Exploit the possiblities
Showing 1 - 25 of 58 RSS Feed

Files Date: 2012-05-15

Axous 1.1.1 Cross Site Request Forgery / Cross Site Scripting
Posted May 15, 2012
Authored by Ivano Binetti

Axous version 1.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2012-2629
MD5 | b46274d71dad8328fcee5d80cfc6ed4b
Apple Quicktime .pct Parsing Memory Corruption
Posted May 15, 2012
Authored by Rodrigo Rubira Branco

Apple Quicktime does not properly parse .pct media files, which causes a corruption in module DllMain by opening a malformed file with an invalid value located in PoC repro01.pct at offset 0x20E. Quicktime Player version 7.7.1 (1680.42) on Windows XP SP 3 - PT_BR is confirmed affected. Other versions may also be affected.

tags | advisory
systems | windows, apple, xp
advisories | CVE-2012-0671
MD5 | c437473b3959e9b762550efe55331b27
Liferay 6.1 Cross Site Request Forgery
Posted May 15, 2012
Authored by Jelmer Kuperus

Liferay version 6.1 is vulnerable to JSON-related cross site request forgery attacks. Proof of concept code is included.

tags | exploit, proof of concept, csrf
systems | linux
MD5 | 2b12109503d92e9bf2898884245f4f24
Mandriva Linux Security Advisory 2012-076
Posted May 15, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-076 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues have also been addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-3362, CVE-2011-3504, CVE-2011-3892, CVE-2011-3893, CVE-2011-3895, CVE-2011-3929, CVE-2011-3936, CVE-2011-3937, CVE-2011-3940, CVE-2011-3945, CVE-2011-3947, CVE-2011-3973, CVE-2011-3974, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353, CVE-2011-4364, CVE-2011-4579, CVE-2012-0853, CVE-2012-0858
MD5 | a0a820ff84a7a248cfefc432cc727cf8
Apple Security Advisory 2012-05-14-2
Posted May 15, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-05-14-2 - This update disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory. This update presents the option to install an updated version of Flash Player from the Adobe website.

tags | advisory
systems | apple
MD5 | 092e8b2d9f248dfd13ec5790670ed472
SVG Java Execution Trigger
Posted May 15, 2012
Authored by Nicolas Gregoire

Some SVG specifications, like SVG 1.1 and SVG tiny 1.2, allow Java code execution when the file is opened. Proof of concept code included.

tags | exploit, java, code execution, proof of concept
systems | linux
MD5 | 14de63077e55a7c29ecb567ff57d0d25
Liferay 6.1 Name / Email Address Disclosure
Posted May 15, 2012
Authored by Jelmer Kuperus

Liferay version 6.1 suffers from a vulnerability where it is possible to retrieve the names and email addresses of all users. Proof of concept code included.

tags | exploit, proof of concept, info disclosure
systems | linux
MD5 | 1c9db5e006b9833dda17ca6d031cba9b
Apple Security Advisory 2012-05-14-1
Posted May 15, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-05-14-1 - This update runs a malware removal tool that will remove the most common variants of the Flashback malware. If the Flashback malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found.

tags | advisory
systems | apple
MD5 | 3b67e8b809dd17bec6d452afb69b1851
Mandriva Linux Security Advisory 2012-075
Posted May 15, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-075 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-3362, CVE-2011-3504, CVE-2011-3973, CVE-2011-3974, CVE-2011-3892, CVE-2011-3893, CVE-2011-3895, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353, CVE-2011-4364, CVE-2011-4579
MD5 | fc5eba5a7a28a4d9bf7025b44c58def1
Liferay 5.x / 6.x Cross Site Scripting
Posted May 15, 2012
Authored by Jelmer Kuperus

Liferay versions 5.x and 6.x suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | e109ffd11302435030168f60435e9421
TunInfo SQL Injection
Posted May 15, 2012
Authored by the_cyber_nuxbie

TunInfo suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 73d227f77c8ac6212e4a5cd3db3a8674
Liferay 6.1 No Account Access Bypass
Posted May 15, 2012
Authored by Jelmer Kuperus

Liferay version 6.1 suffers from a circumvention issue when restricting access to ip blocks. Proof of concept exploit included.

tags | exploit, proof of concept, bypass
systems | linux
MD5 | b45af907ccb22997e62ef3d74a4de98f
Multimedia Builder 4.9.8 Denial Of Service
Posted May 15, 2012
Authored by Ahmed Elhady Mohamed

Multimedia Builder version 4.9.8 denial of service exploit that creates a malicious .mef file.

tags | exploit, denial of service
MD5 | 9b662835aa9215e59b130deb0de64a13
OpenDNSSEC 1.3.8
Posted May 15, 2012
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: 'ods-signer update' now reloads signconfs even if the zonelist has not changed. The Signer Engine now allow for classless IN-ADDR.ARPA names (RFC 2317). Enforcer now has indexes for foreign keys in the kasp DB (SQLite only, MySQL already has them) Signer Engine warns if it is in signer configuration but ods-auditor is not installed. If key export in ods-ksmutil finds nothing to do, it now says so rather than displaying nothing, which might be misinterpreted. A problem in Signer Engine where TTL on NSEC(3) was not updated on SOA Minimum change was fixed, as was a problem with "ods-ksmutil zone delete --all".
tags | tool
systems | unix
MD5 | f14d9d28ecb578280e7e893e9f6b484c
Ubuntu Security Notice USN-1441-1
Posted May 15, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1441-1 - It was discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. It was discovered that Quagga incorrectly handled messages with a malformed Four-octet AS Number Capability. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0250, CVE-2012-0255, CVE-2012-0249, CVE-2012-0250, CVE-2012-0255
MD5 | 80b5e7e0c0eaac88003a6799acf42213
Red Hat Security Advisory 2012-0670-01
Posted May 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0670-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. When a set user ID application is executed, certain personality flags for controlling the application's behavior are cleared. It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by Red Hat for Red Hat Enterprise MRG is made privileged via file system capabilities.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2011-4086, CVE-2012-2123
MD5 | 10f1cf8e27cf62cefcef299ce597f6a8
Red Hat Security Advisory 2012-0571-01
Posted May 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0571-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's journal_unmap_buffer() function handled buffer head states. On systems that have an ext4 file system with a journal mounted, a local, unprivileged user could use this flaw to cause a denial of service. A flaw was found in the way the KVM_CREATE_IRQCHIP ioctl was handled. Calling this ioctl when at least one virtual CPU already existed could lead to a NULL pointer dereference later when the VCPU is scheduled to run. A local, unprivileged user on a KVM host could use this flaw to crash the host.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2011-4086, CVE-2012-1601
MD5 | 09d047028f30ae1cf7ab66f1d6c07d22
Gentoo Linux Security Advisory 201205-01
Posted May 15, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201205-1 - Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Versions less than 18.0.1025.168 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-3078, CVE-2011-3081, CVE-2012-1521
MD5 | a4848140651d70253cea8adf234ea179
WordPress Track That Stat 1.0.8 Cross Site Scripting
Posted May 15, 2012
Authored by Heine Pedersen, Torben Jensen

WordPress Track That Stat plugin version 1.0.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 148509ae8edc1038128b97a56f0f73dc
Bluelog Bluetooth Scanner/Logger 1.0.3
Posted May 15, 2012
Authored by Tom Nardi | Site digifail.com

Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.

Changes: This release focuses on improving support for non-PC targets, including initial support for the Pwnie Express Pwn Plug. Other improvements include syslog-only mode and timestamped log filenames.
tags | tool, web, wireless
systems | unix
MD5 | cbbb5a7d04ac7160f3f7389e05cd4257
SoftHSM 1.3.3
Posted May 15, 2012
Authored by Rickard Bellgrim | Site wiki.opendnssec.org

SoftHSM is an implementation of a cryptographic store accessible through a PKCS#11 interface. You can use it to explore PKCS#11 without having a Hardware Security Module. It is being developed as a part of the OpenDNSSEC project. SoftHSM uses Botan for its cryptographic operations.

Changes: This release increases performance by adding more indexes to the database, describes the usage of SO and the user PIN in the README, and detects whether a C++ compiler is missing.
tags | library
systems | unix
MD5 | 417898d682bb8e2312aa3126f965a043
Mandriva Linux Security Advisory 2012-074
Posted May 15, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-074 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues have also been addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-3362, CVE-2011-3504, CVE-2011-3973, CVE-2011-3974, CVE-2011-3893, CVE-2011-3895, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353, CVE-2011-4364, CVE-2011-4579
MD5 | 5ec43a309faf00d74d116213f06d1c65
WordPress 2 Click Social Media Buttons 0.32.2 Cross Site Scripting
Posted May 15, 2012
Authored by Heine Pedersen, Torben Jensen

WordPress 2 Click Social Media Buttons plugin version 0.32.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2a3cffb13613b2f573f6af1600de1fc9
WordPress CataBlog 1.6 Cross Site Scripting
Posted May 15, 2012
Authored by Heine Pedersen, Torben Jensen

WordPress CataBlog plugin version 1.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 59b4de2d16ed3adb65180ae013775c83
WordPress CodeStyling Localization 1.99.16 Cross Site Scripting
Posted May 15, 2012
Authored by Heine Pedersen, Torben Jensen

WordPress CodeStyling Localization plugin version 1.99.16 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 183003bb6ea6bf9be4cb9e4246ee206e
Page 1 of 3
Back123Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    28 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close