exploit the possibilities
Showing 1 - 14 of 14 RSS Feed

Files Date: 2011-09-27

Lanuguage Pack For ZAP 1.3.2
Posted Sep 27, 2011
Authored by Psiinon | Site owasp.org

This is the language pack for Zed Attack Proxy (ZAP). Languages supported include English, Brazilian Portuguese, Chinese, Danish, French, German, Greek, Indonesian, Japanese, Polish, and Spanish.

tags | web
MD5 | c576bd54403eb0735c29828257752df5
Zed Attack Proxy (ZAP) Client API 0.1 Alpha
Posted Sep 27, 2011
Authored by Psiinon | Site owasp.org

This is the client API for the Zed Attack Proxy (ZAP).

tags | web
MD5 | 8d976d2ea09ea7bc8fcceba3450361e3
Novell GroupWise Internet Agent HTTP Interface Buffer Overflow
Posted Sep 27, 2011
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by a boundary error in GroupWise Internet Agent (gwia.exe) within the HTTP interface (port 9850/tcp) when handling requests for certain .css resources. This can be exploited to cause a limited stack-based buffer overflow via a specially crafted, overly long request.

tags | advisory, web, denial of service, overflow, tcp
advisories | CVE-2011-0334
MD5 | 44fbab0b842830e629ffba61537857fd
Novell GroupWise Internet Agent TZNAME Parsing
Posted Sep 27, 2011
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by an integer truncation error in NgwiCalVTimeZoneBody::ParseSelf() within gwwww1.dll when GroupWise Internet Agent parses "TZNAME" variables in VCALENDAR data. This can be exploited to cause a heap-based buffer overflow via a specially crafted e-mail containing an overly long "TZNAME" property value. Successful exploitation may allow execution of arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2011-0333
MD5 | 8577c3bf385c08cc68b0d6332631fde5
Process Hollowing
Posted Sep 27, 2011
Authored by AutoSec Tools | Site autosectools.com

Whitepaper called Process Hollowing. Process hollowing is yet another tool in the kit of those who seek to hide the presence of a process. The idea is rather straight forward: a bootstrap application creates a seemingly innocent process in a suspended state. The legitimate image is then unmapped and replaced with the image that is to be hidden. If the preferred image base of the new image does not match that of the old image, the new image must be rebased. Once the new image is loaded in memory the EAX register of the suspended thread is set to the entry point. The process is then resumed and the entry point of the new image is executed.

tags | paper
MD5 | 991ac5d5f3a901007a494d89dc276de4
ServersCheck Monitoring 8.8.6 Session Hijacking / XSRF
Posted Sep 27, 2011
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

ServersCheck Monitoring version 8.8.6 suffers from cross site request forgery, cross site scripting, and session hijacking vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 704e1bac6b960525fa21142cb9c13a21
Ubuntu Security Notice USN-1216-1
Posted Sep 27, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1216-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2010-4076, CVE-2010-4077, CVE-2010-4251, CVE-2010-4805, CVE-2011-1020, CVE-2011-1493, CVE-2011-1577, CVE-2011-2213, CVE-2011-2484, CVE-2011-2492, CVE-2011-2700, CVE-2011-2723, CVE-2011-2918
MD5 | d6d6c466b796642d016c36b4c6cc7088
DNS Spider Multithreaded Bruteforcer 0.3
Posted Sep 27, 2011
Authored by noptrix | Site nullsecurity.net

DNS Spider is a multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.

Changes: Added verbose/quiet mode. Multiple bug fixes.
tags | tool, scanner
systems | unix
MD5 | 488fe62a8a2956ee2376a94c4046f72f
SSHTrix Multithreaded SSH Login Cracker 0.0.2
Posted Sep 27, 2011
Authored by noptrix | Site nullsecurity.net

sshtrix is a very fast multithreaded SSH login cracker. It supports SSHv1 and SSHv2. sshtrix was designed to automate rapid bruteforce attacks against SSH authentification screens. Unlike other public tools, the aim is to keep it simple, stable, fast and modular. With its clean code design, it is easy to extend the code to a framework or to fork it against protocols of your choice.

Changes: Multiple options added. Manpage updated. Multiple bug fixes and more.
tags | cracker, protocol
systems | unix
MD5 | cc9eecb6fb3729152a1fd79851b634fc
Adobe ColdFusion 7 Cross Site Scripting
Posted Sep 27, 2011
Authored by MustLive

Adobe ColdFusion versions 7 and below suffer from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
MD5 | 4734053d74e575743a75778a70726daf
Vanira CMS SQL Injection
Posted Sep 27, 2011
Authored by kurdish hackers team | Site kurdteam.org

Vanira CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 67e698d558cab4b495c2190303058b12
Red Hat Security Advisory 2011-1338-01
Posted Sep 27, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1338-01 - NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. The ifcfg-rh NetworkManager plug-in is used in Red Hat Enterprise Linux distributions to read and write configuration information from the /etc/sysconfig/network-scripts/ifcfg-* files. An input sanitization flaw was found in the way the ifcfg-rh NetworkManager plug-in escaped network connection names containing special characters. If PolicyKit was configured to allow local, unprivileged users to create and save new network connections, they could create a connection with a specially-crafted name, leading to the escalation of their privileges. Note: By default, PolicyKit prevents unprivileged users from creating and saving network connections.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2011-3364
MD5 | 021b9f8a73420bdf82dcca27c7240d53
Flynax SQL Injection
Posted Sep 27, 2011
Authored by Matias Fontanini, Santiago Alessandri, Raul Benencia, Gaston Traberg | Site nasel.com.ar

Multiple CMS systems from Flynax, such as General Classifieds Software version 3.2, Auto Classifieds Script version 3.2, and Real Estate Classifieds version 3.2 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5077912b15b276705f545f91b0fe463d
Apache Tomcat HTTP Digest Authentication
Posted Sep 27, 2011
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat suffers from multiple weaknesses in HTTP Digest authentication. It suffers from replay attacks, lack of value checking, and more. Tomcat versions 7.0.0 to 7.0.11, 6.0.0 to 6.0.32, and 5.5.0 to 5.5.33 are affected.

tags | advisory, web
advisories | CVE-2011-1184
MD5 | ce627ecc86572fab3f0db0aec8a23a14
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close