the original cloud security
Showing 1 - 25 of 79 RSS Feed

Files Date: 2012-06-14

Packet Fence 3.4.0
Posted Jun 14, 2012
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This major release focuses on new features and enhancements, including Brocade and H3C hardware support, Debian Squeeze support, more custom VLAN support, node bulk importation improvements, new bandwidth graphs, performance tweaks, stability improvements, and a security fix.
tags | tool, remote
systems | unix
MD5 | 5d3c2d88854b1b904d2813865e82fc7f
Asterisk Project Security Advisory - AST-2012-009
Posted Jun 14, 2012
Authored by Matt Jordan, Christoph Hebeisen | Site asterisk.org

Asterisk Project Security Advisory - AST-2012-008 previously dealt with a denial of service attack exploitable in the Skinny channel driver that occurred when certain messages are sent after a previously registered station sends an Off Hook message. Unresolved in that patch is an issue in the Asterisk 10 releases, wherein, if a Station Key Pad Button Message is processed after an Off Hook message, the channel driver will inappropriately dereference a Null pointer. Similar to AST-2012-008, a remote attacker with a valid SCCP ID can can use this vulnerability by closing a connection to the Asterisk server when a station is in the "Off Hook" call state and crash the server.

tags | advisory, remote, denial of service
advisories | CVE-2012-3553
MD5 | 0559bf1eaeb33a2104fd097035bfaeb6
Mandriva Linux Security Advisory 2012-091
Posted Jun 14, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-091 - An integer overflow vulnerability in the libreoffice graphic loading code could allow a remote attacker to cause a denial of service or potentially execute arbitrary code. An integer overflow flaw, leading to buffer overflow, was found in the way libreoffice processed invalid Escher graphics records length in PowerPoint documents. An attacker could provide a specially-crafted PowerPoint document that, when opened, would cause libreoffice to crash or, potentially, execute arbitrary code with the privileges of the user running libreoffice. libreoffice for Mandriva Linux 2011 has been upgraded to the 3.5.4 version which is not vulnerable to these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1149, CVE-2012-2334
MD5 | 45be5b3cd4db2c86982ed5df74b78bcf
Cells Blog CMS 1.1 SQL Injection / Cross Site Scripting
Posted Jun 14, 2012
Authored by snup | Site vulnerability-lab.com

Cells Blog CMS version 1.1 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | f050b4e05a58f7749a8f73d6668e849d
Jobs Portal 3.0 SQL Injection / Cross Site Scripting
Posted Jun 14, 2012
Authored by Ibrahim El-Sayed | Site vulnerability-lab.com

Jobs Portal version 3.0 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 6bab5326cb6d4333c2fa7a2d133be03d
Nagios XI Cross Site Scripting
Posted Jun 14, 2012
Authored by 0a29406d9794e4f9b30b3c5d6702c708

Nagios XI versions prior to 2011R3.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5eb78d079f6e9db75ebf37ea52b53b3c
Simple Forum PHP 2.1 SQL Injection
Posted Jun 14, 2012
Authored by snup | Site vulnerability-lab.com

Simple Forum PHP version 2.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, sql injection
MD5 | dbdaa541bbc52aa5d5e6d24a00522239
Opera 11.61 URL Spoof
Posted Jun 14, 2012
Authored by Code Audit Labs | Site vulnhunt.com

Code Audit Labs has discovered that Opera versions 11.61 and below suffer from a website spoofing vulnerability.

tags | advisory, spoof
advisories | CVE-2012-3560
MD5 | 0d078ec2265ef2758a17eb066ae6c59f
Swoopo Gold Shop CMS 8.4.56 Cross Site Scripting / SQL Injection
Posted Jun 14, 2012
Authored by Benjamin Kunz Mejri, Ibrahim El-Sayed | Site vulnerability-lab.com

Swoopo Gold Shop CMS version 8.4.56 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | f0fb12608957d1e5cc30b162c736d5ca
Mandriva Linux Security Advisory 2012-090
Posted Jun 14, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-090 - An integer overflow vulnerability in the openoffice.org graphic loading code could allow a remote attacker to cause a denial of service or potentially execute arbitrary code. An integer overflow flaw, leading to buffer overflow, was found in the way openoffice.org processed invalid Escher graphics records length in PowerPoint documents. An attacker could provide a specially-crafted PowerPoint document that, when opened, would cause openoffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running openoffice.org. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1149, CVE-2012-2334
MD5 | a8acc2ca8f4da43f72a3d59eb86893bb
Squirrelcart Cart Shop 3.3.4 Cross Site Scripting
Posted Jun 14, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Squirrelcart Cart Shop version 3.3.4 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | c1e72461b4d5724ea4e5319bf5b2da96
Nuked Klan SP CMS 4.5 SQL Injection
Posted Jun 14, 2012
Authored by Karim H.B. | Site vulnerability-lab.com

Nuked Klan SP CMS version 4.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b2c5197b025bdac9633259f464d18a8a
Web Application Security 101
Posted Jun 14, 2012
Authored by Mehmet Ince

This is a brief whitepaper that discusses various types of vulnerabilities found in web applications. It is written in Turkish.

tags | paper, web, vulnerability
MD5 | 6b7b68e34f9ea5f6554d01143c311d43
Web Application Source Code Analysis Part 1
Posted Jun 14, 2012
Authored by Mehmet Ince

This is a brief whitepaper that goes over web application source code analysis. It is written in Turkish.

tags | paper, web
MD5 | ee6b6afb1c8cc4934019d5b5e6e8f976
XM Easy Personal FTP Server 5.30 Format String
Posted Jun 14, 2012
Authored by mr_me

XM Easy Personal FTP Server version 5.30 and below remote format string write4 exploit with a connect back shell.

tags | exploit, remote, shell
MD5 | de40f1aebfa099874bff66f190c0a7be
Interspire Shopping Cart 6 Cross Site Scripting
Posted Jun 14, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Interspire Shopping Cart version 6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | a8f92359904ee4da8b63aa372ed9e3c5
Wyse Machine Remote Power Off Denial Of Service
Posted Jun 14, 2012
Authored by it.solunium | Site metasploit.com

This Metasploit module exploits the Wyse Rapport Hagent service and causes a remote power cycle.

tags | exploit, remote, denial of service
advisories | CVE-2009-0695, OSVDB-55839
MD5 | 7b83d98e1e0fddebeb6f21e2fe507cfd
ComSndFTP 1.3.7 Beta USER Format String (Write4)
Posted Jun 14, 2012
Authored by Rick, corelanc0d3r, mr_me, ChaoYi Huang | Site metasploit.com

This Metasploit module exploits the ComSndFTP FTP Server version 1.3.7 beta by sending a specially crafted format string specifier as a username. The crafted username is sent to to the server to overwrite the hardcoded function pointer from Ws2_32.dll!WSACleanup. Once this function pointer is triggered, the code bypasses dep and then repairs the pointer to execute arbitrary code. The SEH exit function is preferred so that the administrators are not left with an unhandled exception message. When using the meterpreter payload, the process will never die, allowing for continuous exploitation.

tags | exploit, arbitrary
MD5 | ad58b74e16513fde63bd760903b78714
iScripts EasyCreate CMS 2.0 SQL Injection / Cross Site Scripting
Posted Jun 14, 2012
Authored by Ibrahim El-Sayed | Site vulnerability-lab.com

iScripts EasyCreate CMS version 2.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | c2616fc2419827ee5e257b13457ea005
MS12-037 Internet Explorer Same ID Property Deleted Object Handling Memory Corruption
Posted Jun 14, 2012
Authored by juan vazquez, Qihoo 360 Security Center, Dark Son, Google Inc, Yichong Lin | Site metasploit.com

This Metasploit module exploits a memory corruption flaw in Internet Explorer 8 when handling objects with the same ID property. At the moment this module targets IE8 over Windows XP SP3 through the heap massaging plus heap spray as exploited in the wild.

tags | exploit
systems | windows, xp
advisories | CVE-2012-1875, OSVDB-82865
MD5 | bfb23efabe40ee9a695408e08e52ae8e
Lattice Semiconductor PAC-Designer 6.21 Symbol Value Buffer Overflow
Posted Jun 14, 2012
Authored by unknown, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Lattice Semiconductor PAC-Designer 6.21. As a .pac file, when supplying a long string of data to the 'value' field under the 'SymbolicSchematicData' tag, it is possible to cause a memory corruption on the stack, which results in arbitrary code execution under the context of the user.

tags | exploit, arbitrary, code execution
advisories | CVE-2012-2915, OSVDB-82001
MD5 | 90c83a610b0b83b11661aa6451cfc3c4
ADICO CMS 1.1 Blind SQL Injection
Posted Jun 14, 2012
Authored by Ibrahim El-Sayed | Site vulnerability-lab.com

ADICO CMS version 1.1 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 36bffb5caf060f1480683f75eb41831a
qdPM 7 Shell Upload
Posted Jun 14, 2012
Authored by loneferret

qdPM version 7 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | ccd9d5e6dd3711a6dd8272b421ba4e8b
Debian Security Advisory 2494-1
Posted Jun 14, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2494-1 - It was discovered that ffmpeg, Debian's version of the libav media codec suite, contains vulnerabilities in the DPCM codecs (CVE-2011-3951), H.264 (CVE-2012-0851), ADPCM (CVE-2012-0852), and the KMVC decoder (CVE-2011-3952).

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-3951, CVE-2011-3952, CVE-2012-0851, CVE-2012-0852
MD5 | 07b44cc2d7e4a61b0e6567294b5f306e
SPIP Core 3.0.1 / 2.1.14 / 2.0.19 Cross Site Scripting
Posted Jun 14, 2012
Authored by ASafety

SPIP Core versions below and equal to 3.0.1, 2,1.14, and 2.0.19 suffer from a cross site scripting vulnerability in the administrative panel.

tags | exploit, xss
MD5 | 8139b941592f84b08c94a208b1d131be
Page 1 of 4
Back1234Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close