exploit the possibilities
Showing 1 - 25 of 40 RSS Feed

Files Date: 2011-04-21

Asterisk Project Security Advisory - AST-2011-005
Posted Apr 21, 2011
Authored by Tzafrir Cohen | Site asterisk.org

Asterisk Project Security Advisory - On systems that have the Asterisk Manager Interface, Skinny, SIP over TCP, or the built in HTTP server enabled, it is possible for an attacker to open as many connections to asterisk as he wishes. This will cause Asterisk to run out of available file descriptors and stop processing any new calls. Additionally, disk space can be exhausted as Asterisk logs failures to open new file descriptors.

tags | advisory, web, tcp
advisories | CVE-2011-1507
MD5 | 03cb9f0571b3574864aa8aa0ad6ca5c3
Mandriva Linux Security Advisory 2011-076
Posted Apr 21, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-076 - xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a XDMCP message.

tags | advisory, remote, arbitrary, shell
systems | linux, mandriva
advisories | CVE-2011-0465
MD5 | 4d6962b2e0aeb84c4c0bd9492fb1e0a0
FreeBSD Security Advisory - mountd ACL Mishandling
Posted Apr 21, 2011
Site security.freebsd.org

FreeBSD Security Advisory - The mountd(8) daemon services NFS mount requests from other client machines. When mountd is started, it loads the export host addresses and options into the kernel using the mount(2) system call. While parsing the exports(5) table, a network mask in the form of "-network=netname/prefixlength" results in an incorrect network mask being computed if the prefix length is not a multiple of 8. For example, specifying the ACL for an export as "-network 192.0.2.0/23" would result in a netmask of 255.255.127.0 being used instead of the correct netmask of 255.255.254.0.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2011-1739
MD5 | c461aba988786b70e5247c4764de590b
QtWeb Browser 3.7.2 Denial Of Service
Posted Apr 21, 2011
Authored by t3rm!n4t0r

QtWeb Browser version 3.7.2 denial of service exploit.

tags | exploit, denial of service
MD5 | 0c1cb4c44a2090099d856ef560af2ebe
Ubuntu Security Notice USN-1120-1
Posted Apr 21, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1120-1 - It was discovered that the TIFF library incorrectly handled certain JPEG data. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-5022
MD5 | 6d44e46900ded5deb40a0f218812fe90
PulseCMS Basic 1.3_Get.Pro Backup Download / Cross Site Scripting
Posted Apr 21, 2011
Authored by KedAns-Dz

PulseCMS Basic versions 1.3_Get.Pro and below suffers from backup disclosure, file upload, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, file upload
MD5 | 5a8e15dd404d76f6c93033ed94231ed4
Syctel Design Local File Inclusion
Posted Apr 21, 2011
Authored by Ashiyane Digital Security Team

Syctel Design suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 791fa52e4e1531c2d0ca953df0eb90a5
HP Security Bulletin HPSBMA02665 SSRT100185
Posted Apr 21, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02665 SSRT100185 - A potential security vulnerability has been identified in HP Virtual Server Environment for Windows. The vulnerability could be exploited remotely to elevate privileges. Revision 1 of this advisory.

tags | advisory
systems | windows
advisories | CVE-2011-1724
MD5 | 99ca60130b5991a3b99b2e1f8906aafb
HP Security Bulletin HPSBMA02664 SSRT100417
Posted Apr 21, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02664 SSRT100417 - Potential security vulnerabilities have been identified in HP Insight Control performance management for Windows. The vulnerabilities could be exploited remotely resulting in privilege elevation and cross site request forgery (CSRF). Revision 1 of this advisory.

tags | advisory, vulnerability, csrf
systems | windows
advisories | CVE-2011-1544, CVE-2011-1545
MD5 | 3747f3629769bf31fcd45bbf96c11657
Moscrack WPA Cluster Cracker 2.05b
Posted Apr 21, 2011
Authored by Ryan Babchishin | Site moscrack.sourceforge.net

Moscrack is intended to facilitate the use of a WPA cracker on a cluster. Currently, it has only been used with Mosix (clustering software) and SSH nodes. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to separate processes that run in parallel. The parallel processes can then execute on different nodes in your cluster. All results are checked (to a degree) and recorded on your master node. Logging, error handling, etc. are all handled for you. Moscrack is designed to be run for long periods of time (days, weeks, or more).

Changes: This release added various automatic chunk size options, hung node detection, dynamic node configuration, improved CPU demands, TCP-based status checks, and a CGI interface.
tags | cracker
systems | unix
MD5 | 9946e11aeb11566fbc1b689a59359e1e
WiRouter KeyRec 1.0.4
Posted Apr 21, 2011
Authored by Salvatore Fresta | Site salvatorefresta.net

WiRouter KeyRec is a powerful and platform independent piece of software that recovers the default WPA passphrases of the supported router's models (Telecom Italia Alice AGPF, Fastweb Pirelli, Fastweb Tesley).

Changes: Some internal changes were made.
tags | tool, wireless
MD5 | 3a5e38c08b989694d1f5eadd2aa90934
Firewall Builder With GUI 4.2.0.3530
Posted Apr 21, 2011
Site fwbuilder.org

Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.

Changes: This version significantly improves importation of existing firewall configurations and introduces support for importing Cisco ASA/PIX/FWSM configuration and de-duplication of imported objects. Support for the configuration of bridge and VLAN interfaces and static routes on FreeBSD was added, and it is now possible to generate configuration in the format of rc.conf files. The latest versions of Cisco ASA software are now supported, including the new command syntax for NAT commands in ASA 8.3. The speed of rule compilation has been improved, and is especially noticeable on very large data files.
tags | tool, firewall
systems | cisco, linux, unix, openbsd
MD5 | 6d61b956e074a9873f111b3c7053ac4a
Linux/x86 netcat Bindshell Shellcode
Posted Apr 21, 2011
Authored by Jonathan Salwan

Linux/x86 /usr/bin/netcat -ltp6666 -e/bin/sh shellcode.

tags | x86, shellcode
systems | linux
MD5 | 38750e9392a3ac8fc60070750da9c73e
Gesytec ElonFmt Active-X 1.1.14 Buffer Overflow
Posted Apr 21, 2011
Authored by LiquidWorm | Site zeroscience.mk

The Gesytec ElonFmt active-x control module suffers from a buffer overflow vulnerability. When a large buffer is sent to the pid item of the GetItem1 function in the elonfmt.ocx module, a few memory registers get overwritten including the SEH. Proof of concept exploit included. Version 1.1.14 is affected.

tags | exploit, overflow, activex, proof of concept
MD5 | 58e5b0bf42b9c4fd21638b378021c108
DNSpoison 1.0
Posted Apr 21, 2011
Authored by Vilmain Nicolas

DNSpoison is a DNS request sniffer tool that forges a false DNS response for IPv4 and IPv6 addresses. Hijacked traffic is needed before starting the program. Tested on GNU/Linux and FreeBSD.

tags | tool
systems | linux, unix, freebsd
MD5 | 488241379823c1efe781e2d16b159a5f
CA SiteMinder R6 / R12 Improper Handling
Posted Apr 21, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies support is alerting customers to a security risk associated with CA SiteMinder. A vulnerability exists that can allow a malicious user to impersonate another user. CA Technologies has issued patches to address the vulnerability. The vulnerability is due to improper handling of multi-line headers. A malicious user can send specially crafted data to impersonate another user.

tags | advisory
advisories | CVE-2011-1718
MD5 | ffd364135869f1132e22568378f1318e
CA Output Management Web Viewer 11.0 / 11.5 Boundary Errors
Posted Apr 21, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies support is alerting customers to security risks associated with CA Output Management Web Viewer. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerabilities. The vulnerabilities are due to boundary errors in the UOMWV_HelperActiveX.ocx and PPSView.ocx ActiveX controls. A remote attacker can create a specially crafted web page to exploit the flaws and potentially execute arbitrary code.

tags | advisory, remote, web, arbitrary, vulnerability, activex
advisories | CVE-2011-1719
MD5 | bbeba246d3ce36be6a7d73c8e91b7577
Secunia Security Advisory 44296
Posted Apr 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle PeopleSoft Enterprise Learning Management, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.

tags | advisory
MD5 | bc00807cac60498b92ee6cdc55849aa2
Secunia Security Advisory 44247
Posted Apr 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in the Universal Post Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
MD5 | f8478024f1e2fe567f4d59a3c4e8c7ab
Secunia Security Advisory 44299
Posted Apr 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Oracle PeopleSoft Enterprise Applications Portal, which can be exploited by malicious users and people to manipulate certain data.

tags | advisory, vulnerability
MD5 | 670c171885257e135499b93bd92183e8
Secunia Security Advisory 44214
Posted Apr 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has acknowledged a vulnerability in language-selector, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, ubuntu
MD5 | 775475d2c61f39374ddaf027566f9b78
Secunia Security Advisory 44212
Posted Apr 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has acknowledged a security issue in kbd, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
systems | linux, suse
MD5 | 06089f6aeee305259cf1d696305700a4
Secunia Security Advisory 44220
Posted Apr 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local
systems | linux
MD5 | e61deae06988f4bbca12613c2e455143
Secunia Security Advisory 44298
Posted Apr 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle PeopleSoft Enterprise PeopleTools, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.

tags | advisory, vulnerability
MD5 | 7db5e6d6ac1abedeee371e4e9a351d78
Secunia Security Advisory 44251
Posted Apr 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Systems Insight Manager, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks, disclose sensitive information, bypass certain security restrictions, or compromise a user's system.

tags | advisory, vulnerability, xss, csrf
MD5 | 4618888b387388f13bc1fc2859d568a1
Page 1 of 2
Back12Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close