what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2011-10-03

Malware Analyser 3.3
Posted Oct 3, 2011
Authored by Beenu Arora | Site malwareanalyser.com

Malware Analyser is freeware tool to perform static and dynamic analysis on malwares.

Changes: Added traces signatures. Improved parsing. Bug fixes.
tags | tool, forensics
SHA-256 | f349bdbbeafc34f1e51d0e1bafb7ebaade4f4140aa0d2c8365eae7c7b00ab480
Ashampoo Burning Studio Elements 10.0.9 Heap Overflow
Posted Oct 3, 2011
Authored by LiquidWorm | Site zeroscience.mk

Ashampoo Burning Studio Elements version 10.0.9 suffers from a heap overflow vulnerability. It fails to properly sanitize user supplied input when parsing .ashprj project file formats resulting in a crash corrupting the heap-based memory. The attacker can use this scenario to lure unsuspecting users to open malicious crafted .ashprj files with a potential for arbitrary code execution on the affected system.

tags | exploit, overflow, arbitrary, code execution
SHA-256 | f75aa6cbf3a17f5685e22633550ca4c85791c38d464e76137942ed86c5fbeea8
Phorum 5.2.18 Cross Site Scripting
Posted Oct 3, 2011
Authored by Stefan Schurtz

Phorum version 5.2.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b777ae0e0e689165893e4be610d34f449797aefcebf13a1cd39e3b65fb2607ef
Netvolution CMS 2.5.8 Blind SQL Injection
Posted Oct 3, 2011
Authored by Patroklos Argyroudis, Dimitris Glynos | Site census-labs.com

Netvolution CMS version 2.5.8 suffers from a remote blind SQL injection vulnerability via the HTTP referer header.

tags | exploit, remote, web, sql injection
advisories | CVE-2011-3340
SHA-256 | 4f44a47ab87874ced4484f0eb85ac74d9c2673b9445def8cfc6979a55d36a55a
Metropolis Technologies OfficeWatch Directory Traversal
Posted Oct 3, 2011
Authored by Digital Defense, r@b13$, Chris Graham | Site digitaldefense.net

Metropolis Technologies OfficeWatch enables a web server on TCP port 80 that is susceptible to a directory traversal. An attacker may send a ../ (dot-dot-slash) sequence to traverse out of the web root and access arbitrary files on the host.

tags | advisory, web, arbitrary, root, tcp
SHA-256 | 4aba0388d8f62c4675129cd9356d9b16ec2a4a24eaf06d3eacdd7b61b4eeec3b
ThinVNC Product Suite Arbitrary File Retrieval
Posted Oct 3, 2011
Authored by Digital Defense, r@b13$ | Site digitaldefense.net

Multiple Cybele Software, Inc. products are vulnerable to arbitrary file retrieval and directory traversal vulnerabilities including ThinVNC, ThinRDP, and ThinVNC Access Point 2.0. An unauthenticated remote attacker can submit requests for files that are located outside the root of the web server that is distributed with these Cybele Software, Inc. products.

tags | advisory, remote, web, arbitrary, root, vulnerability
SHA-256 | 56804b5d4ec38a09363d2aa6c3a1d09a4a45a1dc896ccd35b22b89d77e0552cf
Hydra Network Logon Cracker 7.1
Posted Oct 3, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Added HTTP Proxy URL enumeration module, SOCKS4/SOCKS5 proxy support with authentication, IPv6 support for SOCKS5 module, and more. Various bug fixes and enhancements.
tags | tool, web, cracker, imap
systems | cisco, unix
SHA-256 | 551ef1f72848dab19f6a1ff9fe31f08143c8cef26f638d93e7110b4bce49d0a4
Debian Security Advisory 2314-1
Posted Oct 3, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2314-1 - Multiple security issues have been discovered in puppet, a centralized configuration management system.

tags | advisory
systems | linux, debian
advisories | CVE-2011-3848, CVE-2011-3870, CVE-2011-3869, CVE-2011-3871
SHA-256 | 4d61f7d2040b18a2d84536e900279ffbe5494482305020352fafcdf6f331a86b
Password Authentication Cracking!
Posted Oct 3, 2011
Authored by thc, David Maciejak

This article will show how to use Hydra to check for weak passwords. Hydra tries all possible password combination against a server on the Internet until one valid one is found to log in to the server. It is a powerful tool for hackers and network administrators alike.

tags | paper, cracker
SHA-256 | 56171bc530902f8968a9598509262077fabc677e9035e86cc837313228edf75b
Red Hat Security Advisory 2011-1349-01
Posted Oct 3, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1349-01 - The RPM Package Manager is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code. Note: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially-crafted RPM package to execute arbitrary code before its digital signature has been verified. Package downloads from the Red Hat Network remain secure due to certificate checks performed on the secure connection.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2011-3378
SHA-256 | cd4cf859a3f4de5d858f9eb9b426cab9223d94eb4ca30c0bdda789361f169e39
Ubuntu Security Notice USN-1224-1
Posted Oct 3, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1224-1 - It was discovered that rsyslog had an off-by-two error when parsing legacy syslog messages. An attacker could potentially exploit this to cause a denial of service via application crash.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2011-3200
SHA-256 | a148d87e10c395bed74c26136c803512ac4ffbb49c4e522a424f33cc1ca2188d
JBoss addURL Misconfiguration Attack
Posted Oct 3, 2011
Authored by y0ug

This is a proof of concept exploit that leverages the addUrl method in the DeploymentScanner module on an exposed JBoss JMX console.

tags | exploit, proof of concept
advisories | CVE-2010-0738
SHA-256 | 3b14a4e6aa14ccbdd211ed14a974885f5bc04e420e7ba32e5ebbbb4652200efb
QtWeb 3.7.3 URL Spoof
Posted Oct 3, 2011
Authored by Lostmon | Site lostmon.blogspot.com

QtWeb Internet Browser version 3.7.3 suffers from a URL spoofing vulnerability that can allow for phishing attacks.

tags | exploit, spoof
SHA-256 | 3dadd430edb5cb322c0dc220dd1cf2a7a018bd53c1897a5b76b46611c3b6e067
Packet Storm New Exploits For September, 2011
Posted Oct 3, 2011
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 286 exploits added to Packet Storm in September, 2011.

tags | exploit
systems | linux
SHA-256 | 04979eedfdf25cc074c7f7dd09f122d8854ea74b3b2522b606e702aced4b5443
Browser Exploit Against SSL/TLS
Posted Oct 3, 2011
Authored by Juliano Rizzo, Thai Duong

Browser Exploit Against SSL/TLS, or BEAST, is a proof of concept tool that demonstrates a weakness in the SSL protocol. It allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.

tags | exploit, protocol, proof of concept
SHA-256 | 8526928f509f97d7e0834f717c78107205e579fe4ff0afe98df28f0c90da1eca
Page 1 of 1

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By