exploit the possibilities
Showing 1 - 25 of 34 RSS Feed

Files Date: 2011-06-21

Zero Day Initiative Advisory 11-225
Posted Jun 21, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-225 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the nsXULCommandDispatcher.cpp source code. During a NS_XUL_COMMAND_UPDATE event dispatch, the user is able to force command dispatcher to remove all the updaters in the mUpdaters chain including the one that is currently in use. As a result, the local variable updater becomes a stale pointer and updater->mNext refers to memory previously freed. Successful exploitation can lead to code execution in the context of the browser.

tags | advisory, remote, arbitrary, local, code execution
advisories | CVE-2011-0085
MD5 | 93a48dda1ae2ea127892bbd1d91fa7f3
Zero Day Initiative Advisory 11-224
Posted Jun 21, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-224 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG polygon objects. The code within nsSVGPointList::AppendElement() does not account for user defined getter methods modifying or destroying the parent object during a repaint. An attacker can abuse this flaw to create a dangling pointer which is referenced during the traversal of the SVG container hierarchy. This can be leveraged to execute arbitrary code within the context of the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2363
MD5 | e8123500a2e6a13d13ca79123115335c
IBM Web Application Firewall Bypass
Posted Jun 21, 2011
Authored by Trustwave | Site trustwave.com

The IBM Web Application Firewall can be evaded, allowing an attacker to exploit web vulnerabilities that the product intends to protect. The issue occurs when an attacker submits repeated occurrences of the same parameter.

tags | exploit, web, vulnerability
MD5 | f5eb70972766a42f53fe7d593b16e3a7
Zero Day Initiative Advisory 11-223
Posted Jun 21, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-223 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG path segment objects. The function nsSVGPathSegList::ReplaceItem() does not account for deletion of the segment object list within a user defined DOMAttrModified EventListener. Code within nsSVGPathSegList::ReplaceItem() references the segment list without verifying that it was not deleted in the aforementioned callback. This can be abused to create a dangling reference which can be leveraged to execute arbitrary code within the context of the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0083
MD5 | 8773846b9141baef7815ff4a942bd890
Penetration Testing With Metasploit
Posted Jun 21, 2011
Authored by Dinesh Shetty

This brief whitepaper gives an overview of the functional uses of the Metasploit Framework.

tags | paper
MD5 | ccafd5601a1ca9702e2c6d605633f65a
Ubuntu Security Notice USN-1156-1
Posted Jun 21, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1156-1 - It was discovered that tgt incorrectly handled long iSCSI name strings, and invalid PDUs. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 10.10. Emmanuel Bouillon discovered that tgt incorrectly handled certain iSCSI logins. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-2221, CVE-2011-0001
MD5 | ea072ea4fe1420c32ff04adc8b4f18a8
Ubuntu Security Notice USN-1155-1
Posted Jun 21, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1155-1 - It was discovered that NBD incorrectly handled certain long requests. A remote attacker could use this flaw to cause NBD to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-0530
MD5 | 3f5d7d22dc13137f58e66352035c1e7e
AthCon 2011 Capture The Flag Reversing Solution
Posted Jun 21, 2011
Authored by Glafkos Charalambous, George Nicolaou

This is the Athcon 2011 Capture The Flag solution paper.

tags | paper, conference
MD5 | 365ac5d3ac49cd466c22d763cf4b1877
Plesk Panel Brute Forcer 1.0
Posted Jun 21, 2011
Authored by Burtay

This php script is a Plesk Panel brute forcing utility.

tags | cracker, php
MD5 | 3111b67f330b10c80c271fdb6855c9e6
Sitemagic CMS 2010.04.17 Cross Site Scripting
Posted Jun 21, 2011
Authored by LiquidWorm | Site zeroscience.mk

Sitemagic CMS suffers from a XSS vulnerability when parsing user input to the 'SMExt' parameter via GET method in 'index.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

tags | exploit, arbitrary, php
MD5 | 987fc3343b09d074a6561ab2ebf89411
Slackware Security Advisory - Fetchmail STARTTLS
Posted Jun 21, 2011
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - fetchmail packages have been updated to fix a denial of service vulnerability in the STARTTLS protocol phases.

tags | advisory, denial of service, protocol
systems | linux, slackware
advisories | CVE-2011-1947
MD5 | 9768c3123b0c7d768c1ea86192cfc5ac
FactoryLink vrn.exe Opcode 9 Buffer Overflow
Posted Jun 21, 2011
Authored by Luigi Auriemma, hal | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in FactoryLink 7.5, 7.5 SP2, and 8.0.1.703. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by Luigi Auriemma.

tags | exploit, overflow, arbitrary
advisories | OSVDB-72815
MD5 | b1bfc7e2b7e4d47e4dff89063cbff2ef
Black Ice Cover Page ActiveX Control Arbitrary File Download
Posted Jun 21, 2011
Authored by shinnai, mr_me, sinn3r | Site metasploit.com

This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0). Code execution can be achieved by first uploading the payload to the remote machine, and then upload another mof file, which enables Windows Management Instrumentation service to execute the binary. Please note that this module currently only works for Windows before Vista. Also, a similar issue is reported in BIDIB.ocx (10.9.3.0) within the Barcode SDK.

tags | exploit, remote, arbitrary, code execution, activex
systems | windows
advisories | CVE-2008-2683, OSVDB-46007
MD5 | 095fce93622507998eeccf7f97bcb568
Secunia Security Advisory 45009
Posted Jun 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in DokuWiki, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
MD5 | cdf43aa61a239093a1bda81805cd7a3d
Secunia Security Advisory 44982
Posted Jun 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

tags | advisory, vulnerability
MD5 | 53d43fbe7498f4ddee34c9cdc32dc083
Secunia Security Advisory 44728
Posted Jun 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gjoko Krstic has discovered a vulnerability in Sitemagic CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 985e66a453ff693cc4444253733506e1
Blue Bison Script SQL Injection
Posted Jun 21, 2011
Authored by HeRoTuRK

Blue Bison Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 84fbfa469c2b4d37e0d92349fcc84e57
EA Sports Cross Site Scripting
Posted Jun 21, 2011
Authored by Juan Sacco

EA Sports aka ea.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5280eb8131f3a62e427bdf78b62bca6f
If-CMS 2.07 Local File Inclusion
Posted Jun 21, 2011
Authored by TecR0c

If-CMS version 2.07 pre-authentication local file inclusion exploit that leverages the newlang parameter.

tags | exploit, local, file inclusion
MD5 | 7a33f7e16da3d52c32353655d347203c
DreamBox DM800 Arbitrary File Download
Posted Jun 21, 2011
Authored by ShellVision

DreamBox DM800 versions 1.6rc3 and below suffer from a remote arbitrary file download vulnerability.

tags | exploit, remote, arbitrary, info disclosure
MD5 | 734b280c713087ccd7cb5819e28f15e4
Secunia Security Advisory 45003
Posted Jun 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Piwik, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | 60feee7164f4c91cece0f4c3f05f1a7c
Secunia Security Advisory 44701
Posted Jun 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered a security issue in NNT Change Tracker and Remote Angel, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, remote, local
MD5 | 8e3c57773cd8271991208f172a2b15b7
Secunia Security Advisory 45004
Posted Jun 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in BlackBerry Tablet OS, which can be exploited by malicious people to disclose potentially sensitive information and compromise a user's system.

tags | advisory, vulnerability
MD5 | 20b9b37045c8934eb281fc21cd9c0f56
Secunia Security Advisory 44983
Posted Jun 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for perl. This fixes a weakness, which can be exploited by malicious people to bypass certain security features.

tags | advisory, perl
systems | linux, debian
MD5 | a6c550c3f26bbbd9e81c2818618fd169
Secunia Security Advisory 45016
Posted Jun 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in SAP NetWeaver, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and bypass certain security restrictions.

tags | advisory, vulnerability, xss
MD5 | d782b69c31e3582cb358331dc6c2c4eb
Page 1 of 2
Back12Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    8 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close