exploit the possibilities
Showing 1 - 22 of 22 RSS Feed

Files Date: 2011-12-23

Oracle Job Scheduler Named Pipe Command Execution
Posted Dec 23, 2011
Authored by David Litchfield, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits the Oracle Job Scheduler to execute arbitrary commands. The Job Scheduler is implemented via the component extjob.exe which listens on a named pipe called "orcljsex<SID>" and execute arbitrary commands received throw this channel via CreateProcess(). In order to connect to the Named Pipe remotely SMB access is required. This Metasploit module has been tested on Oracle 10g Release 1 where the Oracle Job Scheduler runs as SYSTEM on Windows but it's disabled by default.

tags | exploit, arbitrary
systems | windows
MD5 | b4e7d842beab7ffc75f28b136eb9d163
Open Conference / Journal / Harvester Systems 2.3.x Code Execution
Posted Dec 23, 2011
Authored by mr_me

Open Conference Systems versions 2.3.4 and below, Open Journal Systems version 2.3.6 and below and Open Harvester Systems versions 2.3.1 and below remote code execution exploit.

tags | exploit, remote, code execution
MD5 | 820e73376d71e4e3d1f17008675ae4e0
SIP Username Enumerator For Asterisk
Posted Dec 23, 2011
Authored by Ben Williams

This Metasploit module exploits a SIP username enumeration vulnerability in Asterisk. Performs a REGISTER scan for numeric peer usernames having a nat setting different to global sip nat setting. Works even when alwaysauthreject=yes. For this exploit to work, the source port cannot be 5060.

tags | exploit
advisories | CVE-2011-4597
MD5 | e15f3be4b3a7f945e728b57450d88497
Secunia Security Advisory 47308
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Whois.Cart, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 902b52c4e5903c9a73b2f451f9d3746f
Secunia Security Advisory 47329
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Managed Printing Administration, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
MD5 | 8c9b6c94c470cc5d58208bcd64a411e4
Secunia Security Advisory 47326
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for unbound. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, debian
MD5 | e935e9b6cf9ce16e83a298ce2175e414
Secunia Security Advisory 47296
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to gain escalated privileges.

tags | advisory, kernel, local
systems | linux
MD5 | e56e320f02feb1fd071e88b4ed20340f
Secunia Security Advisory 47320
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Tiki Wiki CMS/Groupware, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
MD5 | 64d60099d266ec1702c9f9b363d0f28a
Secunia Security Advisory 47355
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and compromise a user's system.

tags | advisory, vulnerability, xss
systems | linux, ubuntu
MD5 | 097581988425b30b6c60ca2d56e33a29
Secunia Security Advisory 47256
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows Phone, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | windows
MD5 | 10a88cbaed7cc960b95cfa4fec01d626
Secunia Security Advisory 47139
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in Open Business Management, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose potentially sensitive information and conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
MD5 | 92680c7ee71a6ef1fd36bb290a6aa99e
Secunia Security Advisory 47277
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Websense products, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a vulnerable system.

tags | advisory, vulnerability, xss
MD5 | 6bf068893b47b7821671ec2a9d3b351a
Secunia Security Advisory 47315
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - MustLive has discovered a vulnerability in Android, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
MD5 | 69aef71357ad596c5d415ffdb1423e28
Secunia Security Advisory 47285
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in cApexWEB, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
MD5 | a0779cc55c86efdbccbc94db0b215a64
Secunia Security Advisory 47332
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to gain escalated privileges.

tags | advisory, kernel, local
systems | linux, redhat
MD5 | 1974c7f672f52ec0201fd692d85fcd83
Secunia Security Advisory 47310
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Rational Rhapsody, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | 7ec576813b380257a6d0fd9ca812cdc8
Secunia Security Advisory 47346
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM DB2 and IBM DB2 Connect, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
MD5 | 7d1274bcd568bd8af5dc36cf07aeee73
Secunia Security Advisory 47330
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Public Knowledge Project Open Journal Systems and Open Conference Systems, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
MD5 | 811ca3885377a59795cbf5d1a8812dbc
Secunia Security Advisory 47286
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in BB FlashBack SDK, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | 11b4e27d0bbd75dd8689da467cacea8b
PmWiki 2.2.34 Remote PHP Code Injection Exploit
Posted Dec 23, 2011
Authored by EgiX, TecR0c | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in PmWiki from 2.0.0 to 2.2.34. The vulnerable function is inside /scripts/pagelist.php.

tags | exploit, arbitrary, php
advisories | CVE-2011-4453, OSVDB-77261
MD5 | e4e50e113930a054f27b8419fa7c20bb
Splunk Search Remote Code Execution
Posted Dec 23, 2011
Authored by Gary O'Leary-Steele, juan vazquez | Site metasploit.com

This Metasploit module abuses a command execution vulnerability within the web based interface of Splunk 4.2 to 4.2.4. The vulnerability exists within the 'mappy' search command which allows to run python code. To exploit this vulnerability a valid Splunk user with the admin role is required. Unfortunately, Splunk uses a default credential of 'admin:changeme' for admin access, which is used to leverage our attack. The Splunk Web interface runs as SYSTEM on Windows and as root on Linux by default.

tags | exploit, web, root, python
systems | linux, windows
advisories | CVE-2011-4642, OSVDB-77695
MD5 | 294cfa16c9506b36e2aaf7e1e00192ff
Tiki Wiki CMS Groupware 8.2 Code Injection
Posted Dec 23, 2011
Authored by EgiX

Tiki Wiki CMS Groupware versions 8.2 and below suffer from a remote PHP code injection vulnerability in snarf_ajax.php.

tags | exploit, remote, php
advisories | CVE-2011-4558
MD5 | 35db9c395c0b15f0e7c9ed2394f60a62
Page 1 of 1
Back1Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    12 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    16 Files
  • 22
    May 22nd
    3 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close