what you don't know can hurt you
Showing 1 - 20 of 20 RSS Feed

Files Date: 2012-05-11

Distinct TFTP 3.01 Writable Directory Traversal Execution
Posted May 11, 2012
Authored by sinn3r, modpr0be | Site metasploit.com

This Metasploit module exploits a vulnerability found in Distinct TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of 'SYSTEM'.

tags | exploit, remote, arbitrary, code execution
advisories | OSVDB-80984
SHA-256 | f9ed713ff3be483dd14a09fbef83afaa998846ace3aab19c3588c2a752aaa832
WikkaWiki 1.3.2 Spam Logging PHP Injection
Posted May 11, 2012
Authored by EgiX, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in WikkaWiki. When the spam logging feature is enabled, it is possible to inject PHP code into the spam log file via the UserAgent header, and then request it to execute our payload. There are at least three different ways to trigger spam protection, this module does so by generating 10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6). Please note that in order to use the injection, you must manually pick a page first that allows you to add a comment, and then set it as 'PAGE'.

tags | exploit, php
advisories | CVE-2011-4449, OSVDB-77391
SHA-256 | 979dd7941c1071466332c8564dba032aa510362e1fb22f874339cf269936c50e
Debian Security Advisory 2670-1
Posted May 11, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2670-1 - Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from release announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2011-3122, CVE-2011-3125, CVE-2011-3126, CVE-2011-3127, CVE-2011-3128, CVE-2011-3129, CVE-2011-3130, CVE-2011-4956, CVE-2011-4957, CVE-2012-2399, CVE-2012-2400, CVE-2012-2401, CVE-2012-2402, CVE-2012-2403, CVE-2012-2404
SHA-256 | 0653a473faa390234b73508340d08c8214f4c4547676ce3bc7b489056f6b8a4d
Red Hat Security Advisory 2012-0570-01
Posted May 11, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0570-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts.

tags | advisory, remote, web, arbitrary, cgi, php, code execution
systems | linux, redhat
advisories | CVE-2012-1823
SHA-256 | 1f28378d0ad201c2be56e3429b494b0bf3230369093643c49c69f56fdcc942e8
Microsoft Security Bulletin Re-Releases For May, 2012
Posted May 11, 2012
Site microsoft.com

This bulletin summary lists two re-released Microsoft security bulletins for May, 2012.

tags | advisory
SHA-256 | 38e00533230827541928577359ace3c6629bc35bb69e64bd970ec68602541ed6
Debian Security Advisory 2469-1
Posted May 11, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2469-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2011-4086, CVE-2012-0879, CVE-2012-1601, CVE-2012-2123, CVE-2012-2133
SHA-256 | a3855fca7a7b37d79b7f6bcc79e55a1eb3f3c10c58793ebd4569091d400c8937
t2'12 Call For Papers
Posted May 11, 2012
Site t2.fi

The t2'12 Call For Papers has been announced. It will take place October 25th through the 26th, 2012 in Helsinki, Finland.

tags | paper, conference
SHA-256 | 907ffabf1abbb6e3f3eced4beda6b5211592757431268c359ff9bc6b2f7bbc1b
OWASP Mantra - Lexicon 0.91 Beta
Posted May 11, 2012
Site getmantra.com

OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals, etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the source code release.

Changes: Firefox 12 is now used as the base. NoRedirect Extension, FireEncrypter, Ra.2 XSS scanner, and more have been added. Known issues have been addressed.
tags | web
SHA-256 | 541d48c626a68f4fde63c7fca65c1f14bbaf9ece1f236099d199f6a931b408c7
EMC Documentum Information Rights Management Denial Of Service
Posted May 11, 2012
Site emc.com

EMC Information Rights Management (IRM) contains vulnerabilities that can potentially be exploited by malicious users to cause denial of service.

tags | advisory, denial of service, vulnerability
advisories | CVE-2012-2276, CVE-2012-2277
SHA-256 | c110c54b95ad7c9787a2d6d0c64c6b9beafde60a2b5a5b539cc3671a8eb2bcb3
Mandriva Linux Security Advisory 2012-073
Posted May 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-073 - A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can be exploited in a denial of service attack on both clients and servers. The updated packages have been patched to correct this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2012-2333
SHA-256 | 54666cdfa2efbdfef9bc70d2dfc67f9deaea6c7ad3fe4059fb274292752c2164
Owncloud 3.0.3 Clear Text Password Storage
Posted May 11, 2012
Authored by Francesco Tornieri

Owncloud versions 3.0.3 and below suffer from a clear text ldap password disclosure vulnerability in owncloud.db.

tags | exploit
SHA-256 | 31549886f764c292ef5d70e3a5a923ec24afda76b24471bdb34b6fc0fa48ebe5
QNX phrelay/phindows/phditto Overflows
Posted May 11, 2012
Authored by Luigi Auriemma | Site aluigi.org

QNX phrelay/phindows/phditto suffer from bpe_decompress stack overflow and Photon Session buffer overflow vulnerabilities. Proof of concept test code included.

tags | exploit, overflow, vulnerability, proof of concept
systems | linux
SHA-256 | a8febe1f7594f7227637fd1ab3e211df28595f24d5860319add7faa94e431a79
Adobe Photoshop CS5.1 U3D.8BI Buffer Overflow
Posted May 11, 2012
Authored by rgod | Site retrogod.altervista.org

Adobe Photoshop version CS5.1 U3D.8BI suffers from a library collada asset elements stack based buffer overflow vulnerability. Proof of concept included.

tags | exploit, overflow, proof of concept
systems | linux
SHA-256 | 3b56287d07b0ddbf3d319fb8f5847cc3fb85dc7f6c1df369e6873d52c0c28335
Kerio WinRoute Firewall Source Code Disclosure
Posted May 11, 2012
Authored by Andrej Komarov, Eugene Salov

Kerio WinRoute Firewall Embedded Web Server version prior to 6 suffer from a source code disclosure vulnerability.

tags | exploit, web, info disclosure
SHA-256 | a9b2d547021c7228d6ca8bc163da0d1d602976d34a4d91607ab1178f64961ef6
eLearning Server 4G Remote File Inclusion / SQL Injection
Posted May 11, 2012
Authored by Andrej Komarov, Eugene Salov

eLearning Server version 4G suffers from remote file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, sql injection, file inclusion
SHA-256 | 41e20fa49cc1f8fdca910d1a1867f399a18b00b5955ee10221592384e80d1790
WordPress Bad Behavior Cross Site Scripting
Posted May 11, 2012
Authored by SiNA Rabbani

The WordPress Bad Behavior plugin suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 39a4dfbfed1ff091b2170a63180a37194ebf673217a7d0fc2e945b4a2def914f
WordPress BulletProof Security Cross Site Scripting
Posted May 11, 2012
Authored by SiNA Rabbani

The WordPress BulletProof Security plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c4c73a666f9c5b135276a6fb0f81181e11045470d01eda786e646c88c500260b
WordPress Better WP Security Cross Site Scripting
Posted May 11, 2012
Authored by SiNA Rabbani

The WordPress Better WP Security plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 31227c75ab186bbc50acee0cd1c5fad5814d561a7fac16365b8a42bd0f7e4135
WordPress Custom Contact Forms Cross Site Scripting
Posted May 11, 2012
Authored by SiNA Rabbani

The WordPress Custom Contact Forms suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 6fbdbdd9d16b2eecdf7564812c327cfa17babb9f81e82c4c9afda08562ba71e5
WordPress 2-Click-Socialmedia-Buttons Cross Site Scripting
Posted May 11, 2012
Authored by SiNA Rabbani

The WordPress 2-Click-Socialmedia-Buttons plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0bb0732ad689e55347e573e1989e0f03f7afb1b9d317d6027800702fc33c87b4
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close