exploit the possibilities
Showing 1 - 25 of 29 RSS Feed

Files Date: 2011-11-03

Web File Browser 0.4b14 File Download
Posted Nov 3, 2011
Authored by Sangyun YOO

Web File Browser version 0.4b14 suffers from a remote file download vulnerability.

tags | exploit, remote, web
MD5 | 70ad7f078363e5c3d9a6126ab6b88bd0
CaupoShop Pro / Classic Local File Inclusion
Posted Nov 3, 2011
Authored by Rami Salama

CaupoShop Pro versions 2.x and 3.70 and CaupoShop Classic version 3.01 suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 3091916caa8f0651be5c549dc1cd50ad
Calibre E-Book Reader Local Root Race Condition
Posted Nov 3, 2011
Authored by Dan Rosenberg, zx2c4

Calibre E-Book Reader local root race condition exploit that subverts recent changes preventing symlinks and checking path prefixes.

tags | exploit, local, root
MD5 | d7de7d66784b296235b391ff4165a7ca
Calibre E-Book Reader Local Root
Posted Nov 3, 2011
Authored by zx2c4

Calibre E-Book Reader local root exploit that uses the mount helper to mount a vfat filesystem over /etc and then tinkers with /etc/passwd to make the root password toor temporarily.

tags | exploit, local, root
MD5 | 2788d09f0cb78cd65e4b0baa83886e47
Red Hat Security Advisory 2011-1424-01
Posted Nov 3, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1424-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program. It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor.

tags | advisory, web, overflow, arbitrary, perl
systems | linux, redhat
advisories | CVE-2011-2939, CVE-2011-3597
MD5 | d964d3061cc863a68838a37920545d06
Mandriva Linux Security Advisory 2011-166
Posted Nov 3, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-166 - A vulnerability has been identified and fixed in php. The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. The php-ini-5.3.8 package was missing with the MDVSA-2011:165 advisory and is now being provided, the php-timezonedb package was upgraded to the latest version for 2011. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary, php
systems | linux, mandriva
advisories | CVE-2011-3379
MD5 | 2f9fd1ed46b662fc92a212163565a853
DreamBox DM800 1.5rc1 Remote File Disclosure
Posted Nov 3, 2011
Authored by Todor Donev

DreamBox DM800 versions 1.5rc1 and below remote file disclosure exploit.

tags | exploit, remote, info disclosure
MD5 | d1b0c5e9fe5693f3e0b65954d0c237ae
RSA Key Manager Appliance 2.7 SP1 Hotfix 6 Released
Posted Nov 3, 2011
Site emc.com

RSA has delivered an update on RSA Key Manager Appliance 2.7 Service Pack1 that includes security related component updates including Oracle Critical Patch Update (CPU) July 2011 and RSA Access Manager Server, security vulnerability fix, hot fix roll-ups and bug fixes.

tags | advisory
advisories | CVE-2011-2740
MD5 | 2a2418d68259e0f139fd0f1771c32ec5
Microsoft Security Bulletin Advance Notification For November 2011
Posted Nov 3, 2011
Site microsoft.com

This is an advance notification of 4 security bulletins that Microsoft is intending to release on November 8th, 2011.

tags | advisory
MD5 | 3234329ec12ac06ee635d1cee5b1336e
Mandriva Linux Security Advisory 2011-165
Posted Nov 3, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-165 - Multiple vulnerabilities have been identified and fixed in php. Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by using the same variable for multiple arguments. The ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service via certain flags arguments, as demonstrated by GLOB_APPEND. Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, php, vulnerability
systems | linux, unix, mandriva
advisories | CVE-2011-1148, CVE-2011-1657, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3267, CVE-2011-3268
MD5 | 55ee15c53b595d90d225039a16ca7ae3
Ilyas.info Design Cross Site Scripting
Posted Nov 3, 2011
Authored by 3spi0n

Ilyas.info Design suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9e867b36c328f32edc65bdb9ac369476
HP Security Bulletin HPSBMU02704 SSRT100619
Posted Nov 3, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02704 SSRT100619 - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2011-0419, CVE-2011-3192, CVE-2011-3348
MD5 | b8fafe5b0cfd2480bdde62e8af7462f1
CmyDocument Content Management Cross Site Scripting
Posted Nov 3, 2011
Authored by demonalex

CmyDocument Content Management suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | cfd95452b59fcdf120b0854192bb2fbb
EMC Documentum eRoom Arbitrary File Upload
Posted Nov 3, 2011
Site emc.com

A file-blocking feature introduced in EMC Documentum eRoom version 7.3 allows site administrators to employ a security control to block certain file types from being uploaded or opened in eRoom on a site-wide basis. A flaw in validation may allow an authenticated user to bypass this security control and upload arbitrary files to eRoom.

tags | advisory, arbitrary
advisories | CVE-2011-2739
MD5 | 207b004157bbf75e0fff7ac26c5f0a82
Serendipity Karma Ranking 1.1 Cross Site Scripting
Posted Nov 3, 2011
Authored by Stefan Schurtz

Serendipity version 1.5.5 with Karma Ranking Plugin version 1.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | d4afe5f4c44f630d9a5fdfb9df023d45
Serendipity 1.5.5 Cross Site Scripting
Posted Nov 3, 2011
Authored by Stefan Schurtz

Serendipity version 1.5.5 suffers from a cross site scripting vulnerability in the serendipity[filter][bp.ALT] parameter.

tags | exploit, xss
MD5 | 32d8efcdae2358d7de5286cd29862672
TOR Virtual Network Tunneling Tool 0.2.2.34
Posted Nov 3, 2011
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This release fixes a critical anonymity vulnerability where an attacker can deanonymize Tor users. Everybody should upgrade. This release also fixes several vulnerabilities that allow an attacker to enumerate bridge relays.
tags | tool, remote, local, peer2peer
systems | unix
advisories | CVE-2011-2768
MD5 | 0f1bbb8e086ea2aba41ff7f898fcf3bd
Tor-ramdisk i686 UClibc-based Linux Distribution x86_64 20111103
Posted Nov 3, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: This release incorporates a critical fix from upstream. It is recommended that users upgrade as soon as possible. Tor was bumped to version 0.2.2.34, libevent to 2.0.15, and the kernel to 2.6.32.46 plus Gentoo\'s hardened-patches 2.6.32-74.extras.
tags | tool, kernel, peer2peer
systems | linux
MD5 | 4d1417ae3a39e38ef9dcbdece3152eeb
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20111103
Posted Nov 3, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Changes: This release incorporates a critical fix from upstream. It is recommended that users upgrade as soon as possible. Tor was bumped to version 0.2.2.34, libevent to 2.0.15, and the kernel to 2.6.32.46 plus Gentoo\'s hardened-patches 2.6.32-74.extras.
tags | tool, x86, kernel, peer2peer
systems | linux
MD5 | 89d06e2f5e4b027a1b90a31190702bf6
Tor-ramdisk i686 UClibc-based Linux Distribution MIPS 20111103
Posted Nov 3, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. MIPS version.

Changes: This release incorporates a critical fix from upstream. It is recommended that users upgrade as soon as possible. Tor was bumped to version 0.2.2.34, libevent to 2.0.15, and the kernel to 2.6.32.46 plus Gentoo's hardened-patches 2.6.32-74.extras.
tags | tool, kernel, peer2peer
systems | linux
MD5 | 37097f2ff20a1ec2559743ce15642b6c
Red Hat Security Advisory 2011-1423-01
Posted Nov 3, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1423-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2011-0708, CVE-2011-1148, CVE-2011-1466, CVE-2011-1468, CVE-2011-1469, CVE-2011-1471, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483
MD5 | 57edf89e5b8e62dead56ef52361565ab
Red Hat Security Advisory 2011-1422-01
Posted Nov 3, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1422-01 - Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. This issue only affected SMP systems that have the cryptographic helpers enabled. The helpers are disabled by default on Red Hat Enterprise Linux 5, but enabled by default on Red Hat Enterprise Linux 6.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-4073
MD5 | 6f64f484d81070fcd2a01dd26eec12d2
Secunia Security Advisory 46714
Posted Nov 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in DotNetNuke, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
MD5 | fde7b24b6c5febf9b3c03dc7a40307b1
Secunia Security Advisory 46447
Posted Nov 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - 80sec has discovered a vulnerability in phpMyAdmin, which can be exploited by malicious users to disclose potentially sensitive information.

tags | advisory
MD5 | ca70fc270f8e2d80b8fa5f0849ed99f6
Secunia Security Advisory 46675
Posted Nov 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for SUSE Manager. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.

tags | advisory, spoof, vulnerability, xss
systems | linux, suse
MD5 | f6d94d4ea737d2749dc65d27d0812bf1
Page 1 of 2
Back12Next

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    15 Files
  • 10
    Dec 10th
    30 Files
  • 11
    Dec 11th
    8 Files
  • 12
    Dec 12th
    20 Files
  • 13
    Dec 13th
    6 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close