exploit the possibilities
Showing 1 - 25 of 32 RSS Feed

Files Date: 2011-12-22

phpMyAdmin 3.4.8 Cross Site Scripting
Posted Dec 22, 2011
Authored by Jason Leyrer | Site trustwave.com

phpMyAdmin version 3.4.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2011-4782
MD5 | f02f278dbeedaec4203bcc81374f73f7
Debian Security Advisory 2369-1
Posted Dec 22, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2369-1 - It was discovered that libsoup2.4, a HTTP library implementation in C, is not properly validating input when processing requests made to SoupServer. A remote attacker can exploit this flaw to access system files via a directory traversal attack.

tags | advisory, remote, web
systems | linux, debian
advisories | CVE-2011-2524
MD5 | f2651c77b7f4546cc931466b5b8aad8f
False SQL Injection / Advanced Blind SQL Injection
Posted Dec 22, 2011
Authored by wh1ant

This is a brief whitepaper called False SQL Injection and Advanced Blind SQL Injection.

tags | paper, sql injection
MD5 | 05040c813b44124bbd7a6080eb4585c3
Zero Day Initiative Advisory 11-354
Posted Dec 22, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-354 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely create arbitrary files.

tags | advisory, remote, arbitrary, asp
advisories | CVE-2011-4168
MD5 | 8d0d075c9270d3ca27e4079e36cc1eaf
Red Hat Security Advisory 2011-1850-01
Posted Dec 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1850-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access to the entire block device.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-4127
MD5 | 79286ca36889c92cf59100dc821ac852
Drupal 6.22 / SuperCron 6.x-1.3 Cross Site Scripting
Posted Dec 22, 2011
Authored by Justin C. Klein Keane

Drupal version 6.22 with SuperCron version 6.x-1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 8de5defe9193f6b1a764c7c7e8649b44
Whois Cart Billing Cross Site Scripting / Disclosure
Posted Dec 22, 2011
Authored by Chokri Ben Achor | Site vulnerability-lab.com

Whois Cart Billing suffers from cross site scripting and credential disclosure vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 5941b65e3f11be48ccaf0d50b6f6d47f
Debian Security Advisory 2370-1
Posted Dec 22, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2370-1 - It was discovered that Unbound, a recursive DNS resolver, would crash when processing certain malformed DNS responses from authoritative DNS servers, leading to denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2011-4528, CVE-2011-4869
MD5 | b9a3147445f3027b0942993abbfc4925
Ubuntu Security Notice USN-1254-1
Posted Dec 22, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1254-1 - It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Thunderbird 3.1. An attacker could potentially exploit a user who had installed an add-on that used loadSubscript in vulnerable ways. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2011-3647, CVE-2011-3648, CVE-2011-3650
MD5 | 54d62594ca5f1739d2bdaee96d5aa8ad
Red Hat Security Advisory 2011-1849-01
Posted Dec 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1849-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access to the entire block device.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2011-4127
MD5 | c7982db3883940bb94bca98424a50e24
Zero Day Initiative Advisory 11-353
Posted Dec 22, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-353 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPAUploader.dll file. An extended length string can be passed into scripts within the management website on port 80 (the 'uploadfile' multipart form data 'filename' parameter in Default.asp) and ultimately to MPAUploader.dll. As a static stack allocation is used to store the buffer and the string length is not handled properly, a remote attacker may overwrite the stack and ultimately execute remote code.

tags | advisory, remote, arbitrary, asp
advisories | CVE-2011-4167
MD5 | 671ebea656ba9bc4875b4c9cf481f2dc
Zero Day Initiative Advisory 11-352
Posted Dec 22, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-352 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to MPAUploader.Uploader.1.UploadFiles() to remotely create arbitrary files.

tags | advisory, remote, arbitrary
advisories | CVE-2011-4166
MD5 | 97f0c7aa7631d15ff3b9a3b51d2e4a88
Google Hack DB Tool 1.5
Posted Dec 22, 2011
Authored by SecPoint | Site secpoint.com

Google Hack DB Tool is a database tool with almost 8,000 entries. It allows administrators the ability to check their site for vulnerabilities based on data stored in Google.

Changes: Friendly output and examples. Database update.
tags | tool, scanner, vulnerability
systems | unix
MD5 | 3173786cb18765d7a36f45424ff75f3f
pfSense x509 Insecure Certificate Creation
Posted Dec 22, 2011
Authored by Florent Daigniere | Site trustmatta.com

pfSense version 2.0 suffers from an insecure x509 certificate creation vulnerability.

tags | advisory
advisories | CVE-2011-4197
MD5 | 9491347bc237f1bc705b5611bd5228c2
Iran Sports Network SQL Injection
Posted Dec 22, 2011
Authored by S.Azadi

Iran Sports Network suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 228f63837d16aea133df0589baa6f2f7
Zero Day Initiative Advisory 11-351
Posted Dec 22, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-351 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wellintek KingView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the protocol parsing code inside nettransdll.dll. The parent service is called HistoryServer.exe and listens on port 777. When a packet with op-code 3 is received, the service allocates memory from the heap based on the 10th and 11th bytes of the packet (element count). Packet data is then copied into the allocated buffer based on the first two bytes of the packet (packet size). These values can be manipulated to create a heap overflow and and attacker can exploit this to remotely execute arbitrary code in the context of the service (Local System).

tags | advisory, remote, overflow, arbitrary, local, protocol
advisories | CVE-2011-4536
MD5 | c5596eaecac29e412797232bd07abfd7
Secunia Security Advisory 47338
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
MD5 | 632ecf291ec9ac8b824fe00e9c0c023b
Secunia Security Advisory 46780
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and multiple vulnerabilities have been reported in pfSense, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability, xss
MD5 | 1f2b221ae927d05068fbde83f0b380ce
Secunia Security Advisory 47223
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in epesi BIM, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | df67f748b786a19a252da04550dde935
Secunia Security Advisory 47327
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in 7-Technologies Interactive Graphical SCADA System, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 20ce84ce77fe6251937f7f1f6a6ffb41
Secunia Security Advisory 47306
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for jasper. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

tags | advisory, vulnerability
systems | linux, ubuntu
MD5 | ce44c22c4657e8c778cc89d0a077d66e
Secunia Security Advisory 47299
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for libsoup2.4. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
systems | linux, debian
MD5 | 4d56c02e7f46a4ce2b247be077b3a73a
Secunia Security Advisory 47295
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IDAPython, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 3cfcbd9d5e3f006db1f224d5e10ece97
Secunia Security Advisory 47339
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in KingView, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | 1e84eae5dae8712ca4ca91c9b7a70c8f
Secunia Security Advisory 47349
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in SafeNet Sentinel HASP Run-time Environment, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
MD5 | eb45387d84f5e83873b018bad544a618
Page 1 of 2
Back12Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    3 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close