seeing is believing
Showing 1 - 25 of 58 RSS Feed

Files Date: 2012-02-24

Movable Type Publishing Platform Cross Site Scripting
Posted Feb 24, 2012
Authored by Jonathan Claudius | Site trustwave.com

Movable Type Publishing Platform versions prior to 5.13, 5.07, and 4.38 are affected by a cross site scripting vulnerability. After extracting the Moveable Type CGI files and source files on to a web server, but before the application is fully installed, cross site scripting vulnerabilities are present in the '/cgi-bin/mt/mt-wizard.cgi' page.

tags | exploit, web, cgi, vulnerability, xss
advisories | CVE-2012-1262
MD5 | 241cf86dc42ae73227e3d0e7d6cacac1
Bugzilla Cross Site Request Forgery
Posted Feb 24, 2012
Site bugzilla.org

Bugzilla Security Advisory - Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered in Bugzilla versions 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2.

tags | advisory, cgi, csrf
advisories | CVE-2012-0453
MD5 | 7f5bb70eed178bf01f090d38e0383eb3
HP Security Bulletin HPSBMU02739 SSRT100280 2
Posted Feb 24, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02739 SSRT100280 2 - A potential security vulnerability has been identified with HP Data Protector Storage Media Operations (SMO). This vulnerability could be remotely exploited to allow execution of arbitrary code. Revision 2 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2011-4791
MD5 | 3e657156cacc120d27fee359eb7794d6
CJWSoft ASPGuest Guestbook SQL Injection
Posted Feb 24, 2012
Authored by demonalex

CJWSoft ASPGuest Guestbook suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d28b96ec3b0eef15d6f1181dd2e491b8
PHP Gift Registry 1.5.5 SQL Injection
Posted Feb 24, 2012
Authored by G13

PHP Gift Registry version 1.5.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, registry, sql injection
advisories | CVE-2012-2236
MD5 | 53a5d7853ede2a9b2562c03f725a0777
Dropbear SSH Server Use-After-Free
Posted Feb 24, 2012
Authored by Danny Fullerton

The Dropbear SSH server suffers from a use-after-free vulnerability that allows for arbitrary code execution.

tags | advisory, arbitrary, code execution
advisories | CVE-2012-0920
MD5 | 8326671660b7dbfd6d85df752e9322e6
Bontq Cross Site Scripting
Posted Feb 24, 2012
Authored by Sony

Bontq suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b977256160f094bfb6ab21194d94e0de
darkBC Python Connect-Back Script
Posted Feb 24, 2012
Authored by baltazar

This is a small connect-back script written in Python.

tags | tool, rootkit, python
systems | unix
MD5 | 2a7f1e94c35ca603a309de806dfd4ef6
HP Security Bulletin HPSBUX02737 SSRT100747 2
Posted Feb 24, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02737 SSRT100747 2 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2012-0050
MD5 | a2682e45c9798a86bfcacf3216da22cd
JSRum SQL Injection
Posted Feb 24, 2012
Authored by the_cyber_nuxbie

JSRum suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d0a4a554d20dadd661cad290d1a17ef6
HP Data Protector 6.1 EXEC_CMD Remote Code Execution
Posted Feb 24, 2012
Authored by Wireghoul, ch0ks, c4an | Site metasploit.com

This exploit abuses a vulnerability in the HP Data Protector service. This flaw allows an unauthenticated attacker to take advantage of the EXEC_CMD command and traverse back to /bin/sh, this allows arbitrary remote code execution under the context of root.

tags | exploit, remote, arbitrary, root, code execution
advisories | CVE-2011-0923
MD5 | f0242a5c579272779b460b669850bcd2
WineBiz SQL Injection
Posted Feb 24, 2012
Authored by AtlasTeam

WineBiz suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | aeddb2a9dec211896d14c8ccfb79d7a4
Feng Chen SQL Injection
Posted Feb 24, 2012
Authored by AtlasTeam

Feng Chen suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | efa626429c91c1137847234679aba135
BlackBerry PlayBook Samba Remote Code Execution
Posted Feb 24, 2012
Authored by Andy Davis | Site ngssecure.com

BlackBerry PlayBook suffers from a samba related code execution vulnerability. Tablet versions prior to 2.0.0.7971 are affected.

tags | advisory, code execution
MD5 | 9483265264f97e916e76107af9f59a96
Ubuntu Security Notice USN-1374-1
Posted Feb 24, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1374-1 - Andy Davis discovered that Samba incorrectly handled certain AndX offsets. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-0870
MD5 | b345812a9ab6aa5c092382c50eb0ff1d
Ubuntu Security Notice USN-1373-1
Posted Feb 24, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1373-1 - It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. Various other issues were also addressed.

tags | advisory, java, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2011-5035, CVE-2011-3563, CVE-2012-0497, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507
MD5 | 6e240f574ace2856c4b3970d69e807cc
Debian Security Advisory 2416-1
Posted Feb 24, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2416-1 - It was discovered that Notmuch, an email indexer, did not sufficiently escape Emacs MML tags. When using the Emacs interface, a user could be tricked into replying to a maliciously formatted message which could lead to files from the local machine being attached to the outgoing message.

tags | advisory, local
systems | linux, debian
MD5 | f3d7bf0e104e23575d5c2cbd1faf83a7
darkb0t IRC Python Bot 0.1
Posted Feb 24, 2012
Authored by baltazar

darkb0t is an IRC bot written in Python that is capable of doing reverse DNS lookups, google dork searching, performing link checking on SQL injection, and more.

tags | sql injection, python
MD5 | 6b7a7a4ca2a6a56446a08417b1100965
PHPFox Cross Site Scripting
Posted Feb 24, 2012
Authored by tRipLeZiX

PHPFox suffers from a base64 encoded cross site scripting vulnerability.

tags | exploit, xss
MD5 | 34958dbf15938fa0ac5ee7f61e580f94
Zerecords SQL Injection
Posted Feb 24, 2012
Authored by Th4 MasK

Zerecords suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f127232a0b0ab187d4ec057560e49689
Samhain File Integrity Checker 3.0.2a
Posted Feb 24, 2012
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: This release fixes a regression that could cause a segfault at startup on systems that do not have inotify.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | 284edfe2aa18f8498041275e09ddb58f
Oracle JD Edwards Security Kernel Information Disclosure
Posted Feb 24, 2012
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - If a specially crafted packet is sent to the JDENet Service (6015 TCP by default), then it would be possible to validate arbitrary (USER, ROLE, ENVIRONMENT) tuples, in order to detect valid ones.

tags | advisory, arbitrary, tcp
advisories | CVE-2011-2326
MD5 | 87766527c46244ae86d688733b33c1e5
Oracle JD Edwards SawKernel SET_INI Configuration Modification
Posted Feb 24, 2012
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - If a specially crafted message is sent to the JDENET service (specifically to the SAW Kernel), a user can remotely change the JDE.INI configuration file. This situation might help the attacker to perform complex attacks that would lead in a full compromise of the system.

tags | advisory, kernel
advisories | CVE-2011-3514
MD5 | 09db0464c87d9bc613e62c4692f5908d
The Uploader 2.0.4 (Eng/Ita) Remote File Upload
Posted Feb 24, 2012
Authored by Danny Moules | Site metasploit.com

This Metasploit module exploits various flaws in The Uploader to upload a PHP payload to target system. When run with defaults it will search possible URIs for the application and exploit it automatically. Works against both English and Italian language versions. Notably it disables pre-emptive email warnings before uploading the payload, though it leaves log cleanup as a post-exploitation task.

tags | exploit, php
advisories | CVE-2011-2944
MD5 | 29e2d0d8a2ef80ee6eda1b3ac294306b
TrendMicro Control Manager 5.5 Buffer Overflow
Posted Feb 24, 2012
Authored by blue, Luigi Auriemma | Site metasploit.com

This Metasploit module exploits a vulnerability in the CmdProcessor.exe component of Trend Micro Control Manager up to version 5.5. The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet, controlled data is copied into a 256-byte stack buffer. This can be exploited to execute remote code under the context of the user.

tags | exploit, remote, tcp
advisories | CVE-2011-5001, OSVDB-77585
MD5 | 7ddef7492fc7b4ecaa024912ce5d983a
Page 1 of 3
Back123Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    2 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close