exploit the possibilities
Showing 1 - 25 of 25 RSS Feed

Files Date: 2011-09-22

FBC-Market CMS 1.1 Cross Site Scripting
Posted Sep 22, 2011
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

FBC-Market CMS version 1.1 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 09817e2c30bb455f5a4f765c97d05e24dedf95adcf65a34b06c088ba789f92a0
Ubuntu Security Notice USN-1214-1
Posted Sep 22, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1214-1 - Tomas Hoger discovered that GIMP incorrectly handled malformed LZW streams. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-2896
SHA-256 | 5649d72589cc6c97930d976d341ad0c29f94500381763825f20a088a4df9292e
Ani-Shell 1.4 PHP Shell
Posted Sep 22, 2011
Authored by Aneesh Dogra

Ani-Shell is a simple PHP shell with some unique features like a mass mailer, ddoser, connect-back shell, bind shell, and various other features.

tags | tool, shell, php, rootkit
systems | unix
SHA-256 | 5d436e5e3f0f9049b1f6c13ff1c3e8d6533281bd4fb1495f94866b260b5e0b5a
secureURL.php Design Flaws
Posted Sep 22, 2011
Authored by G. Pek, B. Bencsath, BME CrySyS Lab, L. Buttyan

Design flaws make it possible to find out hash of the secret used for URL generation in secureURL.php version 2.0. The problem enables malicious parties to calculate checksum over fabricated URL parameters. The design flaws render the system ineffective against attacks and gives a false sense of security.

tags | advisory, php
SHA-256 | 2bac6017745b6a2c0260aed056b9e2dfa6f9642bd68c12696537a9e5fa1695a9
WordPress 3.1.2 Clickjacking
Posted Sep 22, 2011
Authored by Andrew Horton | Site security-assessment.com

WordPress versions 3.1.2 and below clickjacking exploit that was part of an OWASP presentation on September 20th, 2011 in Wellington, New Zealand.

tags | exploit
SHA-256 | d4a46b300c33199d62f520ab8dfe78f8b757bb617b125029fabdb5451143d0d3
JAKCMS PRO 2.2.5 Arbitrary File Upload
Posted Sep 22, 2011
Authored by EgiX

JAKCMS PRO versions 2.2.5 and below arbitrary file upload exploits that allows for remote command execution.

tags | exploit, remote, arbitrary, file upload
SHA-256 | 53a1b1da7731dc0103e75d2e48b13fa41c546b8838b40a37ce1ecb416158b99e
John The Ripper 1.7.8 Jumbo 7
Posted Sep 22, 2011
Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.

Changes: Support for cracking of encrypted PKZIP archives, Mac OS X 10.7 salted SHA-512 hashes, and DES-based tripcodes has been added. Optional OpenMP parallelization has been added for salted SHA-1 hashes of Mac OS X 10.4-10.6. DIGEST-MD5 cracker has been revised to be usable without requiring source code customizations. Experimental support for dynamically loaded plugins has been added. ".include" directive support and duplicate rule suppression have been added for john.conf. Support for additional character encodings and related features has been added. Numerous other enhancements have been made.
tags | cracker
systems | windows, unix, beos
SHA-256 | cd2ec7c7e2d178ab67e21097365bc72a0d202ffdcb27b4b6cdfe09b7ca9c2df3
Packet Fence 3.0.0
Posted Sep 22, 2011
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This is a major release focused on several new features. It has a redesigned captive portal, complete guest management including self-registration of devices by email activation or SMS, and pre-registered guest creation by administrators. It has a new feature to secure network access on unmanageable (consumer) devices (so-called inline enforcement). Bandwidth tracking with RADIUS accounting, RHEL / CentOS 6 support, and several usability improvements are in as well. Several things that annoyed the developers but that involved breaking changes have been fixed.
tags | tool, remote
systems | unix
SHA-256 | 20c69e1f380cf1263b9ca1277688da3d530b4f35a666f85f08603a6cfb7fcf67
phpRS 2.8.1 Cross Site Scripting / SQL Injection
Posted Sep 22, 2011
Authored by iM4n

phpRS version 2.8.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | b19cfe13ab6c40445258baa9295b98457e1244a6ebfb220284a38f8c7d96813f
Red Hat Security Advisory 2011-1330-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1330-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause the Apache HTTP Server to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat Customer Portal are advised to apply this update.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-3192
SHA-256 | 4c4d52c5fd2a5c20616f3ebc71ce87be9cc1e7162d05e80b851e4a21b45fc3b8
Authenex SQL Injection
Posted Sep 22, 2011
Authored by Jose Carlos de Arriba

Authenex Web Management Console version 3.1.0.2 along with ASA versions 3.1.0.2 and 3.1.03 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
SHA-256 | f902f5944c444b8605a921cdb93fa4459555c5706c75362bd646d783250aa507
Nightwing 0.7.8
Posted Sep 22, 2011
Authored by Gustavo Lindberg, Julio C. Puigpinos, Martin A. Campff, Sebastián D. Criado | Site nightwing.lugro-mesh.org.ar

Nightwing allows the creation of quickly deployed wireless networks without the need to make complicated configurations. With the implementation of a Mesh technology called B.A.T.M.A.N, Nightwing allows the extension of wireless networks with a simple way of adding devices that works with minimal human intervention. It has public and private connection interfaces, and the ability to filter content using OpenDNS. It is designed with security in mind, and has low hardware requirements.

Changes: This release allows you to make the Private AP optional, as well as the configuration for this new feature in nw_conf and the Web Admin Interface. Marking in the Traffic Shaping script has changed. Special characters are allowed in passwords in the Web Admin Interface. The layout of the Web Admin interface has changed. You can reboot uhttpd thru the Web Admin interface. The page is refreshed in some browsers after the config is applied. Wireless mode selection has been added to the config page.
tags | tool, wireless
systems | linux
SHA-256 | 7a5bae353ed79b4d770caa71fc5747857d3d8342bec117dc2b58c8ac24009d11
Cogent Datahub 7.1.1.63 Buffer Overflow
Posted Sep 22, 2011
Authored by mr_me

Cogent Datahub versions 7.1.1.63 and below remote unicode buffer overflow exploit.

tags | exploit, remote, overflow
SHA-256 | b1a1fdfc109ba113353c2d3449719feaaa4bf7570bf06bc28a5f1ddb73a33455
Help Desk Software 1.1b XSS / XSRF / SQL Injection
Posted Sep 22, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Help Desk Software version 1.1b suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | 7c45c237a4df997457e5bd3ad6b66521ade15991fe7669f4b51a3cc9d807bfea
NX Server For Linux 3.5.0-4 Vulnerable SUID Script
Posted Sep 22, 2011
Site ngssecure.com

NGS Secure has discovered a high risk vulnerability in (nomachine) NX Server for Linux 3.5.0-4 (Advanced and Enterprise across redhat and debian hosts).

tags | advisory
systems | linux, redhat, debian
SHA-256 | 7d6ce6c13a81311a3dab3d62c8f6f1fcd10802a5c27a2eec0d0c72aecd82d362
Red Hat Security Advisory 2011-1329-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1329-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause the Apache HTTP Server to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All users of JBoss Enterprise Web Server 1.0.2 should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, Red Hat Enterprise Linux 4 users must restart the httpd22 service, and Red Hat Enterprise Linux 5 and 6 users must restart the httpd service, for the update to take effect.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-3192
SHA-256 | 09a25924843b91f3f50dabe88e350b2457e7ea33b36285fc79174f374c87f60d
Red Hat Security Advisory 2011-1327-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1327-01 - frysk is an execution-analysis technology implemented using native Java and C++. It provides developers and system administrators with the ability to examine and analyze multi-host, multi-process, and multithreaded systems while they are running. frysk is released as a Technology Preview for Red Hat Enterprise Linux 4. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in the embedded Pango library. If a frysk application were used to debug or trace a process that uses HarfBuzz while it loaded a specially-crafted font file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

tags | advisory, java, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3193
SHA-256 | f2ce352dc25eaf310d9bca25771cbd7c1b96df23f5bb9f0751705aae4632658c
Red Hat Security Advisory 2011-1326-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1326-01 - Pango is a library used for the layout and rendering of internationalized text. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in Pango. If a user loaded a specially-crafted font file with an application that uses Pango, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of pango are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart the X server for the update to take effect.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3193
SHA-256 | 702c85e7c9ccaf5dcb5dec68ba2238f7d983950a1752624f9190a5490c11e2f3
Red Hat Security Advisory 2011-1325-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1325-01 - Pango is a library used for the layout and rendering of internationalized text. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in Pango. If a user loaded a specially-crafted font file with an application that uses Pango, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of evolution28-pango are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart the X server for the update to take effect.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3193
SHA-256 | a1c24e64298830d8a2e338ef21d6a3d7fbe44b1bc20b76eb7693299bfb9d4913
Blue Coat Reporter 9.1.x / 9.2.x Directory Traversal
Posted Sep 22, 2011
Authored by nitr0us

Blue Coat Reporter versions 9.1.x and 9.2.x suffer from an unauthenticated directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | c95584bb52b8fdac0511f9e7187ff91fb07dbb25ff55a569ad9a80cc33f03b75
OneCMS 2.6.4 SQL Injection
Posted Sep 22, 2011
Authored by kurdish hackers team | Site kurdteam.org

OneCMS version 2.6.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 340723e660fc8e70dd451b2d7e698464fa396300d183bc5e62d694cf4d42c827
Andy's PHP Knowledgebase 0.95.5 Shell Upload
Posted Sep 22, 2011
Authored by Black.Spook

Andy's PHP Knowledgebase version 0.95.5 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, php
SHA-256 | 3090126effdf18e3ed5b2303531c98fe3c999ecd9072bc3d99b8767083084359
U.S. Geological Survey Website SQL Injection
Posted Sep 22, 2011
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

The U.S. Geological Survey website suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4a13a716e4a0712213640cb4f24263b14e5729a356f29ace454255c4669c9f11
Red Hat Security Advisory 2011-1324-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1324-01 - Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting attack. A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially-crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

tags | advisory, web, overflow, arbitrary, xss
systems | linux, redhat
advisories | CVE-2007-0242, CVE-2011-3193
SHA-256 | 32bd8ac5fcc0b20ce8d3211423b8151ce158385ff712a0eb6ef6c742efb0c8be
Red Hat Security Advisory 2011-1323-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1323-01 - Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A buffer overflow flaw was found in the way Qt handled certain gray-scale image files. If a user loaded a specially-crafted gray-scale image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3193, CVE-2011-3194
SHA-256 | 2b4e351ecf7b1e04b2a289d89c0a98e84a8bc39de3fd6f4dd885d4a0e30e59c4
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close