what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 79 RSS Feed

Files Date: 2012-06-14

Packet Fence 3.4.0
Posted Jun 14, 2012
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This major release focuses on new features and enhancements, including Brocade and H3C hardware support, Debian Squeeze support, more custom VLAN support, node bulk importation improvements, new bandwidth graphs, performance tweaks, stability improvements, and a security fix.
tags | tool, remote
systems | unix
SHA-256 | 74b9505aefce9b9b5e02bc6eb31e0b44de771b4a3fd5c73edbb8c4870f56a7d2
Asterisk Project Security Advisory - AST-2012-009
Posted Jun 14, 2012
Authored by Matt Jordan, Christoph Hebeisen | Site asterisk.org

Asterisk Project Security Advisory - AST-2012-008 previously dealt with a denial of service attack exploitable in the Skinny channel driver that occurred when certain messages are sent after a previously registered station sends an Off Hook message. Unresolved in that patch is an issue in the Asterisk 10 releases, wherein, if a Station Key Pad Button Message is processed after an Off Hook message, the channel driver will inappropriately dereference a Null pointer. Similar to AST-2012-008, a remote attacker with a valid SCCP ID can can use this vulnerability by closing a connection to the Asterisk server when a station is in the "Off Hook" call state and crash the server.

tags | advisory, remote, denial of service
advisories | CVE-2012-3553
SHA-256 | fd0d2c21399e574d3381cbf0d6fbf99a5bd73c0e0a594da8126262e1f90d0130
Mandriva Linux Security Advisory 2012-091
Posted Jun 14, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-091 - An integer overflow vulnerability in the libreoffice graphic loading code could allow a remote attacker to cause a denial of service or potentially execute arbitrary code. An integer overflow flaw, leading to buffer overflow, was found in the way libreoffice processed invalid Escher graphics records length in PowerPoint documents. An attacker could provide a specially-crafted PowerPoint document that, when opened, would cause libreoffice to crash or, potentially, execute arbitrary code with the privileges of the user running libreoffice. libreoffice for Mandriva Linux 2011 has been upgraded to the 3.5.4 version which is not vulnerable to these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1149, CVE-2012-2334
SHA-256 | b849c293b15ace9758097082f96c8354543795b86c3fe995af6842a3a1a9ca50
Cells Blog CMS 1.1 SQL Injection / Cross Site Scripting
Posted Jun 14, 2012
Authored by Hubert Wojciechowski, Vulnerability Laboratory | Site vulnerability-lab.com

Cells Blog CMS version 1.1 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 0effa93810aae7982a7ab048e47ddd1e8824aa56bd49be008f389b1d606b70ab
Jobs Portal 3.0 SQL Injection / Cross Site Scripting
Posted Jun 14, 2012
Authored by Ibrahim El-Sayed, Vulnerability Laboratory | Site vulnerability-lab.com

Jobs Portal version 3.0 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | a99fcd0bd41bc6f9abd28a43cd0fd0e0ed3f34ede832e0246bf2c24b0f585df8
Nagios XI Cross Site Scripting
Posted Jun 14, 2012
Authored by 0a29406d9794e4f9b30b3c5d6702c708

Nagios XI versions prior to 2011R3.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ed44ced27d734522a50f9f7812924b931ced94c24e25b7da6c559b8342f5dc87
Simple Forum PHP 2.1 SQL Injection
Posted Jun 14, 2012
Authored by Hubert Wojciechowski, Vulnerability Laboratory | Site vulnerability-lab.com

Simple Forum PHP version 2.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, sql injection
SHA-256 | 978cef328c0e2e191c9abf9210cb467e76ca8ebb5b1975c8eebb5db09da71a2d
Opera 11.61 URL Spoof
Posted Jun 14, 2012
Authored by Code Audit Labs | Site vulnhunt.com

Code Audit Labs has discovered that Opera versions 11.61 and below suffer from a website spoofing vulnerability.

tags | advisory, spoof
advisories | CVE-2012-3560
SHA-256 | 50da669bf3824d6c802a70da8d221a4f3190ef60b1128133a28548f02da68d04
Swoopo Gold Shop CMS 8.4.56 Cross Site Scripting / SQL Injection
Posted Jun 14, 2012
Authored by Benjamin Kunz Mejri, Ibrahim El-Sayed, Vulnerability Laboratory | Site vulnerability-lab.com

Swoopo Gold Shop CMS version 8.4.56 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | ca3c7fc694c16b1331de0d9f7715b00b77d1f8d1d34b9d99df28c5349e38feb6
Mandriva Linux Security Advisory 2012-090
Posted Jun 14, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-090 - An integer overflow vulnerability in the openoffice.org graphic loading code could allow a remote attacker to cause a denial of service or potentially execute arbitrary code. An integer overflow flaw, leading to buffer overflow, was found in the way openoffice.org processed invalid Escher graphics records length in PowerPoint documents. An attacker could provide a specially-crafted PowerPoint document that, when opened, would cause openoffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running openoffice.org. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1149, CVE-2012-2334
SHA-256 | 0ad71e285918b64c0c397f175db7374700a819eb6f38bdb934f39f35d2d36b21
Squirrelcart Cart Shop 3.3.4 Cross Site Scripting
Posted Jun 14, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Squirrelcart Cart Shop version 3.3.4 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 50dea74dd70cc3c135991dd6d629c7dd2c70fb45931dff7ab87b441a26c83978
Nuked Klan SP CMS 4.5 SQL Injection
Posted Jun 14, 2012
Authored by Karim H.B., Vulnerability Laboratory | Site vulnerability-lab.com

Nuked Klan SP CMS version 4.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ebe08aea613afd901a49b1426f4352b085f990ac993f702cda6d8c06256333e2
Web Application Security 101
Posted Jun 14, 2012
Authored by Mehmet Ince

This is a brief whitepaper that discusses various types of vulnerabilities found in web applications. It is written in Turkish.

tags | paper, web, vulnerability
SHA-256 | 8446334b51d3002cf9d002cb56e09e3d69279e97044d49eee38394c89659e221
Web Application Source Code Analysis Part 1
Posted Jun 14, 2012
Authored by Mehmet Ince

This is a brief whitepaper that goes over web application source code analysis. It is written in Turkish.

tags | paper, web
SHA-256 | ec3be7fcfab6dced156580a0b00c70470e3f6126135807f0a92b12ab22045feb
XM Easy Personal FTP Server 5.30 Format String
Posted Jun 14, 2012
Authored by mr_me

XM Easy Personal FTP Server version 5.30 and below remote format string write4 exploit with a connect back shell.

tags | exploit, remote, shell
SHA-256 | 1c58ef6dea83e7940848c6463d66d3113944a2871d92175d52108a30c4cb9927
Interspire Shopping Cart 6 Cross Site Scripting
Posted Jun 14, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Interspire Shopping Cart version 6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 758fb383c3e871e0c1f3c6f0061522f5eb1f8b5b4feed5f223ca53995240772d
Wyse Machine Remote Power Off Denial Of Service
Posted Jun 14, 2012
Authored by it.solunium | Site metasploit.com

This Metasploit module exploits the Wyse Rapport Hagent service and causes a remote power cycle.

tags | exploit, remote, denial of service
advisories | CVE-2009-0695, OSVDB-55839
SHA-256 | 22351b9d23464102ba3b26074487f1ff569c07be9c592ad7cff3d5dd6f17f981
ComSndFTP 1.3.7 Beta USER Format String (Write4)
Posted Jun 14, 2012
Authored by Rick, corelanc0d3r, mr_me, ChaoYi Huang | Site metasploit.com

This Metasploit module exploits the ComSndFTP FTP Server version 1.3.7 beta by sending a specially crafted format string specifier as a username. The crafted username is sent to to the server to overwrite the hardcoded function pointer from Ws2_32.dll!WSACleanup. Once this function pointer is triggered, the code bypasses dep and then repairs the pointer to execute arbitrary code. The SEH exit function is preferred so that the administrators are not left with an unhandled exception message. When using the meterpreter payload, the process will never die, allowing for continuous exploitation.

tags | exploit, arbitrary
SHA-256 | 8ca8af4598071a83d2552f14b027f3fdb8f361c95b01bacf03d39857c306caea
iScripts EasyCreate CMS 2.0 SQL Injection / Cross Site Scripting
Posted Jun 14, 2012
Authored by Ibrahim El-Sayed, Vulnerability Laboratory | Site vulnerability-lab.com

iScripts EasyCreate CMS version 2.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | cd334834f961f9172c566cda5af57c6372daceaf1de99dc982650b1577d4901c
MS12-037 Internet Explorer Same ID Property Deleted Object Handling Memory Corruption
Posted Jun 14, 2012
Authored by juan vazquez, Qihoo 360 Security Center, Dark Son, Google Inc, Yichong Lin | Site metasploit.com

This Metasploit module exploits a memory corruption flaw in Internet Explorer 8 when handling objects with the same ID property. At the moment this module targets IE8 over Windows XP SP3 through the heap massaging plus heap spray as exploited in the wild.

tags | exploit
systems | windows
advisories | CVE-2012-1875, OSVDB-82865
SHA-256 | 20f72fec96a5590b5bee38dc7ead6c6f34987bffcedca8f42c8054df4bedc309
Lattice Semiconductor PAC-Designer 6.21 Symbol Value Buffer Overflow
Posted Jun 14, 2012
Authored by unknown, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Lattice Semiconductor PAC-Designer 6.21. As a .pac file, when supplying a long string of data to the 'value' field under the 'SymbolicSchematicData' tag, it is possible to cause a memory corruption on the stack, which results in arbitrary code execution under the context of the user.

tags | exploit, arbitrary, code execution
advisories | CVE-2012-2915, OSVDB-82001
SHA-256 | 4f39a6ba7a1c027c53d6c89df81d4f572dc43a0a4728c3bef5f6473a11849cc1
ADICO CMS 1.1 Blind SQL Injection
Posted Jun 14, 2012
Authored by Ibrahim El-Sayed, Vulnerability Laboratory | Site vulnerability-lab.com

ADICO CMS version 1.1 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d32ff298c00331b9a474c38dbcb543a5a3bd70d634dcbba8e7b6e8def1327de4
qdPM 7 Shell Upload
Posted Jun 14, 2012
Authored by loneferret

qdPM version 7 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | de7d737317088da35d6c5415b3002cc2704e760c0485eed4b429a49321a72e9c
Debian Security Advisory 2494-1
Posted Jun 14, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2494-1 - It was discovered that ffmpeg, Debian's version of the libav media codec suite, contains vulnerabilities in the DPCM codecs (CVE-2011-3951), H.264 (CVE-2012-0851), ADPCM (CVE-2012-0852), and the KMVC decoder (CVE-2011-3952).

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-3951, CVE-2011-3952, CVE-2012-0851, CVE-2012-0852
SHA-256 | 4501feb8273e9684718b44e670322a6446313c332368d2d5a2059638c53e4d2a
SPIP Core 3.0.1 / 2.1.14 / 2.0.19 Cross Site Scripting
Posted Jun 14, 2012
Authored by ASafety

SPIP Core versions below and equal to 3.0.1, 2,1.14, and 2.0.19 suffer from a cross site scripting vulnerability in the administrative panel.

tags | exploit, xss
SHA-256 | 5f46f70dfcbb4a11ad71960db80676cb97a1e1a148304daa9c476926ffe35c25
Page 1 of 4
Back1234Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close