all things security
Showing 1 - 11 of 11 RSS Feed

Files Date: 2011-09-17

Measuresoft ScadaPro 4.0.0 Remote Command Execution
Posted Sep 17, 2011
Authored by Luigi Auriemma, mr_me, TecR0c | Site metasploit.com

This Metasploit module allows remote attackers to execute arbitrary commands on the affected system by abusing a directory traversal attack when using the 'xf' command (execute function). An attacker can execute system() from msvcrt.dll to upload a backdoor and gain remote code execution.

tags | exploit, remote, arbitrary, code execution
MD5 | 3508195d3c887c43db110cb0998ef314
RealNetworks Realplayer QCP Parsing Heap Overflow
Posted Sep 17, 2011
Authored by Sean de Regge, juan vazquez | Site metasploit.com

This Metasploit module exploits a heap overflow in Realplayer when handling a .QCP file. The specific flaw exists within qcpfformat.dll. A static 256 byte buffer is allocated on the heap and user-supplied data from the file is copied within a memory copy loop. This allows a remote attacker to execute arbitrary code running in the context of the web browser via a .QCP file with a specially crafted "fmt" chunk. At this moment this module exploits the flaw on Windows XP IE6, IE7.

tags | exploit, remote, web, overflow, arbitrary
systems | windows, xp
advisories | CVE-2011-2950, OSVDB-74549
MD5 | 6fd55d2d1f45a9927dfae4e3fc454d59
ScadaTEC ScadaPhone 5.3.11.1230 Buffer Overflow
Posted Sep 17, 2011
Authored by mr_me | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in version 5.3.11.1230 of scadaTEC's ScadaPhone. In order for the command to be executed, an attacker must convince someone to load a specially crafted project zip file with ScadaPhone. By doing so, an attacker can execute arbitrary code as the victim user.

tags | exploit, overflow, arbitrary
advisories | OSVDB-75375
MD5 | 4b2dd580a00bbdde917ed5e471bf778d
iManager Plugin 1.2.8 Local File Inclusion
Posted Sep 17, 2011
Authored by LiquidWorm | Site zeroscience.mk

iManager plugin version 1.2.8 suffers from a local file inclusion vulnerability / file disclosure vulnerability when input passed thru the 'lang' parameter to imanager.php, rfiles.php, symbols.php, colorpicker.php, loadmsg.php, ov_rfiles.php and examples.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.

tags | exploit, local, php, file inclusion
MD5 | 1f565d16d37a5af74ffc5e704832da2e
Mandriva Linux Security Advisory 2011-134-1
Posted Sep 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-134 - Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service via a long TAG in a legacy syslog message. The updated packages have been patched to correct this issue. rsyslog was upgraded to the 5.8.5 version for Mandriva Linux 2011 that brings additional fixes as well.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2011-3200
MD5 | b2a776d4ea3dc3f94f6b9b74c66f2c75
Mandriva Linux Security Advisory 2011-132-1
Posted Sep 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-132 - Multiple vulnerabilities have been identified and fixed in pidgin. It was found that the gdk-pixbuf GIF image loader routine gdk_pixbuf__gif_image_load() did not properly handle certain return values from its subroutines. A remote attacker could provide a specially-crafted GIF image, which, once opened in Pidgin, would lead gdk-pixbuf to return a partially initialized pixbuf structure. Various other issues were also addressed.

tags | advisory, remote, vulnerability
systems | linux, mandriva
advisories | CVE-2011-2485, CVE-2011-2943, CVE-2011-3184
MD5 | 5b28ab32a3b65ab9fef30a9280b235be
Mandriva Linux Security Advisory 2011-130-1
Posted Sep 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-130 - The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. The updated packages have been patched to correct this issue.

tags | advisory, remote, web, denial of service
systems | linux, mandriva
advisories | CVE-2011-3192
MD5 | 77925b8e44231c2693c1ba39c9f1be32
Mandriva Linux Security Advisory 2011-133-1
Posted Sep 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-133 - Security issues were identified and fixed in mozilla firefox and thunderbird. As more information has come to light about the attack on the DigiNotar Certificate Authority they have improved the protections added in MFSA 2011-34. The main change is to add explicit distrust to the DigiNotar root certificate and several intermediates. Removing the root as in their previous fix meant the certificates could be considered valid if cross-signed by another Certificate Authority.

tags | advisory, root
systems | linux, mandriva
MD5 | 68fa865b88af3ca51a3520f46013c90b
Secunia Security Advisory 45881
Posted Sep 17, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Tahoe-LAFS, which can be exploited by malicious people to manipulate certain data.

tags | advisory
MD5 | ff87ff2b57c3466e00880c7a23e430c8
Secunia Security Advisory 45979
Posted Sep 17, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in multiple Cisco products, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
systems | cisco
MD5 | afe69c82e6c03f52e438892895e1a531
ClearMindGraphics SQL Injection
Posted Sep 17, 2011
Authored by nGa Sa Lu

ClearMindGraphics suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b097f86c45650c030848aefb649a6f29
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close