ignore security and it'll go away
Showing 1 - 25 of 51 RSS Feed

Files Date: 2011-12-09

CSF Firewall Buffer Overflow
Posted Dec 9, 2011
Authored by FoX HaCkEr

CSF Firewall suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | db727d65fbb00f16a709a2c8c510383c
JavaScript Switcharoo Proof Of Concept 2
Posted Dec 9, 2011
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

Firefox and Opera allow you to omit MIME type in data: URLs, possibly put random garbage into that section, and still get a valid HTML document. This is a natural extension of how the Content-Type header is handled in HTTP, but probably makes little or no sense here. With the use of Unicode homographs, you can create fairly believable URLs especially in Firefox.

tags | exploit, web
MD5 | 0b64bc5e8487abfa6e49c3b0e324b12a
SePortal 2.5 SQL Injection
Posted Dec 9, 2011
Authored by Don from BalcanCrew

SePortal version 2.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 496666e10a8d51f887d37677dc5bfdf4
Vietsunit Script Local File Inclusion
Posted Dec 9, 2011
Authored by BHG Security Center

Vietsunit Script suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 9e13792b9133c5451a60e37911776718
Free Opener Denial Of Service
Posted Dec 9, 2011
Authored by Iolo Morganwg

Free Opener local denial of service exploit that creates a malicious .jpg file.

tags | exploit, denial of service, local
MD5 | ceddc7e16be3678a1a2f197e3a7282c4
CyberLink Stack Buffer Overflow
Posted Dec 9, 2011
Authored by modpr0be

Multiple CyberLink products suffer a file project handling stack buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 40c4212ec2b7b74593f44d50562a722b
HTC Touch2 T3333 Memory Corruption
Posted Dec 9, 2011
Authored by Celil Unuver

HTCVideoPlayer is the default media player of HTC Windows Mobile devices. This media player is prone to a memory corruption vulnerability while parsing stbl atom of 3g2 video format.

tags | exploit
systems | linux, windows
MD5 | aefef4e78f84322cb0e770893f62b152
Ficha Blind SQL Injection
Posted Dec 9, 2011
Authored by Th4 MasK

Ficha suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c9e5ca37329be466478d7af1bf98711b
WeBaCoo (Web Backdoor Cookie) 0.1.2
Posted Dec 9, 2011
Authored by Anestis Bechtsoudis | Site github.com

WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.

tags | tool, web, rootkit
systems | unix
MD5 | 983c15146c1156bde098d9e81f412157
Asterisk Project Security Advisory - AST-2011-013
Posted Dec 9, 2011
Authored by Terry Wilson | Site asterisk.org

Asterisk Project Security Advisory - It is possible to enumerate SIP usernames when the general and user/peer NAT settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header. In 1.4 and 1.6.2, this would mean if one setting was nat=yes or nat=route and the other was either nat=no or nat=never. In 1.8 and 10, this would mean when one was nat=force_rport or nat=yes and the other was nat=no or nat=comedia.

tags | advisory
MD5 | def059b81354c49994d1128fdf133f47
CA SiteMinder Cross Site Scripting
Posted Dec 9, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk in CA SiteMinder. A vulnerability exists that can allow a malicious user to execute a reflected cross site scripting (XSS) attack. CA Technologies has issued patches to address the vulnerability. The vulnerability occurs due to insufficient validation of postpreservationdata parameter input utilized in the login.fcc form. A malicious user can submit a specially crafted request to effectively hijack a victim’s browser.

tags | advisory, xss
advisories | CVE-2011-4054
MD5 | 9435d2cbd0b2a3a7c849068263dac9ff
Red Hat Security Advisory 2011-1807-01
Posted Dec 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1807-01 - JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-4516, CVE-2011-4517
MD5 | 2a4b80e4a8cf02b7d8ebf21cb5a9adbb
Ubuntu Security Notice USN-1297-1
Posted Dec 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1297-1 - Pall McMillan discovered that Django used the root namespace when storing cached session data. A remote attacker could exploit this to modify sessions. Paul McMillan discovered that Django would not timeout on arbitrary URLs when the application used URLFields. This could be exploited by a remote attacker to cause a denial of service via resource exhaustion. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2011-4136, CVE-2011-4137, CVE-2011-4138, CVE-2011-4139
MD5 | ce1617b82ce87632b4a9519fd8b13045
Docebo LMS 4.0.4 SQL Injection / Code Execution
Posted Dec 9, 2011
Authored by mr_me

Docebo LMS versions 4.0.4 and below suffer from remote SQL injection and code execution vulnerabilities.

tags | exploit, remote, shell, sql injection
MD5 | fddbc1f9aafd6746e19ae1aaf615a654
Pet Listing Cross Site Scripting
Posted Dec 9, 2011
Authored by Mr.PaPaRoSSe

Pet Listing suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4b4a29e9ecfd716ed0901e19d7242539
Secunia Security Advisory 47172
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for opera. This fixes multiple vulnerabilities, where one has an unknown impact and others can be exploited by malicious people to bypass certain security features, disclose potentially sensitive information, and hijack a user's session.

tags | advisory, vulnerability
systems | linux, suse
MD5 | d16778be3eee2eb3d652d44bc26bb9c9
Secunia Security Advisory 47190
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the JCE component for Joomla!, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
MD5 | 6f8606b0cf7016214f699f21cfbb0d77
Secunia Security Advisory 47040
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in HP Application Lifecycle Management, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
MD5 | 6f97154c6fb1c62b858df16aaf3963c1
Secunia Security Advisory 47156
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for kexec-tools. This fixes two security issues, which can be exploited by malicious, local users and malicious people to disclose sensitive information.

tags | advisory, local
systems | linux, redhat
MD5 | d2734d6ae8f2d94c50d88a1c9b618d13
Secunia Security Advisory 47114
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Trend Micro Control Manager, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | 846a90b866871c0855bd23c307638b44
Secunia Security Advisory 47153
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 54f8a96289ad8dd0f321056b69f3bb67
Secunia Security Advisory 47160
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for colord. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to conduct SQL injection attacks.

tags | advisory, local, vulnerability, sql injection
systems | linux, ubuntu
MD5 | 5e15d0e66ee440256712cf5bc44caecd
Secunia Security Advisory 47115
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in ZENworks Asset Management, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | ef9e72b82ec502d06d9a0d5ea6a3e3e2
Secunia Security Advisory 47148
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, ubuntu
MD5 | c3395559fa8d45553e0c090e6c1e1a1c
Secunia Security Advisory 47080
Posted Dec 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in SourceBans, which can be exploited by malicious users to disclose potentially sensitive information.

tags | advisory, vulnerability
MD5 | ac81ce2e26e7e9932bdf636e98f7b74b
Page 1 of 3
Back123Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close