what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files Date: 2011-06-04

Xitami Web Server 2.5 Buffer Overflow
Posted Jun 4, 2011
Authored by Glafkos Charalambous

Xitami Web Server version 2.5b4 remote buffer overflow exploit with egghunter shellcode.

tags | exploit, remote, web, overflow, shellcode
SHA-256 | 73db261ddf9325903ce5ef0bdf12b3e24b054fe1f3131430c8e164a3ee276687
Radiant Infotech Nepal 2.x.x LFI / XSS / SQL Injection
Posted Jun 4, 2011
Authored by Net.Edit0r

Radiant Infotech Nepal version 2.x.x suffers from authentication bypass, cross site scripting, remote SQL injection, and local file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, xss, sql injection, file inclusion
SHA-256 | 29203aa861f50cad3c37b90953891db2321344659ae53f0552deb39e94657a93
Mandriva Linux Security Advisory 2011-106
Posted Jun 4, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-106 - The mod_dav_svn Apache HTTPD server module will dereference a NULL pointer if asked to deliver baselined WebDAV resources which can lead to a denial of service. The mod_dav_svn Apache HTTPD server module may in certain scenarios enter a logic loop which does not exit and which allocates emory in each iteration, ultimately exhausting all the available emory on the server which can lead to a denial of service. The mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-1752, CVE-2011-1783, CVE-2011-1921
SHA-256 | db5fe256ef577b1b631f68ced08339d66969930e81aff27ca5f3917b3f80347a
iMatix Xitami 5.0a0 NULL Pointer
Posted Jun 4, 2011
Authored by Luigi Auriemma | Site aluigi.org

iMatix Xitami versions 5.0a0 and below suffer from a NULL pointer vulnerability.

tags | exploit
SHA-256 | ed4eb779232d0541e6a573825d43e2d1a268a434b65a1704fa33716fe9783002
Botan C++ Crypto Algorithms Library 1.9.18
Posted Jun 4, 2011
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.

Changes: The SSL implementation can now be used with Visual C++ 2010's TR1 implementation. Numerous optimizations for the ECC algorithms provide 20 to 50% performance improvements. Some portability bugs affecting Solaris users were fixed, as were bugs that were triggered under the Visual C++ 2010 and Clang compilers. A bug that could cause denial of service to users verifying GOST 34.10 signatures was also fixed.
tags | library
systems | linux
SHA-256 | 4a3c94efc7660656109478c65e743f5ae24476b819bea142f1eb86d1b67dc0e9
Debian Security Advisory 2253-1
Posted Jun 4, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2253-1 - Ulrik Persson reported a stack-based buffer overflow flaw in FontForge, a font editor. When processed a crafted Bitmap Distribution Format (BDF) FontForge could crash or execute arbitrary code with the privileges of the user running FontForge.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2010-4259
SHA-256 | a78a7887ca3ae781ff5d52f652ab27f07aefeae94529ddb7e87bcaf7fe2420d1
VMware Tools Disclosure / Privilege Escalation
Posted Jun 4, 2011
Authored by Dan Rosenberg | Site vsecurity.com

VSR identified multiple vulnerabilities in VMware Tools, a suite of utilities shipped by VMware with multiple product offerings, as well as by open-source distributions as the open-vm-tools package. The first of these issues results in a minor information disclosure vulnerability, while the second two issues may result in privilege escalation in a VMware guest with VMware Tools installed.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2011-1787, CVE-2011-2145
SHA-256 | 1af05a5d5b02a34bd95ed4566b81d89008382e496b13d51cebc3c4a6458acab9
Zero Day Initiative Advisory 11-171
Posted Jun 4, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-171 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase OneBridge Mobile Data Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iMailGatewayService server process (ECTrace.dll) which listens for encrypted requests by default on TCP port 993 (IMAP) and port 587 (SMTP). The process fails to properly sanitize malformed user string inputs before passing to the authentication logging function. By providing a specially crafted string with format specifiers this can be leveraged to trigger a format string vulnerability which can lead to arbitrary code execution in the context of the server process.

tags | advisory, remote, arbitrary, tcp, imap, code execution
SHA-256 | a410ba0444ff1d0c5ccea3857849e0c17ef6827ca9dd2863653955ceeb92998f
Kleophatra 0.1.5 TinyBrowser File Upload Code Execution
Posted Jun 4, 2011
Authored by KedAns-Dz | Site metasploit.com

This Metasploit module exploits a vulnerability in the TinyMCE/tinybrowser plugin. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.

tags | exploit
SHA-256 | 994760c641a41fc78995bb5801db1891f8f0693000ac3809936de86c907824f8
iDEFENSE Security Advisory 2011-06-01.1
Posted Jun 4, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 06.01.11 - Remote exploitation of a design error within Cisco Systems Inc's AnyConnect VPN client allows attackers to execute arbitrary code with the privileges of a user running Internet Explorer. Cisco AnyConnect VPN client versions prior to 2.3.185 for Windows, 2.5.3041 and 3.0.629 for Linux and Apple Mac OS X are vulnerable.

tags | advisory, remote, arbitrary
systems | cisco, linux, windows, apple, osx
advisories | CVE-2011-2039
SHA-256 | 96607ad5bdb47410c34ae00de556f9b206fa53b2e1d72debfc2be9cac1c836fd
vBulletin 3.x vBExperience Cross Site Scripting
Posted Jun 4, 2011
Authored by Mr.ThieF

vBulletin version 3.x.x with the vBExperience add-on suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e924dae1d3bbb435c119d685e197c46a03bae17d96c4120bcd85abab9559991f
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close