Exploit the possiblities
Showing 1 - 25 of 58 RSS Feed

Files Date: 2011-05-04

Cisco IOS 15.0 SNMP Message Processing Denial Of Service
Posted May 4, 2011
Site nipc.org.cn

Cisco routers running IOS version 15.0 suffer from a SNMP related denial of service vulnerability.

tags | advisory, denial of service
systems | cisco
MD5 | 53c1c721737e355948f09e008e9fc70b
Cisco IOS 15.0 UDP Denial Of Service
Posted May 4, 2011
Site nipc.org.cn

Cisco routers running IOS version 15.0 suffer from a UDP related denial of service vulnerability.

tags | advisory, denial of service
systems | cisco
MD5 | 0d49b8486a6df33d15b87f2e8c239921
Packet Fence 2.2.0
Posted May 4, 2011
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: New hardware support (Motorola Wireless, 3Com 4200G, E4800G, and E5500G, and Dlink DGS3100). Easier wireless and 802.1X installation. New reports about the user population (SSID, means of network connection). Much improved and easier device blocking. Easier remediation pages management. A lot of minor polish including easier upgrades, more startup checks, user interface improvements, and more. Finally, important bugfixes: VoIP issues with 802.1X / MAC Auth, Nortel switch regressions, a Meru crasher, and many more minor bugfixes.
tags | tool, remote
systems | unix
MD5 | 50f8429e4348837ade1c0af1dd4d18cf
ZyWALL USG Appliance Access Bypass
Posted May 4, 2011
Site redteam-pentesting.de

ZyXEL ZyWALL USG appliances perform parts of the authorization for their management web interface on the client side using JavaScript. By setting the JavaScript variable "isAdmin" to "true", a user with limited access gets full access to the web interface.

tags | exploit, web, javascript
MD5 | d61d8e4d81c3bbf2b41ae1709a6aff4f
ZyWALL USG Appliance Arbitrary File Read / Write
Posted May 4, 2011
Site redteam-pentesting.de

ZyXEL ZyWALL USG appliances suffer from an arbitrary file read/write vulnerability that allows for system compromise.

tags | exploit, arbitrary
MD5 | 34582fbe240232744ca32ee3105e8920
ICONICS WebHMI Active-X Stack Overflow
Posted May 4, 2011
Authored by sgb, bls | Site security-assessment.com

ICONICS Genesis32 is a suite of OPC, SNMP, BACnet and Web-enabled HMI and SCADA applications. A stack overflow was found in an ActiveX control required by the WebHMI interface. This condition can be used to gain command execution. The affected control is 'GenVersion.dll' and has the ClassID of {CEFF5F48-BD2E-4D10-BAE5-AF729975E223}. This control is marked safe for scripting.

tags | exploit, web, overflow, activex
MD5 | 347ebf7b51aeb2cbff4dbe9ecd6446cd
SIPDroid Agent User Enumeration
Posted May 4, 2011
Authored by Anibal Vaz Marques de Aguiar | Site tempest.com.br

Tempest Security Intelligence Advisory 01/2011 - SIPDroid Agent versions 1.6.1 beta, 2.0.1 beta, and 2.2 beta suffer from a remote user enumeration vulnerability. Proof of concept code is included.

tags | exploit, remote, proof of concept
MD5 | d8438709ef9879f3eb9120cba9ea3d81
Win32/XP SP3 Force Kill explorer.exe Shellcode
Posted May 4, 2011
Authored by Xecuti0N3r

73 bytes small Win32/XP SP3 force kill explorer.exe process shellcode.

tags | shellcode
systems | windows
MD5 | 6aae0d6e65787e864b36a7fc00a7ac87
DeepSec 2011 Call For Papers
Posted May 4, 2011
Site deepsec.net

DeepSec 2011 Call For Papers - For the fifth time the DeepSec In-Depth Security Conference invites security researchers and professionals to submit suggestions for talks and workshops for their conference which will take place in November, 2011 in Vienna.

tags | paper, conference
MD5 | dd089618f87b66cfb8211af4bf64cec2
Ubuntu Security Notice USN-1129-1
Posted May 4, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1129-1 - It was discovered that the Safe.pm Perl module incorrectly handled Safe::reval and Safe::rdo access restrictions. It was discovered that the CGI.pm Perl module incorrectly handled certain MIME boundary strings. It was discovered that the CGI.pm Perl module incorrectly handled newline characters. It was discovered that the lc, lcfirst, uc, and ucfirst functions did not properly apply the taint attribute when processing tainted input.

tags | advisory, cgi, perl
systems | linux, ubuntu
advisories | CVE-2010-1168, CVE-2010-1447, CVE-2010-2761, CVE-2010-4410, CVE-2010-4411, CVE-2011-1487
MD5 | 24f27408d6090a9d485d70cb6d450a7f
YaPiG 0.95 Cross Site Scripting
Posted May 4, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

YaPiG version 0.95 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | efea48fa52ab810191a66e6c106729b9
SelectaPix Image Gallery 1.4.1 Cross Site Request Forgery
Posted May 4, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

SelectaPix Image Gallery version 1.4.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 017617b43b219aea46ec662e59852a47
SelectaPix Image Gallery 1.4.1 Cross Site Scripting
Posted May 4, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

SelectaPix Image Gallery version 1.4.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 975596ce9e4a8989f1923ef72546e1b1
(e)2 Interactive Photo Gallery 0.9 Cross Site Scripting
Posted May 4, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

(e)2 Interactive Photo Gallery version 0.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 72c4df6b0d94383ca4a94ca07b7a8ff6
44Con 2011 Technical Call For Papers
Posted May 4, 2011
Authored by 44Con | Site 44con.eventbrite.com

The 44Con 2011 call for papers has been announced. 44Con is the UK's largest combined security conference and training event, with the conference taking place on the 1st and 2nd of September, 2011 at a five star hotel near Tower Bridge and the Tower of London.

tags | paper, conference
MD5 | fa71efc3026c0a34063502d80ea4db08
HP Security Bulletin HPSBMA02661 SSRT100408 2
Posted May 4, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02661 SSRT100408 2 - Potential security vulnerabilities have been identified with HP Proliant Support Pack running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), URL redirection, and information disclosure. Revision 2 of this advisory.

tags | advisory, vulnerability, xss, info disclosure
systems | linux, windows
advisories | CVE-2011-1537, CVE-2011-1538, CVE-2011-1539
MD5 | 778aff2908f33735b97085d7b743a13e
Linux/x86 Remote Download / Execute Shellcode
Posted May 4, 2011
Authored by KedAns-Dz

44 bytes small Linux/x86 remote download and execute file shellcode.

tags | remote, x86, shellcode
systems | linux
MD5 | c2ba31a6f7d6b0e688a60d64ee5693b9
Proofpoint Protection Server 5.5.5 Cross Site Scripting
Posted May 4, 2011
Authored by Karan Khosla | Site senseofsecurity.com.au

Proofpoint Protection Server version 5.5.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 80af2658d0d10eceea3a9df462d316cb
OpenSSH 5.8p2
Posted May 4, 2011
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Fixed a local private host key compromise on platforms without host-level randomness support.
tags | encryption
systems | linux, unix, openbsd
MD5 | 88a4a83b0e0e60cd545430d4e4bd7e0c
OpenSSH Security Advisory - Unauthorized Access
Posted May 4, 2011
Authored by Damien Miller | Site openssh.com

OpenSSH Security Advisory - Portable OpenSSH prior to version 5.8p2 only on platforms that are configured to use ssh-rand-helper for entropy collection. ssh-rand-helper is enabled at configure time when it is detected that OpenSSL does not have a built-in source of randomness, and only used at runtime if this condition remains. Platforms that support /dev/random or otherwise configure OpenSSL with a random number provider are not vulnerable. Version 5.8p2 fixes this issue.

tags | advisory
MD5 | f15b5dfa05ec80fa52fc6f597f73448b
Magazeen 1.0 Cross Site Scripting
Posted May 4, 2011
Authored by MustLive

Magazeen theme version 1.0 for WordPress and Dotclear suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7ba546ddefbb05b1d7bb9533be6d4d72
Stunnel SSL Wrapper 4.36
Posted May 4, 2011
Authored by Michal Trojnara | Site stunnel.org

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

Changes: Win32 OpenSSL DLLs were updated to version 1.0.0d. Dynamic memory was introduced for management of string manipulation in order to prevent a static STRLEN limit and to lower stack footprint. Strict public key comparison was added for "verify = 3" certificate checking mode. Backlog parameter of listen(2) was changed from 5 to SOMAXCONN to improve behavior on heavy load. A number of bugs were fixed, including a memory leak and some Mac OS X compatibility fixes.
tags | arbitrary, encryption, tcp, imap, protocol
systems | windows, unix
MD5 | 600a09b03798424842b24548ca1e4235
Sothink DHTML Menu SQL Injection
Posted May 4, 2011
Authored by Caddy-Dz

Sothink DHTML Menu suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d169351fe45f753917d4b9468e7000b6
Horizon Web Builder SQL Injection
Posted May 4, 2011
Authored by Iolo Morganwg

Horizon Web Builder suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | e62ccb539a4d1cebcf171876422f985f
DynPG 4.2.1 LFI / RFI / SQL Injection
Posted May 4, 2011
Authored by KedAns-Dz

DynPG versions 4.2.1 and below suffer from local file inclusion, remote file inclusion, shell upload, and remote SQL injection vulnerabilities. Some of these issues were priorly discovered in earlier versions and never fixed.

tags | exploit, remote, shell, local, vulnerability, code execution, sql injection, file inclusion
MD5 | 78e29348dce2984242cfd8862fb5679c
Page 1 of 3
Back123Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close