what you don't know can hurt you
Showing 1 - 11 of 11 RSS Feed

Files Date: 2011-06-04

Xitami Web Server 2.5 Buffer Overflow
Posted Jun 4, 2011
Authored by Glafkos Charalambous

Xitami Web Server version 2.5b4 remote buffer overflow exploit with egghunter shellcode.

tags | exploit, remote, web, overflow, shellcode
MD5 | 83a4ae1155177c9355cab1032917c7fb
Radiant Infotech Nepal 2.x.x LFI / XSS / SQL Injection
Posted Jun 4, 2011
Authored by Net.Edit0r

Radiant Infotech Nepal version 2.x.x suffers from authentication bypass, cross site scripting, remote SQL injection, and local file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, xss, sql injection, file inclusion
MD5 | a36b27e41f073e6c4c1aee462df9ddcf
Mandriva Linux Security Advisory 2011-106
Posted Jun 4, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-106 - The mod_dav_svn Apache HTTPD server module will dereference a NULL pointer if asked to deliver baselined WebDAV resources which can lead to a denial of service. The mod_dav_svn Apache HTTPD server module may in certain scenarios enter a logic loop which does not exit and which allocates emory in each iteration, ultimately exhausting all the available emory on the server which can lead to a denial of service. The mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-1752, CVE-2011-1783, CVE-2011-1921
MD5 | 33f2fcb4f1ab29e8c932610e81f51684
iMatix Xitami 5.0a0 NULL Pointer
Posted Jun 4, 2011
Authored by Luigi Auriemma | Site aluigi.org

iMatix Xitami versions 5.0a0 and below suffer from a NULL pointer vulnerability.

tags | exploit
MD5 | a10b9b3dfa4175a874ba4d4c847a7799
Botan C++ Crypto Algorithms Library 1.9.18
Posted Jun 4, 2011
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.

Changes: The SSL implementation can now be used with Visual C++ 2010's TR1 implementation. Numerous optimizations for the ECC algorithms provide 20 to 50% performance improvements. Some portability bugs affecting Solaris users were fixed, as were bugs that were triggered under the Visual C++ 2010 and Clang compilers. A bug that could cause denial of service to users verifying GOST 34.10 signatures was also fixed.
tags | library
systems | linux
MD5 | 918e5b56cc92905b13b83a50bfce2d30
Debian Security Advisory 2253-1
Posted Jun 4, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2253-1 - Ulrik Persson reported a stack-based buffer overflow flaw in FontForge, a font editor. When processed a crafted Bitmap Distribution Format (BDF) FontForge could crash or execute arbitrary code with the privileges of the user running FontForge.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2010-4259
MD5 | eb4af48cb5d1cacd19f16bd672009e82
VMware Tools Disclosure / Privilege Escalation
Posted Jun 4, 2011
Authored by Dan Rosenberg | Site vsecurity.com

VSR identified multiple vulnerabilities in VMware Tools, a suite of utilities shipped by VMware with multiple product offerings, as well as by open-source distributions as the open-vm-tools package. The first of these issues results in a minor information disclosure vulnerability, while the second two issues may result in privilege escalation in a VMware guest with VMware Tools installed.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2011-1787, CVE-2011-2145
MD5 | 4c71748e41986375b6f38a245c4ba096
Zero Day Initiative Advisory 11-171
Posted Jun 4, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-171 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase OneBridge Mobile Data Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iMailGatewayService server process (ECTrace.dll) which listens for encrypted requests by default on TCP port 993 (IMAP) and port 587 (SMTP). The process fails to properly sanitize malformed user string inputs before passing to the authentication logging function. By providing a specially crafted string with format specifiers this can be leveraged to trigger a format string vulnerability which can lead to arbitrary code execution in the context of the server process.

tags | advisory, remote, arbitrary, tcp, imap, code execution
MD5 | f771aa947d620a5ea4c05a84dce94675
Kleophatra 0.1.5 TinyBrowser File Upload Code Execution
Posted Jun 4, 2011
Authored by KedAns-Dz | Site metasploit.com

This Metasploit module exploits a vulnerability in the TinyMCE/tinybrowser plugin. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.

tags | exploit
MD5 | 51339459200637b0020a4f00fb31d781
iDEFENSE Security Advisory 2011-06-01.1
Posted Jun 4, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 06.01.11 - Remote exploitation of a design error within Cisco Systems Inc's AnyConnect VPN client allows attackers to execute arbitrary code with the privileges of a user running Internet Explorer. Cisco AnyConnect VPN client versions prior to 2.3.185 for Windows, 2.5.3041 and 3.0.629 for Linux and Apple Mac OS X are vulnerable.

tags | advisory, remote, arbitrary
systems | cisco, linux, windows, apple, osx
advisories | CVE-2011-2039
MD5 | 4c5e8144c6800f4bda0bdee8bdd35e7e
vBulletin 3.x vBExperience Cross Site Scripting
Posted Jun 4, 2011
Authored by Mr.ThieF

vBulletin version 3.x.x with the vBExperience add-on suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | ab4bae012067c71f14001a4d0979b0d8
Page 1 of 1
Back1Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close