what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31 RSS Feed

Files Date: 2011-04-11

WordPress Spellchecker Local File Inclusion / Remote File Inclusion
Posted Apr 11, 2011
Authored by Dr Trojan

The WordPress Spellchecker plugin suffers from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | ab620182444da6e9e25bbd2ff29473475170a67f0693c1d08670c943b225dd1f
K-Rate Advanced Picture Rating Cross Site Scripting
Posted Apr 11, 2011
Authored by Andrea Bocchetti

K-Rate Advanced Picture Rating Script suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5f5a0236cacfa7f1c184fcecc519c08254a5557e2eac51a40ccf9a995b0adbc8
VeryTools Video Spirit Pro 1.70 Buffer Overflow
Posted Apr 11, 2011
Authored by corelanc0d3r, Acidgen | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Video Spirit versions 1.70 and below. When opening a malicious project file (.visprj), a stack buffer overflow occurs, resulting in arbitrary code execution. This exploit bypasses DEP and ASLR, and works on XP, Vista & Windows 7.

tags | exploit, overflow, arbitrary, code execution
systems | windows
SHA-256 | 9e121784ade83adde0ab90ab8fb328d34f02896d4228c84517683929d42c0b44
Zero Day Initiative Advisory 11-118
Posted Apr 11, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-118 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Asset Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within a servlet provided within the Novell Zenworks distribution for uploading files. When processing the path name for the file, the servlet will allow a user to inject path traversal entities into the filename. Then, when the servlet downloads the provided file, the destination will store it to the user-provided location. This can lead to code execution under the context of the service.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2010-4229
SHA-256 | 2b577bc17c0f8342ac6e6e9dfd42c71e762efe3b4ae44de771f057f8d5d89ed0
Zero Day Initiative Advisory 11-117
Posted Apr 11, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-117 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Firewall Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the code responsible for authenticating users. The GernalUtilities.pm file contains code to validate sessions by parsing cookie values without sanitization. The faulty logic simply checks for the existence of a particular file, without verifying its contents. By using a directory traversal technique an attacker can point the cgisess cookie value to an arbitrary file that exists on the server and thus bypass authentication.

tags | advisory, remote, arbitrary
SHA-256 | 484b7d2966d0efd9dfa5bcfca9f1b1a77fd8ff8ae233db8ccfa43063f51a9198
Elxis CMS eForum 1.1 File Upload
Posted Apr 11, 2011
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

Elxis CMS eForum component version 1.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 58b2a6b909a034aeee02869758ffbf3d70980bbfab04f276db39ed65066e18c7
Linksys WRT54G Password Disclosure
Posted Apr 11, 2011
Authored by RaFD

Linksys WRT54G with firmware version 7.00.1 suffers from an administrative password disclosure vulnerability via ftpd.

tags | exploit, info disclosure
SHA-256 | 29ac89d17267faf8260fc55d0bf0cea35b3acec9de7d42041acbc8aaabc40393
The Gazette Edition Cross Site Scripting
Posted Apr 11, 2011
Authored by MustLive

The Gazette Edition (theme for WordPress) versions 2.9.4 and below suffer from cross site scripting, denial of service, path disclosure and abuse of functionality vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
SHA-256 | 554e2b12eb7acbe0808897d2e279223beeade9555f821b00b156e5c83a058674
oclHashcat-lite GPU Hash Cracking Utility 0.02
Posted Apr 11, 2011
Authored by atom | Site hashcat.net

oclHashcat-lite Advanced GPU hash cracking utility that includes the World's fastest MD4, MD5, SHA1, and SHA256 cracker. It supports up to 16 GPUs and include binaries for both Linux and Windows.

tags | cracker
systems | linux, windows
SHA-256 | 9a98224224dfe503e6d645740cc8442831f25b3322e6d81534f567fe513eaf91
Mandriva Linux Security Advisory 2011-073
Posted Apr 11, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-073 - dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. Additionally for Corporate Server 4 and Enterprise Server 5 ISC DHCP has been upgraded from the 3.0.7 version to the 4.1.2-P1 version which brings many enhancements such as better ipv6 support.

tags | advisory, remote, arbitrary, shell
systems | linux, mandriva
advisories | CVE-2011-0997
SHA-256 | b869f67c871d88945a46206ca3939aac0496a05a47a2e9dc074ec6eff18ec5d4
SQLMAP - Automatic SQL Injection Tool 0.9
Posted Apr 11, 2011
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Rewritten SQL injection detection engine. Added full support for both time-based blind SQL injection and error-based SQL injection techniques. Various other support added.
tags | web, overflow, arbitrary, vulnerability, sql injection
systems | unix
SHA-256 | 9c76666d0555620329d949aca87571825adb8fcda9cd564e6410e1d2b6228c55
Gloves In A Bottle Local File Inclusion
Posted Apr 11, 2011
Authored by d3c0der

Gloves In A Bottle suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | cd467200613ff7583b1ed7b0adba2fd18ce3030299cdd2a672651ff3aea5fb3b
Debian Security Advisory 2217-1
Posted Apr 11, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2217-1 - Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of dhcp3, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. This allows an attacker to execute arbitrary commands with the privileges of such a process by sending crafted DHCP options to a client using a rogue server.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2011-0997
SHA-256 | 54aa128164e1a3fc5b22b43fa81ed44f8d8a2ead59b3172b5843a7ef345ea6e9
Debian Security Advisory 2216-1
Posted Apr 11, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2216-1 - Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of isc-dhcp, a DHCP client, is not properly filtering shell meta-characters in certain options in DHCP server responses. These options are reused in an insecure fashion by dhclient scripts. This allows an attacker to execute arbitrary commands with the privileges of such a process by sending crafted DHCP options to a client using a rogue server.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2011-0997
SHA-256 | 2a4dbf9a5f44606d2210505da3eabd5ea25e699d58d5b72c9148efe6503df304
tmux 1.3 / 1.4 Privilege Escalation
Posted Apr 11, 2011
Authored by ph0x90bic

tmux versions 1.3 and 1.4 suffer from a -S option incorrect setgid local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2011-1496
SHA-256 | cd885fe8e526cc9f25b3d09ae86f267db6f64ccabdcde1494411eddaa61dea49
Vallen Zipper 2.30 ZIP Heap Overflow
Posted Apr 11, 2011
Authored by C4SS!0 G0M3S

Vallen Zipper version 2.30 .zip file heap overflow exploit.

tags | exploit, overflow
SHA-256 | 80f5e42cf76a05410e9ce3d9c21cf65c61940466b3b716293d2f29a071a7cb3a
MikeyZip 1.1 ZIP Buffer Overflow
Posted Apr 11, 2011
Authored by C4SS!0 G0M3S

MikeyZip version 1.1 .zip file buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 98a685e7ab2139acf372fb56c3ec511246fc935f0251e0b360abc101956caa9c
K-Links SQL Injection
Posted Apr 11, 2011
Authored by R3d-D3v!L

K-Links suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4b7997809c7048d1abc47e21eca2e2b6741d956ec4b93ac2456536aa985be135
Joomla Phocadownload Blind SQL Injection
Posted Apr 11, 2011
Authored by KedAns-Dz

The Joomla Phocadownload component suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6365839b756fa703a75d8c92aaf6342c116e9d38fc9a41d5bd88b85008e0f204
Joomla Gcalendar Remote File Inclusion
Posted Apr 11, 2011
Authored by KedAns-Dz

The Joomla Gcalendar component suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 3a4697dced6c484634eb5df0df17e03d44a43b94210253839b9129ba91755a77
Joomla Extensions 1.6.0 SQL Injection
Posted Apr 11, 2011
Authored by KedAns-Dz

Joomla Extensions versions 1.6.0 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4118ccb7ca2acf7fd3c00b535a3414838f77d6ddead31773010bd55b4cce2722
Secunia Security Advisory 44100
Posted Apr 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in PHP-Jokesite, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, php, vulnerability, sql injection
SHA-256 | f08da736095636afd78e3bf3bf8c03b4f45f27bb9a761e82e3726a9749402211
Secunia Security Advisory 44006
Posted Apr 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Softbiz Classified Ads PLUS Script, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | efc9d0f6357ebbfc955ef331b1a78e090c44678bc408bec3b2dc8611575f99b3
Secunia Security Advisory 44079
Posted Apr 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for ikiwiki. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
systems | linux, debian
SHA-256 | 58db33873302308872eb77c617d317247e95720d5856a5992e3b0ba8b4d518a2
Secunia Security Advisory 44043
Posted Apr 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged a vulnerability with unknown impact in IBM Tivoli Monitoring.

tags | advisory
SHA-256 | b4d6069e426a25db12c199bb0bbf8aa422382313fa55762cd42c7ef2936d28c6
Page 1 of 2
Back12Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close