exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 44 RSS Feed

Files Date: 2011-10-14

PROMOTIC 8.1.3 Directory Traversal / Overflows
Posted Oct 14, 2011
Authored by Luigi Auriemma | Site aluigi.org

PROMOTIC version 8.1.3 suffers from an ActiveX SaveCfg stack overflow, an ActiveX AddTrend heap overflow, and a directory traversal. Details and proof of concept included.

tags | exploit, overflow, activex, proof of concept, file inclusion
systems | linux
SHA-256 | 3771948f0bd952728776730df1a273e42847c65f28d2f2d69c737d27de5ba2c2
Ubuntu Security Notice USN-1230-1
Posted Oct 14, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1230-1 - Felix Geyer discovered that the quassel-core post installation script created data and logging directories which were readable by all users. The post installation script also generated a certificate, in the data directory, which was readable by all users.

tags | advisory
systems | linux, ubuntu
SHA-256 | cf859e1ad1c98b0dde07bdc578e2b168e650f347139813585542152040c3f5c3
Xenon SQL Injection
Posted Oct 14, 2011
Authored by m3rciL3Ss

Sites designed by Xenon suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | c098a4388a127889dfd3764db922cde8244b6a82e61ff357ae5785d470fd40d5
PcVue 10.0 Function Pointer Overwrite
Posted Oct 14, 2011
Authored by Luigi Auriemma, mr_me, TecR0c | Site metasploit.com

This Metasploit module exploits a function pointer control within SVUIGrd.ocx of PcVue 10.0. By setting a dword value for the SaveObject() or LoadObject(), an attacker can overwrite a function pointer and execute arbitrary code.

tags | exploit, arbitrary
SHA-256 | 9cec135d4cf28788b201ff76bbf8e4da5b3898cae8eca25fb07c606afc723f80
Mozilla Firefox Array.reduceRight() Integer Overflow
Posted Oct 14, 2011
Authored by Chris Rohlf, Matteo Memelli, sinn3r, dookie2000ca, Yan Ivnitskiy | Site metasploit.com

This Metasploit module exploits a vulnerability found in Mozilla Firefox 3.6. When an array object is configured with a large length value, the reduceRight() method may cause an invalid index being used, allowing arbitrary remote code execution. Please note that the exploit requires a longer amount of time (compared to a typical browser exploit) in order to gain control of the machine.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2011-2371
SHA-256 | eca7d8b6931584eb3a994d517c4e7c7d6ee00bc2c0a6e1a811a275c54de08fa6
Gentoo Linux Security Advisory 201110-11
Posted Oct 14, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-11 - Multiple vulnerabilities in Adobe Flash Player might allow remote attackers to execute arbitrary code or cause a denial of service. Versions less than 10.3.183.10 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-0558, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0575, CVE-2011-0577, CVE-2011-0578, CVE-2011-0579, CVE-2011-0589, CVE-2011-0607, CVE-2011-0608, CVE-2011-0609, CVE-2011-0611, CVE-2011-0618, CVE-2011-0619, CVE-2011-0620, CVE-2011-0621, CVE-2011-0622, CVE-2011-0623, CVE-2011-0624, CVE-2011-0625, CVE-2011-0626, CVE-2011-0627, CVE-2011-0628
SHA-256 | 1fc7f689cdb3c883ce36c76490807f1cc45caa5c421b71567dc8d8327d946b70
Gentoo Linux Security Advisory 201110-10
Posted Oct 14, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-10 - Insecure usage of server provided filenames may allow the creation or overwriting of local files when using wget. Versions less than 1.12-r2 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2010-2252
SHA-256 | 57dae58b35db5d84d829246ae2e2948d8086cfde9ce02247b86fb1f06da2ba7e
Gentoo Linux Security Advisory 201110-09
Posted Oct 14, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-9 - A privilege escalation vulnerability was found in Conky. Versions less than 1.8.1-r2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2011-3616
SHA-256 | 1cd8d87ed499a61416faa2be73cf9604d0fd72578063d92e215492c7fe003f3e
Secunia Security Advisory 46366
Posted Oct 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for moin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, debian
SHA-256 | cf0138ff322e3ab94042d38771e594ed95b5964bbd8dd0800ea8623627a65784
Gentoo Linux Security Advisory 201110-08
Posted Oct 14, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-8 - Multiple vulnerabilities were found in feh, the worst of which leading to remote passive code execution. Versions less than 1.12 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2010-2246, CVE-2011-0702, CVE-2011-1031
SHA-256 | 6c4e5614a2ed2293e58f95ab888ae9613792e279a5a9c7299e6fc2453fb2152b
WordPress Contact Form 2.7.5 SQL Injection / Patch
Posted Oct 14, 2011
Authored by Skraps

WordPress Contact Form plugin versions 2.7.5 and below suffer from a remote SQL injection vulnerability. A patch is included.

tags | exploit, remote, sql injection
SHA-256 | 9b07f455f6aee294073adabc402040fdad7b34b7d958d48990162aa3974e39f7
Red Hat Security Advisory 2011-1371-01
Posted Oct 14, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1371-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the Pidgin SILC protocol plug-in escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted SILC message. Multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use these flaws to crash Pidgin via a specially-crafted notification message.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-1091, CVE-2011-3594
SHA-256 | f0ad974a63999ee0a2da67fe7b5c6434dc5657a1919e71a6c7d833f173143ae6
MS11-077 .FON Kernel-Mode Buffer Overrun
Posted Oct 14, 2011
Authored by Byoungyoung Lee

Microsoft .fon extension kernel-mode buffer overrun proof of concept exploit and write-up.

tags | exploit, overflow, kernel, proof of concept
systems | linux
advisories | CVE-2011-2003
SHA-256 | c9041b25d1db7f3af1b8cb43239c5d141716f9bc0a5017a00f045f34067e378d
Secunia Security Advisory 46388
Posted Oct 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for cyrus-imapd. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to compromise a vulnerable system.

tags | advisory, vulnerability
systems | linux, fedora
SHA-256 | 371219e3e280e00f3847a8fead33b4cd6da0211c979fb72c5558ee22ee910292
Secunia Security Advisory 46384
Posted Oct 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for openswan. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, fedora
SHA-256 | 6942e1af39177c84f6d258135a458bd121fd8b288bc334d322291d46cb81cef8
Secunia Security Advisory 46441
Posted Oct 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in the eTree component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 570f71efbdc7dd22728f2a2ca3a2168ec70049fbca8a533d639cad7cbf11dbfd
Secunia Security Advisory 46356
Posted Oct 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for feh. This fixes a weakness and a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to potentially compromise a user's system.

tags | advisory, local
systems | linux, gentoo
SHA-256 | c6beac10c35681bd1ef9a8ffb8e6ff6872e46582552a8409e50d5392b76f3462
Secunia Security Advisory 46446
Posted Oct 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in EC-CUBE, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 656d86a2eba803110946a44d921ac95c5226a0b762038734d70016ae27c86dbc
iDefense Security Advisory 10.12.11 - OfficeImport
Posted Oct 14, 2011
Authored by iDefense Labs, Tobias Klein | Site idefense.com

iDefense Security Advisory 10.12.11 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. iOS versions prior to 5 are vulnerable.

tags | advisory, remote, arbitrary
systems | cisco, apple
advisories | CVE-2011-3260
SHA-256 | 942d74f656f37c0e192a61cad927f560e615855d6d84fc3d9b682b994f4e47bf
iDefense Security Advisory 10.12.11 - MobileSafari
Posted Oct 14, 2011
Authored by iDefense Labs, Christian Matthies | Site idefense.com

iDefense Security Advisory 10.12.11 - Remote exploitation of a cross site scripting vulnerability in Apple Inc.'s MobileSafari could allow an attacker to view sensitive information in the context of the targeted domain. iOS versions prior to 5 are vulnerable.

tags | advisory, remote, xss
systems | cisco, apple
advisories | CVE-2011-3426
SHA-256 | f0c865bb1f976b089d902e9f7390f2f2ca0c59d60500b96ec2cbe3e73945e00c
Red Hat Security Advisory 2011-1369-01
Posted Oct 14, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1369-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-3192
SHA-256 | f9744937ca728dde6c061d9b423e536392bde93fd90da8b2c7901931451c0fc4
Almzn Cross Site Scripting / SQL Injection
Posted Oct 14, 2011
Authored by indoushka

Almzn suffers from cross site scripting, SQL injection, and add administrator vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | a8370fa029e9823b3cf1f50916327d134932ca72868530bb518a6b107f00efaa
Technical Cyber Security Alert 2011-286A
Posted Oct 14, 2011
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2011-286A - There are multiple vulnerabilities in Mac OS X 10.6.8, 10.7, and 10.7.1 and Mac OS X Server 10.6.8, 10.7, and 10.7.1. Apple has released updates to address these vulnerabilities.

tags | advisory, vulnerability
systems | apple, osx
SHA-256 | f8e5be39396a195dc1dc30012aa1575c33052ce127689291b4cd47f6df51bf61
Joomla Directory Tree SQL Injection
Posted Oct 14, 2011
Authored by Sid3 effects

The Joomla Directory Tree component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 147eadc55394af1ca270019429bec35dd425c9eb313cef0ee49125f915d4b27d
Ubuntu Security Notice USN-1229-1
Posted Oct 14, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1229-1 - It was discovered that the blowfish algorithm in the pgcrypto module incorrectly handled certain 8-bit characters, resulting in the password hashes being easier to crack than expected. An attacker who could obtain the password hashes would be able to recover the plaintext with less effort.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2011-2483
SHA-256 | 649358d7dbacd6dd66eea3975147611d64a8d7d4b6143b19fbe78c20ef3d65c9
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close