what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files Date: 2011-10-06

Beyond SQLi: Obfuscate And Bypass
Posted Oct 6, 2011
Authored by CWH Underground, ZeQ3uL, Suphot Boonchamnan

Whitepaper called Beyond SQLi: Obfuscate and Bypass. It discusses filter evasion, normal and advanced SQL injection bypassing techniques, and more.

tags | paper, sql injection
MD5 | 9e7b151e12188442fe45bb9959d31873
Opera 10/11 Memory Corruption
Posted Oct 6, 2011
Authored by Jose Antonio Vazquez Gonzalez | Site metasploit.com

This Metasploit module exploits a vulnerability in the nesting of frameset and iframe tags as implemented within Opera Browser. A memory corruption is triggered and some pointers got corrupted with invalid addresses. Successfully exploiting leads to remote code execution or denial of service condition under Windows XP SP3 (DEP = off).

tags | exploit, remote, denial of service, code execution
systems | windows, xp
advisories | CVE-2011-2628, OSVDB-72406
MD5 | 2e1e6745572f345c12fa0458940bb066
Microsoft Security Bulletin Advance Notification For October 2011
Posted Oct 6, 2011
Site microsoft.com

This is an advance notification of 8 security bulletins that Microsoft is intending to release on October 11, 2011.

tags | advisory
MD5 | cbcb124a91ae9b051de6a27a3f274033
Red Hat Security Advisory 2011-1360-01
Posted Oct 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1360-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple input sanitization flaws were found in the X.Org GLX extension. A malicious, authorized client could use these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. An input sanitization flaw was found in the X.Org Render extension. A malicious, authorized client could use this flaw to leak arbitrary memory from the X.Org server process, or possibly crash the X.Org server.

tags | advisory, arbitrary, root
systems | linux, redhat
advisories | CVE-2010-4818, CVE-2010-4819
MD5 | c39db54532a32fa4989587f922b83ce7
Red Hat Security Advisory 2011-1359-01
Posted Oct 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1359-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple input sanitization flaws were found in the X.Org GLX extension. A malicious, authorized client could use these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. An input sanitization flaw was found in the X.Org Render extension. A malicious, authorized client could use this flaw to leak arbitrary memory from the X.Org server process, or possibly crash the X.Org server.

tags | advisory, arbitrary, root
systems | linux, redhat
advisories | CVE-2010-4818, CVE-2010-4819
MD5 | e627b8e8a42d2ce86707df327e6f11fe
Sparhawk SQL Injection
Posted Oct 6, 2011
Authored by Kalashinkov3

Sparhawk suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 19c73221c8d72067b29ed6431dbdb21d
Desarrollado por Goyo SQL Injection
Posted Oct 6, 2011
Authored by 3spi0n

Desarrollado por Goyo suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 61aee1fd17150001306b4ff2a6a25399
Active CMS 1.2.0 Cross Site Scripting
Posted Oct 6, 2011
Authored by Stefan Schurtz

Active CMS version 1.2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a0215618249aaf3eafe05ac5835f0926
Apache Reverse Proxy Bypass
Posted Oct 6, 2011
Authored by Michael Jordon, Context Information Security Ltd, David Robinson | Site contextis.co.uk

Context discovered a security vulnerability which allows for Apache in reverse proxy mode to be used to access internal/DMZ systems due to a weakness in its handling of URLs being processed by mod_rewrite. Versions 1.3 and 2.x are affected.

tags | exploit
advisories | CVE-2011-3368
MD5 | 9addd7449e86f0c37284f65e8907acf8
Qmail Scanner 2.10
Posted Oct 6, 2011
Site qmail-scanner.sourceforge.net

Qmail-Scanner, (previously known as scan4virus) is an addon that enables a Qmail Email server to scan all gatewayed Email for certain characteristics. It is typically used for its anti-virus protection functions, in which case it is used in conjunction with commercial virus scanners, but also enables a site to react to Email (at a server/site level) that contains specific strings in particular headers, or particular attachment filenames or types.

Changes: Some minor bugs were fixed. New features include DLP support and Team Cymru Malware Hash Registry support.
tags | virus
systems | linux, unix
MD5 | 6dc3f2ec8b9cb76c8347e904002a406e
Tsmim Lessons Library SQL Injection
Posted Oct 6, 2011
Authored by Mr.PaPaRoSSe

Tsmim Lessons Library suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 499b833ce5e55eab93bb3092994f5295
Ubuntu Security Notice USN-1223-2
Posted Oct 6, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1223-2 - USN-1223-1 fixed vulnerabilities in Puppet. A regression was found on Ubuntu 10.04 LTS that caused permission denied errors when managing SSH authorized_keys files with Puppet. This update fixes the problem. It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. Ricky Zhou discovered that Puppet did not drop privileges when creating SSH authorized_keys files. A local attacker could exploit this to overwrite arbitrary files as root. It was discovered that Puppet used a predictable filename when using the --edit resource. A local attacker could exploit this to edit arbitrary files or run arbitrary code as the user invoking the program, typically root. Various other issues were also addressed.

tags | advisory, arbitrary, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-3869, CVE-2011-3870, CVE-2011-3871
MD5 | 2cf077ba086723445db3e104ccc0dc0c
Red Hat Security Advisory 2011-1356-01
Posted Oct 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1356-01 - Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was found in the way Openswan's pluto IKE daemon handled certain error conditions. A remote, unauthenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-3380
MD5 | 1ad55472000af095f8be66468d4d9bdc
Red Hat Security Advisory 2011-1350-01
Posted Oct 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1350-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local user to cause a denial of service or escalate their privileges. An integer overflow flaw in agp_allocate_memory() could allow a local user to cause a denial of service or escalate their privileges.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2011-1160, CVE-2011-1745, CVE-2011-1746, CVE-2011-1833, CVE-2011-2022, CVE-2011-2484, CVE-2011-2496, CVE-2011-2521, CVE-2011-2723, CVE-2011-2898, CVE-2011-2918
MD5 | 79a99725db7b874bbfbfc554b61f3e78
Cisco Security Advisory 20111005-fwsm
Posted Oct 6, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers is affected by denial of service and authentication bypass vulnerabilities. Cisco has released free software updates that address these vulnerabilities. Workarounds are available for some of the vulnerabilities disclosed in this advisory.

tags | advisory, denial of service, vulnerability
systems | cisco
advisories | CVE-2011-3296, CVE-2011-3297, CVE-2011-3298, CVE-2011-3299, CVE-2011-3300, CVE-2011-3301, CVE-2011-3302, CVE-2011-3303
MD5 | edd44d13d5ea81bd68a8d1c153da5be3
Apache mod_proxy Reverse Proxy Exposure
Posted Oct 6, 2011
Site apache.org

The Apache mod_proxy module suffers from a reverse proxy exposure vulnerability.

tags | advisory
advisories | CVE-2011-3368
MD5 | 8d45f3c67f8ac77f470f6eb56cef53ce
Cisco Security Advisory 20111005-nac
Posted Oct 6, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Network Admission Control (NAC) Manager contains a directory traversal vulnerability that may allow an unauthenticated attacker to obtain system information. There are no workarounds to mitigate this vulnerability. Cisco has released free software updates that address this vulnerability.

tags | advisory
systems | cisco
advisories | CVE-2011-3305
MD5 | bfae85354b5e5dc33465f151d7574b7b
Cisco Security Advisory 20111005-asa
Posted Oct 6, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module are affected by denial of service and authentication bypass vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | cisco
advisories | CVE-2010-3302, CVE-2011-3298, CVE-2011-3299, CVE-2011-3300, CVE-2011-3301, CVE-2011-3303, CVE-2011-3304
MD5 | 0fbf48c58fec252184743a2516bb7643
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    13 Files
  • 30
    Oct 30th
    8 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close