what you don't know can hurt you
Showing 1 - 25 of 53 RSS Feed

Files Date: 2012-05-18

Results Unlimited CMS SQL Injection
Posted May 18, 2012
Authored by Am!r | Site irist.ir

Results Unlimited CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f0fa38524042a534d91395cfad574a05
Oracle Weblogic Apache Connector POST Request Buffer Overflow
Posted May 18, 2012
Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. The connector fails to properly handle specially crafted HTTP POST requests, resulting a buffer overflow due to the insecure usage of sprintf. Currently, this module works over Windows systems without DEP, and has been tested with Windows 2000 / XP. In addition, the Weblogic Apache plugin version is fingerprinted with a POST request containing a specially crafted Transfer-Encoding header.

tags | exploit, web, overflow
systems | windows, 2k
advisories | CVE-2008-3257, OSVDB-47096
MD5 | 906cfff187bbb0026697ce9e23a575f1
Squiggle 1.7 SVG Browser Java Code Execution
Posted May 18, 2012
Authored by Nicolas Gregoire, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least SVG version 1.1 or newer, (2) It must support Java code and (3) The "Enforce secure scripting" check must be disabled. The module has been tested against Windows and Linux platforms.

tags | exploit, java, arbitrary, code execution
systems | linux, windows
MD5 | 2c8371ebf9277f065c37c6f9a57a0aa1
libwpd WPXContentListener::_closeTableRow() Memory Overwrite
Posted May 18, 2012
Authored by Kestutis Gudinavicius | Site sec-consult.com

OpenOffice.org includes the customized libwpd version 0.8.8 library for parsing WordPerfect documents. The used version of the libwpd library suffers from a memory overwrite vulnerability when reading a specially crafted WPD file. Successful exploitation of this vulnerability could result in an arbitrary code execution within the OpenOffice.org software suite.

tags | advisory, arbitrary, code execution
advisories | CVE-2012-2149
MD5 | 3ccebc2967c3d54458d31d8698a6518d
Hackers 2 Hackers 9 Call For Papers
Posted May 18, 2012
Site h2hc.com.br

The Hackers 2 Hackers Conference (H2HC) 9th edition call for papers has been announced. It is being held in Sao Paulo, Brazil from October 18th through the 23rd, 2012.

tags | paper, conference
MD5 | ddc59b2f9e07687ebba9f5f9c13556d7
HP Security Bulletin HPSBOV02780 SSRT100766
Posted May 18, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02780 SSRT100766 - A potential security vulnerability has been identified with OpenVMS ACMELOGIN when SYS$ACM system service for authentication is enabled. The vulnerability could be locally exploited to allow unauthorized access and increased privileges. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2012-2010
MD5 | a763d5d805c244aa57548276d2b6ed5c
HP Security Bulletin HPSBUX02782 SSRT100844
Posted May 18, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02782 SSRT100844 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2006-7250, CVE-2011-4619, CVE-2012-0884, CVE-2012-1165, CVE-2012-2110, CVE-2012-2131
MD5 | f23ea343ef5eb1f9a81d52598057e863
Mandriva Linux Security Advisory 2012-078
Posted May 18, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-078 - Multiple vulnerabilities has been found and corrected in imagemagick. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2012-0247, CVE-2012-0248, CVE-2012-1185, CVE-2012-0259, CVE-2012-0260, CVE-2012-1798
MD5 | 6f125c1443abfe5487d3aa1d9138a149
HULK - Http Unbearable Load King
Posted May 18, 2012
Authored by Barry Shteiman | Site sectorix.com

HULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.

tags | tool, web, denial of service, python
MD5 | 0fcee2cc0488500336b766af4478c3d8
Admin Page Finder Script
Posted May 18, 2012
Authored by Ajith KP

This python script looks for a large amount of possible administrative interfaces on a given site.

tags | tool, python
systems | unix
MD5 | ffb8cbff670ecf1200bd1d4b52789599
Epicor Returns Management SOAP-Based Blind SQL Injection
Posted May 18, 2012
Authored by Digital Defense, r@b13$, Chris Graham | Site digitaldefense.net

Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system.

tags | advisory, arbitrary, sql injection
MD5 | 755a65afc10d5474042e3617ff61f528
Cross Site Scripting Walkthrough
Posted May 18, 2012
Authored by Ahmed Elhady Mohamed

This is a whitepaper that gives a complete cross site scripting walkthrough.

tags | paper, web, xss
MD5 | 048df1139c315869c0a90ee93b3e41e7
PHP 5.4 Win32 Code Execution
Posted May 18, 2012
Authored by 0in

PHP version 5.4.3 code execution exploit for Win32.

tags | exploit, php, code execution
systems | windows
MD5 | bf7b4442cabfaf14771396d43b041e28
HP VSA Command Execution
Posted May 18, 2012
Authored by Nicolas Gregoire

HP VSA remote command execution exploit.

tags | exploit, remote
MD5 | 569ace67aa28a559c95f0ea2dcf7e73c
SkinCrafter 3.0 Buffer Overflow
Posted May 18, 2012
Authored by Saurabh Sharma

SkinCrafter active-x control version 3.0 suffers from a buffer overflow vulnerability.

tags | exploit, overflow, activex
advisories | CVE-2012-2271
MD5 | 960cf97b967da300296a7252c5cd650d
Debian Security Advisory 2475-1
Posted May 18, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2475-1 - It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.)

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2012-2333
MD5 | 24066964cf360cc9b3b6089933989a2e
Ubuntu Security Notice USN-1445-1
Posted May 18, 2012
Site security.ubuntu.com

Ubuntu Security Notice 1445-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.

advisories | CVE-2011-4086, CVE-2012-1601, CVE-2012-2123, CVE-2011-4086, CVE-2012-1601, CVE-2012-2123
MD5 | 4680890e5be09de2cf9e803217cda11e
Ubuntu Security Notice USN-1445-1
Posted May 18, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1445-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4086, CVE-2012-1601, CVE-2012-2123, CVE-2011-4086, CVE-2012-1601, CVE-2012-2123
MD5 | 4680890e5be09de2cf9e803217cda11e
Ubuntu Security Notice USN-1444-1
Posted May 18, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1444-1 - It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2011-5081
MD5 | f09d32015ed3a30130e7966692b17a42
360-FAAR Firewall Analysis Audit And Repair 0.2.4
Posted May 18, 2012
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release resolves many of the undefined variable warnings in the cisco reader and writer and uses name netmask for networks in access lists and lists service object groups correctly in access lists.
tags | tool, perl
systems | unix
MD5 | 54bb8a7f8bdeabcb758bec610b536cc9
Secunia Security Advisory 49185
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Tornado, which can be exploited by malicious people to conduct HTTP response splitting attacks in an application using the framework.

tags | advisory, web
MD5 | 6635d2954909cc655237c76bfca0eac6
Secunia Security Advisory 49220
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in PolarSSL, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions.

tags | advisory
MD5 | ba43344f07f33496412d2abfe0436fab
Secunia Security Advisory 49150
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Aberdeen theme for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
MD5 | 0135f05d72a9af84266cb93e06c90e77
Secunia Security Advisory 49212
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in PHP-addressbook, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, php, vulnerability, xss, sql injection
MD5 | e2a81d75b1fe4177d2d8d7697b297ade
Secunia Security Advisory 49224
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.

tags | advisory
systems | linux, suse
MD5 | d61d61d33bf2246416502ba6e60b9a6b
Page 1 of 3
Back123Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    19 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close