ignore security and it'll go away
Showing 1 - 25 of 31 RSS Feed

Files Date: 2011-04-11

WordPress Spellchecker Local File Inclusion / Remote File Inclusion
Posted Apr 11, 2011
Authored by Dr Trojan

The WordPress Spellchecker plugin suffers from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
MD5 | c0ac9432a6eadaf34708979b64b80033
K-Rate Advanced Picture Rating Cross Site Scripting
Posted Apr 11, 2011
Authored by Andrea Bocchetti

K-Rate Advanced Picture Rating Script suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6b2f831fd2dc110634df69a84ce250ca
VeryTools Video Spirit Pro 1.70 Buffer Overflow
Posted Apr 11, 2011
Authored by corelanc0d3r, Acidgen | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Video Spirit versions 1.70 and below. When opening a malicious project file (.visprj), a stack buffer overflow occurs, resulting in arbitrary code execution. This exploit bypasses DEP and ASLR, and works on XP, Vista & Windows 7.

tags | exploit, overflow, arbitrary, code execution
systems | windows, 7
MD5 | 87f690a7f1a3b500a38864a74c60abdb
Zero Day Initiative Advisory 11-118
Posted Apr 11, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-118 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Asset Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within a servlet provided within the Novell Zenworks distribution for uploading files. When processing the path name for the file, the servlet will allow a user to inject path traversal entities into the filename. Then, when the servlet downloads the provided file, the destination will store it to the user-provided location. This can lead to code execution under the context of the service.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2010-4229
MD5 | 241a8939045eef5795e8981b073747a7
Zero Day Initiative Advisory 11-117
Posted Apr 11, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-117 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Firewall Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the code responsible for authenticating users. The GernalUtilities.pm file contains code to validate sessions by parsing cookie values without sanitization. The faulty logic simply checks for the existence of a particular file, without verifying its contents. By using a directory traversal technique an attacker can point the cgisess cookie value to an arbitrary file that exists on the server and thus bypass authentication.

tags | advisory, remote, arbitrary
MD5 | 5f3b1894b0ac640023be264c1ecaed90
Elxis CMS eForum 1.1 File Upload
Posted Apr 11, 2011
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

Elxis CMS eForum component version 1.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | cd2812bc5e9f3650996485b0ff6deb53
Linksys WRT54G Password Disclosure
Posted Apr 11, 2011
Authored by RaFD

Linksys WRT54G with firmware version 7.00.1 suffers from an administrative password disclosure vulnerability via ftpd.

tags | exploit, info disclosure
MD5 | 1cec0d2b47b70328ad6f6e45f671bc0f
The Gazette Edition Cross Site Scripting
Posted Apr 11, 2011
Authored by MustLive

The Gazette Edition (theme for WordPress) versions 2.9.4 and below suffer from cross site scripting, denial of service, path disclosure and abuse of functionality vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
MD5 | d638c41d3215129cf503a85430b3de90
oclHashcat-lite GPU Hash Cracking Utility 0.02
Posted Apr 11, 2011
Authored by atom | Site hashcat.net

oclHashcat-lite Advanced GPU hash cracking utility that includes the World's fastest MD4, MD5, SHA1, and SHA256 cracker. It supports up to 16 GPUs and include binaries for both Linux and Windows.

tags | cracker
systems | linux, windows
MD5 | 8f939e3017b60f47b77e2b5ebb214397
Mandriva Linux Security Advisory 2011-073
Posted Apr 11, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-073 - dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. Additionally for Corporate Server 4 and Enterprise Server 5 ISC DHCP has been upgraded from the 3.0.7 version to the 4.1.2-P1 version which brings many enhancements such as better ipv6 support.

tags | advisory, remote, arbitrary, shell
systems | linux, mandriva
advisories | CVE-2011-0997
MD5 | 0883fd45408ea5faa797bcc38e92af66
SQLMAP - Automatic SQL Injection Tool 0.9
Posted Apr 11, 2011
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Rewritten SQL injection detection engine. Added full support for both time-based blind SQL injection and error-based SQL injection techniques. Various other support added.
tags | web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 608d5773e0925e96e618171829d679b9
Gloves In A Bottle Local File Inclusion
Posted Apr 11, 2011
Authored by d3c0der

Gloves In A Bottle suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | c53bb08d6ae7509010c7a19ff86a1c90
Debian Security Advisory 2217-1
Posted Apr 11, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2217-1 - Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of dhcp3, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. This allows an attacker to execute arbitrary commands with the privileges of such a process by sending crafted DHCP options to a client using a rogue server.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2011-0997
MD5 | 21663e3862b9b62805abc28a41f20002
Debian Security Advisory 2216-1
Posted Apr 11, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2216-1 - Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of isc-dhcp, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. This allows an attacker to execute arbitrary commands with the privileges of such a process by sending crafted DHCP options to a client using a rogue server.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2011-0997
MD5 | 32e7aec37246492bbcbd968383f25274
tmux 1.3 / 1.4 Privilege Escalation
Posted Apr 11, 2011
Authored by ph0x90bic

tmux versions 1.3 and 1.4 suffer from a -S option incorrect setgid local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2011-1496
MD5 | 3b8c320e0281dce7682759b8e7ec561e
Vallen Zipper 2.30 ZIP Heap Overflow
Posted Apr 11, 2011
Authored by C4SS!0 G0M3S

Vallen Zipper version 2.30 .zip file heap overflow exploit.

tags | exploit, overflow
MD5 | 9e496f33d59a2400a6c792160744a856
MikeyZip 1.1 ZIP Buffer Overflow
Posted Apr 11, 2011
Authored by C4SS!0 G0M3S

MikeyZip version 1.1 .zip file buffer overflow exploit.

tags | exploit, overflow
MD5 | 4d9cde2a6789972a2c1bc9fd9daa9327
K-Links SQL Injection
Posted Apr 11, 2011
Authored by R3d-D3v!L

K-Links suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e96958eb0d21ffe755b311d2ab47b6ab
Joomla Phocadownload Blind SQL Injection
Posted Apr 11, 2011
Authored by KedAns-Dz

The Joomla Phocadownload component suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d06d47568a18576f04f1df50f440cf00
Joomla Gcalendar Remote File Inclusion
Posted Apr 11, 2011
Authored by KedAns-Dz

The Joomla Gcalendar component suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 652c2be07fa4bb845ea4fa78c90290ce
Joomla Extensions 1.6.0 SQL Injection
Posted Apr 11, 2011
Authored by KedAns-Dz

Joomla Extensions versions 1.6.0 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c5c8bdf9e2720e532b7f532f993ac265
Secunia Security Advisory 44100
Posted Apr 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in PHP-Jokesite, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, php, vulnerability, sql injection
MD5 | 99418770bb119aecfa4a0fb39f08d75c
Secunia Security Advisory 44006
Posted Apr 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Softbiz Classified Ads PLUS Script, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 4cf68e4ff8be78c6626d4af8cebf4a25
Secunia Security Advisory 44079
Posted Apr 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for ikiwiki. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
systems | linux, debian
MD5 | cd0a018cad34cc4675eeba30c21fde80
Secunia Security Advisory 44043
Posted Apr 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged a vulnerability with unknown impact in IBM Tivoli Monitoring.

tags | advisory
MD5 | e87df9cc1728bf89c22e2924d210a932
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close