what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 53 RSS Feed

Files Date: 2012-05-18

Results Unlimited CMS SQL Injection
Posted May 18, 2012
Authored by Am!r | Site irist.ir

Results Unlimited CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 65631b4d7ecd05aa606eb5b145211e34ee59cb0acb0167b67abda5595bcb38e0
Oracle Weblogic Apache Connector POST Request Buffer Overflow
Posted May 18, 2012
Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. The connector fails to properly handle specially crafted HTTP POST requests, resulting a buffer overflow due to the insecure usage of sprintf. Currently, this module works over Windows systems without DEP, and has been tested with Windows 2000 / XP. In addition, the Weblogic Apache plugin version is fingerprinted with a POST request containing a specially crafted Transfer-Encoding header.

tags | exploit, web, overflow
systems | windows
advisories | CVE-2008-3257, OSVDB-47096
SHA-256 | c5633687f5d4dea297197de9035ee5ddaf873d0ee50394f6fa17d80638863e7f
Squiggle 1.7 SVG Browser Java Code Execution
Posted May 18, 2012
Authored by Nicolas Gregoire, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least SVG version 1.1 or newer, (2) It must support Java code and (3) The "Enforce secure scripting" check must be disabled. The module has been tested against Windows and Linux platforms.

tags | exploit, java, arbitrary, code execution
systems | linux, windows
SHA-256 | 24c7b9f43ad4bc7ab845971e498435dbb71b35eb0f5542e9973eab4ad82fb513
libwpd WPXContentListener::_closeTableRow() Memory Overwrite
Posted May 18, 2012
Authored by Kestutis Gudinavicius | Site sec-consult.com

OpenOffice.org includes the customized libwpd version 0.8.8 library for parsing WordPerfect documents. The used version of the libwpd library suffers from a memory overwrite vulnerability when reading a specially crafted WPD file. Successful exploitation of this vulnerability could result in an arbitrary code execution within the OpenOffice.org software suite.

tags | advisory, arbitrary, code execution
advisories | CVE-2012-2149
SHA-256 | c0fbf3513a8c6f3a2d74cceeb3b60aa04aa8253399451b37f5db876426268ecb
Hackers 2 Hackers 9 Call For Papers
Posted May 18, 2012
Site h2hc.com.br

The Hackers 2 Hackers Conference (H2HC) 9th edition call for papers has been announced. It is being held in Sao Paulo, Brazil from October 18th through the 23rd, 2012.

tags | paper, conference
SHA-256 | c492a7230258756f220963ea3a248fac8910a3a97fdbd5f340dfd5fc5c789b9d
HP Security Bulletin HPSBOV02780 SSRT100766
Posted May 18, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02780 SSRT100766 - A potential security vulnerability has been identified with OpenVMS ACMELOGIN when SYS$ACM system service for authentication is enabled. The vulnerability could be locally exploited to allow unauthorized access and increased privileges. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2012-2010
SHA-256 | 6c5294cf2ec6ac1543b4bd7cf33a0f5a1880b30f46ebeac990527d00fadea9a5
HP Security Bulletin HPSBUX02782 SSRT100844
Posted May 18, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02782 SSRT100844 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2006-7250, CVE-2011-4619, CVE-2012-0884, CVE-2012-1165, CVE-2012-2110, CVE-2012-2131
SHA-256 | 457fa208b2d89d333fc3e7b1e79dda9d71c42a5448aba577490f3ef540898b99
Mandriva Linux Security Advisory 2012-078
Posted May 18, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-078 - Multiple vulnerabilities has been found and corrected in imagemagick. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2012-0247, CVE-2012-0248, CVE-2012-1185, CVE-2012-0259, CVE-2012-0260, CVE-2012-1798
SHA-256 | 16755f115af78f1d3c621b96b65aa171706dd1323233fef010e83b6fe9fe11bb
HULK - Http Unbearable Load King
Posted May 18, 2012
Authored by Barry Shteiman | Site sectorix.com

HULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.

tags | tool, web, denial of service, python
SHA-256 | d9c1a1a5082375991a0038f05e0d43d9b63ed9ae620deaea9690c624aa50a37a
Admin Page Finder Script
Posted May 18, 2012
Authored by Ajith KP

This python script looks for a large amount of possible administrative interfaces on a given site.

tags | tool, python
systems | unix
SHA-256 | bf75788ddfe50e2e7b0c84f46f43ed551e1df60548cae06042d9c7ac89be56d8
Epicor Returns Management SOAP-Based Blind SQL Injection
Posted May 18, 2012
Authored by Digital Defense, r@b13$, Chris Graham | Site digitaldefense.net

Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system.

tags | advisory, arbitrary, sql injection
SHA-256 | af6d326b8689f781d6e0c85593aa09136aec99822187d885bfc8880af29789ef
Cross Site Scripting Walkthrough
Posted May 18, 2012
Authored by Ahmed Elhady Mohamed

This is a whitepaper that gives a complete cross site scripting walkthrough.

tags | paper, web, xss
SHA-256 | 7ccb4e719b298fb3680cb5feb24cf117a59343f4420b727273ea2fae0666e3a5
PHP 5.4 Win32 Code Execution
Posted May 18, 2012
Authored by 0in

PHP version 5.4.3 code execution exploit for Win32.

tags | exploit, php, code execution
systems | windows
SHA-256 | 112d363fff422a3298c43a35cb8f1208ab8151662b7d29a70a218c64597855b7
HP VSA Command Execution
Posted May 18, 2012
Authored by Nicolas Gregoire

HP VSA remote command execution exploit.

tags | exploit, remote
SHA-256 | e2634c82bf61b7660279ef87efb9959dc4f17ce4f09dbbb9b22dc962a374b58e
SkinCrafter 3.0 Buffer Overflow
Posted May 18, 2012
Authored by Saurabh Sharma

SkinCrafter active-x control version 3.0 suffers from a buffer overflow vulnerability.

tags | exploit, overflow, activex
advisories | CVE-2012-2271
SHA-256 | 30d450dc3599d00c2b250dec0560160d749a900ba9963b7810e0f6b67cf7e422
Debian Security Advisory 2475-1
Posted May 18, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2475-1 - It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.)

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2012-2333
SHA-256 | 66c8c21a9d5a67bd12535ff58d7285885abd5e746fc2188a45920751e9870d71
Ubuntu Security Notice USN-1445-1
Posted May 18, 2012
Site security.ubuntu.com

Ubuntu Security Notice 1445-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.

advisories | CVE-2011-4086, CVE-2012-1601, CVE-2012-2123, CVE-2011-4086, CVE-2012-1601, CVE-2012-2123
SHA-256 | 7d0b2e8d139bbdf7e42fc75ff657d5dc4fdf2c134147403f44f2f71576098f00
Ubuntu Security Notice USN-1445-1
Posted May 18, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1445-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4086, CVE-2012-1601, CVE-2012-2123, CVE-2011-4086, CVE-2012-1601, CVE-2012-2123
SHA-256 | 7d0b2e8d139bbdf7e42fc75ff657d5dc4fdf2c134147403f44f2f71576098f00
Ubuntu Security Notice USN-1444-1
Posted May 18, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1444-1 - It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2011-5081
SHA-256 | 359bdbb94093049e72426ec798a95cfc4d4baea1ae5e0d2cd86c4ac125e3c152
360-FAAR Firewall Analysis Audit And Repair 0.2.4
Posted May 18, 2012
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release resolves many of the undefined variable warnings in the cisco reader and writer and uses name netmask for networks in access lists and lists service object groups correctly in access lists.
tags | tool, perl
systems | unix
SHA-256 | c02190292f3a147e906e373d6d388b12281fc71677eedb7324d27c178ff23901
Secunia Security Advisory 49185
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Tornado, which can be exploited by malicious people to conduct HTTP response splitting attacks in an application using the framework.

tags | advisory, web
SHA-256 | dbfc0e23f4d2abacf09e25aa997aff77cbbd3c4e2accfcf2f2437aa2c66037b9
Secunia Security Advisory 49220
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in PolarSSL, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions.

tags | advisory
SHA-256 | 3d3cf9f1ce53c58fc5149cebc50ea0bfd8d0632a12fc1b3fc0f84398d5f6ee8d
Secunia Security Advisory 49150
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Aberdeen theme for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | 9cc0a736934b57b768c8712f86375deb20575e93fcb9e56e1e7ffc61c153bc67
Secunia Security Advisory 49212
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in PHP-addressbook, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, php, vulnerability, xss, sql injection
SHA-256 | 91bfd94f3e2e132a1e9b644e54fcc5c69d2d33e2d6d49da9b2cca1e6d483c8ab
Secunia Security Advisory 49224
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.

tags | advisory
systems | linux, suse
SHA-256 | 054fba010f9568c3f00517478292a89add8869b2560e23380d4f2fa8b87038ef
Page 1 of 3
Back123Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close