exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 51 RSS Feed

Files Date: 2011-11-17

Ubuntu Security Notice USN-1266-1
Posted Nov 17, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1266-1 - It was discovered that slapd contained an off-by-one error. An authenticated attacker could potentially exploit this by sending a crafted LDIF entry containing an empty postalAddress.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2011-4079
SHA-256 | 58a436e84f42572d8be969878e1cd235c16383652c96df9e01a7b6d8a6848007
webERP 4.05 Cross Site Scripting / SQL Injection
Posted Nov 17, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

webERP version 4.05 suffers from cross site scripting, information disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, info disclosure
SHA-256 | 6527863421172bed1320a1beaaf760e10db2399f57d8d1c408408d39b2fe8524
SAP NetWeaver CTC Authentication Bypass
Posted Nov 17, 2011
Authored by Sh2kerr

SAP NetWeaver suffers from an authentication bypass vulnerability in the CTC service.

tags | advisory, bypass
SHA-256 | acd1799151dd58a8e541f3f7f81d871ec30f13688f6df45a6dc99cabf056f139
Red Hat Security Advisory 2011-1459-01
Posted Nov 17, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1459-01 - Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. A flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion. Users of bind97 are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon will be restarted automatically.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2011-4313
SHA-256 | e468d1c0fe8f1b1825afe625add5bc7e03909cb44c5e165d121c828409c3447f
SAP NetWeaver SPML Cross Site Request Forgery
Posted Nov 17, 2011
Authored by Sh2kerr

The SAP NetWeaver SPML service suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | 322ab3a2b0d5f55c5b57691f980918122aa961043519cd3ac848bdaa88e9ca1b
Zoho ManageEngine ADSelfService Plus 4.5 Cross Site Scripting
Posted Nov 17, 2011
Authored by James Webb | Site jameswebb.me

Zoho ManageEngine ADSelfService Plus version 4.5 build 4521 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 11759ad39a70c1b72eb5634f99b277ad6cdfc9e7d8b29555043fd98c549dc901
SAP NetWeaver TH_GREP Command Execution
Posted Nov 17, 2011
Authored by Alexey Tyurin

SAP NetWeaver suffers from a command execution vulnerability in the TH_GREP report.

tags | advisory
SHA-256 | c3dfd70888d86b64249ce6ffaa7d8426a73697ec5490a405e2af35c4743d2370
SAP NetWeaver RSTXSCRP Path Traversal
Posted Nov 17, 2011
Authored by Dmitriy Chastuchin

SAP NetWeaver RSTXSCRP Report has a path traversal vulnerability that can lead to an SMB relay attack and full control of the system.

tags | advisory
SHA-256 | 21855c07195fb743d05e10fc4148abc62479e631abbe3e8e1d6b011ef74209df
Mandriva Linux Security Advisory 2011-176-1
Posted Nov 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-176 - A vulnerability was discovered and corrected in bind. Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. The updated packages have been upgraded to bind 9.7.4-P1 and 9.8.1-P1 which is not vulnerable to this issue. Packages provided for Mandriva Enterprise Server 5.2 and Mandriva Linux 2010.2 with the MDVSA-2011:176 advisory had a faulty release number effectively preventing installation without excessive force due to a previous packaging mistake. This advisory provides corrected packages to address the problem.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-4313
SHA-256 | 197ccaed81762b5688aa08d8c25598393a3c9ed56dc71e6aabe506eccc2b58e4
SAP NetWeaver BW Doc Cross Site Scripting
Posted Nov 17, 2011
Authored by Sh2kerr, Dmitriy Chastuchin

SAP NetWeaver BW DOC metadata suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 68d97d678e3c0fdb4545781101c9713cebe198b3b21c2030417b80a51a588341
SAP NetWeaver Virus Scan Cross Site Scripting
Posted Nov 17, 2011
Authored by Dmitriy Evdokimov

The SAP NetWeaver Virus Scan interface suffers from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, virus, xss
SHA-256 | bb8285b3a50293e1b7955490ff1a6f95c2a536a27d3d98b985e8678a317a3799
SAP GUI BAPI Explorer Cross Site Scripting
Posted Nov 17, 2011
Authored by Dmitriy Chatuchin

SAP GUI BAPI Explorer suffers from a stored cross site scripting vulnerability that can lead to code execution.

tags | advisory, code execution, xss
SHA-256 | f6883239887dfc0459693dd45a90be345741e71f87d44c9a5702b07adc70a47b
Red Hat Security Advisory 2011-1458
Posted Nov 17, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1458 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server, a resolver library, and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion. Users of bind are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon will be restarted automatically.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-4313
SHA-256 | 109068cfe1698152b9d3437fe8f154aa67bc2754de44075ab1266cbef01eb284
SAP NetWeaver MI 2 Information Disclosure
Posted Nov 17, 2011
Authored by Sh2kerr

SAP NetWeaver Mobile Engine suffers from an information disclosure vulnerability that discloses version and username information.

tags | advisory, info disclosure
SHA-256 | f887bedbaf6328e9e0090370a2ef1d312367550062ad97dcd452fb137b15cb06
SAP NetWeaver ABAP Authorization Bypass / SMBRelay
Posted Nov 17, 2011
Authored by Alexey Sintsov

SAP NetWeaver ABAP suffers from authorization bypass, directory traversal, and SMBRelay vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 0aabc6d28819f80fb0cdcc88f63dbe1fcd8013c3f12b2c36acb808d75c57fb08
SAP NetWeaver JavaMailExamples Cross Site Scripting
Posted Nov 17, 2011
Authored by Dmitriy Evdokimov

SAP NetWeaver JavaMailExamples suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | c04b25210d381f661a530f78c0f47f407ef68900b31b985bb2f0f7449bf26ceb
Tiki Wiki CMS Groupware Cross Site Scripting
Posted Nov 17, 2011
Authored by Stefan Schurtz

Tiki Wiki CMS Groupware suffers from multiple cross site scripting vulnerabilities. Versions 7.2 and 8.0 RC1 are affected.

tags | exploit, vulnerability, xss
advisories | CVE-2011-4454, CVE-2011-4455
SHA-256 | 21ef97d86d440a917b5caedb85996e891e834ea1014f4979355b34a905298c19
HP Security Bulletin HPSBOV02470 SSRT080123 2
Posted Nov 17, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02470 SSRT080123 2 - A potential security vulnerability has been identified with HP OpenVMS TCP/IP Services running SMTP server. The vulnerability could result in a remote Denial of Service (DoS). Revision 2 of this advisory.

tags | advisory, remote, denial of service, tcp
advisories | CVE-2011-3169
SHA-256 | bd809e6d2fb086758c2ca98895cfc16b117c4e67f77134f14d1b8a8f4db6d869
WordPress Flexible Custom Post Type Cross Site Scripting
Posted Nov 17, 2011
Authored by Am!r | Site irist.ir

The WordPress Flexible Custom Post Type plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | fee1493e19247201bae6078b7248fec39db259065399d0d9db505b56dfe63910
PHP Vulnerability Hunter 1.1.4.6
Posted Nov 17, 2011
Authored by AutoSec Tools | Site autosectools.com

PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.

Changes: Added code coverage report. Updated GUI validation. Several instrumentation fixes. Fixed lingering connection issue. Fixed GUI and report viewer crashes related to working directory.
tags | tool, arbitrary, local, php, vulnerability, file inclusion, fuzzer
SHA-256 | ceb5c22d39fc6f90b7e680e8c9287c121c4d955d426bab53fde7a92a6c51c13f
V-CMS 1.0 Cross Site Scripting
Posted Nov 17, 2011
Authored by AutoSec Tools | Site autosectools.com

A reflected cross site scripting vulnerability in V-CMS version 1.0 can be exploited to execute arbitrary JavaScript.

tags | exploit, arbitrary, javascript, xss
SHA-256 | c6bd8d414c203e4d7061c79f3542c1b5b217553d5e43319d293458513d863d05
V-CMS 1.0 SQL Injection
Posted Nov 17, 2011
Authored by AutoSec Tools | Site autosectools.com

A SQL injection vulnerability in V-CMS version 1.0 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.

tags | exploit, arbitrary, shell, php, sql injection
SHA-256 | df2dee289d5c87f204cf0fee719b33c99baed4a25e2a6f9f88c897389068853f
V-CMS 1.0 Shell Upload
Posted Nov 17, 2011
Authored by AutoSec Tools | Site autosectools.com

An arbitrary upload vulnerability in V-CMS version 1.0 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.

tags | exploit, arbitrary, shell, php
SHA-256 | 9b9778fc86835a6bdf9f0531d06a9035e7c2a698cfe50ecd0e20362d22be8cd2
Herberlin Bremsserver 3.0 Directory Traversal
Posted Nov 17, 2011
Authored by AutoSec Tools | Site autosectools.com

A directory traversal vulnerability in Herberlin Bremsserver version 3.0 can be exploited to read files outside of the web root.

tags | exploit, web, root
SHA-256 | 950c47363f210cdb881bcfb068ccaf7f685f850f0d610b4a2d6acc3361bd64ca
Ubuntu Security Notice USN-1265-1
Posted Nov 17, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1265-1 - Marc Deslauriers discovered that system-config-printer's cupshelpers scripts used by the Ubuntu automatic printer driver download service queried the OpenPrinting database using an insecure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered packages and repositories.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2011-4405
SHA-256 | 359ddbd8a20109cf0cd0c50fb699368bbf5e8dbb3241a43302e56fbcca6dbd33
Page 1 of 3
Back123Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close