what you don't know can hurt you
Showing 1 - 25 of 25 RSS Feed

Files Date: 2011-09-22

FBC-Market CMS 1.1 Cross Site Scripting
Posted Sep 22, 2011
Site vulnerability-lab.com

FBC-Market CMS version 1.1 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 9e2f247f929f7285c4efe75d226708af
Ubuntu Security Notice USN-1214-1
Posted Sep 22, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1214-1 - Tomas Hoger discovered that GIMP incorrectly handled malformed LZW streams. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-2896
MD5 | 90c389790917e7a857a050a718bd2f40
Ani-Shell 1.4 PHP Shell
Posted Sep 22, 2011
Authored by Aneesh Dogra

Ani-Shell is a simple PHP shell with some unique features like a mass mailer, ddoser, connect-back shell, bind shell, and various other features.

tags | tool, shell, php, rootkit
systems | unix
MD5 | f789ddc02f9f16fa9f82a31ce2e0f5cf
secureURL.php Design Flaws
Posted Sep 22, 2011
Authored by G. Pek, B. Bencsath, BME CrySyS Lab, L. Buttyan

Design flaws make it possible to find out hash of the secret used for URL generation in secureURL.php version 2.0. The problem enables malicious parties to calculate checksum over fabricated URL parameters. The design flaws render the system ineffective against attacks and gives a false sense of security.

tags | advisory, php
MD5 | 0ad6045bf3d0a03d5cfddb27301eb592
WordPress 3.1.2 Clickjacking
Posted Sep 22, 2011
Authored by Andrew Horton | Site security-assessment.com

WordPress versions 3.1.2 and below clickjacking exploit that was part of an OWASP presentation on September 20th, 2011 in Wellington, New Zealand.

tags | exploit
MD5 | 1688b6eaa86b161c91dd0d6b4158f460
JAKCMS PRO 2.2.5 Arbitrary File Upload
Posted Sep 22, 2011
Authored by EgiX

JAKCMS PRO versions 2.2.5 and below arbitrary file upload exploits that allows for remote command execution.

tags | exploit, remote, arbitrary, file upload
MD5 | d0fe0dc1b6998414e97b326ffa5f6cd1
John The Ripper 1.7.8 Jumbo 7
Posted Sep 22, 2011
Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.

Changes: Support for cracking of encrypted PKZIP archives, Mac OS X 10.7 salted SHA-512 hashes, and DES-based tripcodes has been added. Optional OpenMP parallelization has been added for salted SHA-1 hashes of Mac OS X 10.4-10.6. DIGEST-MD5 cracker has been revised to be usable without requiring source code customizations. Experimental support for dynamically loaded plugins has been added. ".include" directive support and duplicate rule suppression have been added for john.conf. Support for additional character encodings and related features has been added. Numerous other enhancements have been made.
tags | cracker
systems | windows, unix, beos
MD5 | d9e55ce5c756436259f4c62bb237474b
Packet Fence 3.0.0
Posted Sep 22, 2011
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This is a major release focused on several new features. It has a redesigned captive portal, complete guest management including self-registration of devices by email activation or SMS, and pre-registered guest creation by administrators. It has a new feature to secure network access on unmanageable (consumer) devices (so-called inline enforcement). Bandwidth tracking with RADIUS accounting, RHEL / CentOS 6 support, and several usability improvements are in as well. Several things that annoyed the developers but that involved breaking changes have been fixed.
tags | tool, remote
systems | unix
MD5 | 607aa26917c3f6b642e4065a34fb3683
phpRS 2.8.1 Cross Site Scripting / SQL Injection
Posted Sep 22, 2011
Authored by iM4n

phpRS version 2.8.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 4ad44933f637798f5564af5c9369b7db
Red Hat Security Advisory 2011-1330-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1330-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause the Apache HTTP Server to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat Customer Portal are advised to apply this update.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-3192
MD5 | a2bbb2695577f4283ecd80c59cfb470d
Authenex SQL Injection
Posted Sep 22, 2011
Authored by Jose Carlos de Arriba

Authenex Web Management Console version 3.1.0.2 along with ASA versions 3.1.0.2 and 3.1.03 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | 2d9276db13cb892ba5f317ddfdc4317b
Nightwing 0.7.8
Posted Sep 22, 2011
Authored by Gustavo Lindberg, Julio C. Puigpinos, Martin A. Campff, Sebastián D. Criado | Site nightwing.lugro-mesh.org.ar

Nightwing allows the creation of quickly deployed wireless networks without the need to make complicated configurations. With the implementation of a Mesh technology called B.A.T.M.A.N, Nightwing allows the extension of wireless networks with a simple way of adding devices that works with minimal human intervention. It has public and private connection interfaces, and the ability to filter content using OpenDNS. It is designed with security in mind, and has low hardware requirements.

Changes: This release allows you to make the Private AP optional, as well as the configuration for this new feature in nw_conf and the Web Admin Interface. Marking in the Traffic Shaping script has changed. Special characters are allowed in passwords in the Web Admin Interface. The layout of the Web Admin interface has changed. You can reboot uhttpd thru the Web Admin interface. The page is refreshed in some browsers after the config is applied. Wireless mode selection has been added to the config page.
tags | tool, wireless
systems | linux
MD5 | 8467da26a737c29945174bffd26c5d63
Cogent Datahub 7.1.1.63 Buffer Overflow
Posted Sep 22, 2011
Authored by mr_me

Cogent Datahub versions 7.1.1.63 and below remote unicode buffer overflow exploit.

tags | exploit, remote, overflow
MD5 | 158d9671b4fa37c0289496809301706d
Help Desk Software 1.1b XSS / XSRF / SQL Injection
Posted Sep 22, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Help Desk Software version 1.1b suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | fea9d30eaccc9f423451a75b8ade40a3
NX Server For Linux 3.5.0-4 Vulnerable SUID Script
Posted Sep 22, 2011
Site ngssecure.com

NGS Secure has discovered a high risk vulnerability in (nomachine) NX Server for Linux 3.5.0-4 (Advanced and Enterprise across redhat and debian hosts).

tags | advisory
systems | linux, redhat, debian
MD5 | 5c26257da609ce35e0c91caaa4f12e5a
Red Hat Security Advisory 2011-1329-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1329-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause the Apache HTTP Server to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All users of JBoss Enterprise Web Server 1.0.2 should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, Red Hat Enterprise Linux 4 users must restart the httpd22 service, and Red Hat Enterprise Linux 5 and 6 users must restart the httpd service, for the update to take effect.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-3192
MD5 | 96afa31c7109cb5a46e6c7a5425abe42
Red Hat Security Advisory 2011-1327-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1327-01 - frysk is an execution-analysis technology implemented using native Java and C++. It provides developers and system administrators with the ability to examine and analyze multi-host, multi-process, and multithreaded systems while they are running. frysk is released as a Technology Preview for Red Hat Enterprise Linux 4. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in the embedded Pango library. If a frysk application were used to debug or trace a process that uses HarfBuzz while it loaded a specially-crafted font file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

tags | advisory, java, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3193
MD5 | 7b3f9df639f50f25d1a25a9e3d7e4134
Red Hat Security Advisory 2011-1326-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1326-01 - Pango is a library used for the layout and rendering of internationalized text. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in Pango. If a user loaded a specially-crafted font file with an application that uses Pango, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of pango are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart the X server for the update to take effect.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3193
MD5 | d34245ae1d7f7758ec3ddaefa20b0d31
Red Hat Security Advisory 2011-1325-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1325-01 - Pango is a library used for the layout and rendering of internationalized text. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in Pango. If a user loaded a specially-crafted font file with an application that uses Pango, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of evolution28-pango are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart the X server for the update to take effect.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3193
MD5 | 2446d9adc9f7b3e39028d9e19965f424
Blue Coat Reporter 9.1.x / 9.2.x Directory Traversal
Posted Sep 22, 2011
Authored by nitr0us

Blue Coat Reporter versions 9.1.x and 9.2.x suffer from an unauthenticated directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 18a6526b5fa7a66d9461983a208117a6
OneCMS 2.6.4 SQL Injection
Posted Sep 22, 2011
Authored by kurdish hackers team | Site kurdteam.org

OneCMS version 2.6.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 506a3c51ac2b48b14d4845596b55cf42
Andy's PHP Knowledgebase 0.95.5 Shell Upload
Posted Sep 22, 2011
Authored by Black.Spook

Andy's PHP Knowledgebase version 0.95.5 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, php
MD5 | eaf8e85f2ba3a37427af7af05df1c230
U.S. Geological Survey Website SQL Injection
Posted Sep 22, 2011
Site vulnerability-lab.com

The U.S. Geological Survey website suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2c2e0ead2e31e53effdc9906c5073ae7
Red Hat Security Advisory 2011-1324-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1324-01 - Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting attack. A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially-crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

tags | advisory, web, overflow, arbitrary, xss
systems | linux, redhat
advisories | CVE-2007-0242, CVE-2011-3193
MD5 | e34b4a17cb099c4d856fe493a4a00b60
Red Hat Security Advisory 2011-1323-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1323-01 - Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A buffer overflow flaw was found in the way Qt handled certain gray-scale image files. If a user loaded a specially-crafted gray-scale image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3193, CVE-2011-3194
MD5 | b0d85665f9f9c927a5d0e1e4ebce77ff
Page 1 of 1
Back1Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    1 Files
  • 18
    Apr 18th
    1 Files
  • 19
    Apr 19th
    19 Files
  • 20
    Apr 20th
    18 Files
  • 21
    Apr 21st
    30 Files
  • 22
    Apr 22nd
    18 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close