exploit the possibilities
Showing 1 - 25 of 29 RSS Feed

Files Date: 2011-11-03

Web File Browser 0.4b14 File Download
Posted Nov 3, 2011
Authored by Sangyun YOO

Web File Browser version 0.4b14 suffers from a remote file download vulnerability.

tags | exploit, remote, web
SHA-256 | 3e75ca8b7fffb9b48934c6982bf3ff9d07051553cee3c82ccd5de47fff421856
CaupoShop Pro / Classic Local File Inclusion
Posted Nov 3, 2011
Authored by Rami Salama

CaupoShop Pro versions 2.x and 3.70 and CaupoShop Classic version 3.01 suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 7c298e40fae2e5c555e4936179477f03952efff10ddd7937677dc7e05292c8d9
Calibre E-Book Reader Local Root Race Condition
Posted Nov 3, 2011
Authored by Dan Rosenberg, zx2c4

Calibre E-Book Reader local root race condition exploit that subverts recent changes preventing symlinks and checking path prefixes.

tags | exploit, local, root
SHA-256 | a8d8f271f9bcea57da5e8e80f09acc4ebc27b5f8820e5bdda23f748aa4eb75ef
Calibre E-Book Reader Local Root
Posted Nov 3, 2011
Authored by zx2c4

Calibre E-Book Reader local root exploit that uses the mount helper to mount a vfat filesystem over /etc and then tinkers with /etc/passwd to make the root password toor temporarily.

tags | exploit, local, root
SHA-256 | 803cea9af662f56f8c5d24c4e88e0d59ba6548ac865fb65d1a853fca08aef00c
Red Hat Security Advisory 2011-1424-01
Posted Nov 3, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1424-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program. It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor.

tags | advisory, web, overflow, arbitrary, perl
systems | linux, redhat
advisories | CVE-2011-2939, CVE-2011-3597
SHA-256 | 51a5726d1929c069fd08213b009036083f5767916bc1517d0e1b34d44276d662
Mandriva Linux Security Advisory 2011-166
Posted Nov 3, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-166 - A vulnerability has been identified and fixed in php. The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. The php-ini-5.3.8 package was missing with the MDVSA-2011:165 advisory and is now being provided, the php-timezonedb package was upgraded to the latest version for 2011. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary, php
systems | linux, mandriva
advisories | CVE-2011-3379
SHA-256 | c82b9c418c80f0f149ed58d135c718ec945f901a518961f084309b77bc46bd53
DreamBox DM800 1.5rc1 Remote File Disclosure
Posted Nov 3, 2011
Authored by Todor Donev

DreamBox DM800 versions 1.5rc1 and below remote file disclosure exploit.

tags | exploit, remote, info disclosure
SHA-256 | 8fee3da667376ed45ce7f37d430981833a80f00a5a6fc6e5635f8b8511dad4df
RSA Key Manager Appliance 2.7 SP1 Hotfix 6 Released
Posted Nov 3, 2011
Site emc.com

RSA has delivered an update on RSA Key Manager Appliance 2.7 Service Pack1 that includes security related component updates including Oracle Critical Patch Update (CPU) July 2011 and RSA Access Manager Server, security vulnerability fix, hot fix roll-ups and bug fixes.

tags | advisory
advisories | CVE-2011-2740
SHA-256 | b3b3018dfe32899d541965ac824cd23af6a61e18beae800a1a6ae93c827686e0
Microsoft Security Bulletin Advance Notification For November 2011
Posted Nov 3, 2011
Site microsoft.com

This is an advance notification of 4 security bulletins that Microsoft is intending to release on November 8th, 2011.

tags | advisory
SHA-256 | 5e41d6b958ee3c2306f96ed3381db1fbd246eb174ccf3ec8f64184950f3478d3
Mandriva Linux Security Advisory 2011-165
Posted Nov 3, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-165 - Multiple vulnerabilities have been identified and fixed in php. Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by using the same variable for multiple arguments. The ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service via certain flags arguments, as demonstrated by GLOB_APPEND. Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, php, vulnerability
systems | linux, unix, mandriva
advisories | CVE-2011-1148, CVE-2011-1657, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3267, CVE-2011-3268
SHA-256 | e4e0c6e0f280e265039c8e4deb8ffadb2f148b8795224a02c5d8c8d7007704c1
Ilyas.info Design Cross Site Scripting
Posted Nov 3, 2011
Authored by 3spi0n

Ilyas.info Design suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6c1b436f8f3e706fc3861efd3ec043268b658d8f493b7230bdb0c381d05df0ab
HP Security Bulletin HPSBMU02704 SSRT100619
Posted Nov 3, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02704 SSRT100619 - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2011-0419, CVE-2011-3192, CVE-2011-3348
SHA-256 | 7999f71fbcd8709c32f927c331d72a48a33196832c69bf214321a6a0024ddec9
CmyDocument Content Management Cross Site Scripting
Posted Nov 3, 2011
Authored by demonalex

CmyDocument Content Management suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | fbd18ab5a15445be1304549c1d12c945436c12dca254627f5eabe69fd9e97325
EMC Documentum eRoom Arbitrary File Upload
Posted Nov 3, 2011
Site emc.com

A file-blocking feature introduced in EMC Documentum eRoom version 7.3 allows site administrators to employ a security control to block certain file types from being uploaded or opened in eRoom on a site-wide basis. A flaw in validation may allow an authenticated user to bypass this security control and upload arbitrary files to eRoom.

tags | advisory, arbitrary
advisories | CVE-2011-2739
SHA-256 | d954efcdca333f262b5b6caa9f5bbb4209304e9d881a28e25f7fce93a16e493f
Serendipity Karma Ranking 1.1 Cross Site Scripting
Posted Nov 3, 2011
Authored by Stefan Schurtz

Serendipity version 1.5.5 with Karma Ranking Plugin version 1.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 86a6d12f2cff57ae842260fd4e59240bd7a88f0a76077b72f5e70aba01bc7b1b
Serendipity 1.5.5 Cross Site Scripting
Posted Nov 3, 2011
Authored by Stefan Schurtz

Serendipity version 1.5.5 suffers from a cross site scripting vulnerability in the serendipity[filter][bp.ALT] parameter.

tags | exploit, xss
SHA-256 | 45f32066502c9bb18521917e3d6dbb6312ea08f33fea30e27e8c073153bb44e1
TOR Virtual Network Tunneling Tool 0.2.2.34
Posted Nov 3, 2011
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This release fixes a critical anonymity vulnerability where an attacker can deanonymize Tor users. Everybody should upgrade. This release also fixes several vulnerabilities that allow an attacker to enumerate bridge relays.
tags | tool, remote, local, peer2peer
systems | unix
advisories | CVE-2011-2768
SHA-256 | a027a535b35e5f9ca7091e4c83a06b4be48f0f95d6906bdd467ccc0659e7e798
Tor-ramdisk i686 UClibc-based Linux Distribution x86_64 20111103
Posted Nov 3, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: This release incorporates a critical fix from upstream. It is recommended that users upgrade as soon as possible. Tor was bumped to version 0.2.2.34, libevent to 2.0.15, and the kernel to 2.6.32.46 plus Gentoo\'s hardened-patches 2.6.32-74.extras.
tags | tool, kernel, peer2peer
systems | linux
SHA-256 | 568e19f2bee2f40b7aebc94201e6e7c0530c0bd21dc063fc84fb7086b0936c20
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20111103
Posted Nov 3, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Changes: This release incorporates a critical fix from upstream. It is recommended that users upgrade as soon as possible. Tor was bumped to version 0.2.2.34, libevent to 2.0.15, and the kernel to 2.6.32.46 plus Gentoo\'s hardened-patches 2.6.32-74.extras.
tags | tool, x86, kernel, peer2peer
systems | linux
SHA-256 | 9f48d660d26082a6c4a6578c1d352d077f8b51add9b99f5492d02edb6099243e
Tor-ramdisk i686 UClibc-based Linux Distribution MIPS 20111103
Posted Nov 3, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. MIPS version.

Changes: This release incorporates a critical fix from upstream. It is recommended that users upgrade as soon as possible. Tor was bumped to version 0.2.2.34, libevent to 2.0.15, and the kernel to 2.6.32.46 plus Gentoo's hardened-patches 2.6.32-74.extras.
tags | tool, kernel, peer2peer
systems | linux
SHA-256 | 673b5bc02fbe9d2b593026ad503b8f7a1cbd34953021173247f95ffb1bceb976
Red Hat Security Advisory 2011-1423-01
Posted Nov 3, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1423-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2011-0708, CVE-2011-1148, CVE-2011-1466, CVE-2011-1468, CVE-2011-1469, CVE-2011-1471, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483
SHA-256 | 9894f6c0e2fdb3b67eeaea494961dacdfac8d7872d371ab453608b2c9d5afcf1
Red Hat Security Advisory 2011-1422-01
Posted Nov 3, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1422-01 - Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. This issue only affected SMP systems that have the cryptographic helpers enabled. The helpers are disabled by default on Red Hat Enterprise Linux 5, but enabled by default on Red Hat Enterprise Linux 6.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-4073
SHA-256 | 385e1137aca7e64a21434b3467ac61b60de918f2c5abde3150b94a252c15598d
Secunia Security Advisory 46714
Posted Nov 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in DotNetNuke, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | bae4a49fc819e127647fb5468c7b180175bdb456b2a27a5c1cd25cc49c3b9f9c
Secunia Security Advisory 46447
Posted Nov 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - 80sec has discovered a vulnerability in phpMyAdmin, which can be exploited by malicious users to disclose potentially sensitive information.

tags | advisory
SHA-256 | 5ba8070b5a78633e69ea1e4fd61914b8c9bef91d17729471d71c0f7efe00f639
Secunia Security Advisory 46675
Posted Nov 3, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for SUSE Manager. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.

tags | advisory, spoof, vulnerability, xss
systems | linux, suse
SHA-256 | e00a57a10311af29cd622bbe7b73738179bf84c3f6ea714a6257b479cb0babd7
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close