what you don't know can hurt you
Showing 1 - 25 of 36 RSS Feed

Files Date: 2012-03-19

Microsoft.com Cross Site Scripting
Posted Mar 19, 2012
Authored by Sony, Flexxpoint

www.microsoft.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 718873ebed4ab7685e9145ba623627af
Anti-Virus File Parsing Evasion
Posted Mar 19, 2012
Authored by Suman Jana, Vitaly Shmatikov

Many different AntiVirus products suffer from various file-parsing evasion vulnerabilities. Some of the affected pieces of software include AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, and Panda 10.0.

tags | advisory, vulnerability
advisories | CVE-2012-1419, CVE-2012-1420, CVE-2012-1421, CVE-2012-1422, CVE-2012-1423, CVE-2012-1424, CVE-2012-1425, CVE-2012-1426, CVE-2012-1427, CVE-2012-1428, CVE-2012-1429, CVE-2012-1430, CVE-2012-1431, CVE-2012-1432, CVE-2012-1433, CVE-2012-1434, CVE-2012-1435, CVE-2012-1436, CVE-2012-1437, CVE-2012-1438, CVE-2012-1439, CVE-2012-1440, CVE-2012-1441, CVE-2012-1442, CVE-2012-1443, CVE-2012-1444, CVE-2012-1445, CVE-2012-1446
MD5 | cd1fc01e6197724e3a23b2d01055c03d
Greenpeace.fr Cross Site Scripting
Posted Mar 19, 2012
Authored by Atmon3r

Greenpeace.fr suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4753a9e11b4cb12238d566896e7eaf01
ManageEngine Device Expert 5.6 Directory Traversal
Posted Mar 19, 2012
Authored by rgod | Site retrogod.altervista.org

ManageEngine Device Expert version 5.6 suffers from a Java Server ScheduleResultViewer servlet unauthenticated remote directory traversal vulnerability.

tags | exploit, java, remote, file inclusion
MD5 | 22b3da91562b5553003f5850ffc6944f
Red Hat Security Advisory 2012-0397-01
Posted Mar 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0397-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. All users of glibc are advised to upgrade to these updated packages, which contain a patch to resolve this issue.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-0864
MD5 | 0b1e438c26717b923003ac698aa0465d
Red Hat Security Advisory 2012-0396-01
Posted Mar 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0396-01 - JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. A flaw was found in the way LDAP authentication was handled. If the LDAP bind account credentials became invalid, subsequent log in attempts with any password for user accounts created via LDAP were successful. A remote attacker could use this flaw to log into LDAP-based JBoss ON accounts without knowing the correct passwords.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-1100
MD5 | 3e4d1d8f0f8720becbbd9b1a798952da
360-FAAR Firewall Analysis Audit And Repair 0.1.8
Posted Mar 19, 2012
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release adds support for cisco 'group-object' nested groups and a cisco policy writer.
tags | tool, perl
systems | unix
MD5 | 6e06196547dbe7a2a10ea4e6c7f8ca3b
Pentest: Information Gathering
Posted Mar 19, 2012
Authored by Jose Miguel Holguin, Broja Merino Febrero

This is a whitepaper called Pentest: Information Gathering. Written in Spanish.

tags | paper
MD5 | 2ca850ead2557a7defe47affd47c6ce8
LANDesk Lenovo ThinkManagement Suite 9.0.3 Code Execution
Posted Mar 19, 2012
Authored by rgod | Site retrogod.altervista.org

LANDesk Lenovo ThinkManagement Suite version 9.0.3 suffers from a core server remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2012-1195
MD5 | 427d81acba32c9ed18437de98ddfe7ec
Deathcore XP SQL Injection
Posted Mar 19, 2012
Authored by 3spi0n

Deathcore XP suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | bbd3561de4f6841842c4a5833a4ad0db
LiteSpeed 4.1.11 Cross Site Scripting
Posted Mar 19, 2012
Authored by K1P0D

LiteSpeed versions 4.1.11 and below suffer from a cross site scripting vulnerability in the admin panel.

tags | exploit, xss
MD5 | cb262a31c03a7f7f3d46981dc687af77
HP Security Bulletin HPSBPI02728 SSRT100692 5
Posted Mar 19, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02728 SSRT100692 5 - A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. Revision 5 of this advisory.

tags | advisory
advisories | CVE-2011-4161
MD5 | c32c14989910f7e2c2909b1435615f43
Excode SQL Injection
Posted Mar 19, 2012
Authored by the_cyber_nuxbie

Excode suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a43cc11362d9de720dc49e517a70ac26
2X Client For RDP 10.1.1204 Download / Execute
Posted Mar 19, 2012
Authored by rgod | Site retrogod.altervista.org

2X Client for RDP version 10.1.1204 suffers from a ClientSystem class active-x control download and execute vulnerability that affects TuxClientSystem.dll.

tags | exploit, activex
MD5 | 1450012685a5458cee5591d5dfd4355b
2X Application Server 10.1 File Overwrite
Posted Mar 19, 2012
Authored by rgod | Site retrogod.altervista.org

2X Application Server version 10.x suffers from a TuxSystem class active-x control file overwrite involving TuxScripting.dll.

tags | exploit, activex
advisories | CVE-2012-1065
MD5 | fb12d3e817e693fc4975826b5c52f488
FastWeb2 SQL Injection
Posted Mar 19, 2012
Authored by the_cyber_nuxbie

FastWeb2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | dbf5bdf51d08ee4085ae9b44c6fb1f41
RSA enVision Cross Site Scripting / SQL Injection
Posted Mar 19, 2012
Authored by Filip Palian | Site emc.com

RSA enVision 4.x suffers from remote SQL injection, cross site scripting, authentication attempt restriction, and hardcoded credential vulnerabilities.

tags | advisory, remote, vulnerability, xss, sql injection
advisories | CVE-2012-0399, CVE-2012-0400, CVE-2012-0401, CVE-2012-0402, CVE-2012-0403
MD5 | 6aa738f6130c4494f4e9ed3ec7402720
at32 Reverse Proxy 1.060.310 Denial Of Service
Posted Mar 19, 2012
Authored by demonalex

at32 Reverse Proxy version 1.060.310 suffers from multiple HTTP header field denial of service vulnerabilities.

tags | exploit, web, denial of service, vulnerability
MD5 | eee32c58673d40981fe29cc143d5dadb
Zinf Audio Player 2.2.1 Buffer Overflow
Posted Mar 19, 2012
Authored by mAniNdArK

Zinf Audio Player version 2.2.1 buffer overflow exploit that creates a malicious .m3u file. Written in Python.

tags | exploit, overflow, python
MD5 | 38d87bc1976862de944c81e4739cbcf2
Tor Browser Bundle Debug Mode
Posted Mar 19, 2012
Authored by cypherpunks

RelativeLink.sh in Tor browser bundle has a small typo causing debug mode to be always turned on. This, in turn, may log sensitive information like domain names.

tags | advisory
MD5 | fec25cbfe811d5bb5e48fd96a45bfcf2
Debian Security Advisory 2436-1
Posted Mar 19, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2436-1 - It was discovered that the Apache FCGID module, a FastCGI implementation, did not properly enforce the FcgidMaxProcessesPerClass resource limit, rendering this control ineffective and potentially allowing a virtual host to consume excessive resources.

tags | advisory
systems | linux, debian
advisories | CVE-2012-1181
MD5 | a2d02263360c404d7ab4417987220b4b
Ubuntu Security Notice USN-1401-1
Posted Mar 19, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1401-1 - It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash. Atte Kettunen discovered a use-after-free vulnerability in the Gecko Rendering Engine's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the Xulrunner based application. Atte Kettunen discovered an out of bounds read vulnerability in the Gecko Rendering Engine's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-3658, CVE-2012-0457, CVE-2012-0456, CVE-2012-0455, CVE-2012-0458, CVE-2011-3658, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0461, CVE-2012-0464
MD5 | fbd9b4226e29978e7c37b0daa2531688
Hermesconcept SQL Injection
Posted Mar 19, 2012
Authored by the_cyber_nuxbie

Hermesconcept suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | aec2a5b773e0679833e998c04a84d057
Jeux Fille SQL Injection
Posted Mar 19, 2012
Authored by Th4 MasK

Jeux Fille suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3bf3575c010b7028d953cbfe401ab27e
PCL SQL Injection
Posted Mar 19, 2012
Authored by Th4 MasK

PCL suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 03a70715ebb9c8529f2ac774a69b00f9
Page 1 of 2
Back12Next

File Archive:

February 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    33 Files
  • 2
    Feb 2nd
    30 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    8 Files
  • 5
    Feb 5th
    11 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    1 Files
  • 8
    Feb 8th
    37 Files
  • 9
    Feb 9th
    15 Files
  • 10
    Feb 10th
    11 Files
  • 11
    Feb 11th
    26 Files
  • 12
    Feb 12th
    8 Files
  • 13
    Feb 13th
    1 Files
  • 14
    Feb 14th
    1 Files
  • 15
    Feb 15th
    9 Files
  • 16
    Feb 16th
    33 Files
  • 17
    Feb 17th
    6 Files
  • 18
    Feb 18th
    10 Files
  • 19
    Feb 19th
    20 Files
  • 20
    Feb 20th
    1 Files
  • 21
    Feb 21st
    1 Files
  • 22
    Feb 22nd
    17 Files
  • 23
    Feb 23rd
    15 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    28 Files
  • 26
    Feb 26th
    25 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close