what you don't know can hurt you
Showing 1 - 20 of 20 RSS Feed

Files Date: 2012-05-11

Distinct TFTP 3.01 Writable Directory Traversal Execution
Posted May 11, 2012
Authored by sinn3r, modpr0be | Site metasploit.com

This Metasploit module exploits a vulnerability found in Distinct TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of 'SYSTEM'.

tags | exploit, remote, arbitrary, code execution
advisories | OSVDB-80984
MD5 | 4b981d0c04919b8a8ad909c7b29a180d
WikkaWiki 1.3.2 Spam Logging PHP Injection
Posted May 11, 2012
Authored by EgiX, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in WikkaWiki. When the spam logging feature is enabled, it is possible to inject PHP code into the spam log file via the UserAgent header, and then request it to execute our payload. There are at least three different ways to trigger spam protection, this module does so by generating 10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6). Please note that in order to use the injection, you must manually pick a page first that allows you to add a comment, and then set it as 'PAGE'.

tags | exploit, php
advisories | CVE-2011-4449, OSVDB-77391
MD5 | aff0f7b9f5cfd47509018a345f9d31f5
Debian Security Advisory 2670-1
Posted May 11, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2670-1 - Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from release announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2011-3122, CVE-2011-3125, CVE-2011-3126, CVE-2011-3127, CVE-2011-3128, CVE-2011-3129, CVE-2011-3130, CVE-2011-4956, CVE-2011-4957, CVE-2012-2399, CVE-2012-2400, CVE-2012-2401, CVE-2012-2402, CVE-2012-2403, CVE-2012-2404
MD5 | 05a792cd9219f8a8c8f7b06ee4bad19d
Red Hat Security Advisory 2012-0570-01
Posted May 11, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0570-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts.

tags | advisory, remote, web, arbitrary, cgi, php, code execution
systems | linux, redhat
advisories | CVE-2012-1823
MD5 | 389ac7e915aacd5b11e598fba17e61a7
Microsoft Security Bulletin Re-Releases For May, 2012
Posted May 11, 2012
Site microsoft.com

This bulletin summary lists two re-released Microsoft security bulletins for May, 2012.

tags | advisory
MD5 | 2c9c935f7bf5c5574121fe5c774f1f56
Debian Security Advisory 2469-1
Posted May 11, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2469-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2011-4086, CVE-2012-0879, CVE-2012-1601, CVE-2012-2123, CVE-2012-2133
MD5 | 3f1dcfb71fe565dd57795656e6ce3a4e
t2'12 Call For Papers
Posted May 11, 2012
Site t2.fi

The t2'12 Call For Papers has been announced. It will take place October 25th through the 26th, 2012 in Helsinki, Finland.

tags | paper, conference
MD5 | 8c18caec5ffc1267923951d66f51ff80
OWASP Mantra - Lexicon 0.91 Beta
Posted May 11, 2012
Site getmantra.com

OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals, etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the source code release.

Changes: Firefox 12 is now used as the base. NoRedirect Extension, FireEncrypter, Ra.2 XSS scanner, and more have been added. Known issues have been addressed.
tags | web
MD5 | 7814e494504c4227411adb34b8fe2227
EMC Documentum Information Rights Management Denial Of Service
Posted May 11, 2012
Site emc.com

EMC Information Rights Management (IRM) contains vulnerabilities that can potentially be exploited by malicious users to cause denial of service.

tags | advisory, denial of service, vulnerability
advisories | CVE-2012-2276, CVE-2012-2277
MD5 | c6a77cc1f6bd959f4ead540f87d6397a
Mandriva Linux Security Advisory 2012-073
Posted May 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-073 - A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can be exploited in a denial of service attack on both clients and servers. The updated packages have been patched to correct this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2012-2333
MD5 | 43c03f45092b5fbb61721bc76bf257e0
Owncloud 3.0.3 Clear Text Password Storage
Posted May 11, 2012
Authored by Francesco Tornieri

Owncloud versions 3.0.3 and below suffer from a clear text ldap password disclosure vulnerability in owncloud.db.

tags | exploit
MD5 | a0391bf5c51fcefb455deb9cedb98991
QNX phrelay/phindows/phditto Overflows
Posted May 11, 2012
Authored by Luigi Auriemma | Site aluigi.org

QNX phrelay/phindows/phditto suffer from bpe_decompress stack overflow and Photon Session buffer overflow vulnerabilities. Proof of concept test code included.

tags | exploit, overflow, vulnerability, proof of concept
systems | linux
MD5 | 8bdbe35c922a2d77f278a277d57eda29
Adobe Photoshop CS5.1 U3D.8BI Buffer Overflow
Posted May 11, 2012
Authored by rgod | Site retrogod.altervista.org

Adobe Photoshop version CS5.1 U3D.8BI suffers from a library collada asset elements stack based buffer overflow vulnerability. Proof of concept included.

tags | exploit, overflow, proof of concept
systems | linux
MD5 | 83481dcbc6cdedc521b301d85efa9b95
Kerio WinRoute Firewall Source Code Disclosure
Posted May 11, 2012
Authored by Andrej Komarov, Eugene Salov

Kerio WinRoute Firewall Embedded Web Server version prior to 6 suffer from a source code disclosure vulnerability.

tags | exploit, web, info disclosure
MD5 | a333e67402eb80bcbccaf7967b59714d
eLearning Server 4G Remote File Inclusion / SQL Injection
Posted May 11, 2012
Authored by Andrej Komarov, Eugene Salov

eLearning Server version 4G suffers from remote file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, sql injection, file inclusion
MD5 | 8af6a94c9baae2224603bb83e9f117b9
WordPress Bad Behavior Cross Site Scripting
Posted May 11, 2012
Authored by SiNA Rabbani

The WordPress Bad Behavior plugin suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | f0c5562e696b901aa51c618be2710f59
WordPress BulletProof Security Cross Site Scripting
Posted May 11, 2012
Authored by SiNA Rabbani

The WordPress BulletProof Security plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | dee59fef8f9994fec18f71fd16c87931
WordPress Better WP Security Cross Site Scripting
Posted May 11, 2012
Authored by SiNA Rabbani

The WordPress Better WP Security plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 8815696b8508be792ff1cb5c86c07238
WordPress Custom Contact Forms Cross Site Scripting
Posted May 11, 2012
Authored by SiNA Rabbani

The WordPress Custom Contact Forms suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | a87fa4c3207c8d7c6d5daabbd235929d
WordPress 2-Click-Socialmedia-Buttons Cross Site Scripting
Posted May 11, 2012
Authored by SiNA Rabbani

The WordPress 2-Click-Socialmedia-Buttons plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f2ad506236161b3c748ceb9bcd042e69
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close