exploit the possibilities
Showing 1 - 25 of 29 RSS Feed

Files Date: 2011-10-18

BoonEx Dolphin 6.1 SQL Injection
Posted Oct 18, 2011
Authored by Yuri Goltsev | Site ptsecurity.com

Positive Research Center has discovered an SQL injection vulnerability in Dolphin version 6.1 due to a lack of input validation.

tags | advisory, sql injection
MD5 | 636687f3905f70ccf405816629109c6d
Gentoo Linux Security Advisory 201110-13
Posted Oct 18, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-13 - Multiple vulnerabilities were found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code. Versions less than 0.2.1.30 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-0015, CVE-2011-0016, CVE-2011-0427, CVE-2011-0490, CVE-2011-0491, CVE-2011-0492, CVE-2011-0493, CVE-2011-1924
MD5 | 1ac41d75c08cdf31f32d48188e223f7f
Ubuntu Security Notice USN-1232-1
Posted Oct 18, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1232-1 - It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly read arbitrary data from the X server process. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.

tags | advisory, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2010-4818, CVE-2010-4819, CVE-2011-4028, CVE-2011-4029
MD5 | 07c255a807b2ef2512f9e255b336157d
Mandriva Linux Security Advisory 2011-156
Posted Oct 18, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-156 - Multiple vulnerabilities has been discovered and corrected in tomcat 5.5.x. The implementation of HTTP DIGEST authentication in tomcat was discovered to have several weaknesses. Apache Tomcat, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. Apache Tomcat, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service by leveraging an untrusted web application. Certain AJP protocol connector implementations in Apache Tomcat allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, denial of service, local, spoof, vulnerability, protocol
systems | linux, mandriva
advisories | CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-3190
MD5 | 5acb136fe11782bae8cfffc4eea36e81
Packet Storm Mac OS X Widget
Posted Oct 18, 2011
Authored by Saitek

Packet Storm Widget is a Mac OS X widget that allows users to see all latest news from packetstormsecurity.org. A user can choose between different kind of news to see: All of the Latest Content, Latest News, Latest Files, Latest 0 Days, Latest Vulnerabilities and Latest Exploits. This allows a user to always keep up to date on their favorite security topics. Please note that this was *not* created by Packet Storm Security and questions should be directed to the author. This should run on Leopard, Snow Leopard, Lion and Tiger.

tags | vulnerability
systems | apple, osx
MD5 | 9e9a4400ad94b557bb3ded125342f1b1
Apple Safari Webkit libxslt Arbitrary File Creation
Posted Oct 18, 2011
Authored by Nicolas Gregoire | Site metasploit.com

This Metasploit module exploits a file creation vulnerability in the Webkit rendering engine. It is possible to redirect the output of a XSLT transformation to an arbitrary file. The content of the created file must be ASCII or UTF-8. The destination path can be relative or absolute. This Metasploit module has been tested on Safari and Maxthon. Code execution can be achieved by first uploading the payload to the remote machine in VBS format, and then upload a MOF file, which enables Windows Management Instrumentation service to execute the VBS.

tags | exploit, remote, arbitrary, code execution
systems | windows
advisories | CVE-2011-1774, OSVDB-74017
MD5 | f0f60d7d29a3200a4856dadf181df880
Dolphin 7.0.7 PHP Code Injection
Posted Oct 18, 2011
Authored by EgiX

Dolphin versions 7.0.0 through 7.0.7 remote PHP code injection exploit.

tags | exploit, remote, php
MD5 | 4e3cc6620c4f2852ff8d8819015f2a5e
Joomla NoNumber Framework Local File Inclusion / Shell Upload
Posted Oct 18, 2011
Authored by jdc

The Joomla NoNumber Framework component suffers from local file inclusion and shell upload vulnerabilities.

tags | exploit, shell, local, vulnerability, file inclusion
MD5 | ff67d8a9e5cef25a473a2b924859000f
Ubuntu Security Notice USN-1231-1
Posted Oct 18, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1231-1 - Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socket_connect function's handling of long pathnames for AF_UNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code; however, the default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Krzysztof Kotowicz discovered that the PHP post handler function does not properly restrict filenames in multipart/form-data POST requests. This may allow remote attackers to conduct absolute path traversal attacks and possibly create or overwrite arbitrary files. This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2010-1914, CVE-2010-2484, CVE-2011-1657, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3267
MD5 | 5abf0399f4bdb280ef482df2defc103e
Northern Racing SQL Injection
Posted Oct 18, 2011
Authored by poach3r

Northern Racing suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e8768697b23a20533a802fad2714e13d
Creating Your Own Abstract Processor
Posted Oct 18, 2011
Authored by Aodrulez

Whitepaper called Creating Your Own Abstract Processor. The author discusses creating a theoretical processor architecture that one can develop at the software level.

tags | paper
MD5 | 5516004d11b809e766566ed91c105645
Eurotax.com Cross Site Scripting
Posted Oct 18, 2011
Authored by Das Kommando Petra Wolf

Eurotax.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 188bbf19a758fd2eb292143f92042067
Webciters SQL Injection
Posted Oct 18, 2011
Authored by 3spi0n

Sites powered by Webciters suffer from multiple SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection
MD5 | 62c36f6c6ae7a8ca16cc58c0e4a3f716
Secunia Security Advisory 46421
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory, vulnerability
MD5 | 952fd7ed2ab96abbbe4529407db17b0b
Secunia Security Advisory 46463
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the phpMyAdmin extension for TYPO3, which can be exploited malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 8eeb77e757f124d123da69fcdc4417a5
Secunia Security Advisory 46455
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

tags | advisory, denial of service
MD5 | d9c9ad98e757b65c5f6c09adbf0045bc
Secunia Security Advisory 46374
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for php5. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
MD5 | d967f9287db83ae8cb46eaf4b37a205c
Secunia Security Advisory 46438
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Core Security Technologies has reported a vulnerability in Microsoft Office Publisher 2007, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 718a3efd2e7e2e5a94e4cedcb1d2f739
Secunia Security Advisory 46307
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Spree, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | ab7546fec794c99124e34097c754ec49
Secunia Security Advisory 46448
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for cups. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks and potentially compromise a vulnerable system.

tags | advisory, vulnerability, csrf
systems | linux, suse
MD5 | 319bfd7306156896a11bc2c80ae3da2e
Secunia Security Advisory 46443
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - flyh4t has discovered a vulnerability in GNUBoard, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 88f4e296f20d3c732d8df3b3d2fdf14b
Secunia Security Advisory 46449
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.

tags | advisory, denial of service, vulnerability
systems | linux, suse
MD5 | b8b4448a6fedfa67709eca77a195f23c
Secunia Security Advisory 46425
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for php5. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | linux, suse
MD5 | d184a0ecce69ca6bb0fbb98773d89d0c
Secunia Security Advisory 46452
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for libopenssl. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, suse
MD5 | 14166ba43d07173a6c0dfe4dd1e55762
Secunia Security Advisory 46450
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for libreoffice. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, suse
MD5 | 7ddc891cbabdc43cdbf97d34dae0f7a3
Page 1 of 2
Back12Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    3 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close