exploit the possibilities
Showing 1 - 25 of 33 RSS Feed

Files Date: 2012-05-03

Ubuntu Security Notice USN-1438-1
Posted May 3, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1438-1 - Dan Prince discovered that Nova did not enforce quotas for security groups and rules added to security groups. An authenticated user could exploit this to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-2101
SHA-256 | 9d1d647e0c275ca0af3a4eff2a0fe1345781c53dd796cd1bca2a97f7cb8cc3e0
Microsoft Security Bulletin Advance Notification For May, 2012
Posted May 3, 2012
Site microsoft.com

This is an advance notification of 7 security bulletins that Microsoft is intending to release on May 8, 2012.

tags | advisory
SHA-256 | 0f04088b55c9bf569afd5a670adbfd16b4e582b8d3861ca1244f11819e7009e5
FreeBSD Security Advisory - OpenSSL
Posted May 3, 2012
Site security.freebsd.org

FreeBSD Security Advisory - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. Various other OpenSSL issues have also been addressed.

tags | advisory
systems | freebsd
advisories | CVE-2011-4576, CVE-2011-4619, CVE-2011-4109, CVE-2012-0884, CVE-2012-2110
SHA-256 | a5bef5136c533b9f68af4bc039c5c33bcdfa740e1cf6dd569a94090e8f39f3ee
Joomla 2.5.4 Cross Site Scripting
Posted May 3, 2012
Authored by Janek Vind aka waraxe | Site waraxe.us

Joomla version 2.5.4 suffers from a cross site scripting vulnerability in the administrative sysinfo page.

tags | exploit, xss
advisories | CVE-2012-2412
SHA-256 | d3e0916a3d65dc13f3285d97784500de31ef52e38715fbb01563ab87c0892607
Ransack Post Exploitation Tool
Posted May 3, 2012
Authored by Jesus Oquendo

Ransack is a post exploitation shellscript for penetration testers. Its purpose is to grab any information deemed relevant on a system, post root compromise. This information may include config files, ssh keys, ssl keys, or any other information deemed valuable.

tags | tool, root, forensics
SHA-256 | aa3c9a1ec450a0d4938e11d530ee62851d77207f5fd3de404050516ca2d51b5a
iNeat SQL Injection
Posted May 3, 2012
Authored by the_cyber_nuxbie

iNeat suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ce9fac8eb6c0e7ffc819350c648ab72a7a71f553c53aba80b3118819fd9daa6a
Android 2.3.7 SQLite Disclosure
Posted May 3, 2012
Authored by Roee Hay

SQLite databases stored on Android suffer from an insecure permission vulnerability. Version 2.3.7 is affected.

tags | advisory, info disclosure
SHA-256 | 84d02b3ee9f88069270f1d55a7a0419db6f4ee552b8001ed7d46641a2a66e816
strongSwan IPsec Implementation 4.6.3
Posted May 3, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: An extended EAP-RADIUS interfaces allows one to enforce Session-Timeout attributes using RFC4478 repeated authentication, and acts upon RADIUS Dynamic Authorization extensions (RFC 5176). Currently supported are disconnect requests and CoA messages containing a Session-Timeout. The tnc-pdp plugin implements a RADIUS server interface allowing a strongSwan TNC server to act as a Policy Decision Point.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
SHA-256 | 62dd46bdfa66e997cd07479c448ce5a5cb3748cb495d58074a7a737dbbe93fc4
VMware Security Advisory 2012-0009
Posted May 3, 2012
Authored by VMware | Site vmware.com

VMware Security Advisory 2012-0009 - VMware Workstation, Player, ESXi and ESX patches address critical security issues.

tags | advisory
advisories | CVE-2012-1516, CVE-2012-1517, CVE-2012-2448, CVE-2012-2449, CVE-2012-2450
SHA-256 | eb075b48375e4e244ac290d95f092560fec992c243117c80698f4db787b4f60a
AnvSoft Any Video Converter 4.3.6 Stack Overflow
Posted May 3, 2012
Authored by cikumel, y0k

AnvSoft Any Video Converter version 4.3.6 suffers from a stack overflow vulnerability.

tags | exploit, overflow
SHA-256 | 4b1def4e5f1eb575c9b905d500fe2ee0a5a1fb7cd904a1df6bcbd66332b1e7c2
McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability
Posted May 3, 2012
Authored by rgod, sinn3r | Site metasploit.com

This Metasploit modules exploits a vulnerability found in McAfee Virtual Technician's MVTControl. This ActiveX control can be abused by using the GetObject() function to load additional unsafe classes such as WScript.Shell, therefore allowing remote code execution under the context of the user.

tags | exploit, remote, shell, code execution, activex
SHA-256 | ec86fdc2f4cc78d676680abb952cb10427dad174e2bed743fc0d8633dd49510a
VLC MMS Stream Handling Buffer Overflow
Posted May 3, 2012
Authored by sinn3r, juan vazquez, Florent Hochwelker | Site metasploit.com

This Metasploit module exploits a buffer overflow in VLC media player VLC media player prior to 2.0.0. The vulnerability is due to a dangerous use of sprintf which can result in a stack buffer overflow when handling a malicious MMS URI. This Metasploit module uses the browser as attack vector. A specially crafted MMS URI is used to trigger the overflow and get flow control through SEH overwrite. Control is transferred to code located in the heap through a standard heap spray. The module only targets IE6 and IE7 because no DEP/ASLR bypass has been provided.

tags | exploit, overflow
advisories | CVE-2012-1775, OSVDB-80188
SHA-256 | 7856c6264ba9fc35e320d076f363c777f1720c644ed1819cf46c0dd75d155ea8
Joomla 1.5.26 ja_purity Cross Site Scripting
Posted May 3, 2012
Authored by Janek Vind aka waraxe | Site waraxe.us

Joomla version 1.5.26 suffers from a cross site scripting vulnerability in the ja_purity template.

tags | exploit, xss
advisories | CVE-2012-2413
SHA-256 | 829e40f497b4b9a912618e7d916c1875a88063054d2b245603c57bfe9e1f36a6
Lynx Message Server 7.11.10.2 Cross Site Scripting / SQL Injection
Posted May 3, 2012
Authored by Mark Lachniet, David Reflexia | Site foofus.net

Lynx Message Server version 7.11.10.2 and/or LynxTCPService version 1.1.62 suffer from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 4fbcabfd61c3349ff07c1e5a7ce72a6ca2b4ed762f1fb51a4c9698ac80e23e00
Tor Proxy Bypass Via Firefox
Posted May 3, 2012
Authored by Robert Ransom

A user has discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This means when connecting to a websocket service, your Firefox will query your local DNS resolver, rather than only communicating through its proxy (Tor) as it is configured to do.

tags | advisory, local, bypass
SHA-256 | c3af28f477ac30230f17892635aa4bb2aaf6603f540ad29c51ef0dcf5bd4f244
Fortinet FortiWeb WAF Policy Bypass
Posted May 3, 2012
Authored by Geffrey Velasquez

Fortinet FortiWeb Web Application Firewall suffers from a policy bypass vulnerability.

tags | exploit, web, bypass
SHA-256 | 60186187c821f558019ba5b5ceedf1e0f5b2e5baf6fe5eec6c095e67cd012577
Drupal Core 7.x Denial Of Service / Access Bypass
Posted May 3, 2012
Site drupal.org

Core functionality of Drupal 7.x suffers from denial of service and access bypass vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2012-1588, CVE-2012-1589, CVE-2012-1590, CVE-2012-1591
SHA-256 | aa32686e9c963d023728c1272ca5d040cf0afa985f4424b9984d7e5e667d95dc
Debian Security Advisory 2464-1
Posted May 3, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2464-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-0467, CVE-2012-0470, CVE-2012-0471, CVE-2012-0477, CVE-2012-0479
SHA-256 | de1b1c55cd9c3d5c90de543ad9cd2940ad37ba970418465acaa631fec87fd43a
Debian Security Advisory 2462-2
Posted May 3, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2462-2 - Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service. The initial update introduced a regression, which could lead to errors when processing some JPEG files.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2012-0259, CVE-2012-0260, CVE-2012-1185, CVE-2012-1186, CVE-2012-1610, CVE-2012-1798
SHA-256 | 28fcbb1e90ae72c09e69a3ee5e5b21c7f4e25a9ac41f8c2362ab810ece6c687c
Secunia Security Advisory 48931
Posted May 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - RedTeam Pentesting has discovered a vulnerability in Decoda, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | 7c81cd6cbfba56ca27349878773f48df4474ca15e5937eeab0536741f21fad1c
Secunia Security Advisory 49017
Posted May 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for samba. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
systems | linux, debian
SHA-256 | 75c2518c48168b65d6f0d1b3ce70c32f49853d821874399d6e84ef684e095b5c
Secunia Security Advisory 48990
Posted May 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in the Config::IniFiles module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local, perl
SHA-256 | 1c61cccf748717098d33b1f24e3c2d82a1e851d1cf4b11cde6453361decfdad7
Secunia Security Advisory 49023
Posted May 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gjoko Krstic has discovered a vulnerability in Baby Gekko, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 471089bf26b56a119f6cb7038bdc6e6089e7a56142805d8e872be245b9a894b1
Secunia Security Advisory 49052
Posted May 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gjoko Krstic has discovered multiple vulnerabilities in Baby Gekko, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | fe962137074c568a9842a93db2779757906988d6412c0e4e0f55593245137ff6
Secunia Security Advisory 49021
Posted May 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
systems | windows
SHA-256 | 095a431916d4940def018eb172ca9d9eb56ce423b8b31672a945c26e7f23975c
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close