exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files Date: 2011-10-18

BoonEx Dolphin 6.1 SQL Injection
Posted Oct 18, 2011
Authored by Yuri Goltsev | Site ptsecurity.com

Positive Research Center has discovered an SQL injection vulnerability in Dolphin version 6.1 due to a lack of input validation.

tags | advisory, sql injection
SHA-256 | 6e7491c597fac9d80353c3599136713e5b76b1d076448738c1d54df96c58c841
Gentoo Linux Security Advisory 201110-13
Posted Oct 18, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-13 - Multiple vulnerabilities were found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code. Versions less than 0.2.1.30 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-0015, CVE-2011-0016, CVE-2011-0427, CVE-2011-0490, CVE-2011-0491, CVE-2011-0492, CVE-2011-0493, CVE-2011-1924
SHA-256 | 096d2f83ba0d522e255e5c18f1589543888db4a3edfd2bea51bf8a0b475e1e7e
Ubuntu Security Notice USN-1232-1
Posted Oct 18, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1232-1 - It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly read arbitrary data from the X server process. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.

tags | advisory, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2010-4818, CVE-2010-4819, CVE-2011-4028, CVE-2011-4029
SHA-256 | a04660c7b598d19e4f72432e2a317262cebfd0b9fa6d764460a7bd04e7a74a4f
Mandriva Linux Security Advisory 2011-156
Posted Oct 18, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-156 - Multiple vulnerabilities has been discovered and corrected in tomcat 5.5.x. The implementation of HTTP DIGEST authentication in tomcat was discovered to have several weaknesses. Apache Tomcat, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. Apache Tomcat, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service by leveraging an untrusted web application. Certain AJP protocol connector implementations in Apache Tomcat allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, denial of service, local, spoof, vulnerability, protocol
systems | linux, mandriva
advisories | CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-3190
SHA-256 | b2c7cee78dc0a955a2f2c042e67a3848b405f7deb0d7e35b46e4354ba47ef1f1
Packet Storm Mac OS X Widget
Posted Oct 18, 2011
Authored by Saitek

Packet Storm Widget is a Mac OS X widget that allows users to see all latest news from packetstormsecurity.org. A user can choose between different kind of news to see: All of the Latest Content, Latest News, Latest Files, Latest 0 Days, Latest Vulnerabilities and Latest Exploits. This allows a user to always keep up to date on their favorite security topics. Please note that this was *not* created by Packet Storm Security and questions should be directed to the author. This should run on Leopard, Snow Leopard, Lion and Tiger.

tags | vulnerability
systems | apple, osx
SHA-256 | 69c119dd10637e93745b7d47028577720527e2e790477da1e00cfc3d5ceebc42
Apple Safari Webkit libxslt Arbitrary File Creation
Posted Oct 18, 2011
Authored by Nicolas Gregoire | Site metasploit.com

This Metasploit module exploits a file creation vulnerability in the Webkit rendering engine. It is possible to redirect the output of a XSLT transformation to an arbitrary file. The content of the created file must be ASCII or UTF-8. The destination path can be relative or absolute. This Metasploit module has been tested on Safari and Maxthon. Code execution can be achieved by first uploading the payload to the remote machine in VBS format, and then upload a MOF file, which enables Windows Management Instrumentation service to execute the VBS.

tags | exploit, remote, arbitrary, code execution
systems | windows
advisories | CVE-2011-1774, OSVDB-74017
SHA-256 | c3cc069840b33d66dc0f5eb936fd86d7c0e81a9ca3077cb540669d0523d716eb
Dolphin 7.0.7 PHP Code Injection
Posted Oct 18, 2011
Authored by EgiX

Dolphin versions 7.0.0 through 7.0.7 remote PHP code injection exploit.

tags | exploit, remote, php
SHA-256 | f8491a4888891439bd445b8f8fad6b81712c31b0ac7b701243d0d96f85f10c23
Joomla NoNumber Framework Local File Inclusion / Shell Upload
Posted Oct 18, 2011
Authored by jdc

The Joomla NoNumber Framework component suffers from local file inclusion and shell upload vulnerabilities.

tags | exploit, shell, local, vulnerability, file inclusion
SHA-256 | e3ae091577864ca2191cda6842e17f20d23686b3a23d2de2b27c1ca2850d9f76
Ubuntu Security Notice USN-1231-1
Posted Oct 18, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1231-1 - Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socket_connect function's handling of long pathnames for AF_UNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code; however, the default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Krzysztof Kotowicz discovered that the PHP post handler function does not properly restrict filenames in multipart/form-data POST requests. This may allow remote attackers to conduct absolute path traversal attacks and possibly create or overwrite arbitrary files. This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2010-1914, CVE-2010-2484, CVE-2011-1657, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3267
SHA-256 | 69845e86133335adaba83dacbab9b866d4f7fa4fe3cf57ea5923181d6f1d3289
Northern Racing SQL Injection
Posted Oct 18, 2011
Authored by poach3r

Northern Racing suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b537bbb9d4a91562f89cc78fa5612e6b135909ae054e17b2edda07a006528f79
Creating Your Own Abstract Processor
Posted Oct 18, 2011
Authored by Aodrulez

Whitepaper called Creating Your Own Abstract Processor. The author discusses creating a theoretical processor architecture that one can develop at the software level.

tags | paper
SHA-256 | 3377a9e7607686a8415eb224532b12bc436eda19656f6192d4f244d9c631a003
Eurotax.com Cross Site Scripting
Posted Oct 18, 2011
Authored by Das Kommando Petra Wolf

Eurotax.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d9fe81ebef5026ce0ee70120ba44d61061a6692e1778b7957a06c7230d83c351
Webciters SQL Injection
Posted Oct 18, 2011
Authored by 3spi0n

Sites powered by Webciters suffer from multiple SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection
SHA-256 | 750e1c069dc13cb7dcdcaca62659ef9bb62002de1c8bf40379f2d0727ed67fcd
Secunia Security Advisory 46421
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory, vulnerability
SHA-256 | 8a4a00a42e2f1eff392be67f5ced6c719f204f8137908da764ec55568a6acb56
Secunia Security Advisory 46463
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the phpMyAdmin extension for TYPO3, which can be exploited malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 6ecce104a578fb17f8fb5af6793e1338a984159b1b6c78064479ecd6bdfcb578
Secunia Security Advisory 46455
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

tags | advisory, denial of service
SHA-256 | bd7d31182b811bceaf24856de8cee7e70b162292a90736e9294de52dd26aa6db
Secunia Security Advisory 46374
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for php5. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
SHA-256 | 1c36e8d197bf0173aff4a04601f5b80eca93d6bef674b5f04295ace455a65ed0
Secunia Security Advisory 46438
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Core Security Technologies has reported a vulnerability in Microsoft Office Publisher 2007, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 9f8cd5af4fb62d219d656368b4151ddb77e67059235d35c11cb787fbce38e991
Secunia Security Advisory 46307
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Spree, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | c4715eeff1a934c5c05e48aa097fa768606f42dd20772d5c2353f5c25ae8f58d
Secunia Security Advisory 46448
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for cups. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks and potentially compromise a vulnerable system.

tags | advisory, vulnerability, csrf
systems | linux, suse
SHA-256 | e83806af24da53c32dc9ee02ebab6c0645864a294f3fb367267d073f973ac092
Secunia Security Advisory 46443
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - flyh4t has discovered a vulnerability in GNUBoard, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 321b61472c9396f867fbdde92b2b32ec78d66ffe88ff61ac18c1754ef2be7e56
Secunia Security Advisory 46449
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.

tags | advisory, denial of service, vulnerability
systems | linux, suse
SHA-256 | 50e5befa2e5d2163402b22f35a74db3beb3b72263edeb52beda36e875146ac7b
Secunia Security Advisory 46425
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for php5. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | linux, suse
SHA-256 | 5a8c5dece21406fc2239d5914fb0664eef45f9635fab07b6d0e5af2c53965b2f
Secunia Security Advisory 46452
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for libopenssl. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, suse
SHA-256 | cb04905b104470c900e2b860a84f5fb775d469dcb07417959f80bab680d7404a
Secunia Security Advisory 46450
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for libreoffice. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, suse
SHA-256 | 422e2cb8daf0dc6ad3ea753c95a66dd55d82f4423d7d730b8dcb42bc0b6a5827
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close