exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 44 RSS Feed

Files Date: 2012-06-28

Mod_auth_pubtkt 0.8
Posted Jun 28, 2012
Site neon1.net

mod_auth_pubtkt is a simple Web single sign-on (SSO) solution for Apache. It validates authentication tickets provided by the client in a cookie using public-key cryptography (DSA or RSA). Thus, only the login server that generates the tickets needs to possess the private key, while Web servers can verify tickets given only the public key. The implementation of the login server is left to the user, but an example and a library in PHP are provided with the distribution.

Changes: A new option and corresponding field in the ticket ("bauth") make it possible to specify the Basic authorization username/password in the ticket (e.g., when reverse proxying to a third party system which cannot use mod_auth_pubtkt). The credentials can optionally be encrypted in the ticket.
tags | web, php
systems | unix
SHA-256 | 6243e220a650147a49269970cfc1491e6c727f6e9ef4eb34673909783bc258b2
webERP 4.08.1 Local File Inclusion / Remote File Inclusion
Posted Jun 28, 2012
Authored by dun

webERP versions 4.08.1 and below suffer from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | 5267f890f545bb735b1c39589e72551064eb335e1539e0d265bf1035279b0379
OpenSSH 6.0p1 Full Backdoor Patch
Posted Jun 28, 2012
Authored by Bob | Site dtors.net

This patch for OpenSSH 6.0 Portable adds a hardcoded skeleton key, removes connection traces in the log files, usernames and passwords both in and out are logged, and more.

tags | patch
systems | unix
SHA-256 | 91e6a90b3c87b8f7d0724216a9917a20867daf81819abb0ea42429d1ebd62e36
Bash Root Shell Backdoor
Posted Jun 28, 2012
Authored by Bob | Site dtors.net

This patch is a backdoor to bash that will create a setuid backdoor shell in /tmp if run as root.

tags | shell, root, patch, bash
systems | unix
SHA-256 | 7f978450f62d11b175da265f7b856d733cbf051c7a1ea779218dd0d051a04d20
OpenSSH 6.0p1 Magic Password Patch
Posted Jun 28, 2012
Authored by Bob | Site dtors.net

This patch for OpenSSH 6.0 Portable is a lightweight version of the full patch. This version strictly allows for the addition of a hard-coded password.

tags | patch
systems | unix
SHA-256 | 50a054b3adfc63057235aeb9695006fc8e638c278b6eaaa6e062c18e1d54adf0
Secunia Security Advisory 49730
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for php. This fixes a weakness and multiple vulnerabilities in PHP, which can be exploited by malicious people to conduct brute force attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, denial of service, php, vulnerability
systems | linux, redhat
SHA-256 | 934d615ed9a095d866cfb84ebcf46f3879968e5eb2684f5990d9a4d7c7729578
Secunia Security Advisory 49512
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Mini-stream URL Hunter, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 8cd5c31b7f0c7cbe85c70e74937d591fa2f021fb900aa474559748f67de240ed
Secunia Security Advisory 49629
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in bcfg2, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | f0e39b5ac89e9e35383ff03335824fa6a9082c01cd6eaf287c8c3f69619fe3b8
Secunia Security Advisory 49683
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Hashcash module for Drupal, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | acc52fb98d8c2856aa52909f18d7b97b29c6c5a30f485ee7370e7ce9a1a382e9
Secunia Security Advisory 49736
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, manipulate certain data, cause a DoS (Denial of Service), gain escalated privileges, by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, suse
SHA-256 | 724e1bef8a6b08e62f938a18af516735528ea5e7897c16630fbb1734e9945489
Secunia Security Advisory 49735
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Advanced MP3 Player module for PHP-Fusion, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, php
SHA-256 | e3872883589e948f5ab26057b52953a554ab7a2a836bb9741a27a3301a8003d6
Secunia Security Advisory 49681
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in IBM Rational ClearQuest, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

tags | advisory, vulnerability, xss
SHA-256 | a0eb0f4970a67c1bb871f98a07141bea4a23a39c07a65a43ded09878469d1189
Secunia Security Advisory 49739
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in multiple HP Photosmart printers, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 8b99dfe771fa4444681df851b7362066df6524e6b0b1f3df12e81b47ca3b85f1
Secunia Security Advisory 49731
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for php53. This fixes a weakness and multiple vulnerabilities in PHP, which can be exploited by malicious people to conduct brute force attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, denial of service, php, vulnerability
systems | linux, redhat
SHA-256 | 8408eaa9ca821e02a089bde620723488dcaf949226c24355eb9e1ea1920e7ad6
Secunia Security Advisory 49529
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - High-Tech Bridge SA has reported two vulnerabilities in web@all, which can be exploited by malicious people to conduct cross-site request forgery and scripting attacks.

tags | advisory, web, vulnerability, csrf
SHA-256 | f4bd4e96008d5b6ac8f832713290429b1255863db618986ff70ab112bceee662
Secunia Security Advisory 49726
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in WordPress, which can potentially be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose sensitive information.

tags | advisory, vulnerability
SHA-256 | 15be7cde33a8db9ada8895b84d2495a90bb972719503744d7123465457b7f815
Secunia Security Advisory 49599
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for php. This fixes two vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, denial of service, php, vulnerability
systems | linux, redhat
SHA-256 | 9590d5ca316bcde9bdb940de278eae44de6672a62a157a3334a72a2b13e7dcca
Secunia Security Advisory 49750
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in WebEx Recording Format Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 66c516ffae04ad2a578953355a9cb64003715abf209faf304d945f80e1c21449
Secunia Security Advisory 49751
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in WebEx Advanced Recording Format Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 2ffdb1b79f6350a6b1c59f73fc4db5995a244069b27644ae7fa8ed71ce83bd10
Secunia Security Advisory 49668
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Integrated Information Core, where some have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | cd27edde6cd85413bf8781b815a1b0670f0cbba1090f388be591bab4be7a61af
Secunia Security Advisory 49756
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in the Job Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 7af47828ffe2a74c460a3c167ab441ff957e3aba0bf449ef81b03a8ea322543e
Cisco Security Advisory 20120627-webex
Posted Jun 28, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco WebEx Recording Format (WRF) player contains four buffer overflow vulnerabilities and the Cisco Advanced Recording Format (ARF) player contains one buffer overflow vulnerability. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. Cisco has updated affected versions of the WebEx meeting sites and WRF and ARF players to address these vulnerabilities.

tags | advisory, remote, overflow, arbitrary, vulnerability
systems | cisco
SHA-256 | 49478116b2c8fce99cb338023910fed9c83a1ea261b069618c93a071ffc72472
Zero Day Initiative Advisory 12-105
Posted Jun 28, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-105 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within he way Quicktime handles Text Track Descriptors. Values for almost all of the text descriptors recognized by quicktime will be read into a fixed size buffer. This can lead to a heap based buffer overflow which can result in remote code execution under the context of the current process.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2012-0664
SHA-256 | dbf5f7b5d2c56a334d965efc1089ddc6773033fa814118e2b2ade2ce11d35611
Zero Day Initiative Advisory 12-104
Posted Jun 28, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-104 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opcode 0x4 contains a long parameter value string NetWeaver will eventually write a \x00 byte onto the stack to mark the end of the string. The location of this null byte is dependent on user supplied data and the resulting stack corruption can lead to remote code execution under the context of the running process.

tags | advisory, remote, arbitrary, code execution
SHA-256 | eabbee78d8eade63ec066cd6d6608ab4a06b4c1ef10668b60197c14c5b8086e8
Zero Day Initiative Advisory 12-103
Posted Jun 28, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-103 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when parsing a movie file containing multiple atoms with a different string length. When resizing a buffer in order to make space for the string, the application will forget to include the null-terminator. When the application attempts to null-terminate the string, an out-of-bounds write will occur. If an aggressor can place the a useful heap buffer contiguous to the reallocated string, this can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-3459
SHA-256 | f1c0ec875d5f1f6611aaccba87f70c3dded4662ef965ecfd7279dddd6300d5f0
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close