what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 51 RSS Feed

Files Date: 2011-12-09

CSF Firewall Buffer Overflow
Posted Dec 9, 2011
Authored by FoX HaCkEr

CSF Firewall suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | cc81c562f832ca97cfa12a0a0300d7b63f4c4ee77bcb4b2807f06aabcfeb8e22
JavaScript Switcharoo Proof Of Concept 2
Posted Dec 9, 2011
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

Firefox and Opera allow you to omit MIME type in data: URLs, possibly put random garbage into that section, and still get a valid HTML document. This is a natural extension of how the Content-Type header is handled in HTTP, but probably makes little or no sense here. With the use of Unicode homographs, you can create fairly believable URLs especially in Firefox.

tags | exploit, web
SHA-256 | 8b57d561f4e10efd5110b290028c3daaae1403920829de2c3cc32719b52d7e6e
SePortal 2.5 SQL Injection
Posted Dec 9, 2011
Authored by Don from BalcanCrew

SePortal version 2.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | dea9743f95ed23a9a24fa1697fd0934e16e1afa180ab42f7f2fd042cad1739ae
Vietsunit Script Local File Inclusion
Posted Dec 9, 2011
Authored by BHG Security Center

Vietsunit Script suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 353b90ec967076706bbf9715833c216a0c448e3d8740d15819209c40ffd1a31b
Free Opener Denial Of Service
Posted Dec 9, 2011
Authored by Iolo Morganwg

Free Opener local denial of service exploit that creates a malicious .jpg file.

tags | exploit, denial of service, local
SHA-256 | f78d794d7c31426537cbac99be68c06f5d7ff85dd67698856b2a4efb271d0f05
CyberLink Stack Buffer Overflow
Posted Dec 9, 2011
Authored by modpr0be

Multiple CyberLink products suffer a file project handling stack buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 47ae6efc123ab0a2d65e2470e0618b50d536f33edb978f5e8d4680db0541507b
HTC Touch2 T3333 Memory Corruption
Posted Dec 9, 2011
Authored by Celil Unuver

HTCVideoPlayer is the default media player of HTC Windows Mobile devices. This media player is prone to a memory corruption vulnerability while parsing stbl atom of 3g2 video format.

tags | exploit
systems | linux, windows
SHA-256 | e73e95a4311308b98e3825e22e4fe06f71900b0c45ea2c0e25d03563da3eea17
Ficha Blind SQL Injection
Posted Dec 9, 2011
Authored by Th4 MasK

Ficha suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5e04ad4387f661c358613c72b2414f5a7e0415744d5b79a4239e6968248f7f98
WeBaCoo (Web Backdoor Cookie) 0.1.2
Posted Dec 9, 2011
Authored by Anestis Bechtsoudis | Site github.com

WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.

tags | tool, web, rootkit
systems | unix
SHA-256 | 6e46638034d12ee47a4a4955583b5065ffc4d0142d553c15fc90abbf42ca5b89
Asterisk Project Security Advisory - AST-2011-013
Posted Dec 9, 2011
Authored by Terry Wilson | Site asterisk.org

Asterisk Project Security Advisory - It is possible to enumerate SIP usernames when the general and user/peer NAT settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header. In 1.4 and 1.6.2, this would mean if one setting was nat=yes or nat=route and the other was either nat=no or nat=never. In 1.8 and 10, this would mean when one was nat=force_rport or nat=yes and the other was nat=no or nat=comedia.

tags | advisory
SHA-256 | dde4d639d451106635a87c7b3b2c41c2b6129d36252423186294aad787478c61
CA SiteMinder Cross Site Scripting
Posted Dec 9, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk in CA SiteMinder. A vulnerability exists that can allow a malicious user to execute a reflected cross site scripting (XSS) attack. CA Technologies has issued patches to address the vulnerability. The vulnerability occurs due to insufficient validation of postpreservationdata parameter input utilized in the login.fcc form. A malicious user can submit a specially crafted request to effectively hijack a victim’s browser.

tags | advisory, xss
advisories | CVE-2011-4054
SHA-256 | 5f7582e4c67739253ed079afcbce2912fb91b1a5d275896bcb931df277369cf8
Red Hat Security Advisory 2011-1807-01
Posted Dec 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1807-01 - JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-4516, CVE-2011-4517
SHA-256 | 551860bbfbed65bc96b2aec76a0e19d04b2d750157b0bffbc560e1ce21ad6479
Ubuntu Security Notice USN-1297-1
Posted Dec 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1297-1 - Pall McMillan discovered that Django used the root namespace when storing cached session data. A remote attacker could exploit this to modify sessions. Paul McMillan discovered that Django would not timeout on arbitrary URLs when the application used URLFields. This could be exploited by a remote attacker to cause a denial of service via resource exhaustion. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2011-4136, CVE-2011-4137, CVE-2011-4138, CVE-2011-4139
SHA-256 | d90812dfe62d74192f723148eedd422416897927518969173061c4a5f2b9bc9c
Docebo LMS 4.0.4 SQL Injection / Code Execution
Posted Dec 9, 2011
Authored by mr_me

Docebo LMS versions 4.0.4 and below suffer from remote SQL injection and code execution vulnerabilities.

tags | exploit, remote, shell, sql injection
SHA-256 | e46315812d5b95c6f37a97b202851f6750bba6797235113fb00891f28b0a59b7
Pet Listing Cross Site Scripting
Posted Dec 9, 2011
Authored by Mr.PaPaRoSSe

Pet Listing suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 871cd36a36390a281dfaf784d90b9edccf645063687180eeb6aa0c9e5e203aec
Secunia Security Advisory 47172
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for opera. This fixes multiple vulnerabilities, where one has an unknown impact and others can be exploited by malicious people to bypass certain security features, disclose potentially sensitive information, and hijack a user's session.

tags | advisory, vulnerability
systems | linux, suse
SHA-256 | b59b645d8b70fbff6b82f794ac3e00dcf7f22a175f08e28863ab32ca4cb6eda3
Secunia Security Advisory 47190
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the JCE component for Joomla!, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
SHA-256 | fc9433fd6dc61c3f614b797f8a64e067ff269552cfa9b88c5f82911234e66f5f
Secunia Security Advisory 47040
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in HP Application Lifecycle Management, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
SHA-256 | 854c1e8570839ea7e64f9960f4c17d1ac965d3a7df87b344998a21d2d52252af
Secunia Security Advisory 47156
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for kexec-tools. This fixes two security issues, which can be exploited by malicious, local users and malicious people to disclose sensitive information.

tags | advisory, local
systems | linux, redhat
SHA-256 | 17be39e1459e156495565b9d22d8253b456b9c85abb604020e94466c191e7e29
Secunia Security Advisory 47114
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Trend Micro Control Manager, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | e0c390b71f6436f8cadaab08dc258e529145c7d81a513e2dc0722899b2eeac87
Secunia Security Advisory 47153
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | b695688152a6e10c72a2df5a88b4e3373b69dabee3669a352bef93be30f34fdb
Secunia Security Advisory 47160
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for colord. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to conduct SQL injection attacks.

tags | advisory, local, vulnerability, sql injection
systems | linux, ubuntu
SHA-256 | 8fb36275cf980778b1dc75959eb1cebd7ae76b222737093ef0f96a305f10d1a6
Secunia Security Advisory 47115
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in ZENworks Asset Management, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 47c141f2dd3154603641ea19e0087a83fb7227e67f06c0071c3c3ba2b71f6842
Secunia Security Advisory 47148
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, ubuntu
SHA-256 | 804de282c36c3eccf14d64907932e3ff93814a8faa3be97855c926e069cfd485
Secunia Security Advisory 47080
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in SourceBans, which can be exploited by malicious users to disclose potentially sensitive information.

tags | advisory, vulnerability
SHA-256 | 0b0b1e4b687c37ae78a235655274280c13af4b086e58efe676101ec08ac04770
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close