exploit the possibilities
Showing 1 - 22 of 22 RSS Feed

Files Date: 2011-12-23

Oracle Job Scheduler Named Pipe Command Execution
Posted Dec 23, 2011
Authored by David Litchfield, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits the Oracle Job Scheduler to execute arbitrary commands. The Job Scheduler is implemented via the component extjob.exe which listens on a named pipe called "orcljsex<SID>" and execute arbitrary commands received throw this channel via CreateProcess(). In order to connect to the Named Pipe remotely SMB access is required. This Metasploit module has been tested on Oracle 10g Release 1 where the Oracle Job Scheduler runs as SYSTEM on Windows but it's disabled by default.

tags | exploit, arbitrary
systems | windows
SHA-256 | a5520991853dfba840715d948313a5ca0eee49a3177ec837c2761cf043b2c418
Open Conference / Journal / Harvester Systems 2.3.x Code Execution
Posted Dec 23, 2011
Authored by mr_me

Open Conference Systems versions 2.3.4 and below, Open Journal Systems version 2.3.6 and below and Open Harvester Systems versions 2.3.1 and below remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | c8514bceee7ade59cbec79ac89af4009e9637eb3d5dcbf7b21c50429755f0ec6
SIP Username Enumerator For Asterisk
Posted Dec 23, 2011
Authored by Ben Williams

This Metasploit module exploits a SIP username enumeration vulnerability in Asterisk. Performs a REGISTER scan for numeric peer usernames having a nat setting different to global sip nat setting. Works even when alwaysauthreject=yes. For this exploit to work, the source port cannot be 5060.

tags | exploit
advisories | CVE-2011-4597
SHA-256 | 54da0d99e312b44be212dc5220e9ea0fef3a31a1f8a4b91a6f8f48f53c53ca09
Secunia Security Advisory 47308
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Whois.Cart, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 2a8873fd498e4864aec167d8bf600d099f08566136857d5e4a2f66caca79f71e
Secunia Security Advisory 47329
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Managed Printing Administration, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | 9a68c26e6c8423e9131753236ea182eab70f56400c1c0677734986cd0affde57
Secunia Security Advisory 47326
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for unbound. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, debian
SHA-256 | a5a00b15c00059d648cbd48c4ff05d6f977c75338250418f6a806ea9e05f5f03
Secunia Security Advisory 47296
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to gain escalated privileges.

tags | advisory, kernel, local
systems | linux
SHA-256 | 635187466a9d994594e720ac93f94f792231827fad4311342c1ac4e7802bf083
Secunia Security Advisory 47320
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Tiki Wiki CMS/Groupware, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | e09495fbd2214dc75e8da3a79c84401071d4d268c8ea782bfef8dab078f6929c
Secunia Security Advisory 47355
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and compromise a user's system.

tags | advisory, vulnerability, xss
systems | linux, ubuntu
SHA-256 | d29a97290ba10d51b169d16b55b77f9fc68ba8534935da3f161abb98a80cd652
Secunia Security Advisory 47256
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows Phone, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | windows
SHA-256 | d601ccb7ff992a42790dba8ecaa8246e8be0d11887d8ec7d2c601ebdbaab5794
Secunia Security Advisory 47139
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in Open Business Management, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose potentially sensitive information and conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 58a9baff3abf620f79e6309791bac2fc3c40860fe2d454c21233b53076509394
Secunia Security Advisory 47277
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Websense products, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a vulnerable system.

tags | advisory, vulnerability, xss
SHA-256 | 19e07477de40c94c6fbe93ecaa6643e97f28171f4060f91f308de2017aad553b
Secunia Security Advisory 47315
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - MustLive has discovered a vulnerability in Android, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
SHA-256 | 9f5ebed4a21407733324342aa69e54c3632ebae0d43bf4a1200a062e07fc22b2
Secunia Security Advisory 47285
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in cApexWEB, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 00ea78aeaa5454257f302418a42b455f38c25511417848d7e1e092798aea77b7
Secunia Security Advisory 47332
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to gain escalated privileges.

tags | advisory, kernel, local
systems | linux, redhat
SHA-256 | 9b8166808c22162036618de8808ece544c2774872189246d46e6a80da9b38bf9
Secunia Security Advisory 47310
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Rational Rhapsody, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 896533ff6f22bfac84355a38087c350a7a4e991d1ad5e8951dd4a138d9ef1f84
Secunia Security Advisory 47346
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM DB2 and IBM DB2 Connect, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
SHA-256 | fdc3e931c8a06884e63283cfa0a7548e713f2d10c38e14243adf5f71941d198f
Secunia Security Advisory 47330
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Public Knowledge Project Open Journal Systems and Open Conference Systems, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | ecfe1cf82a2d8092decef4bd7da9d7895960d89e85f0f2252af1c49fc353f846
Secunia Security Advisory 47286
Posted Dec 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in BB FlashBack SDK, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | a8970ac1ba41cdb7d29f4062abf18bb71929b92f51df8751a9dc6222d27221fa
PmWiki 2.2.34 Remote PHP Code Injection Exploit
Posted Dec 23, 2011
Authored by EgiX, TecR0c | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in PmWiki from 2.0.0 to 2.2.34. The vulnerable function is inside /scripts/pagelist.php.

tags | exploit, arbitrary, php
advisories | CVE-2011-4453, OSVDB-77261
SHA-256 | 2a414aa71e3429752f31a3f9f0ad17a08f3c3d290b612cfb08bbb15b1b14dea3
Splunk Search Remote Code Execution
Posted Dec 23, 2011
Authored by Gary O'Leary-Steele, juan vazquez | Site metasploit.com

This Metasploit module abuses a command execution vulnerability within the web based interface of Splunk 4.2 to 4.2.4. The vulnerability exists within the 'mappy' search command which allows to run python code. To exploit this vulnerability a valid Splunk user with the admin role is required. Unfortunately, Splunk uses a default credential of 'admin:changeme' for admin access, which is used to leverage our attack. The Splunk Web interface runs as SYSTEM on Windows and as root on Linux by default.

tags | exploit, web, root, python
systems | linux, windows
advisories | CVE-2011-4642, OSVDB-77695
SHA-256 | 4cec15e9c8252677e5cd1bb453f1bd43e0c2eb409d8162a5ce458bb290116509
Tiki Wiki CMS Groupware 8.2 Code Injection
Posted Dec 23, 2011
Authored by EgiX

Tiki Wiki CMS Groupware versions 8.2 and below suffer from a remote PHP code injection vulnerability in snarf_ajax.php.

tags | exploit, remote, php
advisories | CVE-2011-4558
SHA-256 | b7307f459df54b9ed0978af284f064b18dafbeb2458c69e4c3625d1e42e39172
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close