exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 35 RSS Feed

Files Date: 2012-05-10

Chevereto nb1.91 Denial Of Service
Posted May 10, 2012
Authored by Akastep

Chevereto version nb1.91 suffers from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | faf9f719b7e5f4a8a9cff20c7614c5eb0b50816a85346f253133c47b0e725597
Red Hat Security Advisory 2012-0569-01
Posted May 10, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0569-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts.

tags | advisory, remote, web, arbitrary, cgi, php, code execution
systems | linux, redhat
advisories | CVE-2012-1823
SHA-256 | 6218bc8f5d0ee2624be013e11b2454abffb4522d8ca0ffee847130393b0ae5a9
Red Hat Security Advisory 2012-0568-01
Posted May 10, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0568-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts.

tags | advisory, remote, web, arbitrary, cgi, php, code execution
systems | linux, redhat
advisories | CVE-2012-1823
SHA-256 | 77a5db79cca25156e2386fcc7b3aade4609ae4b31d017abde0d1c9b628025140
Breakpoint 2012 Call For Papers
Posted May 10, 2012
Authored by bpx | Site ruxconbreakpoint.com

The Breakpoint 2012 Call For Papers has been announced. It will take place at the Intercontinental Rialto in Melbourne, Australia on October 17th through the 18th, 2012. Breakpoint is organized by the Ruxcon conference team and will offer a specialized and more professional security conference to complement and lead into the larger and more casual Ruxcon weekend conference. Breakpoint will cater towards security researchers and industry professionals alike, with a focus on cutting edge security research.

tags | paper, conference
SHA-256 | a25e1d3ca8e692e5a312cab2b84061b369bb7f4085db5d4e48d3205efe73846c
Mandriva Linux Security Advisory 2012-072
Posted May 10, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-072 - The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a login CSRF issue. Various other issues have also been addressed.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2011-1491, CVE-2011-1492, CVE-2011-2937, CVE-2011-4078
SHA-256 | 5db9be97f39831d6baffca7927339627ba7442fb01a60c527592f9e5db93ccb8
Mandriva Linux Security Advisory 2012-071
Posted May 10, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-071 - This is a bugfix and security advisory that upgrades php to the latest 5.3.13 version for Mandriva Linux Enterprise 5.2 which resolves numerous upstream bugs in php.

tags | advisory, php
systems | linux, mandriva
advisories | CVE-2011-1148, CVE-2011-1657, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3267, CVE-2011-3268, CVE-2011-3379, CVE-2011-2483, CVE-2011-4566, CVE-2011-4885, CVE-2012-0788, CVE-2012-0807, CVE-2012-0830, CVE-2012-0831, CVE-2012-1172, CVE-2012-1823, CVE-2012-1823, CVE-2012-2335, CVE-2012-2336
SHA-256 | 028afe71e35b4463baf7313fddbd4720742bc9f50ec0c59daa263f5bc0947ff6
Mandriva Linux Security Advisory 2012-068-1
Posted May 10, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-068 - PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server. It was discovered that the previous fix for the CVE-2012-1823 vulnerability was incomplete. The updated packages provides the latest version which provides a solution to this flaw.

tags | advisory, remote, web, denial of service, arbitrary, cgi, php
systems | linux, mandriva
advisories | CVE-2012-1823, CVE-2012-2335, CVE-2012-2336
SHA-256 | 5f07bbe61bf5a454e33f2bc2bed0f93359504f04f545248be27c70f9cec98327
Apple Security Advisory 2012-05-09-2
Posted May 10, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-05-09-2 - Safari 5.1.7 is now available and addresses multiple WebKit related vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2011-3046, CVE-2011-3056, CVE-2012-0672, CVE-2012-0676
SHA-256 | 06f17e6022a0d68a1399445ed89c60edec39d3f5c907f4a43cbd9bf508aaa69c
Apple Security Advisory 2012-05-09-1
Posted May 10, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-05-09-1 - OS X Lion v10.7.4 and Security Update 2012-002 is now available and addresses multiple security issues. An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log, where other users of the system could read it. A temporary file race condition issue existed in blued's initialization routine. There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. curl disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling empty fragments. A data injection issue existed in curl's handling of URLs. This issue is addressed through improved validation of URLs. This issue does not affect systems prior to OS X Lion. Various other vulnerabilities have been addressed.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2011-0241, CVE-2011-1004, CVE-2011-1005, CVE-2011-1167, CVE-2011-1777, CVE-2011-1778, CVE-2011-1944, CVE-2011-2692, CVE-2011-2821, CVE-2011-2834, CVE-2011-2895, CVE-2011-3212, CVE-2011-3328, CVE-2011-3389, CVE-2011-3919, CVE-2011-4566, CVE-2011-4815, CVE-2011-4885, CVE-2012-0036, CVE-2012-0642, CVE-2012-0649, CVE-2012-0651, CVE-2012-0652, CVE-2012-0654, CVE-2012-0655, CVE-2012-0656, CVE-2012-0657, CVE-2012-0658
SHA-256 | 8a1ec648cdab00dde0f7ff37efd462d6ad93a16f2b5d89ca92fb566b939516e3
HP Security Bulletin HPSBMU02775 SSRT100853 2
Posted May 10, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02775 SSRT100853 2 - Potential security vulnerabilities have been identified with HP Performance Insight for Networks running on HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be exploited remotely resulting in SQL injection, cross site scripting (XSS), and privilege elevation. Revision 2 of this advisory.

tags | advisory, vulnerability, xss, sql injection
systems | linux, windows, solaris, hpux
advisories | CVE-2012-2007, CVE-2012-2008, CVE-2012-2009
SHA-256 | 5075ca31e51c3a37f4ab3063b0517141c759227b811e6746aecc8c503aa8bb40
MD5 MySQL Brute Forcer
Posted May 10, 2012
Authored by baltazar

This is a simple python script for cracking MySQL MD5 passwords.

tags | cracker, python
SHA-256 | 2eabc6d50aa0308a12f9f621132d81ab8133f46b0854377425c4d9b0bac9f450
Secunia Security Advisory 49041
Posted May 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - phocean has reported some vulnerabilities in Kerwin, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 39b8c959a6096d4d799b4550539e1b09f76a7adee836ac0e9590400dc36b16cd
Secunia Security Advisory 49053
Posted May 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for php5. This fixes a vulnerability, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system.

tags | advisory
systems | linux, debian
SHA-256 | 706ae61685e36042461b326257c6403076786742048fa4cfbdfc67494dfd4573
Secunia Security Advisory 49046
Posted May 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for rails. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, debian
SHA-256 | 2bd7f560175548eba747654be16203007c76f99a1088f5032158c36ab5258880
Secunia Security Advisory 49124
Posted May 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for java-1_6_0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, java, denial of service, vulnerability
systems | linux, suse
SHA-256 | 0df0158d5bf21c981e55510d5b91831ee3f6536eba9adc759376cd0c50e7f8d9
Secunia Security Advisory 49076
Posted May 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for java-1_5_0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, java, denial of service, vulnerability
systems | linux, suse
SHA-256 | 2d57f336e88167a83b8727f5599ad4a31af5f83f1f495e4cacafc0a104d9e15f
Secunia Security Advisory 49100
Posted May 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the User Photo plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 33b654c53266556048a1e7f85917672424b58f977e67d6616660f3bedbe63fbf
360-FAAR Firewall Analysis Audit And Repair 0.2.3
Posted May 10, 2012
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release significantly updates the Cisco ASA reader and adds support for dbedit object, service and group output, as well as directing dbedit output to file instead of the screen.
tags | tool, perl
systems | unix
SHA-256 | 7951e7cbd5d3ef81b6a7dcaed9ec4c95331f77b7aa03178ca7a582058593986e
Drupal Take Control 6.x Cross Site Request Forgery
Posted May 10, 2012
Authored by Carl Wiedemann | Site drupal.org

Drupal Take Control third party module version 6.x suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | 428d5b6520531f667f0acba061d8065b99422d711534fc15464d0b9a3b4484c0
Drupal Contact Forms 7.x Access Bypass
Posted May 10, 2012
Authored by Vlad D. | Site drupal.org

Drupal Contact Forms third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 36d9fe6ce102a37af9b9492b283c97f2a58c3c56ba899f58ed895476c8340d9a
Drupal Glossary 6.x Cross Site Scripting
Posted May 10, 2012
Authored by Dylan Wilder-Tack | Site drupal.org

Drupal Glossary third party module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | a47f36a7e495dfe126c617066ca5b1b54c1d5f7fbbb0d529e96938c7f61f65ba
Adobe Shockwave Player .dir Memory Corruption
Posted May 10, 2012
Authored by Rodrigo Rubira Branco | Site dissect.pe

Adobe Shockwave Player suffers from multiple memory corruption vulnerabilities when parsing .dir media files. This file has three advisories pertaining to these issues. Versions affected include Shockwave Player version 11.6.3r633, Module IMLLib.framework on MacOS X 10.7.2 (11C74).

tags | advisory, vulnerability
advisories | CVE-2012-2029, CVE-2012-2030, CVE-2012-2031
SHA-256 | 68a2f9480c2bfe6e206c7c6cb220e52d87c7a6f1a454f30d7a1596ce26707535
Windows Kernel ReadLayoutFile Heap Overflow
Posted May 10, 2012
Authored by Core Security Technologies, Fernando Russ | Site coresecurity.com

Core Security Technologies Advisory - There is a bug in the ReadLayoutFile Windows Kernel function that can be leveraged into a local privilege escalation exploit, potentially usable in a client-side attack scenario or after a remote intrusion by other means.

tags | advisory, remote, kernel, local
systems | windows
advisories | CVE-2012-0181
SHA-256 | ad5c6d91d11d4dcc9b8463439354e1e8142812d8ed2bc300fc637ac6cc763462
HP Security Bulletin HPSBMU02775 SSRT100853
Posted May 10, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02775 SSRT100853 - Potential security vulnerabilities have been identified with HP Performance Insight for Networks running on HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be exploited remotely resulting in SQL injection, cross site scripting (XSS), and privilege elevation. Revision 1 of this advisory.

tags | advisory, vulnerability, xss, sql injection
systems | linux, windows, solaris, hpux
advisories | CVE-2011-2007, CVE-2011-2008, CVE-2011-2009, CVE-2012-2007, CVE-2012-2008, CVE-2012-2009
SHA-256 | 764bfaafe85279b1f8042b2729232aa05902eee88bad6e6dfe492ae24beeb5fc
Chevereto Upload Script suffers from cross site scripting and user enumeration vulnerabilities.
Posted May 10, 2012
Authored by Akastep

Chevreto Upload Script suffers from cross site scripting and user enumeration vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 652bb56ffcc83e4e9f8c891a98b7b9a5ded3cf4471aced7d86d312e0ab0daf48
Page 1 of 2
Back12Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close