what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 41 RSS Feed

Files Date: 2011-05-10

poMMo Aardvark PR16.1 Cross Site Request Forgery / Cross Site Scripting
Posted May 10, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

poMMo version Aardvark PR16.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | b1404d72416198303825b19b44f1dfa07587016d85839ef5560ad56f9ec8a873
Wolf CMS 0.7.5 Cross Site Request Forgery
Posted May 10, 2011
Authored by KedAns-Dz

Wolf CMS version 0.7.5 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 7a8c3b58a12985a6967856eec8fc2a4f3bfe95b64c3322cca095538299df84d9
Civica Spydus Library Management System (LMS) Cross Site Scripting
Posted May 10, 2011
Authored by Patrick Webster

Civica Spydus Library Management System (LMS) suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ccad3046b9c60fd814e72667d9dc6bbdffd60997d5c1267f4d33d7f8e7ea6b90
Zero Day Initiative Advisory 11-166
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-166 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3com/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the imcsyslogdm.exe component which listens by default on UDP port 514. When handling a syslog packet having a size larger than 2048 bytes the process attempts to exit. An exception handler is called that makes a call into a location that has been previously freed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, udp
advisories | CVE-2011-1854
SHA-256 | 90d1d5c8bb821fddd22af01303497a3e122e615ddaf814f159085e75e18b6021
Zero Day Initiative Advisory 11-165
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-165 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3com/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpserver.exe component which listens by default on UDP port 69. When handling the opcode word of a packet the process uses this value as a lookup into a function pointer table. The process then calls into the calculated address. By supplying a large or invalid value a remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, udp
advisories | CVE-2011-1853
SHA-256 | c36b001a7602ebf0bf8060b70f2eacc43dfe0ddc71388f0c73159ccc628c031d
Zero Day Initiative Advisory 11-164
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-164 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3COM/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpserver.exe component which listens by default on UDP port 69. When handling a TFTP packet type 0x03 or 0x05 (DATA or ERROR) the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, udp
advisories | CVE-2011-1852
SHA-256 | c7dc7c73f70e5d8260c2795504d9f1d0f66138b92315b3b9a46f2050ffc5a61e
Zero Day Initiative Advisory 11-163
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-163 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3com/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpserver.exe component which listens by default on UDP port 69. When handling the transfer mode field this value is passed through toupper before being stored in a local buffer for string comparison. The process does not properly verify the destination buffer on the stack is sufficient size to handle the newly created string. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, local, udp
advisories | CVE-2011-1851
SHA-256 | b7c6458f0d931ddaa03a6d8ba28a5bfbb5c72b6e9654874dbe324e882e5301c6
Debian Security Advisory 2233-1
Posted May 10, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2233-1 - Several vulnerabilities were discovered in Postfix, a mail transfer agent.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-2939, CVE-2011-0411, CVE-2011-1720
SHA-256 | 2066190092a138a8e944282214539e92f89d4e7e673e5c275fdb8a0859fc9199
Zero Day Initiative Advisory 11-162
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-162 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3com/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the dbman.exe component which listens by default on UDP port 2810. When logging received actions to dbman_debug.log sprintf is used to build the log message. The process does not properly verify the destination buffer on the stack is of sufficient size to handle the newly created string. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, udp
advisories | CVE-2011-1850
SHA-256 | f3c4617c768ccac846f105121ca7a12e50b484fabd314b3a947385613b3a1961
Zero Day Initiative Advisory 11-161
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-161 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the tftpserver.exe component which listens by default on UDP port 69. When handling WRQ opcode types the server allows arbitrary file creation. Additionally, the server is configured to truncate/overwrite existing files. This process is owned by the SYSTEM user. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, udp
advisories | CVE-2011-1849
SHA-256 | 5f9e37da0423d4a1551146fb67b000b21281d1326a2a432b3aebc12612ce3ff4
Zero Day Initiative Advisory 11-160
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-160 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP 3COM/H3C Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the img.exe component which listens by default on TCP port 8800. When handling a packet the process uses the packet length field to make a calculation and blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2011-1848
SHA-256 | 6016c3b4ae6842fc1d77c6292ebb2b36f9b259ee66c37bf9a55e1c76e1637b32
Zero Day Initiative Advisory 11-159
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-159 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Firefox's handling of observer OBJECTs. If an observer OBJECT is removed from the mObserverList during an iteration of LOOP_OVER_OBSERVERS macro, one can heap spray over |mObserverList.mNext| and change the execution flow. This would allow the attacker to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0066
SHA-256 | 5e57236f4102bfc5277c0913a689d9de25796d960137cfb3bca359fe5f731c5c
Zero Day Initiative Advisory 11-158
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-158 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the OnChannelRedirect method. When an OBJECT element has no mChannel assigned, it is possible to call the |OnChannelRedirect| method, setting a nearly arbitrary object as the channel in use. |mChannel| will become a dangling pointer, allowing an attacker to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0065
SHA-256 | baf5cb4b2ab7dca06997273264474bc5c5809fb5af3408db491c5a0a763de998
Arabic Names Dictionary
Posted May 10, 2011
Authored by g33ko

This file contains two wordlists with both male and female Arabic names. Together there are over 1800 entries.

tags | cracker
SHA-256 | 1cd5b3f1ebea68572f997bb0603495c3147db25fcea68c3053b355fc5a6d5f01
Google Store Cross Site Scripting
Posted May 10, 2011
Authored by Ivan Sanchez

The Google Store at www.googlestore.com suffers from a cross site scripting vulnerability in googlesearch.aspx.

tags | exploit, xss
SHA-256 | dc09705ceaa893c9c89991f080dca176dedec09a91281d3fcaa97f2c3694f448
Secunia Security Advisory 44533
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HP has issued an update for SSL in OpenVMS. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise an application using the library.

tags | advisory, denial of service, vulnerability
SHA-256 | 2e29c967df563d717b0ab8a76afc14d651989186aec55f3a0b39f31e0bbc72ce
Secunia Security Advisory 44498
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for xen. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
systems | linux, redhat
SHA-256 | d4dfb08c6acccfc7efb634c2904210dcaaf282d0a80f34f0252837ad1fa70255
Secunia Security Advisory 44476
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - AutoSec Tools has discovered a vulnerability in TCExam, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 4190a4818033c9cf60b20ac724d1de365c2bcaa4ab18889b8d152bbcd9637514
Secunia Security Advisory 44489
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in ZAPms, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 576457a63a6f42c0f16ecd75efc7dfb907a6ba774e0afd2eb216fe9612112364
Secunia Security Advisory 44502
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Xen, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
SHA-256 | 19404d24e8bf8361b69333d0b5d60bdfde73beadc4d9220d5444618cc376ab94
Secunia Security Advisory 44536
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Kay Framework, which can be exploited by malicious people to manipulate certain data.

tags | advisory
SHA-256 | 45f92e9a79e4e870029760a596df0f653fc409162ac42e19563ae2d5bae36693
Secunia Security Advisory 44501
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 32126ceff8a4a86b090252c9213524d69c2e1d3a0d3a7a945a50117fdb065391
Secunia Security Advisory 44500
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Postfix, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

tags | advisory, denial of service
SHA-256 | a898ca2307360553e6290e9d405c3fbf6fa98da1812e2d8abf476f62a4b9d050
Secunia Security Advisory 44503
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for the kernel. This fixes multiple vulnerabilities which can be exploited by malicious, local users to disclose system information, cause a DoS (Denial of Service), and potentially gain escalated privileges.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, fedora
SHA-256 | 1d6e5c69c07db02254396b4eb100906d2f8cbb55330b0ac965531b8d37faa0d0
Secunia Security Advisory 44535
Posted May 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HP has issued an update for Java in HP Tru64 UNIX and OpenVMS. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, java, denial of service
systems | unix
SHA-256 | f241a46b4ab785cfb7f8119090337750804c93b1f4d2330689b88ca5f8d99fa1
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close