the original cloud security
Showing 1 - 25 of 41 RSS Feed

Files Date: 2011-05-10

poMMo Aardvark PR16.1 Cross Site Request Forgery / Cross Site Scripting
Posted May 10, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

poMMo version Aardvark PR16.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | f458c4dbe9ad2b81d5ac1fea1f569203
Wolf CMS 0.7.5 Cross Site Request Forgery
Posted May 10, 2011
Authored by KedAns-Dz

Wolf CMS version 0.7.5 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | fab43b37b63afdfbe44a3010ab929007
Civica Spydus Library Management System (LMS) Cross Site Scripting
Posted May 10, 2011
Authored by Patrick Webster

Civica Spydus Library Management System (LMS) suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 58bb515f5c8b5164efbb9250ac60c622
Zero Day Initiative Advisory 11-166
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-166 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3com/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the imcsyslogdm.exe component which listens by default on UDP port 514. When handling a syslog packet having a size larger than 2048 bytes the process attempts to exit. An exception handler is called that makes a call into a location that has been previously freed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, udp
advisories | CVE-2011-1854
MD5 | 2f11085c5439fef863f82020da7a4e8d
Zero Day Initiative Advisory 11-165
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-165 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3com/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpserver.exe component which listens by default on UDP port 69. When handling the opcode word of a packet the process uses this value as a lookup into a function pointer table. The process then calls into the calculated address. By supplying a large or invalid value a remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, udp
advisories | CVE-2011-1853
MD5 | a57e10e90c0adaa81df1db52a11c5610
Zero Day Initiative Advisory 11-164
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-164 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3COM/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpserver.exe component which listens by default on UDP port 69. When handling a TFTP packet type 0x03 or 0x05 (DATA or ERROR) the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, udp
advisories | CVE-2011-1852
MD5 | 138e560c544cd9674bf6a836a002d1af
Zero Day Initiative Advisory 11-163
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-163 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3com/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpserver.exe component which listens by default on UDP port 69. When handling the transfer mode field this value is passed through toupper before being stored in a local buffer for string comparison. The process does not properly verify the destination buffer on the stack is sufficient size to handle the newly created string. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, local, udp
advisories | CVE-2011-1851
MD5 | 62d57ebaacfc1c70e411c35eb50dea03
Debian Security Advisory 2233-1
Posted May 10, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2233-1 - Several vulnerabilities were discovered in Postfix, a mail transfer agent.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-2939, CVE-2011-0411, CVE-2011-1720
MD5 | 777ed4cbea09e007860b29ecab6dfc81
Zero Day Initiative Advisory 11-162
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-162 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3com/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the dbman.exe component which listens by default on UDP port 2810. When logging received actions to dbman_debug.log sprintf is used to build the log message. The process does not properly verify the destination buffer on the stack is of sufficient size to handle the newly created string. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, udp
advisories | CVE-2011-1850
MD5 | c2bc84ee33a229f1afa53163a31c77b7
Zero Day Initiative Advisory 11-161
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-161 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpserver.exe component which listens by default on UDP port 69. When handling WRQ opcode types the server allows arbitrary file creation. Additionally, the server is configured to truncate/overwrite existing files. This process is owned by the SYSTEM user. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, udp
advisories | CVE-2011-1849
MD5 | a00970be8a7e6571a20a2b2e29887494
Zero Day Initiative Advisory 11-160
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-160 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3COM/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the img.exe component which listens by default on TCP port 8800. When handling a packet the process uses the packet length field to make a calculation and blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2011-1848
MD5 | d3a1f5fc2e5475680b69788b35e92e08
Zero Day Initiative Advisory 11-159
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-159 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Firefox's handling of observer OBJECTs. If an observer OBJECT is removed from the mObserverList during an iteration of LOOP_OVER_OBSERVERS macro, one can heap spray over |mObserverList.mNext| and change the execution flow. This would allow the attacker to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0066
MD5 | 2f0bf843d1a91c47232dbbfb9a7d6c22
Zero Day Initiative Advisory 11-158
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-158 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the OnChannelRedirect method. When an OBJECT element has no mChannel assigned, it is possible to call the |OnChannelRedirect| method, setting a nearly arbitrary object as the channel in use. |mChannel| will become a dangling pointer, allowing an attacker to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0065
MD5 | 25b7c430b059be83e5992db1a9e10d9e
Arabic Names Dictionary
Posted May 10, 2011
Authored by g33ko

This file contains two wordlists with both male and female Arabic names. Together there are over 1800 entries.

tags | cracker
MD5 | 53a9b12373d92434e73a6c121ff7c4f6
Google Store Cross Site Scripting
Posted May 10, 2011
Authored by Ivan Sanchez

The Google Store at www.googlestore.com suffers from a cross site scripting vulnerability in googlesearch.aspx.

tags | exploit, xss
MD5 | ecaad4c6505dbc404ab640743a978848
Secunia Security Advisory 44533
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HP has issued an update for SSL in OpenVMS. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise an application using the library.

tags | advisory, denial of service, vulnerability
MD5 | f2906b60705d6f8ac8976a18c6a42986
Secunia Security Advisory 44498
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for xen. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
systems | linux, redhat
MD5 | f60f2a00ee38b58e3c8e3ce6fac6ba05
Secunia Security Advisory 44476
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - AutoSec Tools has discovered a vulnerability in TCExam, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 94800e5e1324a916dd2f96402bd82024
Secunia Security Advisory 44489
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in ZAPms, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | ee56d3e4b33fb5b9126708601ac5a20e
Secunia Security Advisory 44502
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Xen, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
MD5 | 306f32137b200ce1993559b9dc5734ff
Secunia Security Advisory 44536
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Kay Framework, which can be exploited by malicious people to manipulate certain data.

tags | advisory
MD5 | 7d10161d0b980ecd8057c9905623df12
Secunia Security Advisory 44501
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 2bb0ca2f9aed794472d8e446098d7a1e
Secunia Security Advisory 44500
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Postfix, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

tags | advisory, denial of service
MD5 | ba0693916e380b341ae984730b00dcc3
Secunia Security Advisory 44503
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for the kernel. This fixes multiple vulnerabilities which can be exploited by malicious, local users to disclose system information, cause a DoS (Denial of Service), and potentially gain escalated privileges.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, fedora
MD5 | 9f4807e6a02565af5c626abb348a453e
Secunia Security Advisory 44535
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HP has issued an update for Java in HP Tru64 UNIX and OpenVMS. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, java, denial of service
systems | unix
MD5 | 14c5382b27fbae5009733ec2b5462962
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close