what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files Date: 2011-06-04

Xitami Web Server 2.5 Buffer Overflow
Posted Jun 4, 2011
Authored by Glafkos Charalambous

Xitami Web Server version 2.5b4 remote buffer overflow exploit with egghunter shellcode.

tags | exploit, remote, web, overflow, shellcode
SHA-256 | 73db261ddf9325903ce5ef0bdf12b3e24b054fe1f3131430c8e164a3ee276687
Radiant Infotech Nepal 2.x.x LFI / XSS / SQL Injection
Posted Jun 4, 2011
Authored by Net.Edit0r

Radiant Infotech Nepal version 2.x.x suffers from authentication bypass, cross site scripting, remote SQL injection, and local file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, xss, sql injection, file inclusion
SHA-256 | 29203aa861f50cad3c37b90953891db2321344659ae53f0552deb39e94657a93
Mandriva Linux Security Advisory 2011-106
Posted Jun 4, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-106 - The mod_dav_svn Apache HTTPD server module will dereference a NULL pointer if asked to deliver baselined WebDAV resources which can lead to a denial of service. The mod_dav_svn Apache HTTPD server module may in certain scenarios enter a logic loop which does not exit and which allocates emory in each iteration, ultimately exhausting all the available emory on the server which can lead to a denial of service. The mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-1752, CVE-2011-1783, CVE-2011-1921
SHA-256 | db5fe256ef577b1b631f68ced08339d66969930e81aff27ca5f3917b3f80347a
iMatix Xitami 5.0a0 NULL Pointer
Posted Jun 4, 2011
Authored by Luigi Auriemma | Site aluigi.org

iMatix Xitami versions 5.0a0 and below suffer from a NULL pointer vulnerability.

tags | exploit
SHA-256 | ed4eb779232d0541e6a573825d43e2d1a268a434b65a1704fa33716fe9783002
Botan C++ Crypto Algorithms Library 1.9.18
Posted Jun 4, 2011
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.

Changes: The SSL implementation can now be used with Visual C++ 2010's TR1 implementation. Numerous optimizations for the ECC algorithms provide 20 to 50% performance improvements. Some portability bugs affecting Solaris users were fixed, as were bugs that were triggered under the Visual C++ 2010 and Clang compilers. A bug that could cause denial of service to users verifying GOST 34.10 signatures was also fixed.
tags | library
systems | linux
SHA-256 | 4a3c94efc7660656109478c65e743f5ae24476b819bea142f1eb86d1b67dc0e9
Debian Security Advisory 2253-1
Posted Jun 4, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2253-1 - Ulrik Persson reported a stack-based buffer overflow flaw in FontForge, a font editor. When processed a crafted Bitmap Distribution Format (BDF) FontForge could crash or execute arbitrary code with the privileges of the user running FontForge.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2010-4259
SHA-256 | a78a7887ca3ae781ff5d52f652ab27f07aefeae94529ddb7e87bcaf7fe2420d1
VMware Tools Disclosure / Privilege Escalation
Posted Jun 4, 2011
Authored by Dan Rosenberg | Site vsecurity.com

VSR identified multiple vulnerabilities in VMware Tools, a suite of utilities shipped by VMware with multiple product offerings, as well as by open-source distributions as the open-vm-tools package. The first of these issues results in a minor information disclosure vulnerability, while the second two issues may result in privilege escalation in a VMware guest with VMware Tools installed.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2011-1787, CVE-2011-2145
SHA-256 | 1af05a5d5b02a34bd95ed4566b81d89008382e496b13d51cebc3c4a6458acab9
Zero Day Initiative Advisory 11-171
Posted Jun 4, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-171 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase OneBridge Mobile Data Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iMailGatewayService server process (ECTrace.dll) which listens for encrypted requests by default on TCP port 993 (IMAP) and port 587 (SMTP). The process fails to properly sanitize malformed user string inputs before passing to the authentication logging function. By providing a specially crafted string with format specifiers this can be leveraged to trigger a format string vulnerability which can lead to arbitrary code execution in the context of the server process.

tags | advisory, remote, arbitrary, tcp, imap, code execution
SHA-256 | a410ba0444ff1d0c5ccea3857849e0c17ef6827ca9dd2863653955ceeb92998f
Kleophatra 0.1.5 TinyBrowser File Upload Code Execution
Posted Jun 4, 2011
Authored by KedAns-Dz | Site metasploit.com

This Metasploit module exploits a vulnerability in the TinyMCE/tinybrowser plugin. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.

tags | exploit
SHA-256 | 994760c641a41fc78995bb5801db1891f8f0693000ac3809936de86c907824f8
iDEFENSE Security Advisory 2011-06-01.1
Posted Jun 4, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 06.01.11 - Remote exploitation of a design error within Cisco Systems Inc's AnyConnect VPN client allows attackers to execute arbitrary code with the privileges of a user running Internet Explorer. Cisco AnyConnect VPN client versions prior to 2.3.185 for Windows, 2.5.3041 and 3.0.629 for Linux and Apple Mac OS X are vulnerable.

tags | advisory, remote, arbitrary
systems | cisco, linux, windows, apple, osx
advisories | CVE-2011-2039
SHA-256 | 96607ad5bdb47410c34ae00de556f9b206fa53b2e1d72debfc2be9cac1c836fd
vBulletin 3.x vBExperience Cross Site Scripting
Posted Jun 4, 2011
Authored by Mr.ThieF

vBulletin version 3.x.x with the vBExperience add-on suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e924dae1d3bbb435c119d685e197c46a03bae17d96c4120bcd85abab9559991f
Page 1 of 1

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By