all things security
Showing 1 - 25 of 796 RSS Feed

Files Date: 2011-05-01 to 2011-05-31

FreeBSD Security Advisory - BIND Remote Denial Of Service
Posted May 30, 2011
Site security.freebsd.org

FreeBSD Security Advisory - Very large RRSIG RRsets included in a negative response can trigger an assertion failure that will crash named(8) due to an off-by-one error in a buffer size check.

tags | advisory
systems | freebsd
advisories | CVE-2011-1910
MD5 | f15c72585a8637121b4c9ef5b92e766e
Callisto 821+ Cross Site Request Forgery / Cross Site Scripting
Posted May 30, 2011
Authored by MustLive

Callisto 821+ ADSL modems suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | a771779480eee0d21e9b77d892b978f3
Callisto 821+ Predictable Resource Location / Brute Force
Posted May 30, 2011
Authored by MustLive

Callisto 821+ ADSL modems suffer from predictable resource location and brute force vulnerabilities.

tags | advisory, cracker, vulnerability
MD5 | 4c68ac82ae7061d35c5c44fc8aaa5b9c
Ubuntu Security Notice USN-1140-1
Posted May 30, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1140-1 - Marcus Granado discovered that PAM incorrectly handled configuration files with non-ASCII usernames. A remote attacker could use this flaw to cause a denial of service, or possibly obtain login access with a different users username. This issue only affected Ubuntu 8.04 LTS. It was discovered that the PAM pam_xauth, pam_env and pam_mail modules incorrectly handled dropping privileges when performing operations. A local attacker could use this flaw to read certain arbitrary files, and access other sensitive information. It was discovered that the PAM pam_namespace module incorrectly cleaned the environment during execution of the namespace.init script. A local attacker could use this flaw to possibly gain privileges. It was discovered that the PAM pam_xauth module incorrectly handled certain failures. A local attacker could use this flaw to delete certain unintended files. It was discovered that the PAM pam_xauth module incorrectly verified certain file properties. A local attacker could use this flaw to cause a denial of service.

tags | advisory, remote, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2010-3435, CVE-2009-0887, CVE-2010-3316, CVE-2010-3430, CVE-2010-3431, CVE-2010-3435, CVE-2010-3853, CVE-2010-4706, CVE-2010-4707
MD5 | b7a67a9590379ccbe9dacf6e53bfb8ad
Ubuntu Security Notice USN-1139-1
Posted May 30, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1139-1 - It was discovered that Bind incorrectly handled certain bad signatures if multiple trust anchors existed for a single zone. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS and 10.04 LTS. Frank Kloeker and Michael Sinatra discovered that Bind incorrectly handled certain very large RRSIG RRsets included in negative responses. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2010-3762, CVE-2011-1910
MD5 | c23b70e91271bcfd86ad725a00c7a970
International PHP Conference 2011 Call For Papers
Posted May 30, 2011
Site phpconference.com

The International PHP Conference 2011 Call For Papers has been announced. It will take place in Mainz, Germany from October 9th through the 12th, 2011.

tags | paper, php, conference
MD5 | 881576fbc80966d379f2743d5efdea74
QuickRecon 0.3.1
Posted May 30, 2011
Authored by Filip Szymanski

QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.

Changes: Small changes in the GUI.
tags | tool, scanner, python
systems | unix
MD5 | 66a313c9b6301bafb2889965bdff7347
Apache Archiva 1.3.4 Cross Site Request Forgery
Posted May 30, 2011
Authored by Riyaz Walikar | Site archiva.apache.org

Apache Archiva versions 1.3.0 through 1.3.4 suffer from multiple cross site request forgery vulnerabilities. Proof of concept findings included.

tags | exploit, vulnerability, proof of concept, csrf
advisories | CVE-2011-1026
MD5 | 46e0efc2873583daa101dbff8dd69e8e
Apache Archiva 1.3.4 Cross Site Scripting
Posted May 30, 2011
Authored by Riyaz Walikar | Site archiva.apache.org

Apache Archiva versions 1.3.0 through 1.3.4 suffer from multiple cross site scripting vulnerabilities. Proof of concept findings are included.

tags | exploit, vulnerability, xss, proof of concept
advisories | CVE-2011-1077
MD5 | 781440f7cd26f179cb2f4c9001c1fe12
Paranoia 2011 Call For Papers
Posted May 30, 2011
Site paranoia.watchcom.no

Paranoia 2011 has announced its call for papers. It will be held November 10th, 2011 in Oslo, Norway.

tags | paper, conference
MD5 | 0af43eb17814157426d9cd8ee0db1ac0
w-Agora Forum 4.2.1 Shell Upload
Posted May 30, 2011
Authored by Treasure Priyamal

w-Agora Forum version 4.2.1 suffers from a shell upload vulnerability.

tags | exploit, shell
MD5 | 403d4f200430d420e4ecd7b504d0c0fa
Forticlient SSL VPN Symlink Overwrite
Posted May 30, 2011
Authored by magikh0e

Forticlient SSL VPN suffers from an insecure lock file creation vulnerability.

tags | exploit
MD5 | 6bd9ddf64d7fb42a9ad767e5302a72ae
TinyMCE AjaxFileManager Shell Upload
Posted May 30, 2011
Authored by Dr Trojan

TinyMCE AjaxFileManager suffers from a shell upload vulnerability.

tags | exploit, shell
MD5 | 5b4b705b66c67e3b039a9a5676534733
Joomla Joomnik SQL Injection
Posted May 30, 2011
Authored by SOLVER

The Joomla Joomnik component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 522a9ed1cc946710f7f29347dbde1ccb
HP Data Protector Client EXEC_SETUP Code Execution
Posted May 30, 2011
Authored by fdisk

HP Data Protector Client EXEC_SETUP remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2011-0922
MD5 | 5b408a4ad9db16208636f5c645165cc5
vBulletin 4.1.2 search.php SQL Injection
Posted May 30, 2011
Authored by James Bercegay | Site gulftech.org

vBulletin versions 4 through 4.1.2 are vulnerable to a preauth SQL Injection issue that may be used by an attacker to extract user credentials, and potentially gain administrative access, potentially leading to remote PHP code execution.

tags | exploit, remote, php, code execution, sql injection
MD5 | 23ef7ac73e51aaed5fc2776d5e7fcf9f
BadAss 0.7 Beta
Posted May 30, 2011
Authored by blass

BadAss is a Ruby script that makes it very easy to perform cracking attacks, port scanning, and more.

Changes: No need to restart Badass on every command any longer. Menu is reorganized. GUI tools removed. FTP brute force added. Other changes and additions as well.
tags | tool, ruby
systems | unix
MD5 | 506efcbd2790111df7309dfc1bb626ba
WysGui <= 2.3 (FCKeditor) File Upload Code Execution
Posted May 30, 2011
Authored by KedAns-Dz | Site metasploit.com

This Metasploit module exploits a vulnerability in the FCK/CKeditor plugin. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.

tags | exploit
MD5 | e0cfda04866c569459b89b151b76b785
Bitweaver 2.x (FCKeditor) File Upload Code Execution
Posted May 30, 2011
Authored by KedAns-Dz | Site metasploit.com

This Metasploit module exploits a vulnerability in the FCK/CKeditor plugin. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.

tags | exploit
MD5 | 16aaccb7754cf34c355d08373881a6f5
nvisionix Roaming System Remote metasys 0.2 Local File Inclusion
Posted May 30, 2011
Authored by Treasure Priyamal

nvisionix Roaming System Remote metasys version 0.2 suffers from a local file inclusion vulnerability.

tags | exploit, remote, local, file inclusion
MD5 | 1b3694b5fb0b741cb9fa850e0255bd6a
Puzzle Apps CMS 3.2 Local File Inclusion
Posted May 30, 2011
Authored by Treasure Priyamal | Site treasuresec.com

Puzzle Apps CMS version 3.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | b6c4a523d46ef54dc09a6a36e10c4d6d
FreeBSD/x86 Encrypted setuid(0) execve /bin/sh Shellcode
Posted May 30, 2011
Authored by mywisdom

51 bytes small FreeBSD/x86 encrypted setuid(0) execve /bin/sh shellcode.

tags | x86, shellcode
systems | freebsd
MD5 | 5af0dc3d2d18004ee932e75a2876b911
Easy Media Script SQL Injection
Posted May 30, 2011
Authored by Lagripe-Dz

Easy Media Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8ce11aacf5b8cdd5d0a057bd0bb31f61
html_edit CMS 3.1.x Cross Site Request Forgery
Posted May 30, 2011
Authored by KedAns-Dz

html_edit CMS versions 3.1.x and below suffer from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | 42d8f0387e6836b5795f5bb9afce039e
Understanding Basic Vuln C0de For RCE
Posted May 30, 2011
Authored by eidelweiss

Whitepaper called Understanding Basic Vuln c0de for RCE (Remote Command Execution).

tags | paper, remote
MD5 | 09e326e5f36bd2ffc22ae9a39c4ef33e
Page 1 of 32
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close