 9c76666d0555620329d949aca87571825adb8fcda9cd564e6410e1d2b6228c55
Gloves In A Bottle Local File Inclusion
Posted Apr 11, 2011
Authored by d3c0der

Gloves In A Bottle suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | cd467200613ff7583b1ed7b0adba2fd18ce3030299cdd2a672651ff3aea5fb3b
Debian Security Advisory 2217-1
Posted Apr 11, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2217-1 - Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of dhcp3, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. This allows an attacker to execute arbitrary commands with the privileges of such a process by sending crafted DHCP options to a client using a rogue server.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2011-0997
SHA-256 | 54aa128164e1a3fc5b22b43fa81ed44f8d8a2ead59b3172b5843a7ef345ea6e9
Debian Security Advisory 2216-1
Posted Apr 11, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2216-1 - Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of isc-dhcp, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. This allows an attacker to execute arbitrary commands with the privileges of such a process by sending crafted DHCP options to a client using a rogue server.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2011-0997
SHA-256 | 2a4dbf9a5f44606d2210505da3eabd5ea25e699d58d5b72c9148efe6503df304
tmux 1.3 / 1.4 Privilege Escalation
Posted Apr 11, 2011
Authored by ph0x90bic

tmux versions 1.3 and 1.4 suffer from a -S option incorrect setgid local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2011-1496
SHA-256 | cd885fe8e526cc9f25b3d09ae86f267db6f64ccabdcde1494411eddaa61dea49
Vallen Zipper 2.30 ZIP Heap Overflow
Posted Apr 11, 2011
Authored by C4SS!0 G0M3S

Vallen Zipper version 2.30 .zip file heap overflow exploit.

tags | exploit, overflow
SHA-256 | 80f5e42cf76a05410e9ce3d9c21cf65c61940466b3b716293d2f29a071a7cb3a
MikeyZip 1.1 ZIP Buffer Overflow
Posted Apr 11, 2011
Authored by C4SS!0 G0M3S

MikeyZip version 1.1 .zip file buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 98a685e7ab2139acf372fb56c3ec511246fc935f0251e0b360abc101956caa9c
K-Links SQL Injection
Posted Apr 11, 2011
Authored by R3d-D3v!L

K-Links suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4b7997809c7048d1abc47e21eca2e2b6741d956ec4b93ac2456536aa985be135
Joomla Phocadownload Blind SQL Injection
Posted Apr 11, 2011
Authored by KedAns-Dz

The Joomla Phocadownload component suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6365839b756fa703a75d8c92aaf6342c116e9d38fc9a41d5bd88b85008e0f204
Joomla Gcalendar Remote File Inclusion
Posted Apr 11, 2011
Authored by KedAns-Dz

The Joomla Gcalendar component suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 3a4697dced6c484634eb5df0df17e03d44a43b94210253839b9129ba91755a77
Joomla Extensions 1.6.0 SQL Injection
Posted Apr 11, 2011
Authored by KedAns-Dz

Joomla Extensions versions 1.6.0 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4118ccb7ca2acf7fd3c00b535a3414838f77d6ddead31773010bd55b4cce2722
Secunia Security Advisory 44100
Posted Apr 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in PHP-Jokesite, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, php, vulnerability, sql injection
SHA-256 | f08da736095636afd78e3bf3bf8c03b4f45f27bb9a761e82e3726a9749402211
Secunia Security Advisory 44006
Posted Apr 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Softbiz Classified Ads PLUS Script, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | efc9d0f6357ebbfc955ef331b1a78e090c44678bc408bec3b2dc8611575f99b3
Secunia Security Advisory 44079
Posted Apr 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for ikiwiki. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
systems | linux, debian
SHA-256 | 58db33873302308872eb77c617d317247e95720d5856a5992e3b0ba8b4d518a2
Secunia Security Advisory 44043
Posted Apr 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged a vulnerability with unknown impact in IBM Tivoli Monitoring.

tags | advisory
SHA-256 | b4d6069e426a25db12c199bb0bbf8aa422382313fa55762cd42c7ef2936d28c6
Page 1 of 2
Back12Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close