exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 34 RSS Feed

Files Date: 2011-07-19

Debian Security Advisory 2280-1
Posted Jul 19, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2280-1 - It was discovered that libvirt, a library for interfacing with different virtualization systems, is prone to an integer overflow. Additionally, the stable version is prone to a denial of service, because its error reporting is not thread-safe.

tags | advisory, denial of service, overflow
systems | linux, debian
advisories | CVE-2011-2511, CVE-2011-1486
SHA-256 | a8af1ed94336383085f411150c93a4f063faf203d3c4596b1b379a23bb1ba268
FreeFloat FTP Server REST Buffer Overflow
Posted Jul 19, 2011
Authored by C4SS!0 G0M3S, KaHPeSeSe | Site metasploit.com

This Metasploit module exploits a FreeFloat FTP Server Buffer Overflow found in the REST command.

tags | exploit, overflow
SHA-256 | 1becbcbec22bd43a27c0136ee0e1a0f55e8b08d1d4b57706e2887c7487205786
FreeFloat FTP Server 1.0 ACCL Buffer Overflow
Posted Jul 19, 2011
Authored by mortis

FreeFloat FTP server version 1.0 ACCL buffer overflow exploit that binds a shell to port 4444.

tags | exploit, overflow, shell
SHA-256 | 6448d4fb8911f8dbc75a77bd679a1a8e78644a0dd183b83470798d40731d0f8e
Lotus Domino Denial Of Service
Posted Jul 19, 2011

Lotus Domino version 8.5.3 suffers from a denial of service vulnerability when parsing malformed .ics files.

tags | exploit, denial of service
SHA-256 | a9d858f49f59e317ae9234682048990a901ab4dbe1da596043743982fdf60d94
Debian Security Advisory 2279-1
Posted Jul 19, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2279-1 - It was discovered that libapache2-mod-authnz-external, an apache authentication module, is prone to an SQL injection via the $user parameter.

tags | advisory, sql injection
systems | linux, debian
advisories | CVE-2011-2688
SHA-256 | ec45376c90269e2171f83907227c70bac429c3bfb224ee3eb33a2ff3eb47e6c1
Red Hat Security Advisory 2011-0959-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0959-01 - Mutt is a text-mode mail user agent. A flaw was found in the way Mutt verified SSL certificates. When a server presented an SSL certificate chain, Mutt could ignore a server hostname check failure. A remote attacker able to get a certificate from a trusted Certificate Authority could use this flaw to trick Mutt into accepting a certificate issued for a different hostname, and perform man-in-the-middle attacks against Mutt's SSL connections. All Mutt users should upgrade to this updated package, which contains a backported patch to correct this issue. All running instances of Mutt must be restarted for this update to take effect.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2011-1429
SHA-256 | b364384537a2893482d9009fc2a0d0151fdc4cda0f3e95bba3835ee9249a8a96
Agent Image SQL Injection
Posted Jul 19, 2011
Authored by Ehsan_Hp200

Agent Image suffers from a remote SQL injection vulnerability in news_detail.php.

tags | exploit, remote, php, sql injection
SHA-256 | 744e86bae88fc7524fdd4e07eadd0048c0646e072dbaefbc460c3b81ff8c042d
SD Professionals LLC SQL Injection
Posted Jul 19, 2011
Authored by Ehsan_Hp200

SD Professionals LLC maintained sites appear to suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f7879a02681d2e7a8fd3845d60f10dd1d2424361ed3ca86dd6960872b830a150
Dow Group SQL Injection
Posted Jul 19, 2011
Authored by Ehsan_Hp200

Dow Group suffers from a remote SQL injection vulnerability in sub.php.

tags | exploit, remote, php, sql injection
SHA-256 | 1e233b6398671b579f1d7c0290dfe743a2805133fed2330e3061417bdce68ffc
Centralia SQL Injection
Posted Jul 19, 2011
Authored by Netrondoank

Centralia suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9af5d181d44942f6bb9e0ebcc59cca17622b3f257f142c7d4170f4593b59bd7d
Techforge Script SQL Injection
Posted Jul 19, 2011
Authored by HeRoTuRK

Techforge Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5426de4ce7c18432b210d0288572c47462cc61f34ec7173687d4ced4679e32d4
Neudimenxion CMS SQL Injection
Posted Jul 19, 2011
Authored by Netrondoank

Neudimenxion CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b9ae07c55661f72e11c2cd95f191511f00737a86761bfd001df1952b0b5e9040
WordPress Security Scanner 1.0
Posted Jul 19, 2011
Authored by Ryan Dewhurst | Site code.google.com

WordPress Security Scanner can perform username enumeration, weak password cracking, version / vulnerability / plugin enumeration, and more.

tags | tool, scanner
systems | unix
SHA-256 | d3fd1d47fbf3f104aeb62c53f9d31202ec9e2fdfd66aa921c9d4f8927122bf6f
Iconics GENESIS32 Integer Overflow
Posted Jul 19, 2011
Authored by Luigi Auriemma, corelanc0d3r, Lincoln | Site metasploit.com

Iconics GENESIS32 version 9.21.201.01 suffers from an integer overflow vulnerability. The GenBroker service on port 38080 is affected by three integer overflow vulnerabilities while handling opcode 0x4b0, which is caused by abusing the the memory allocations needed for the number of elements passed by the client. This results unexpected behaviors such as direct registry calls, memory location calls, or arbitrary remote code execution. Please note that in order to ensure reliability, this exploit will try to open calc (hidden), inject itself into the process, and then open up a shell session. Also, DEP bypass is supported.

tags | exploit, remote, overflow, arbitrary, shell, registry, vulnerability, code execution
SHA-256 | 7bae29e02d02057cc61741efd202ae99da696fffbf3d953322faa7fcd5294a22
Zero Day Initiative Advisory 11-236
Posted Jul 19, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-236 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Documentum eRoom Indexing Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the bundled implementation of OpenText's HummingBird Connector. When parsing a particular packet received from a TCP connection, the application will attempt to copy part of the packet's contents into a buffer located on the stack. Due to not completely accommodating for the size of the data in the packet, the application will overwrite variables positioned after the buffer. This can lead to code execution under the context of the server.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2011-1741
SHA-256 | c09c6ff148b85fb34a65bbcf03cb521e5a5c98dd3368e7056c611cea99909e84
Red Hat Security Advisory 2011-0953-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0953-01 - system-config-firewall is a graphical user interface for basic firewall setup. It was found that system-config-firewall used the Python pickle module in an insecure way when sending data to the privileged back-end mechanism. A local user authorized to configure firewall rules using system-config-firewall could use this flaw to execute arbitrary code with root privileges, by sending a specially-crafted serialized object.

tags | advisory, arbitrary, local, root, python
systems | linux, redhat
advisories | CVE-2011-2520
SHA-256 | d43cab56990df504c8d18a2da4efe970de2893378a7b5c762ebdc293c1c325b1
Mandriva Linux Security Advisory 2011-114
Posted Jul 19, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-114 - oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4636, CVE-2009-4640, CVE-2010-3429, CVE-2010-4704, CVE-2011-0722, CVE-2011-0723
SHA-256 | 2edb4f909d4679c9270182246df61ab65e6bfeb80e7547c02673cf6c81e96391
Red Hat Security Advisory 2011-0952-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0952-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2011-2196
SHA-256 | 859f0577523b8b3ded74c3e81c0a1ae9489e7dbbc41a3eef251ace3db7ebe32a
What Is A Vulnerability Assessment?
Posted Jul 19, 2011
Site demyo.com

Whitepaper called What is a vulnerability assessment?

tags | paper
SHA-256 | 1db8f170789f22c1159c75852c1efe3e2bad976250e145cd254fe747f07c8ab2
Mandriva Linux Security Advisory 2011-112
Posted Jul 19, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-112 - oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4636, CVE-2009-4639, CVE-2009-4640, CVE-2010-3429, CVE-2010-4704, CVE-2011-0723
SHA-256 | 33af89811dba747821658293c305562d6e03fcb744c6897be8d8a404005cba6b
Red Hat Security Advisory 2011-0951-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0951-01 - The JBoss Seam 2 framework is an application framework for building web applications in Java. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.

tags | advisory, java, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-2196
SHA-256 | 8df816f77deca6648e24dd7fedeb05397216c1dbef7b6485816b2c9587963bba
Freefloat FTP 1.0 ABOR Buffer Overflow
Posted Jul 19, 2011
Authored by Craig Freyman

Freefloat FTP version 1.0 ABOR buffer overflow exploit.

tags | exploit, overflow
SHA-256 | ed6030ce0ac47529c658ba9a8d96fc59ceb9c74bd6e8956329ac0b799483e7a1
112 Bytes Win32/PerfectXp-pc1/sp3 Add Admin Shellcode
Posted Jul 19, 2011
Authored by KaHPeSeSe

112 bytes small Win32/PerfectXp-pc1/sp3 (Tr) add administrator shellcode.

tags | shellcode, add administrator
systems | windows
SHA-256 | ef768bdd250041675cea8b84b7ea05256a0f3acf5c4cb83ff2c17ed7cc99c639
GDI+ CreateDashedPath Integer Overflow
Posted Jul 19, 2011
Authored by Abysssec, Nicolas Joly | Site abysssec.com

GDI+ CreateDashedPath suffers from an integer overflow vulnerability in gdiplus.dll.

tags | exploit, overflow
systems | linux
advisories | CVE-2011-0041
SHA-256 | e20fc836323223dccecb7e77feedfe083e650997e1791ba72b7c3bf909266bad
Red Hat Security Advisory 2011-0950-01
Posted Jul 19, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0950-01 - The JBoss Seam 2 framework is an application framework for building web applications in Java. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.

tags | advisory, java, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-2196
SHA-256 | 1e724852f2245d0ec270c3274436e11c3dec7e45bab69a5e5f3fb1aa217f933b
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close