Exploit the possiblities
Showing 1 - 23 of 23 RSS Feed

Files Date: 2011-11-28

JQuery-Real-Person CAPTCHA 1.0.1 Bypass
Posted Nov 28, 2011
Authored by Alberto Garcia-Illera

JQuery-Real-Person CAPTCHA version 1.0.1 suffers from a bypass vulnerability.

tags | exploit, bypass
MD5 | b3ce5e67ca139dbe601ccd7295baacbb
Siemens Automation License Manager 500.0.122.1 Code Execution
Posted Nov 28, 2011
Authored by Luigi Auriemma | Site aluigi.org

Siemens Automation License Manager versions 500.0.122.1 and below suffer from code execution, exceptions, NULL pointer and file overwriting vulnerabilities.

tags | exploit, vulnerability, code execution
systems | linux
MD5 | 3148e30fd1970d091277c083c3d6385c
Zero Day Initiative Advisory 11-335
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-335 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application attempts to parse a height out of the RV10 codec object. The application will incorrectly treat the value as a signed integer and will its value as the count within a loop that populates rows of sample data within a buffer. This can allow for memory corruption which can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4252
MD5 | 8407bc0a99323e1d607b998f6ceae2d6
Manx 1.0.1 HTTP Response Splitting
Posted Nov 28, 2011
Authored by LiquidWorm | Site zeroscience.mk

Manx version 1.0.1 suffers from multiple HTTP response splitting vulnerabilities.

tags | exploit, web, vulnerability
MD5 | 1049d660b597b37d2acca7ea51c0ffdc
Manx 1.0.1 Cross Site Scripting
Posted Nov 28, 2011
Authored by LiquidWorm | Site zeroscience.mk

Manx version 1.0.1 suffers from multiple cross site scripting vulnerabilities in ajax_get_file_listing.php.

tags | exploit, php, vulnerability, xss
MD5 | f947cea11a52943b003551a1e73a58f0
Adapt CMS 2.0.1 SQL Injection
Posted Nov 28, 2011
Authored by X-Cisadane | Site vulnerability-lab.com

Adapt CMS version 2.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e1b762e2bcbe6aac8c68b852795675b1
Zero Day Initiative Advisory 11-334
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-334 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes the audio specific data within a RealMedia audio file. When decoding sample data, the application will explicitly trust a length read from the sample data when populating a buffer that is allocated based on the codec information. Due to this, a memory corruption can be made to occur which can result in code execution within the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4251
MD5 | 15d0c3aea96ef1779ad060404b5bc177
Zero Day Initiative Advisory 11-333
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-333 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the ATRC codec parses sample data out of the media file. When reading bit sizes from the sample, the application will seek a structure that is used for consuming bits from the sample stream outside the bounds of the correct data. When decoding the sample, the application will use the transformed data to initialize another structure. Due to the sizes being unbound, this can be used to corrupt memory outside the original allocation. This type of memory corruption can be leveraged to gain code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4250
MD5 | f7c03e08fc3762a413826e352b90c515
WordPress Security Scanner 1.1
Posted Nov 28, 2011
Authored by Ryan Dewhurst | Site code.google.com

WordPress Security Scanner can perform username enumeration, weak password cracking, version / vulnerability / plugin enumeration, and more.

Changes: Detection for 750 more plugins. Detection for 107 new plugin vulnerabilities. Detection for 447 possible timthumb file locations. Advanced version fingerprinting implemented. Full Path Disclosure (FPD) checks. Auto updates. Progress indicators. Various other additions and changes.
tags | tool, scanner
systems | linux, unix
MD5 | c35bae835539df4069f41c5e3ac16693
Ubuntu Security Notice USN-1283-1
Posted Nov 28, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1283-1 - It was discovered that APT incorrectly handled the Verify-Host configuration option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to steal repository credentials. This issue only affected Ubuntu 10.04 LTS and 10.10. USN-1215-1 fixed a vulnerability in APT by disabling the apt-key net-update option. This update re-enables the option with corrected verification. It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2011-3634
MD5 | 7e730b73b982f9fcb627e81d25ba09b8
Zero Day Initiative Advisory 11-332
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-332 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. AUser interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPLayer handles AAC files. When parsing an AAC file, Realplayer will create buffers based on the type of Channel it finds in the first frame. When the AAC starts with a Single channel in the first frame, and then changes to a channel pair in the following frame, Realplayer fails to update the buffer size for the channel data. The buffer overwrite that follows could result in remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4248
MD5 | 1bfc56bb019e58e3bd48ddfab00a8769
Zero Day Initiative Advisory 11-331
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-331 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles MPEG files. Realplayer parses the mpg file by doing a do while loop where it uses the width of the movie for the loop condition. However, it will subtracts 1 from the width for every iteration of the loop and then compare it to 0. If the width of the movie was zero at the beginning the loop will run 0xFFFFFFFF times. This results in a memory corruption that can lead to remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4259
MD5 | 82fd9ea9f7a1ad3977a1c60c53e999e6
Social Book Facebook Clone Script Cross Site Scripting
Posted Nov 28, 2011
Authored by Eyup CELIK

Social Book Facebook Clone Script suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 236a7b4326488a5485f327f5d10dae3d
Siemens SIMATIC WinCC Flexible Overflow / Traversal / Denial Of Service
Posted Nov 28, 2011
Authored by Luigi Auriemma | Site aluigi.org

Siemens SIMATIC WinCC Flexible suffers from stack overflow, directory traversal, denial of service and arbitrary memory read access vulnerabilities.

tags | exploit, denial of service, overflow, arbitrary, vulnerability
systems | linux
MD5 | e344dcde8399011611f08a477f27799d
WordPress Skysa Official 1.01 / 1.02 / 1.03 Cross Site Scripting
Posted Nov 28, 2011
Authored by Am!r | Site irist.ir

The WordPress Skysa-Official plugin versions 1.01 through 1.03 suffer from a cross site scripting vulnerability. The vendor fixed this quickly once made aware of the issue and version 1.04 fixes the problem.

tags | exploit, xss
MD5 | 4b06ac6a4026a7cb575e63fa7bf39806
Ubuntu Security Notice USN-1282-1
Posted Nov 28, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1282-1 - Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash Thunderbird, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, web, denial of service, javascript
systems | linux, ubuntu
advisories | CVE-2011-3648, CVE-2011-3650, CVE-2011-3651, CVE-2011-3652, CVE-2011-3654, CVE-2011-3655
MD5 | 0f8be181a4741f28ef240fd3470242a0
Secunia Security Advisory 47033
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for OFED. This fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability
systems | linux, suse
MD5 | 254594e42011dc6321341921e1ce75ad
Secunia Security Advisory 46973
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Celery, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
MD5 | 1b7d1b9f9faba6aeb30324d9b8da53d3
Secunia Security Advisory 47043
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, fedora
MD5 | 3efebe1dc37456587786912b2a1ed31e
Secunia Security Advisory 47039
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes two weaknesses and multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, conduct session hijacking attacks, and cause a DoS (Denial of Service), by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local, vulnerability
MD5 | 7408bb3a8534b9b86a7613cb53af645a
Secunia Security Advisory 46978
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and potentially compromise a user's system.

tags | advisory, vulnerability, xss
systems | linux, ubuntu
MD5 | 569a77ec16c0d450ac53628d57e801b2
Secunia Security Advisory 47036
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ismail Kaleem has discovered a vulnerability in the Fabrik component for Joomla!, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
MD5 | bd112cab7953dc72c586b5210d7f2121
Secunia Security Advisory 46979
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Luigi Auriemma has discovered multiple vulnerabilities in Siemens Automation License Manager, which can be exploited by malicious people to cause a DoS (Denial of Service) and manipulate certain data.

tags | advisory, denial of service, vulnerability
MD5 | cbae3b1f4183ad91ceade677d1b1c374
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    33 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close