what you don't know can hurt you
Showing 1 - 9 of 9 RSS Feed

Files Date: 2012-04-07

CitrusDB 2.4.1 Local File Inclusion / SQL Injection
Posted Apr 7, 2012
Authored by Michal Blaszczak

CitrusDB version 2.4.1 suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
MD5 | e56191d46eb1b82e6c421e3dbd40a779
MS11-046 - Dissecting A 0-Day
Posted Apr 7, 2012
Authored by Ronnie Johndas

This whitepaper takes a closer look at a zero day attack that performs a privilege escalation to run commands in the system, which normally would be restricted because of the access level of the logged in user account. The particular vulnerability used in this case is "MS11-046: Vulnerability in Windows AFD.sys" which is a kernel level arbitrary memory overwrite, that is, the attacker can replace the content of that particular memory address with any value that he desires.

tags | paper, arbitrary, kernel
systems | windows
MD5 | 567f1b6b9081cd25538a9957f2416ec8
Digital Whisper Electronic Magazine #30
Posted Apr 7, 2012
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 30. Written in Hebrew.

tags | magazine
MD5 | e3a4c74d03b0eef35c24af07e2490e70
Apache Hadoop User Impersonation
Posted Apr 7, 2012
Authored by Aaron T. Myers

Apache Hadoop suffers from a user impersonation vulnerability. Versions 0.20.203.0, 0.20.204.0, 0.20.205.0, 1.0.0 to 1.0.1, and 0.23.0 to 0.23.1 are affected.

tags | advisory
advisories | CVE-2012-1574
MD5 | 316c2760728c62704fa41c7db2beac65
Dolibarr ERP / CRM OS Command Injection
Posted Apr 7, 2012
Authored by Nahuel Grisolia

Dolibarr ERP and CRM suffers from an operating system command injection vulnerability. Versions 3.1.1 and below and 3.2.0 and below are affected.

tags | exploit
MD5 | 69391022314ccae020b8c458c2916a18
Liferay XSL Command Execution
Posted Apr 7, 2012
Authored by Nicolas Gregoire, Spencer McIntyre | Site metasploit.com

This Metasploit module exploits a vulnerability in the XSL parser of the XSL Content Portlet. When Tomcat is present, arbitrary code can be executed via java calls in the data fed to the Xalan XSLT processor. If XSLPAGE is defined, the user must have rights to change the content of that page (to add a new XSL portlet), otherwise it can be left blank and a new one will be created. The second method however, requires administrative privileges.

tags | exploit, java, arbitrary
advisories | CVE-2011-1571, OSVDB-73652
MD5 | 6a8ea2e6b7c50e4cc43ad8970fee954e
w-CMS 2.0.1 CSRF / XSS / File Disclosure / Shell Upload
Posted Apr 7, 2012
Authored by Black-ID

w-CMS version 2.0.1 suffers from cross site request forgery, cross site scripting, file disclosure and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, xss, info disclosure, csrf
MD5 | cb0e721747d1bb9b991c9a540f125ba9
TRENDnet SecurView Internet Camera UltraMJCam OpenFileDlg Buffer Overflow
Posted Apr 7, 2012
Authored by rgod, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in TRENDnet SecurView Internet Camera's ActiveX control. By supplying a long string of data as the sFilter argument of the OpenFileDlg() function, it is possible to trigger a buffer overflow condition due to WideCharToMultiByte (which converts unicode back to) overwriting the stack more than it should, which results arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution, activex
advisories | OSVDB-80661
MD5 | 15d2d978ad455bf415028fd1a31ba6b3
Csound hetro File Handling Stack Buffer Overflow
Posted Apr 7, 2012
Authored by Secunia, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow in Csound before 5.16.6. The overflow occurs when trying to import a malicious hetro file from tabular format. In order to achieve exploitation the user should import the malicious file through csound with a command like "csound -U het_import msf.csd file.het". This exploit doesn't work if the "het_import" command is used directly to convert the file.

tags | exploit, overflow
advisories | CVE-2012-0270, OSVDB-79491
MD5 | 7f83053748882739babbbdafd1f6ae98
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close