Exploit the possiblities
Showing 1 - 25 of 37 RSS Feed

Files Date: 2012-06-27

SugarCRM 6.3.1 unserialize() PHP Code Execution
Posted Jun 27, 2012
Authored by EgiX, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in SugarCRM versions 6.3.1 and below which could be abused to allow authenticated SugarCRM users to execute arbitrary code with the permissions of the webserver. The dangerous unserialize() exists in the 'include/MVC/View/views/view.list.php' script, which is called with user controlled data from the 'current_query_by_page' parameter. The exploit abuses the __destruct() method from the SugarTheme class to write arbitrary PHP code to a 'pathCache.php' on the web root.

tags | exploit, web, arbitrary, root, php
advisories | CVE-2012-0694
MD5 | 7d01dafa74c844c1735769142b67e3ac
Ubuntu Security Notice USN-1483-2
Posted Jun 27, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1483-2 - USN-1483-1 fixed a vulnerability in NetworkManager by disabling the creation of WPA-secured AdHoc wireless connections. This update provides the corresponding change for network-manager-applet. It was discovered that certain wireless drivers incorrectly handled the creation of WPA-secured AdHoc connections. This could result in AdHoc wireless connections being created without any security at all. This update removes WPA as a security choice for AdHoc connections in NetworkManager. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2012-2736
MD5 | 8bfd3de88ad8520ef0b2e9f02d2c2dcb
Ubuntu Security Notice USN-1483-1
Posted Jun 27, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1483-1 - It was discovered that certain wireless drivers incorrectly handled the creation of WPA-secured AdHoc connections. This could result in AdHoc wireless connections being created without any security at all. This update removes WPA as a security choice for AdHoc connections in NetworkManager.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2012-2736
MD5 | 2fc9010538606387ad9d60159b632921
Ubuntu Security Notice USN-1463-6
Posted Jun 27, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1463-6 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-3101, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-0441
MD5 | bb09cb9aabd37916d4dcc9d37bdc2d5a
Ubuntu Security Notice USN-1463-5
Posted Jun 27, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1463-5 - USN-1463-2 fixed a bug in Unity 2D exposed by a recent Firefox update. It was discovered that the issue was only partially fixed on Ubuntu 11.04. When Thunderbird was started from the launcher, Thunderbird was still unable to obtain pointer grabs under certain conditions. This update fixes the problem. USN-1463-1 fixed vulnerabilities in Firefox. The Firefox update exposed a bug in Unity 2D which resulted in Firefox being unable to obtain pointer grabs in order to open popup menus. This update fixes the problem. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
MD5 | 2835f37dbfdc15cf088525e6748a775e
Sielco Sistemi Winlog 2.07.16 Code Execution / Directory Traversal
Posted Jun 27, 2012
Authored by Luigi Auriemma | Site aluigi.org

Sielco Sistemi Winlog versions 2.07.16 and below suffer from various code execution, stack overflow, and directory traversal vulnerabilities. Proof of concept utility included.

tags | exploit, overflow, vulnerability, code execution, proof of concept
systems | linux
MD5 | bbbc355567ebc9612708ad1e1f30c924
Symantec Web Gateway 5.0.28 LFI / Code Execution
Posted Jun 27, 2012
Authored by S2 Crew

Symantec Web Gateway version 5.0.2.8 suffers from local file inclusion, remote command execution, and arbitrary file deletion vulnerabilities.

tags | exploit, remote, web, arbitrary, local, vulnerability, file inclusion
advisories | CVE-2012-0297, CVE-2012-0298
MD5 | b5a0fa25914470ab74588c79b9e885f5
Symantec PcAnywhere 12.5.0 Buffer Overflow
Posted Jun 27, 2012
Authored by S2 Crew

Symantec PcAnywhere version 12.5.0 login and password field buffer overflow exploit.

tags | exploit, overflow
advisories | CVE-2011-3478
MD5 | ff540ef1cf383aed8bb11bf768746215
Efficient Padding Oracle Attacks On Cryptographic Hardware
Posted Jun 27, 2012
Authored by Riccardo Focardi, Graham Steel, Joe-Kai Tsay, Lorenzo Simionato, Yusuke Kawamoto, Romain Bardou

This paper demonstrates how to exploit the encrypted key import functions of a variety of different cryptographic devices to reveal the imported key. The attacks are padding oracle attacks, where error messages resulting from incorrectly padded plaintexts are used as a side channel. This is the paper that made headlines regarding RSA tokens being cracked in 13 minutes.

tags | paper
MD5 | b4cecd687dccde3df469accca5075a65
Secunia Security Advisory 49733
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to potentially gain escalated privileges and cause a DoS (Denial of Service), by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to compromise a vulnerable system.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, redhat
MD5 | f35255787b738d34c67ab030ae870051
Secunia Security Advisory 49691
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Monstra CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
MD5 | 2eb0fa0e7dbf67b8c857443f921345ac
Secunia Security Advisory 49724
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system.

tags | advisory, vulnerability
MD5 | 221a412d9ffe36d86a663a0515c86178
Secunia Security Advisory 49720
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Dove Forums, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
MD5 | dcaa61e8afc0f029a7805a56856cf81c
Secunia Security Advisory 49732
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for libwpd. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, redhat
MD5 | 3c63620a86ac02df511633e44ba1bbae
Secunia Security Advisory 49723
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in AIX sendmail, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | aix
MD5 | 01894f607ead0eb40e857ca603baad7a
Secunia Security Advisory 49734
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and a vulnerability have been reported in Red Hat Directory Server, which can be exploited by malicious users to disclose sensitive information.

tags | advisory
systems | linux, redhat
MD5 | 3156ef9dcdc3b3dd22e3a7b9091e6813
Secunia Security Advisory 49727
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Symantec Message Filter, which can be exploited by malicious people to disclose sensitive information, conduct session fixation, cross-site scripting, and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
MD5 | b2fbf390d95796ccca2af05853234266
Secunia Security Advisory 49682
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Website FAQ plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 3ac98fede89ad64ca2c88d910b29ea97
Secunia Security Advisory 49694
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in the SS Quiz plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks and bypass certain security restrictions.

tags | advisory, vulnerability, csrf
MD5 | f7a5b0949a0a5061834d1e30553b76af
Secunia Security Advisory 49592
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in HP System Management Homepage, where some have unknown impacts and others can be exploited by malicious, local users to gain escalated privileges and cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, hijack a user's session, cause a DoS (Denial of Service), bypass certain security restrictions, manipulate certain data, and compromise a vulnerable system.

tags | advisory, denial of service, local, vulnerability
MD5 | 2ce1350c170e8d25334361654091f66a
Secunia Security Advisory 49721
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Slackware has issued an update for freetype. This fixes multiple vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.

tags | advisory, vulnerability
systems | linux, slackware
MD5 | 592519e19d4b1debe00e7be1bbaf9eb2
Secunia Security Advisory 49711
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for pam. This fixes multiple security issues and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, perform certain actions with escalated privileges, and potentially gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
systems | linux, gentoo
MD5 | 97f89d7a8013b3530b91d0b2742bb9e8
Secunia Security Advisory 49593
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Apache Roller, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
MD5 | c99ecfb2e1cb2f664d41e465bcb1b386
Secunia Security Advisory 49707
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for links. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | linux, gentoo
MD5 | 71b27c4878676f3645746fc0a6f51e75
Secunia Security Advisory 49706
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for postfix. This fixes two vulnerabilities, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
MD5 | f4d9b3a74e74c8b249e9814bea7d5206
Page 1 of 2
Back12Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close