what you don't know can hurt you
Showing 1 - 9 of 9 RSS Feed

Files Date: 2012-04-07

CitrusDB 2.4.1 Local File Inclusion / SQL Injection
Posted Apr 7, 2012
Authored by Michal Blaszczak

CitrusDB version 2.4.1 suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
MD5 | e56191d46eb1b82e6c421e3dbd40a779
MS11-046 - Dissecting A 0-Day
Posted Apr 7, 2012
Authored by Ronnie Johndas

This whitepaper takes a closer look at a zero day attack that performs a privilege escalation to run commands in the system, which normally would be restricted because of the access level of the logged in user account. The particular vulnerability used in this case is "MS11-046: Vulnerability in Windows AFD.sys" which is a kernel level arbitrary memory overwrite, that is, the attacker can replace the content of that particular memory address with any value that he desires.

tags | paper, arbitrary, kernel
systems | windows
MD5 | 567f1b6b9081cd25538a9957f2416ec8
Digital Whisper Electronic Magazine #30
Posted Apr 7, 2012
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 30. Written in Hebrew.

tags | magazine
MD5 | e3a4c74d03b0eef35c24af07e2490e70
Apache Hadoop User Impersonation
Posted Apr 7, 2012
Authored by Aaron T. Myers

Apache Hadoop suffers from a user impersonation vulnerability. Versions 0.20.203.0, 0.20.204.0, 0.20.205.0, 1.0.0 to 1.0.1, and 0.23.0 to 0.23.1 are affected.

tags | advisory
advisories | CVE-2012-1574
MD5 | 316c2760728c62704fa41c7db2beac65
Dolibarr ERP / CRM OS Command Injection
Posted Apr 7, 2012
Authored by Nahuel Grisolia

Dolibarr ERP and CRM suffers from an operating system command injection vulnerability. Versions 3.1.1 and below and 3.2.0 and below are affected.

tags | exploit
MD5 | 69391022314ccae020b8c458c2916a18
Liferay XSL Command Execution
Posted Apr 7, 2012
Authored by Nicolas Gregoire, Spencer McIntyre | Site metasploit.com

This Metasploit module exploits a vulnerability in the XSL parser of the XSL Content Portlet. When Tomcat is present, arbitrary code can be executed via java calls in the data fed to the Xalan XSLT processor. If XSLPAGE is defined, the user must have rights to change the content of that page (to add a new XSL portlet), otherwise it can be left blank and a new one will be created. The second method however, requires administrative privileges.

tags | exploit, java, arbitrary
advisories | CVE-2011-1571, OSVDB-73652
MD5 | 6a8ea2e6b7c50e4cc43ad8970fee954e
w-CMS 2.0.1 CSRF / XSS / File Disclosure / Shell Upload
Posted Apr 7, 2012
Authored by Black-ID

w-CMS version 2.0.1 suffers from cross site request forgery, cross site scripting, file disclosure and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, xss, info disclosure, csrf
MD5 | cb0e721747d1bb9b991c9a540f125ba9
TRENDnet SecurView Internet Camera UltraMJCam OpenFileDlg Buffer Overflow
Posted Apr 7, 2012
Authored by rgod, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in TRENDnet SecurView Internet Camera's ActiveX control. By supplying a long string of data as the sFilter argument of the OpenFileDlg() function, it is possible to trigger a buffer overflow condition due to WideCharToMultiByte (which converts unicode back to) overwriting the stack more than it should, which results arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution, activex
advisories | OSVDB-80661
MD5 | 15d2d978ad455bf415028fd1a31ba6b3
Csound hetro File Handling Stack Buffer Overflow
Posted Apr 7, 2012
Authored by Secunia, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow in Csound before 5.16.6. The overflow occurs when trying to import a malicious hetro file from tabular format. In order to achieve exploitation the user should import the malicious file through csound with a command like "csound -U het_import msf.csd file.het". This exploit doesn't work if the "het_import" command is used directly to convert the file.

tags | exploit, overflow
advisories | CVE-2012-0270, OSVDB-79491
MD5 | 7f83053748882739babbbdafd1f6ae98
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    22 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    2 Files
  • 23
    Jun 23rd
    1 Files
  • 24
    Jun 24th
    23 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close