exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

Files Date: 2012-05-07

Digital Whisper Electronic Magazine #31
Posted May 7, 2012
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 31. Written in Hebrew.

tags | magazine
MD5 | d94e2fbd434eeaa8c03b693d11fb6197
Red Hat Security Advisory 2012-0547-01
Posted May 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0547-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts.

tags | advisory, remote, web, arbitrary, cgi, php, code execution
systems | linux, redhat
advisories | CVE-2012-1823
MD5 | 723fa4f13e32384d4797f159aa433138
Red Hat Security Advisory 2012-0546-01
Posted May 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0546-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts.

tags | advisory, remote, web, arbitrary, cgi, php, code execution
systems | linux, redhat
advisories | CVE-2012-1823
MD5 | 5436765f65d0829853f6755d8cc335b9
Red Hat Security Advisory 2012-0544-01
Posted May 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0544-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop.

tags | advisory, denial of service, arbitrary
systems | linux, redhat
advisories | CVE-2010-4167, CVE-2012-0247, CVE-2012-0248, CVE-2012-0259, CVE-2012-0260, CVE-2012-1798
MD5 | 842aca0d307a57fc7ff755fd81d443a6
Red Hat Security Advisory 2012-0545-01
Posted May 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0545-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop.

tags | advisory, denial of service, arbitrary
systems | linux, redhat
advisories | CVE-2012-0247, CVE-2012-0248, CVE-2012-0260
MD5 | 0e88ab3fd50d1aab19ab00778ddbc8cc
Red Hat Security Advisory 2012-0542-01
Posted May 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0542-01 - The Apache HTTP Server is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3348, CVE-2011-3368, CVE-2011-3607, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
MD5 | 5adb57a1ef052fd2f2be08aace868d3d
Red Hat Security Advisory 2012-0543-01
Posted May 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0543-01 - The Apache HTTP Server is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3348, CVE-2011-3368, CVE-2011-3607, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
MD5 | c7c4f20e7c496949f7d60a1429af7769
Ubuntu Security Notice USN-1439-1
Posted May 7, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1439-1 - Matthias Weckbecker discovered a cross-site scripting (XSS) vulnerability in Horizon via the log viewer refresh mechanism. If a user were tricked into viewing a specially crafted log message, a remote attacker could exploit this to modify the contents or steal confidential data within the same domain. Thomas Biege discovered a session fixation vulnerability in Horizon. An attacker could exploit this to potentially allow access to unauthorized information and capabilities. Various other issues were also addressed.

tags | advisory, remote, xss
systems | linux, ubuntu
advisories | CVE-2012-2094, CVE-2012-2144, CVE-2012-2094, CVE-2012-2144
MD5 | 473c664760d6da44034c59cb77b83bf4
NeXus Infotech CMS SQL Injection
Posted May 7, 2012
Authored by gr00ve_hack3r

NeXus Infotech CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f91e35acddfd42b850acdfbca218051b
Jibberbook 2.3 Administrative Bypass
Posted May 7, 2012
Authored by L3b-r1'z

Jibberbook version 2.3 suffers from an administrative bypass vulnerability.

tags | exploit, bypass
MD5 | f6764be4a1625347d8377e151c6a9d1d
Efront 3.6.11 Cross Site Scripting / Shell Upload
Posted May 7, 2012
Authored by L3b-r1'z

Efront version 3.6.11 suffers from cross site scripting and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, xss
MD5 | 7be1b2a2b00aa3f584734f625363dec2
Ramui Forum Script Cross Site Scripting
Posted May 7, 2012
Authored by 3spi0n

Ramui Forum Script suffers from a cross site scripting vulnerability. The webmaster of this site has contacted us and has addressed this issue.

tags | exploit, xss
MD5 | 9e5d16d70b814c6a9a5a912e13ba1454
EnjoyGraph Communication SQL Injection
Posted May 7, 2012
Authored by Kalashinkov3

EnjoyGraph Communication suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6aee29539c015e4c2aae3cc9b809791b
Etelligence Technologies SQL Injection
Posted May 7, 2012
Authored by Kalashinkov3

Etelligence Technologies suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8e0594eeaa50901ecb3cb76f371cec32
Magnolia Development Group CSRF / SQL Injection
Posted May 7, 2012
Authored by Kalashinkov3

Magnolia Development Group suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
MD5 | ea49cf46857783416f577b5875013630
NetcatPHPShell 1.10
Posted May 7, 2012
Authored by Mr.H4rD3n

NetcatPHPShell is a PHP backdoor that can be leveraged to launch a connect-back shell.

tags | tool, shell, php, rootkit
systems | unix
MD5 | 272d6d9b88fa87a16f8660e9f2a198c4
Secunia Security Advisory 49039
Posted May 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Apple Mac OS X, which can be exploited by malicious people with physical access to bypass certain security restrictions.

tags | advisory
systems | apple, osx
MD5 | 4b16b28656867ddc307783f80ae17e1f
Secunia Security Advisory 49064
Posted May 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Symantec Web Gateway, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, web, xss
MD5 | 7d40447471f7ed779bd47c7137e8d882
Secunia Security Advisory 49024
Posted May 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in OpenStack Dashboard (Horizon), which can be exploited by malicious users to conduct session fixation attacks.

tags | advisory
MD5 | b6265120094500f8f2b2d7a61e204eda
Page 1 of 1
Back1Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    10 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close