exploit the possibilities
Showing 1 - 25 of 39 RSS Feed

Files Date: 2012-03-23

Mandriva Linux Security Advisory 2012-037
Posted Mar 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-037 - The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, imap
systems | linux, mandriva
advisories | CVE-2011-3481
MD5 | 07d345e49689aa4d859ea4b306d8d515
Mandriva Linux Security Advisory 2012-036
Posted Mar 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-036 - Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a \%2e\%2e in a URI. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2011-2524
MD5 | c585b6d2c018e2b1a8d4f874e616de01
Mandriva Linux Security Advisory 2012-035
Posted Mar 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-035 - Multiple out-of heap-based buffer read flaws and invalid pointer dereference flaws were found in the way file, utility for determining of file types processed header section for certain Composite Document Format files. A remote attacker could provide a specially-crafted CDF file, which once inspected by the file utility of the victim would lead to file executable crash. The updated packages for Mandriva Linux 2011 have been upgraded to the 5.11 version and the packages for Mandriva Linux 2010.2 has been patched to correct these issues.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2012-1571
MD5 | 72ed82996783a49be3bded84f504099d
Apache Traffic Server Host Header Denial Of Service
Posted Mar 23, 2012
Site trafficserver.apache.org

Apache Traffic Server versions prior to 3.0.4 as well as all development releases prior to 3.1.3 suffers from a remote denial of service vulnerability.

tags | advisory, remote, denial of service
advisories | CVE-2012-0256
MD5 | 240c1a92bd4e543c7b222ca4f12a511c
Prado 3.x Cross Site Scripting
Posted Mar 23, 2012
Authored by Gabor Berczi

Prado PHP Framework version 3.x suffers from a cross site scripting vulnerability.

tags | advisory, php, xss
MD5 | 8b9567c397dea31473fcefd8557af06a
Mandriva Linux Security Advisory 2012-034
Posted Mar 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-034 - libzip uses an incorrect loop construct, which can result in a heap overflow on corrupted zip files. libzip has a numeric overflow condition, which, for example, results in improper restrictions of operations within the bounds of a memory buffer. The updated packages have been upgraded to the 0.10.1 version to correct these issues.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2012-1162, CVE-2012-1163
MD5 | 0704fc7b20d52e704350f1534e10fc83
Apache Struts2 Local Code Execution
Posted Mar 23, 2012
Authored by voidloafer

Apache Struts2 suffers from a xsltResult local code execution vulnerability.

tags | exploit, local, code execution
MD5 | 98856f585d38b1a71d4d94d9be37fb18
phpFox 3.0.1 Remote Command Execution
Posted Mar 23, 2012
Authored by EgiX

phpFox versions 3.0.1 and below remote command execution exploit that leverages ajax.php.

tags | exploit, remote, php
MD5 | 2c40d140d5c3ccd79eafaae5dc234ca8
CoreCommerce SQL Injection
Posted Mar 23, 2012
Authored by ZeTH

CoreCommerce suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f64503af2ae1445e4d17993aa89e0205
FreePBX 2.10.0 / Elastic 2.2.0 Remote Code Execution
Posted Mar 23, 2012
Authored by muts

FreePBX version 2.10.0 and Elastic version 2.2.0 remote root code execution exploit.

tags | exploit, remote, root, code execution
MD5 | ae2de3d3720dc24c566dbcd306379f08
mmPlayer 2.2 .ppl Buffer Overflow
Posted Mar 23, 2012
Authored by RjRjh Hack3r

mmPlayer version 2.2 buffer overflow exploit that makes a malicious .ppl file.

tags | exploit, overflow
MD5 | 9cd5f4daeb2ae0279b2550719fd1986f
mmPlayer 2.2 .m3u Buffer Overflow
Posted Mar 23, 2012
Authored by RjRjh Hack3r

mmPlayer version 2.2 buffer overflow exploit that makes a malicious .m3u file.

tags | exploit, overflow
MD5 | 81af3b39f0b6852fef86946996e3d1bd
Ubuntu Security Notice USN-1401-2
Posted Mar 23, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1401-2 - USN-1401-1 fixed vulnerabilities in Xulrunner. This update provides the corresponding fixes for Thunderbird. It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash. Atte Kettunen discovered a use-after-free vulnerability in the Gecko Rendering Engine's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the Xulrunner based application. Atte Kettunen discovered an out of bounds read vulnerability in the Gecko Rendering Engine's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Soroush Dalili discovered that the Gecko Rendering Engine did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents of the frame or steal confidential data. Mariusz Mlynski discovered that the Home button accepted JavaScript links to set the browser Home page. An attacker could use this vulnerability to get the script URL loaded in the privileged about:sessionrestore context. Bob Clary, Vincenzo Iozzo, and Willem Pinckaers discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2011-3658, CVE-2012-0457, CVE-2012-0456, CVE-2012-0455, CVE-2012-0458, CVE-2011-3658, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0461, CVE-2012-0464
MD5 | 5f650dc9fb6a31a3f4f982be40c93c11
LT-Net Solucoes Blind SQL Injection
Posted Mar 23, 2012
Authored by the_cyber_nuxbie

LT-Net Solucoes suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 952644898378d9e6624fc61143a927e6
Ubuntu Security Notice USN-1403-1
Posted Mar 23, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1403-1 - Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144, CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134
MD5 | 942da569189e60bb6cd7117e3b69cdb9
Spotify 0.8.2.610 Memory Exhaustion
Posted Mar 23, 2012
Authored by LiquidWorm | Site zeroscience.mk

Spotify version 0.8.2.610 suffers from a memory exhaustion vulnerability. The vulnerability is caused due to the Search box function not checking the boundary of user input.

tags | exploit
MD5 | 730623a07247a9d0ffd781a321719a22
Wolfcms 0.75 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 23, 2012
Authored by Ivano Binetti

Wolfcms versions 0.75 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | e6ae06514d32e137ce5028f0b7221a8e
Sitecom WLM-2501 Cross Site Request Forgery
Posted Mar 23, 2012
Authored by Ivano Binetti

Sitecom WLM-2501 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | 12ce2c29bd0d4723b3f6a1a9bd2a28fa
phpMoneyBooks 1.0.2 Local File Inclusion
Posted Mar 23, 2012
Authored by Mark Stanislav

phpMoneyBooks version 1.0.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2012-1669
MD5 | 6f9756dea330b8b07b0246823f527fde
PHP Grade Book 1.9.4 SQL Database Export
Posted Mar 23, 2012
Authored by Mark Stanislav

PHP Grade Book version 1.9.4 suffers from an unauthenticated SQL database export vulnerability.

tags | exploit, php, sql injection
advisories | CVE-2012-1670
MD5 | f9f66b480deb9d5ff7295d77e771a506
Apache Wicket 1.4.x / 1.5.x File Disclosure
Posted Mar 23, 2012
Authored by Sebastian van Erk

Apache Wicket versions 1.4.x and 1.5.x suffer from a file content disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2012-1089
MD5 | 6cc3e2ff8d0634fce668330d265677b9
Apache Wicket 1.4.x Cross Site Scripting
Posted Mar 23, 2012
Authored by Jens Schenck

Apache Wicket version 1.4.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2012-0047
MD5 | 6eb4b76dbe95c5e1c4a2d49f0f4f48f8
Atheme IRC Services CertFP Privilege Escalation
Posted Mar 23, 2012
Site atheme.org

Atheme IRC Services CertFP suffers from an improper clean-up vulnerability that can allow for a privilege escalation or a crash.

tags | advisory
MD5 | 74b23fbfa134eabe63958ecc7ea60066
Secunia Security Advisory 48543
Posted Mar 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - rgod has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system.

tags | advisory, activex
systems | cisco
MD5 | 89d8a08aa5076e438f3ea6da70b56023
Secunia Security Advisory 48525
Posted Mar 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the vBShout module for vBulletin, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
MD5 | 13f1907a2b8c729f0c64023778226038
Page 1 of 2
Back12Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    3 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close