what you don't know can hurt you
Showing 1 - 25 of 61 RSS Feed

Files Date: 2011-04-28

EMC HomeBase Server Directory Traversal Remote Code Execution
Posted Apr 28, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits a directory traversal and remote code execution flaw in EMC HomeBase Server 6.3.0. Note: This Metasploit module has only been tested against Windows XP SP3 and Windows 2003 SP2.

tags | exploit, remote, code execution
systems | windows
advisories | CVE-2010-0620
SHA-256 | e1157c518d84a4ffe3868bae4edb8772e80255a4824a34ca07799e7a7f517728
Subtitle Processor 7.7.1 .M3U SEH Unicode Buffer Overflow
Posted Apr 28, 2011
Authored by sinn3r, Brandon Murphy | Site metasploit.com

This Metasploit module exploits a vulnerability found in Subtitle Processor 7. By supplying a long string of data as a .m3u file, Subtitle Processor first converts this input in Unicode, which expands the string size, and then attempts to copy it inline on the stack. This results a buffer overflow with SEH overwritten, allowing arbitrary code execution.

tags | exploit, overflow, arbitrary, code execution
SHA-256 | 26d612333618be29098a0672577a27e3c6d14fed9fd3745d7b80c96b8ea7a1fe
Oracle JD Edwards JDENET USRBROADCAST Denial Of Service
Posted Apr 28, 2011
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a specially crafted packet is sent to the JDENet service, and access violation is raised. As the process fails to process this exception, this results in a crash that would render the system unavailable.

tags | advisory, remote
SHA-256 | fb00b7dfd1a4bfaaa317b021b77e77953255278969e2ee8cefab09d76246d5df
Oracle JD Edwards JDENET Firewall Bypass
Posted Apr 28, 2011
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a specially-crafted UDP packet is sent to the JDENet port, the JDENET service creates a TCP connection to the provided IP and PORT parameters. This connection could be used to access the JDENET and all ERP functionality provided through that callback connection.

tags | advisory, remote, udp, tcp
SHA-256 | 0c98a162b3edfa493fb0a51d4bc92e4a10f6c96764005f2ec2eaeeb63450c32e
Oracle JD Edwards JDENET Buffer Overflow
Posted Apr 28, 2011
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a packet of a specific size is sent to the JDENet Service, a heap based buffer overflow condition is raised.

tags | advisory, remote, overflow
SHA-256 | 76921f4b4c1e91a19323ad91b682d4affa71e1a792efd459b4fefd21fe6aa43e
Cook Media Web Development Group SQL Injection
Posted Apr 28, 2011
Authored by Xecuti0N3r

Cook Media Web Development Group suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
SHA-256 | 5753e094098a7bd0379bc7e35773a8de8aea4d191a595d330ac7d23d48640417
Oracle JD Edwards JDENET Remote Logging Deactivation
Posted Apr 28, 2011
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. Several ways remotely deactivate the kernel processes logging have been detected. If specifically crafted messages are sent to the JDENET Service, the JDENET Kernel will stop logging for the kernel processes activities.

tags | advisory, remote, kernel
SHA-256 | 6c0cc09e84bd9e005ca7c9ae97cdf041b999375c2808d37a4e86b78a4569c0fd
Daily Maui Photo Widget WordPress Plugin 0.2 Cross Site Scripting
Posted Apr 28, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Daily Maui Photo Widget WordPress plugin version 0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3ce415536de4b96ee4985b66cd8380f457622bc1f8badc312859ee148a0f2531
WP Photo Album WordPress Plugin 1.5.1 Cross Site Scripting
Posted Apr 28, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

WP Photo Album WordPress plugin version 1.5.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a8836eafacba3a9faa51ea0de462b5618a7fb80f46ff27f72fde7b2339bd4e16
Oracle JD Edwards JDENET SawKernel Remote Password Disclosure
Posted Apr 28, 2011
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. It is possible for a remote and unauthenticated attacker to retrieve passwords of users that are allowed to login to the SAW Kernel (System Administration Workbench Kernel) in default installations of JD Edwards EnterpriseOne servers. As SAW users are allowed to, among other things, remotely execute commands on the server, the exploitation of this vulnerability leads to a full compromise of the server.

tags | advisory, remote, kernel
SHA-256 | f5e070e8139c15730f71e2ea443c613b4a3d3b03b82fa0971259148856bc1535
Oracle JD Edwards JDENET CallObjectKernel Remote Command Execution
Posted Apr 28, 2011
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a specially crafted message is sent to the JD Edwards server, running processes of XMLCallObject Kernel, then arbitrary commands can be executed through the JD Edwards CallObject Kernel process.

tags | advisory, remote, arbitrary, kernel
SHA-256 | 34c7ee07435c2ddc8c251c76a97e1bc8cc1efd0ab34980d34fa7d069d940abff
Oracle JD Edwards JDENET Kernel Shutdown
Posted Apr 28, 2011
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a specially-crafted message is sent to the JDENET Service, the JDENET Kernel performs a shutdown of the service.

tags | advisory, remote, kernel
SHA-256 | 495c315fad1554eb899346d39c9206a1fa99d8f13c9027b4c25f296d62c0b440
PixelGems Remote File Disclosure
Posted Apr 28, 2011
Authored by KnocKout

PixelGems remote file disclosure exploit that leverages a local file inclusion vulnerability.

tags | exploit, remote, local, file inclusion
SHA-256 | 2e7facf90aaaa0bcdd0ef29248ec91a52c246136d5645ad8eaf30961b54ddecf
eyeOS 1.9.0.2 Cross Site Scripting
Posted Apr 28, 2011
Authored by Alberto Ortega

eyeOS versions 1.9.0.2 and below suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7d4a4e68d121c5860bc7375739b43d9371bb170bdaea8915ae59210fcafb7f60
Shackleton Rollin Remote File Disclosure
Posted Apr 28, 2011
Authored by KnocKout

Shackleton Rollin suffers from a remote file disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | 8a4b30a459bf89489b49464052951aba45564c8d22f8d0c574a62823ada4d336
BackupPC 3.1.0 Cross Site Scripting
Posted Apr 28, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

BackupPC version 3.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 94caa59ee7f687031cb378f80893959ed9e17654456f0bc3c46700cb4648a125
Insomnia Security Vulnerability Advisory 110427.1
Posted Apr 28, 2011
Authored by James Burton | Site insomniasec.com

Insomnia Security Vulnerability Advisory - The ODBC service component of IGSS listens on port 20222/tcp by default. The application layer protocol runs over TCP and reads an initial packet that specifies the amount of data to follow. A second read then takes place and the data is copied into a variable length buffer. Next the data is parsed and during this process a buffer overflow occurs on the stack. At minimum this vulnerability leads to denial of service though remote code execution may be possible.

tags | advisory, remote, denial of service, overflow, tcp, code execution, protocol
SHA-256 | 9b00196dabcaf93182f5a536e6c2c63ee2b1c359b79ac0f8472802f7bb57d00f
Oracle JD Edwards JDENET Kernel Denial Of Service
Posted Apr 28, 2011
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a certain type of message, containing a specially-crafted Unicode data packet, is sent to the JDENET Service, the JDENET Kernel executes a system call, using a user-provided value as the time parameter. This causes the service to stop responding for a period of time.

tags | advisory, remote, kernel
SHA-256 | 79b3c65811e59b25443d9a05f8600c42cb7d9ecd8b95e729190c1172ccc7e3e8
SE Software Technologies SQL Injection
Posted Apr 28, 2011
Authored by Xecuti0N3r

SE Software Technologies suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 55e2527e04b3dd937b6c340e1c1d15332b0a0cd8c58364aa23c1e143136b0a4c
libmodplug 0.8.8.2 Buffer Overflow
Posted Apr 28, 2011
Authored by epiphant

libmodplug versions 0.8.8.2 and below .abc stack based buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
SHA-256 | dbfed6a7a58ca7e45c3fb022dda6012d48c3db31b77600aca3592fc6e32e19c4
SAP Enterprise Portal Path Disclosure
Posted Apr 28, 2011
Site onapsis.com

Onapsis Security Advisory - It has been detected that the SAP Enterprise Portal runtime presents descriptive error messages when special HTTP requests are processed, returning information about the filesystem structure were the component is deployed in the target system.

tags | advisory, web
SHA-256 | d62881883bf04e378522bd7017f63f180b0724bc85d732833c2b6efad9db3923
SAP WebAS ITS Mobile Start Service Information Disclosure
Posted Apr 28, 2011
Site onapsis.com

Onapsis Security Advisory - The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With the SAP Web Application Server you can implement both server-based and client-based Web applications. It has been detected that the ITS Mobile Start service suffers from input validation vulnerabilities and design weaknesses, which can be exploited to perform XSS and arbitrary redirects attacks.

tags | advisory, web, arbitrary, vulnerability
SHA-256 | 4973dde1444f7ea1451bf61d92f93f460d71a3e5898a4dae972e180aaafefe31
SAP WebAS ITS Mobile Test Service XSS
Posted Apr 28, 2011
Site onapsis.com

Onapsis Security Advisory - The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With the SAP Web Application Server you can implement both server-based and client-based Web applications. It has been detected that the ITS Mobile Test service suffers from input validation vulnerabilities and design weaknesses, which can be exploited to perform XSS and arbitrary redirects attacks.

tags | advisory, web, arbitrary, vulnerability
SHA-256 | b1a16e8fafc41fd2fd523be4fe06a2088738ea8be3c1a1f316e68006cd95226d
John The Ripper 1.7.7
Posted Apr 28, 2011
Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.

Changes: Intel AVX (Sandy Bridge) and AMD XOP (Bulldozer) support for bitslice DES has been added. Various other changes.
tags | cracker
systems | windows, unix, beos
SHA-256 | b821bac5059a3cdc8beb9a715691a9a412db4947345adb7f88eda2fa93293030
xMatters AlarmPoint Java Web Server API 3.2.1 Cross Site Scripting
Posted Apr 28, 2011
Authored by Juan Sacco

xMatters AlarmPoint Java Web Server API version 3.2.1 suffers from a cross site scripting vulnerability.

tags | exploit, java, web, xss
SHA-256 | 4d18669ab73ab6d9de1600f56c01ff07b87a8ca67c7effa5cd907e1b5db3d0a5
Page 1 of 3
Back123Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close