exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 58 RSS Feed

Files Date: 2011-05-04

Cisco IOS 15.0 SNMP Message Processing Denial Of Service
Posted May 4, 2011
Site nipc.org.cn

Cisco routers running IOS version 15.0 suffer from a SNMP related denial of service vulnerability.

tags | advisory, denial of service
systems | cisco
SHA-256 | 17e45d3b463c814c1f9c18bf5ae368a469fe9a2ce8b5098243d3ea2c979cf166
Cisco IOS 15.0 UDP Denial Of Service
Posted May 4, 2011
Site nipc.org.cn

Cisco routers running IOS version 15.0 suffer from a UDP related denial of service vulnerability.

tags | advisory, denial of service
systems | cisco
SHA-256 | be3f1d34085d4559d36ca0e6b71def96c993a77facaa44e46f0852f5c6860f48
Packet Fence 2.2.0
Posted May 4, 2011
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: New hardware support (Motorola Wireless, 3Com 4200G, E4800G, and E5500G, and Dlink DGS3100). Easier wireless and 802.1X installation. New reports about the user population (SSID, means of network connection). Much improved and easier device blocking. Easier remediation pages management. A lot of minor polish including easier upgrades, more startup checks, user interface improvements, and more. Finally, important bugfixes: VoIP issues with 802.1X / MAC Auth, Nortel switch regressions, a Meru crasher, and many more minor bugfixes.
tags | tool, remote
systems | unix
SHA-256 | 8defad4d02f660546967baa7b7b63f3f8397e4455648ecf74cdc60a36d52467f
ZyWALL USG Appliance Access Bypass
Posted May 4, 2011
Site redteam-pentesting.de

ZyXEL ZyWALL USG appliances perform parts of the authorization for their management web interface on the client side using JavaScript. By setting the JavaScript variable "isAdmin" to "true", a user with limited access gets full access to the web interface.

tags | exploit, web, javascript
SHA-256 | 3c3b7741d67dfb8732fd6d0430e8b65afec081b0c019357960986f8df29478dd
ZyWALL USG Appliance Arbitrary File Read / Write
Posted May 4, 2011
Site redteam-pentesting.de

ZyXEL ZyWALL USG appliances suffer from an arbitrary file read/write vulnerability that allows for system compromise.

tags | exploit, arbitrary
SHA-256 | a79275261085696d0102bdf6c611df7de8b6388dbd1c16f1dcfe29f1632051fc
ICONICS WebHMI Active-X Stack Overflow
Posted May 4, 2011
Authored by sgb, bls | Site security-assessment.com

ICONICS Genesis32 is a suite of OPC, SNMP, BACnet and Web-enabled HMI and SCADA applications. A stack overflow was found in an ActiveX control required by the WebHMI interface. This condition can be used to gain command execution. The affected control is 'GenVersion.dll' and has the ClassID of {CEFF5F48-BD2E-4D10-BAE5-AF729975E223}. This control is marked safe for scripting.

tags | exploit, web, overflow, activex
SHA-256 | e2cc945e05990c73d34e1f078184b4608dc08dbcc60fbcdef0908d92ab249b3f
SIPDroid Agent User Enumeration
Posted May 4, 2011
Authored by Anibal Vaz Marques de Aguiar | Site tempest.com.br

Tempest Security Intelligence Advisory 01/2011 - SIPDroid Agent versions 1.6.1 beta, 2.0.1 beta, and 2.2 beta suffer from a remote user enumeration vulnerability. Proof of concept code is included.

tags | exploit, remote, proof of concept
SHA-256 | 2a9a14332bbabe64cde8fa7d58e894abdd8adde6ffef50edeb7bb7748ae94b40
Win32/XP SP3 Force Kill explorer.exe Shellcode
Posted May 4, 2011
Authored by Xecuti0N3r

73 bytes small Win32/XP SP3 force kill explorer.exe process shellcode.

tags | shellcode
systems | windows
SHA-256 | 00fb87a0bc2ea17d8178eaae6412a78770e35ef5025b8b4c6385bcfb9b6aa7ef
DeepSec 2011 Call For Papers
Posted May 4, 2011
Site deepsec.net

DeepSec 2011 Call For Papers - For the fifth time the DeepSec In-Depth Security Conference invites security researchers and professionals to submit suggestions for talks and workshops for their conference which will take place in November, 2011 in Vienna.

tags | paper, conference
SHA-256 | 31e98e850f6d0f83bb57a720a50d6dbe290b341f3592a6af613dfb5cdee27847
Ubuntu Security Notice USN-1129-1
Posted May 4, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1129-1 - It was discovered that the Safe.pm Perl module incorrectly handled Safe::reval and Safe::rdo access restrictions. It was discovered that the CGI.pm Perl module incorrectly handled certain MIME boundary strings. It was discovered that the CGI.pm Perl module incorrectly handled newline characters. It was discovered that the lc, lcfirst, uc, and ucfirst functions did not properly apply the taint attribute when processing tainted input.

tags | advisory, cgi, perl
systems | linux, ubuntu
advisories | CVE-2010-1168, CVE-2010-1447, CVE-2010-2761, CVE-2010-4410, CVE-2010-4411, CVE-2011-1487
SHA-256 | d9b1c961a1a1802599f059cb53ed30cf4056e452151be196e148d2b3c967d09f
YaPiG 0.95 Cross Site Scripting
Posted May 4, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

YaPiG version 0.95 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | dab6da7a8cce27676005cb38e64380f1a52ddd39055890b911f8dc8f6c2a8c60
SelectaPix Image Gallery 1.4.1 Cross Site Request Forgery
Posted May 4, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

SelectaPix Image Gallery version 1.4.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 249e8d5ff3bf5ec9d078adc3e8f0f17303a2725de76bc7137d3a991ee1ae79ed
SelectaPix Image Gallery 1.4.1 Cross Site Scripting
Posted May 4, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

SelectaPix Image Gallery version 1.4.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c1d106970998c23a36b3a256de0e6f7b5e890edfe1f6da89ed1e050036d04bf2
(e)2 Interactive Photo Gallery 0.9 Cross Site Scripting
Posted May 4, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

(e)2 Interactive Photo Gallery version 0.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8dddc629f37fd3f04c9667722be5ddcb9f66eb820259ed50abe1e334f1a2dce7
44Con 2011 Technical Call For Papers
Posted May 4, 2011
Authored by 44Con | Site 44con.eventbrite.com

The 44Con 2011 call for papers has been announced. 44Con is the UK's largest combined security conference and training event, with the conference taking place on the 1st and 2nd of September, 2011 at a five star hotel near Tower Bridge and the Tower of London.

tags | paper, conference
SHA-256 | 57d9eb3d2e5cdff0169d1e98f96488a579aa689a3b71ba638b49b5cd1f3d5944
HP Security Bulletin HPSBMA02661 SSRT100408 2
Posted May 4, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02661 SSRT100408 2 - Potential security vulnerabilities have been identified with HP Proliant Support Pack running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), URL redirection, and information disclosure. Revision 2 of this advisory.

tags | advisory, vulnerability, xss, info disclosure
systems | linux, windows
advisories | CVE-2011-1537, CVE-2011-1538, CVE-2011-1539
SHA-256 | 1ae9f771720bc04820d09d7394e0f6486771daa686bc302f58d764e929a60887
Linux/x86 Remote Download / Execute Shellcode
Posted May 4, 2011
Authored by KedAns-Dz

44 bytes small Linux/x86 remote download and execute file shellcode.

tags | remote, x86, shellcode
systems | linux
SHA-256 | c2ab73aea3bb05ad4186f5859cef4882d7fded0c371c68009d408c9df6e0ef6c
Proofpoint Protection Server 5.5.5 Cross Site Scripting
Posted May 4, 2011
Authored by Karan Khosla | Site senseofsecurity.com.au

Proofpoint Protection Server version 5.5.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 412f53f289503ca09e6bb76b8fe8c5f67ba8e41e4c5e459c8514b9e1b2603ba2
OpenSSH 5.8p2
Posted May 4, 2011
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Fixed a local private host key compromise on platforms without host-level randomness support.
tags | encryption
systems | linux, unix, openbsd
SHA-256 | e5a1c821dd8dc33a94c445290956d52e03b3c450f9cd448b96d92317fd4cce42
OpenSSH Security Advisory - Unauthorized Access
Posted May 4, 2011
Authored by Damien Miller | Site openssh.com

OpenSSH Security Advisory - Portable OpenSSH prior to version 5.8p2 only on platforms that are configured to use ssh-rand-helper for entropy collection. ssh-rand-helper is enabled at configure time when it is detected that OpenSSL does not have a built-in source of randomness, and only used at runtime if this condition remains. Platforms that support /dev/random or otherwise configure OpenSSL with a random number provider are not vulnerable. Version 5.8p2 fixes this issue.

tags | advisory
SHA-256 | 486207ec2f9fb1f7152210c018051c0a98ac5a4908b2ab16da056d78f48c5319
Magazeen 1.0 Cross Site Scripting
Posted May 4, 2011
Authored by MustLive

Magazeen theme version 1.0 for WordPress and Dotclear suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9e1279300ac5f76d0b6725e54d3abd554b6b664d9dd441e1e078f9adebdb376f
Stunnel SSL Wrapper 4.36
Posted May 4, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: Win32 OpenSSL DLLs were updated to version 1.0.0d. Dynamic memory was introduced for management of string manipulation in order to prevent a static STRLEN limit and to lower stack footprint. Strict public key comparison was added for "verify = 3" certificate checking mode. Backlog parameter of listen(2) was changed from 5 to SOMAXCONN to improve behavior on heavy load. A number of bugs were fixed, including a memory leak and some Mac OS X compatibility fixes.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
SHA-256 | 3483fc2011e8a9d2614a93a9dbf7eabf405044df3566f29144fe2d1dd37a35f5
Sothink DHTML Menu SQL Injection
Posted May 4, 2011
Authored by Caddy-Dz

Sothink DHTML Menu suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2c1863d838a006d219912eb313b00d701537f93ada051fa8cbf4ad8185462bce
Horizon Web Builder SQL Injection
Posted May 4, 2011
Authored by Iolo Morganwg

Horizon Web Builder suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
SHA-256 | 9fed6e080a4670065cd80ad7ff55aec248a57f586bbc66ac56c5df390f274dd0
DynPG 4.2.1 LFI / RFI / SQL Injection
Posted May 4, 2011
Authored by KedAns-Dz

DynPG versions 4.2.1 and below suffer from local file inclusion, remote file inclusion, shell upload, and remote SQL injection vulnerabilities. Some of these issues were priorly discovered in earlier versions and never fixed.

tags | exploit, remote, shell, local, vulnerability, code execution, sql injection, file inclusion
SHA-256 | b1c13883931cf20f8d4bdb7ce2c5349036e23667a171ae1a724b68aeda422126
Page 1 of 3
Back123Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close