exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 36 RSS Feed

Files Date: 2012-04-13

Quest InTrust Annotation Objects Uninitialized Pointer
Posted Apr 13, 2012
Authored by rgod, mr_me | Site metasploit.com

This Metasploit module exploits an uninitialized variable vulnerability in the Annotation Objects ActiveX component. The activeX component loads into memory without opting into ALSR so this module exploits the vulnerability against windows Vista and Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX points to part of the ROP chain in a heap chunk and the calculated call will hit the pivot in a separate heap chunk. This will take some time in the users browser.

tags | exploit, activex
systems | windows
advisories | OSVDB-80662
SHA-256 | d1cef6f9fc00e9c87f66184e541a23b487e22d0bf005602e5a91c795be80bb5e
Ushahidi 2.2 Cross Site Request Forgery / Cross Site Scripting
Posted Apr 13, 2012
Authored by shpendk

Ushahidi version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 241319ea6222ca5dedc1691b5c96459723af8e4203c53b1e76c9e8ca8739ff4b
Mandriva Linux Security Advisory 2012-058
Posted Apr 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-058 - curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate the problem. curl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs. The updated packages have been patched to correct these issues.

tags | advisory, protocol
systems | linux, mandriva
advisories | CVE-2011-3389, CVE-2012-0036
SHA-256 | 6c85f20b4131fa33986edd84817e884952953310762c6a2e6f462a08eee4cb99
Apple Security Advisory 2012-04-12-1
Posted Apr 13, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.

tags | advisory, java, web
systems | apple, osx
SHA-256 | 2f2b314e398333a3e601f5345e342e8e86e10daced4ff3b39b3cdf6e5b210dc5
ACC PHP eMail 1.1 SQL Injection / Cross Site Scripting
Posted Apr 13, 2012
Authored by the_storm, Vulnerability Laboratory | Site vulnerability-lab.com

AC PHP eMail version 1.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, xss, sql injection
SHA-256 | 4d53f59f85a1f395b81b8c22507307ad871a76fb17050431dac83c5297290fc6
C4kurdGroup CMS SQL Injection
Posted Apr 13, 2012
Authored by Net.Edit0r, BHG Security Center, Tak.fanar

C4kurdGroup CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 50cda04219b02a5c7bb4e5b0665becea0a288369ec91973a74dd4e3af3014838
Bioly 1.3 Cross Site Scripting / SQL Injection
Posted Apr 13, 2012
Authored by T0xic

Bioly version 1.3 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | b887f59cc439e8033ce0ff26831d50898fb73ef942a80ccb56fa217a197cf234
McAfee Web Gateway And Squid Proxy 3.1.19 Bypass
Posted Apr 13, 2012
Authored by Gabriel Menezes Nunes

McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included. Squid is only vulnerable to the attacks if the filtered site is using SSL.

tags | exploit, web, proof of concept, bypass
systems | unix
advisories | CVE-2012-2212, CVE-2012-2213
SHA-256 | fd5a23a84846044a1ea5a10e1231aba1d4783081f27119ecd5de07b7485b6ad5
Telco SMTP To SMS/MMS Crypto
Posted Apr 13, 2012
Authored by Champ Clark III

Many people use telecommunications provided SMTP to SMS/MMS gateways to send out sensitive data. This paper looks into encryption (or lack of) covered by these types of public access SMTP to SMS/MMS gateways and services.

tags | paper
SHA-256 | 4a7ee04849235d3e90c1270eb15f6e24884ab471f7c7606cf34bb4f9587f746b
Building Wireless IDS Systems Using Open Source
Posted Apr 13, 2012
Authored by Champ Clark III

This is a detailed paper on building your own WAP and Wireless IDS system from scratch using open source tools like Kismet, Snort and Sagan.

tags | paper
SHA-256 | e8493f6ce980099203e0171a505425a6fd32193451e07cab0cf78651fc5eb149
Ubuntu Security Notice USN-1423-1
Posted Apr 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1423-1 - Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user.

tags | advisory, remote, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2012-1182, CVE-2012-1182
SHA-256 | 704df03b3052c8f11de9921496d8a6951e3b0ae29b75bbbae2c06a4435a51f7a
Debian Security Advisory 2451-1
Posted Apr 13, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2451-1 - Several vulnerabilities have been discovered in puppet, a centralized configuration management system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988
SHA-256 | 35b59b4216bedd63d45392644a9587d40ba5845a85bf2717988463a587882a20
Red Hat Security Advisory 2012-0478-01
Posted Apr 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0478-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.

tags | advisory, remote, overflow, arbitrary, root, perl, protocol
systems | linux, redhat
advisories | CVE-2012-1182
SHA-256 | 18abb32cf9211542fd5a4c9fa789e88cd4d5530dd19accafd5056d840cd3a798
Secunia Security Advisory 48823
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.

tags | advisory, vulnerability, xss
SHA-256 | 394bb598632f8c32c0247dcf4987176a79d1415c706a0b63d0be4d840bc6b6f2
Secunia Security Advisory 48808
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities with unknown impacts have been reported in IP.Board and the IP.Gallery module for IP.Board.

tags | advisory, vulnerability
SHA-256 | f70a3cc5583804489a199235486d3b83bb07ea0c697e5fc645c930223be30f76
Secunia Security Advisory 48781
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in OpenJPEG, which can be exploited by malicious people to compromise an application using the library.

tags | advisory
SHA-256 | 702bb8c0491866c7f2449b2fb1bdbe313de0ca343a1bf6b8779d434644f105fd
Secunia Security Advisory 48759
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Wicd, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
SHA-256 | 989512c2e534ec7ea6a9c5d7cd02a3747ed836956a50bb3b700f958670d31407
Secunia Security Advisory 48768
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities with unknown impacts have been reported in CGIProxy.

tags | advisory, vulnerability
SHA-256 | 3a1e41b6f80ee622670952fdacaef4048ce5c0798852a3524fc2f2b5f1f9ba9b
Secunia Security Advisory 48788
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in the Fivestar module for Drupal, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | b3daaefebd484fb1b580a23589576f76a84a22af3167aedaed7e0c2dc9354c7e
Secunia Security Advisory 48803
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Minerva Infotech CMS, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | e80319c433cfa4360acff2ff21a8f8a96fdc098a2ad3d549298056d35554d619
Secunia Security Advisory 48727
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ewerson Guimaraes has reported some vulnerabilities in Tufin SecureTrack, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | 08f4490a9b4ebc15d947227eab0b6b5c722f7359dc1585c1bbaf7b0aadb50345
Secunia Security Advisory 48805
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for freetype2. This fixes multiple vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.

tags | advisory, vulnerability
systems | linux, suse
SHA-256 | 94abfde66156b8760e23e369c58855464d5d1931bdfbefdb60a2d142a464c839
Secunia Security Advisory 48814
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Luigi Auriemma has reported multiple vulnerabilities in atvise webMI2ADS, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | f1668a474e9434631c8ee7e521bb5c9e6c0b642eee6fda7d2d823f7b173c3a78
Secunia Security Advisory 48791
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for tomcat6. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, redhat
SHA-256 | d29db4b90738a6929107a62a2ad75590a3f5eec120810f3f082594d0a419e8c1
Secunia Security Advisory 48771
Posted Apr 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for sqlalchemy. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
systems | linux, debian
SHA-256 | 82b66988b14fdf3feb4c27d0cad3b3ad08b60dbe5b6135d2d5e0785db55cd9ff
Page 1 of 2
Back12Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close