seeing is believing
Showing 1 - 23 of 23 RSS Feed

Files Date: 2012-06-07

Microsoft Windows OLE Object File Handling Remote Code Execution
Posted Jun 7, 2012
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a type confusion vulnerability in the OLE32 component of Windows XP SP3. The vulnerability exists in the CPropertyStorage::ReadMultiple function. A Visio document with a specially crafted Summary Information Stream embedded allows to get remote code execution through Internet Explorer, on systems with Visio Viewer installed.

tags | exploit, remote, code execution
systems | windows, xp
advisories | CVE-2011-3400, OSVDB-77663
MD5 | d3c565f4318547e83002b8fd42f13934
Samsung NET-i viewer Multiple ActiveX BackupToAvi() Remote Overflow
Posted Jun 7, 2012
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in the CNC_Ctrl.dll ActiveX installed with the Samsung NET-i viewer 1.37. Specifically, when supplying a long string for the fname parameter to the BackupToAvi method, an integer overflow occurs, which leads to a posterior buffer overflow due to the use of memcpy with an incorrect size, resulting in remote code execution under the context of the user.

tags | exploit, remote, overflow, code execution, activex
advisories | OSVDB-81453
MD5 | 4c5e211b0f08b20529db1ec0b5bdaff9
Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary code on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service. The service is exploitable even when RDS is configured to deny remote connections (handsafe.reg). The service is vulnerable to a heap overflow where the RDS DataStub 'Content-Type' string is overly long. Microsoft Data Access Components (MDAC) 2.1 through 2.6 are known to be vulnerable.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2002-1142, OSVDB-14502
MD5 | ef1be5ec0b7f188d6fc9c5a7adde18d7
Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary commands on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service using VbBusObj or AdvancedDataFactory to inject shell commands into Microsoft Access databases (MDBs), MSSQL databases and ODBC/JET Data Source Name (DSN). Based on the msadcs.pl v2 exploit by Rain.Forest.Puppy, which was actively used in the wild in the late Ninties. MDAC versions affected include MDAC 1.5, 2.0, 2.0 SDK, 2.1 and systems with the MDAC Sample Pages for RDS installed, and NT4 Servers with the NT Option Pack installed or upgraded 2000 systems often running IIS3/4/5 however some vulnerable installations can still be found on newer Windows operating systems. Note that newer releases of msadcs.dll can still be abused however by default remote connections to the RDS is denied. Consider using VERBOSE if you're unable to successfully execute a command, as the error messages are detailed and useful for debugging. Also set NAME to obtain the remote hostname, and METHOD to use the alternative VbBusObj technique.

tags | exploit, remote, arbitrary, shell
systems | windows
advisories | CVE-1999-1011
MD5 | 9439cf75ff414672e154affb4b0b0e49
TOR Virtual Network Tunneling Tool 0.2.2.36
Posted Jun 7, 2012
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This release updates the addresses for two of the eight directory authorities, fixes some potential anonymity and security issues, and fixes several crash bugs. Tor 0.2.1.x has reached its end-of-life. Those Tor versions have many known flaws, and nobody should be using them. You should upgrade. If you're using a Linux or BSD distribution and its packages are obsolete, stop using those packages and upgrade anyway.
tags | tool, remote, local, peer2peer
systems | unix
advisories | CVE-2011-4576
MD5 | 620b2110086aba01236b57f1d5aba416
OpenSSL Toolkit 1.0.1c
Posted Jun 7, 2012
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Record length are now sanity checked before skipping explicit IV in TLS 1.2, 1.1, and DTLS, to avoid possible DoS attacks. A possible deadlock when decoding public keys has been fixed. The TLS 1.0 record version number is no longer used in the initial client hello if renegotiating. tkeylen in now initialized properly when encrypting CMS messages. In FIPS mode, composite ciphers are no longer used, as they are not approved.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2012-2333
MD5 | ae412727c8c15b67880aef7bd2999b2e
Zero Day Initiative Advisory 12-089
Posted Jun 7, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-089 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable applications using DataDirect's SequeLink. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application processes GIOP packets. When processing a specific GIOP packet, the application will trust a size field in the packet. The application will use this size in a copy operation into a statically sized buffer which can cause a buffer overflow. This can lead to code execution under the context of the service.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2011-4164
MD5 | ac80496a223464a046e19dd2d340a55a
Zero Day Initiative Advisory 12-088
Posted Jun 7, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-088 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP DataDirect SequeLink. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application parses a packet that is received. When parsing a field in this packet, the application will use a signed length to copy data into a statically sized buffer located on the stack. This can lead to a buffer overflow on the stack and allow for code execution under the context of the service.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2011-4163
MD5 | 7cc20ac1c5ca901b5fd32e981b3282dc
Neighbor Discovery Shield: Protecting against Neighbor Discovery Attacks
Posted Jun 7, 2012
Authored by Fernando Gont

This document specifies a mechanism that can be implemented in layer-2 devices to mitigate attack vectors based on Neighbor Discovery messages. It is meant to complement other mechanisms implemented in layer-2 devices such as Router Advertisement Guard (RA-Guard) and DHCPv6-Shield, with the goal of achieving a comprehensive IPv6 First Hop Security solution. This document is motivated by the desire to achieve feature parity with IPv4 with respect to First Hop Security mechanisms.

tags | paper
MD5 | 333569f5708db49e25c089f6a7579295
Red Hat Security Advisory 2012-0715-01
Posted Jun 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0715-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947
MD5 | 80ca5f566c9f6e2c8c5379209545a0b5
Drupal Protest 6.x / 7.x Cross Site Scripting
Posted Jun 7, 2012
Authored by Shawn Price | Site drupal.org

Drupal Protest third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 2a9fc0f20892a4a9e5aa30f06f3705b1
Drupal Authoring HTML 6.x Cross Site Scripting
Posted Jun 7, 2012
Authored by Eriksen Costa | Site drupal.org

Drupal Authoring HTML third party module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | cbba8a632ecdce4121328ad28b339872
Zero Day Initiative Advisory 12-087
Posted Jun 7, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-087 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the raac.dll module. By editing the stsz atom in the mp4 file data, an attacker could change a sample size to force a loop in raac.dll to loop too many times, causing heap corruption. This vulnerability can be leveraged to execute code under the context of the user running the application.

tags | advisory, remote, arbitrary
advisories | CVE-2011-4260
MD5 | 448481c84ff5c72f2a0c1cf45c00e0c2
Zero Day Initiative Advisory 12-086
Posted Jun 7, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-086 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rvrender module. When parsing an IVR file, the code within this module does not account for a negative value for the "RMFF 1.0 Flags" element within the input data. By providing a specially crafted file an attacker is able to achieve a program state that results in a function pointer value being retrieved from file data and subsequently called. This vulnerability can be leveraged to execute code under the context of the user running the application.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0922
MD5 | 3c29caa1c5737939535706e79b91a351
Drupal Simplenews 6.x / 7.x Information Disclosure
Posted Jun 7, 2012
Authored by Sascha Grossenbacher, Laza | Site drupal.org

Drupal Simplenews third party module versions 6.x and 7.x suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
MD5 | 1d69272803cd16857e6db04f46262b0f
Drupal Maestro 7.x Cross Site Scripting / Cross Site Request Forgery
Posted Jun 7, 2012
Authored by Steve Persch | Site drupal.org

Drupal Maestro third party module version 7.x suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
MD5 | 3585393dd98d314fb483678299c35e9e
WordPress VideoWhisper Video Presentation 3.17 Shell Upload
Posted Jun 7, 2012
Authored by Sammy FORGIT

WordPress VideoWhisper Video Presentation plugin version 3.17 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | a1240f2665df74c55451cd6a7fda0b76
Zero Day Initiative Advisory 12-085
Posted Jun 7, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-085 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dmp4 component. If the width value is altered inside the esds atom, arithmetic instructions within RealPlayer code can result in a loop counter wrapping to a large value. This can cause the loop to run too many times while operating on heap memory. By exploiting this condition, an attacker can corrupt memory and leverage that to execute code under the context of the user running the application.

tags | advisory, remote, arbitrary
advisories | CVE-2011-4261
MD5 | c9aa8e026696d95c59331d0fe1b2b993
WordPress MM Forms Community 2.2.5 / 2.2.6 Shell Upload
Posted Jun 7, 2012
Authored by Sammy FORGIT

WordPress MM Forms Community versions 2.2.5 and 2.2.6 suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 7103523c3b043dbdd3caf605fc48740f
Serendipity 1.6.1 SQL Injection
Posted Jun 7, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

Serendipity version 1.6.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2012-2762
MD5 | 108d05fa4deba4c7d4accf04e32ca967
Drupal Tokenauth 6.x Access Bypass
Posted Jun 7, 2012
Authored by John Morahan | Site drupal.org

Drupal Tokenauth third party module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | f6f203f4cfbee451616b9c6d43a47949
SN News 1.2 SQL Injection
Posted Jun 7, 2012
Authored by WhiteCollarGroup

SN News versions 1.2 and below suffer from a remote SQL injection vulnerability in visualiza.php.

tags | exploit, remote, php, sql injection
MD5 | 40561c9f41dfffa789f353eeb758b966
JW Player 5.9 Cross Site Scripting / Content Spoofing
Posted Jun 7, 2012
Authored by MustLive

JW Player version 5.9.x suffers from cross site scripting and content spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss
MD5 | 5a32bb6f915b0cf334eaf4e2851aab53
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close