what you don't know can hurt you
Showing 1 - 25 of 36 RSS Feed

Files Date: 2012-05-08

Mozilla Firefox 7 / 8 Out-Of-Bounds Access
Posted May 8, 2012
Authored by regenrecht | Site metasploit.com

This Metasploit module exploits an out-of-bounds access flaw in Firefox 7 and 8 (versions 8.0.1 and below). The notification of nsSVGValue observers via nsSVGValue::NotifyObservers(x,y) uses a loop which can result in an out-of-bounds access to attacker-controlled memory. The mObserver ElementAt() function (which picks up pointers), does not validate if a given index is out of bound. If a custom observer of nsSVGValue is created, which removes elements from the original observer, and memory layout is manipulated properly, the ElementAt() function might pick up an attacker provided pointer, which can be leveraged to gain remote arbitrary code execution.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2011-3658
SHA-256 | 94acb924f037607a74196ffbd40dc6b26726a6b5e2a13e1caa089d6e3b0c2406
Finding RFI And LFI, Exploiting And Patching
Posted May 8, 2012
Authored by Mr.Gh0st | Site 104day.in

This is a brief whitepaper that discusses finding remote and local file inclusion vulnerabilities and how to exploit and patch them.

tags | paper, remote, local, vulnerability, file inclusion
SHA-256 | d28ed75d8eb9604c29fc6876297418475ffea313bb8b01a2430294ecdbd4a18b
Apple Security Advisory 2012-05-07-1
Posted May 8, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-05-07-1 - A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. Multiple cross site scripting issues existed in WebKit along with a memory corruption issue.

tags | advisory, web, spoof, xss
systems | apple
advisories | CVE-2012-0674, CVE-2011-3046, CVE-2011-3056, CVE-2012-0672
SHA-256 | 786fe23968a3f5aa19c1879e551587fcf15f839f12791813e11922d9793808ec
Cisco Linksys WRT54GL Cross Site Request Forgery
Posted May 8, 2012
Authored by Kalashinkov3

The Cisco Linksys WRT54GL router suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
systems | cisco
SHA-256 | 15765a5278a3d85691a1560925b05f28f2c55ddd9ccac8024f86755afe32809a
Hyperion: Implementation Of A PE Crypter
Posted May 8, 2012
Authored by belial | Site nullsecurity.net

This paper reveals the theoretical aspects behind run-time crypters and describes a reference implementation for Portable Executables.

tags | paper
SHA-256 | 151b5b88ae878e07f3f061bd79b9e8bdd14d125d1e574f3e6cedd6317fb54d52
SAP Netweaver 7.0 EHP1/EHP2 Buffer Overflows
Posted May 8, 2012
Authored by Core Security Technologies, Martin Gallo | Site coresecurity.com

Core Security Technologies Advisory - SAP Netweaver is a technology platform for building and integrating SAP business applications. Multiple vulnerabilities have been found in SAP Netweaver that could allow an unauthenticated, remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered sending specially crafted SAP Diag packets to remote TCP port 32NN (being NN the SAP system number) of a host running the "Dispatcher" service, part of SAP Netweaver Application Server ABAP. By sending different messages, the different vulnerabilities can be triggered.

tags | exploit, remote, denial of service, arbitrary, tcp, vulnerability
advisories | CVE-2011-1516, CVE-2011-1517, CVE-2012-2511, CVE-2012-2512, CVE-2012-2513, CVE-2012-2514
SHA-256 | 84108ccf75a417b942e0291cf7c3798ea4c264ddce271305c260f4c3931d47e5
Microsoft Security Bulletin Summary For May, 2012
Posted May 8, 2012
Site microsoft.com

This bulletin summary lists 7 released Microsoft security bulletins for May, 2012.

tags | advisory
SHA-256 | 5b55111db2e9d458489aa5b317e94be0141b02eb1566f67bc6fa8b03a39a053c
Bagler CMS Cross Site Scripting / SQL Injection
Posted May 8, 2012
Authored by the_cyber_nuxbie

Bagler CMS suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 456977912384df602200c12ee51909b89bbbde0e1daab9affab1a16180702cdd
PHP Enter Code Injection
Posted May 8, 2012
Authored by L3b-r1'z

PHP Enter suffers from a code execution vulnerability.

tags | exploit, php, code execution
SHA-256 | 0e40cede5b489ccd4eccd31c3db4cd143a0b5033a7852925e405574541aa09d6
VMware Backdoor ghi.guest.trashFolder.state Uninitialized Memory
Posted May 8, 2012
Authored by Derek Soeder

The vulnerability described in this document could hypothetically be exploited by unprivileged code running in a VMware virtual machine (guest) in order to execute code in the host VMX process, thereby breaking out of the virtual machine; however, such exploitation has not been proven.

tags | advisory
advisories | CVE-2012-1517
SHA-256 | 6b511360ce2598e1deb986ad52df1981db6e70d11d4357b2353ea14c01410c67
Secunia Security Advisory 49122
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Silverlight, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 73b22210df3231f8173b40f05daac8bebce1e960ce3be5c2d564d1b566d25943
Secunia Security Advisory 49080
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Web Server. This fixes two weaknesses and multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

tags | advisory, web, denial of service, local, vulnerability
systems | linux, redhat
SHA-256 | e04ce246d1f4789ea33a87894d4cdb1a2dfedf367275b7815aff77c50f972828
Secunia Security Advisory 49065
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for php. This fixes a vulnerability, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system.

tags | advisory, php
systems | linux, redhat
SHA-256 | b654e484fb2fe17573de807256d80a3e692e677b41d841de3d90eccd627ac52d
Secunia Security Advisory 49112
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 32b95a29a08e0891177ba0136d57828e7a5d6a9b2dd0bac45e2be92621c51a35
Secunia Security Advisory 49120
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system.

tags | advisory, local, vulnerability
systems | windows
SHA-256 | 215c25917298206231d8fa3ae5e55aa9d692f49a1b9813874c08e8bcfbe449f7
Secunia Security Advisory 49113
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Visio Viewer, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 10318aa6c588be6ee964bbffd912ec767dd6c14269c063fec7133da827d5c6f2
Secunia Security Advisory 49115
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | windows
SHA-256 | 9fe3f56b1b384bfbfa4dce83e61da818762396e24dee114131888abf1e14f0f4
Secunia Security Advisory 49114
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges.

tags | advisory, local, vulnerability
systems | windows
SHA-256 | 021af0b291c512ba86ab27f470b5eef58250a194c59d8a020deaa4fc14d87ce5
Secunia Security Advisory 48889
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
SHA-256 | ea90e76cd4b389bdca6f975e1e601d35339369428f489b08578b2c15b48ef169
Secunia Security Advisory 49069
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for linux-lts-backport-natty. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine and malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability
systems | linux, ubuntu
SHA-256 | 963251f8864f31d57385c89672f28830b367f85b2ade27733884e2e374b9be28
Secunia Security Advisory 49009
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Serendipity, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 2dccbe0bd58dba78597f9a5c5d679035f2755865a848364b068c3a9b8692d747
Secunia Security Advisory 49119
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Microsoft .NET Framework, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user's system.

tags | advisory, denial of service, vulnerability
SHA-256 | c9678451e2dc88c442cd15fbf30333ea2e9939d138ec367b3d9becee270e14a7
Secunia Security Advisory 49117
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft .NET Framework, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 81e5b958a7ecf775d654bf246b2639e9f4109773eaa46c2a6d50ff62345cee85
Secunia Security Advisory 49111
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 21fb7f13a69e3c5e9bee5fa63d501333030da793712a4bbf677f79e5485dfdd0
Secunia Security Advisory 49079
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Performance Insight, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 23ebb442d44d501938a9b90d12063e72b86f231da5c98b21124c400c3f8bbc58
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close