exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files Date: 2011-09-17

Measuresoft ScadaPro 4.0.0 Remote Command Execution
Posted Sep 17, 2011
Authored by Luigi Auriemma, mr_me, TecR0c | Site metasploit.com

This Metasploit module allows remote attackers to execute arbitrary commands on the affected system by abusing a directory traversal attack when using the 'xf' command (execute function). An attacker can execute system() from msvcrt.dll to upload a backdoor and gain remote code execution.

tags | exploit, remote, arbitrary, code execution
SHA-256 | 802baf0283f3035901e556177c67bc14ff8b62fa5e4ccd9e691b0fd5740792be
RealNetworks Realplayer QCP Parsing Heap Overflow
Posted Sep 17, 2011
Authored by Sean de Regge, juan vazquez | Site metasploit.com

This Metasploit module exploits a heap overflow in Realplayer when handling a .QCP file. The specific flaw exists within qcpfformat.dll. A static 256 byte buffer is allocated on the heap and user-supplied data from the file is copied within a memory copy loop. This allows a remote attacker to execute arbitrary code running in the context of the web browser via a .QCP file with a specially crafted "fmt" chunk. At this moment this module exploits the flaw on Windows XP IE6, IE7.

tags | exploit, remote, web, overflow, arbitrary
systems | windows
advisories | CVE-2011-2950, OSVDB-74549
SHA-256 | cce2bc3fede3c402a04087782f79fa183476cf2dbb4148275dc851a1d3272199
ScadaTEC ScadaPhone 5.3.11.1230 Buffer Overflow
Posted Sep 17, 2011
Authored by mr_me | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in version 5.3.11.1230 of scadaTEC's ScadaPhone. In order for the command to be executed, an attacker must convince someone to load a specially crafted project zip file with ScadaPhone. By doing so, an attacker can execute arbitrary code as the victim user.

tags | exploit, overflow, arbitrary
advisories | OSVDB-75375
SHA-256 | e57c5d7bb2afa78df530127adc494c09c01ecf0da39129aaa47ac10c126368d3
iManager Plugin 1.2.8 Local File Inclusion
Posted Sep 17, 2011
Authored by LiquidWorm | Site zeroscience.mk

iManager plugin version 1.2.8 suffers from a local file inclusion vulnerability / file disclosure vulnerability when input passed thru the 'lang' parameter to imanager.php, rfiles.php, symbols.php, colorpicker.php, loadmsg.php, ov_rfiles.php and examples.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.

tags | exploit, local, php, file inclusion
SHA-256 | d0cf4e6a0566ee44420d01dd97fde3f21f7a6d484e9d9448f4b1f6a0c32cc43c
Mandriva Linux Security Advisory 2011-134-1
Posted Sep 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-134 - Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service via a long TAG in a legacy syslog message. The updated packages have been patched to correct this issue. rsyslog was upgraded to the 5.8.5 version for Mandriva Linux 2011 that brings additional fixes as well.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2011-3200
SHA-256 | 5fb0cbf570f769eb1d92e3de9637a534df3c78e54efc976cdc152978df69fe25
Mandriva Linux Security Advisory 2011-132-1
Posted Sep 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-132 - Multiple vulnerabilities have been identified and fixed in pidgin. It was found that the gdk-pixbuf GIF image loader routine gdk_pixbuf__gif_image_load() did not properly handle certain return values from its subroutines. A remote attacker could provide a specially-crafted GIF image, which, once opened in Pidgin, would lead gdk-pixbuf to return a partially initialized pixbuf structure. Various other issues were also addressed.

tags | advisory, remote, vulnerability
systems | linux, mandriva
advisories | CVE-2011-2485, CVE-2011-2943, CVE-2011-3184
SHA-256 | eaf6bc4bf66d4b776855519d1cbcc90bbe420368f1e1d0834c2cd1a506f8aebf
Mandriva Linux Security Advisory 2011-130-1
Posted Sep 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-130 - The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. The updated packages have been patched to correct this issue.

tags | advisory, remote, web, denial of service
systems | linux, mandriva
advisories | CVE-2011-3192
SHA-256 | 5776fc8fda0accec1d7c57c764d6adb28925ae2490071ad0f2cce19d3ae5367b
Mandriva Linux Security Advisory 2011-133-1
Posted Sep 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-133 - Security issues were identified and fixed in mozilla firefox and thunderbird. As more information has come to light about the attack on the DigiNotar Certificate Authority they have improved the protections added in MFSA 2011-34. The main change is to add explicit distrust to the DigiNotar root certificate and several intermediates. Removing the root as in their previous fix meant the certificates could be considered valid if cross-signed by another Certificate Authority.

tags | advisory, root
systems | linux, mandriva
SHA-256 | 0a097dea055a967cb8cdad2508c9fce8870afe1021950ef53b44992e01b8ecf3
Secunia Security Advisory 45881
Posted Sep 17, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Tahoe-LAFS, which can be exploited by malicious people to manipulate certain data.

tags | advisory
SHA-256 | f99bd2df961be0102ac6b16852207a916ef8ec2690a1b3c4b856af970bf41c9f
Secunia Security Advisory 45979
Posted Sep 17, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in multiple Cisco products, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
systems | cisco
SHA-256 | 24b651ba960819aafc8f50330cad0073a4c46819c0eb3c5aa8633d2c199d12a3
ClearMindGraphics SQL Injection
Posted Sep 17, 2011
Authored by nGa Sa Lu

ClearMindGraphics suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6834bd5a68215d01306f1da78ec02b1fe16e3f9e7dd81863302ff2793be0455d
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close