what you don't know can hurt you
Showing 1 - 23 of 23 RSS Feed

Files Date: 2011-07-11

Zero Day Initiative Advisory 11-234
Posted Jul 11, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-234 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the Cas_LogDirectInsert.aspx http handler, which listens by default on TCP port 443. A specially crafted POST request allows remote attackers to supply XML and schema information which is used within queries to the backend database. By supplying malicious values, an attacker can inject themselves a user account which can be used to execute code via the management console on the service.

tags | advisory, remote, web, arbitrary, tcp
MD5 | 6dce532665508b6d3d5b1c0c48fdc347
Ubuntu Security Notice USN-1166-1
Posted Jul 11, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1166-1 - Stephane Chauveau discovered that OProfile did not properly perform input validation when processing arguments to opcontrol. A local user who is allowed to run opcontrol with privileges could exploit this to run arbitrary commands as the privileged user. Stephane Chauveau discovered a directory traversal vulnerability in OProfile when processing the --save argument to opcontrol. A local user could exploit this to overwrite arbitrary files with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2011-1760, CVE-2011-2471, CVE-2011-2472
MD5 | 2450464c84a75f8a1c0ad5a1e4248f46
ICMusic CMS 1.2 SQL Injection
Posted Jul 11, 2011
Authored by kaMtiEz | Site indonesiancoder.com

ICMusic CMS version 1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7dbe54ce80df63e46465c18692d9dbea
Tugux CMS 1.2 Cross Site Scripting / Blind SQL Injection
Posted Jul 11, 2011
Authored by eidelweiss

Tugux CMS version 1.2 suffers from cross site scripting and remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 27ce39c27e2570189186f0e95d6367dd
Prontus CMS Cross Site Scripting
Posted Jul 11, 2011
Authored by Zerial

Prontus CMS suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1caac24ad62c69473ccafed3ac26b9aa
ROP Gadget Tool 2.3
Posted Jul 11, 2011
Authored by Jonathan Salwan

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation.

tags | tool
systems | unix
MD5 | d7eed0e1c6cd9fb35d778d61179d4568
Mediatek Net SQL Injection
Posted Jul 11, 2011
Authored by Lazmania61

Mediatek Net suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3ad9b1e30dc6ba5d30d5b16ab7d90142
01Communication SQL Injection
Posted Jul 11, 2011
Authored by Lazmania61

01Communication suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 286418ae5521e4037b84ffa4ffcd486e
Dotflorence.com SQL Injection
Posted Jul 11, 2011
Authored by Lazmania61

The scheda.php script provided by Dotflorence.com suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | db31b4b08d7367a4e3d13a46e3086276
Fluency SQL Injection
Posted Jul 11, 2011
Authored by Lazmania61

Fluency suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 620c06df595ce0198d2fbb65918d2f4f
Debian Security Advisory 2277-1
Posted Jul 11, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2277-1 - It has been discovered that xml-security-c, an implementation of the XML Digital Signature and Encryption specifications, is not properly handling RSA keys of sizes on the order of 8192 or more bits. This allows an attacker to crash applications using this functionality or potentially execute arbitrary code by tricking an application into verifying a signature created with a sufficiently long RSA key.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2011-2516
MD5 | 3c893fdc2dc0183c01869da22aed1abc
Debian Security Advisory 2276-1
Posted Jul 11, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2276-1 - Paul Belanger reported a vulnerability in Asterisk identified as AST-2011-008 (CVE-2011-2529) through which an unauthenticated attacker may crash an Asterisk server remotely. A package containing a null char causes the SIP header parser to alter unrelated memory structures.

tags | advisory
systems | linux, debian
advisories | CVE-2011-2529, CVE-2011-2535
MD5 | c158ba2d320570330f31a9887f25eb9f
DNS Invalid Compression Denial Of Service
Posted Jul 11, 2011
Authored by sipher | Site elitter.net

DNS invalid compression denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | a661faca27f51b46cc35df0ebf3e395b
Mozilla Firefox "nsTreeRange" Dangling Pointer Vulnerability
Posted Jul 11, 2011
Authored by regenrecht, xero | Site metasploit.com

This Metasploit module exploits a code execution vulnerability in Mozilla Firefox 3.6.x <= 3.6.16 and 3.5.x <= 3.5.17 found in nsTreeSelection. By overwriting a subfunction of invalidateSelection it is possible to free the nsTreeRange object that the function currently operates on. Any further operations on the freed object can result in remote code execution. Utilizing the call setup the function provides it's possible to bypass DEP without the need for a ROP. Sadly this exploit is still either dependent on Java or bound by ASLR because Firefox doesn't employ any ASLR-free modules anymore.

tags | exploit, java, remote, code execution
advisories | CVE-2011-0073, OSVDB-72087
MD5 | 34f569f4d03a07d24416d8c0a6c4e732
Secunia Security Advisory 45220
Posted Jul 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for firefox, thunderbird, and xulrunner. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

tags | advisory, vulnerability
systems | linux, fedora
MD5 | bf493da9ce4d03f6e5d124184e1cd32f
Secunia Security Advisory 45201
Posted Jul 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for asterisk. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, debian
MD5 | 68f2c76a5afc5901dbc992292a41a4c2
Secunia Security Advisory 45173
Posted Jul 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - ACROS Security has discovered a vulnerability in Sun Java, which can be exploited by malicious people to compromise a user's system.

tags | advisory, java
MD5 | ba32dc1beb48e6eb9c9824c9d97e38ad
Secunia Security Advisory 45198
Posted Jul 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for xml-security-c. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.

tags | advisory, denial of service, vulnerability
systems | linux, debian
MD5 | 9bf72be69ff5bcf40677aba79a66f786
Secunia Security Advisory 45223
Posted Jul 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, suse
MD5 | b218b84195573031b7dd545710bf4a47
JOmega CMS SQL Injection
Posted Jul 11, 2011
Authored by MasterGipy

JOmega CMS suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | ca270e7cbbac20cddcb07ab2377203dd
Tugux CMS 1.2 Remote Arbitrary File Deletion
Posted Jul 11, 2011
Authored by LiquidWorm | Site zeroscience.mk

Tugux CMS version 1.2 remote arbitrary file deletion vulnerability.

tags | exploit, remote, arbitrary
MD5 | 9b1e456792e8405d4f5cba511d4704ed
Konrad-Adenauer-Stiftung SQL Injection
Posted Jul 11, 2011
Authored by Skote Vahshat

Konrad-Adenauer-Stiftung suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7db7612e78f2195cb8345e4f9e6bafc1
Freefloat FTP Buffer Overflow
Posted Jul 11, 2011
Authored by Zer0 Thunder

FreeFloat FTP server LIST buffer overflow exploit that spawns a bindshell on port 4444.

tags | exploit, overflow
MD5 | 119f9ae6230237f50e4c913f42a48061
Page 1 of 1
Back1Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    11 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    2 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    19 Files
  • 21
    Aug 21st
    17 Files
  • 22
    Aug 22nd
    9 Files
  • 23
    Aug 23rd
    3 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close