Exploit the possiblities
Showing 1 - 25 of 34 RSS Feed

Files Date: 2012-04-23

Asterisk Project Security Advisory - AST-2012-006
Posted Apr 23, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the SIP channel driver if a SIP UPDATE request is processed within a particular window of time.

tags | advisory
MD5 | 32e74fe214613d789749549a4bf27817
Asterisk Project Security Advisory - AST-2012-005
Posted Apr 23, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - In the Skinny channel driver, KEYPAD_BUTTON_MESSAGE events are queued for processing in a buffer allocated on the heap, where each DTMF value that is received is placed on the end of the buffer. Since the length of the buffer is never checked, an attacker could send sufficient KEYPAD_BUTTON_MESSAGE events such that the buffer is overrun.

tags | advisory, overflow
MD5 | 696a9c6849da6138ccfe67440c3caec9
Asterisk Project Security Advisory - AST-2012-004
Posted Apr 23, 2012
Authored by Jonathan Rose | Site asterisk.org

Asterisk Project Security Advisory - A user of the Asterisk Manager Interface can bypass a security check and execute shell commands when they lack permission to do so. Under normal conditions, a user should only be able to run shell commands if that user has System class authorization. Users could bypass this restriction by using the MixMonitor application with the originate action or by using either the GetVar or Status manager actions in combination with the SHELL and EVAL functions. The patch adds checks in each affected action to verify if a user has System class authorization. If the user does not have those authorizations, Asterisk rejects the action if it detects the use of any functions or applications that run system commands.

tags | advisory, shell
MD5 | 409cfec2b992f13790527da55bc20c35
Red Hat Security Advisory 2012-0509-01
Posted Apr 23, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0509-01 - Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.

tags | advisory, denial of service, arbitrary
systems | linux, redhat
advisories | CVE-2011-1143, CVE-2011-1590, CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2011-4102, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-1595
MD5 | 9fab7ad8027e1775e6c5a043ba72912a
Red Hat Security Advisory 2012-0508-01
Posted Apr 23, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0508-01 - The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2011-3389, CVE-2011-3557, CVE-2011-3560, CVE-2011-3563, CVE-2012-0498, CVE-2012-0499, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507
MD5 | f2e7201e60f6290e3d33182b2dce01ca
ChurchCMS 0.0.1 SQL Injection
Posted Apr 23, 2012
Authored by G13

ChurchCMS version 0.0.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 3d2b3760071425f3286e4c3a63fc9047
.NET Framework EncoderParameter Integer Overflow
Posted Apr 23, 2012
Authored by Yorick Koster | Site akitasecurity.nl

An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, one or more user-supplied buffers are copied in the new buffer, resulting in a corruption of the heap.

tags | exploit, overflow
MD5 | f743e8331a56b83fcfe2b2cbb6e904b2
HITB Magazine Volume 1 Issue 8
Posted Apr 23, 2012
Authored by hitb | Site hackinthebox.org

HITB Magazine Volume 1 Issue 8 - Topics include Online Security At The Crossroads, Reverse Shell Traffic Obfuscation, and more.

tags | shell, magazine
MD5 | 1df89d656d3099e02fa4026a50d29500
School Website Solutions Cross Site Scripting
Posted Apr 23, 2012

School Website Solutions suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4939643ea105a553027778cb855f260d
ExponentCMS 2.0.5 Cross Site Scripting / SQL Injection
Posted Apr 23, 2012
Authored by Onur YILMAZ

ExponentCMS version 2.0.5 suffers from cross site scripting and remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 1a9c42c94db7ae7c9f45865bdf220e89
Mobipocket Reader 6.2 Build 608 Buffer Overflow
Posted Apr 23, 2012
Authored by shinnai | Site shinnai.altervista.org

Mobipocket Reader version 6.2 build 608 suffers from a buffer overflow vulnerability. Proof of concept included.

tags | exploit, overflow, proof of concept
MD5 | c965a12afc749d35e50648de2a8b0d3f
SumatraPDF 2.0.1 Memory Corruption
Posted Apr 23, 2012
Authored by shinnai | Site shinnai.altervista.org

SumatraPDF version 2.0.1 suffers from chm and mobi file memory corruption vulnerabilities. Proof of concept included.

tags | exploit, vulnerability, proof of concept
systems | linux
MD5 | d1240f9e28eeb1f159902d452dfed57d
GNU Transport Layer Security Library 3.0.19
Posted Apr 23, 2012
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: PKCS #11 URLs support reading the PIN from a file. Updates in DSA, ECDSA, and Diffie-Hellman handling.
tags | protocol, library
MD5 | 05e85d18955edd5c0fe40fbb7ef168bd
Mega File Manager 1.0 File Download
Posted Apr 23, 2012
Authored by i2sec-Min Gi Jo

Mega File Manager version 1.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
MD5 | c8ee2253d729037b2c53e8f44d24be5e
Chengdu Bureau Of Commerce SQL Injection
Posted Apr 23, 2012
Authored by Benjamin Kunz Mejri, Chokri Ben Achor | Site vulnerability-lab.com

The Chengdu Bureau of Commerce suffered from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5b2920407cc40efa0fba3cca239c4d76
PSFTP 1.8 Build 921 Denial Of Service
Posted Apr 23, 2012
Site vulnerability-lab.com

PSFTP version 1.8 build 921 suffers from a NULL pointer denial of service vulnerability.

tags | advisory, denial of service
MD5 | 9e9523cb14ed12eb835610320f8a87be
Joomla CCNewsLetter 1.0.7 SQL Injection
Posted Apr 23, 2012
Authored by E1nzte1N

The Joomla CCNewsLetter module version 1.0.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5b3419af47a3543fb8d2d45ff7bd885d
Firefox 11 Denial Of Service
Posted Apr 23, 2012
Authored by Lostmon | Site lostmon.blogspot.com

Firefox 11 suffers from a denial of service condition when using exponential string growth and document.write().

tags | advisory, denial of service
MD5 | feb69b169c97333737d2ab29175892c3
SocketMail Pro 2.2.9 Cross Site Request Forgery / Cross Site Scripting
Posted Apr 23, 2012
Authored by MetaiZm

SocketMail Pro version 2.2.9 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 5e496b74495dc44ff2aa2ebeebabc406
Havalite CMS 1.0.4 Cross Site Scripting
Posted Apr 23, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Havalite CMS version 1.0.4 suffers from persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 03e5ab45ff72cb6b5195d6bec489cf59
IPhone TreasonSMS HTML Injection / File Inclusion
Posted Apr 23, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

IPhone TreasonSMS suffers from html injection and file inclusion vulnerabilities.

tags | exploit, vulnerability, file inclusion
systems | apple, iphone
MD5 | baf9f8ad1ec36e375b28bc78fba8b6f1
Net-Shops SQL Injection
Posted Apr 23, 2012
Authored by Andrea Bocchetti

Net-Shops suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 11c7625f34fa30b3bbcea2fd15b7c262
WordPress Organizer 1.2.1 Cross Site Scripting / Path Disclosure
Posted Apr 23, 2012
Authored by MustLive

WordPress Organizer version 1.2.1 suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
MD5 | 25e439707bb58172d9ad4385ffb38677
phpMyBible 0.5.1 Cross Site Scripting
Posted Apr 23, 2012
Authored by G13

phpMyBible version 0.5.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7a0a5338a246609df54348ab04522746
HTC IQRD Android Permission Leakage
Posted Apr 23, 2012
Authored by Dan Rosenberg | Site vsecurity.com

VSR identified a vulnerability in IQRD. The IQRD service listens locally on a TCP socket bound to port 2479. This socket is intended to allow the Carrier IQ service to request device-specific functionality from IQRD. Unfortunately, there is no restriction or validation on which applications may request services using this socket. As a result, any application with the android.permission.INTERNET permission may connect to this socket and send specially crafted messages in order to perform potentially malicious actions.

tags | advisory, tcp
advisories | CVE-2012-2217
MD5 | b0da8b8505cdbc872d527eed57dee638
Page 1 of 2
Back12Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close