Exploit the possiblities
Showing 1 - 25 of 44 RSS Feed

Files Date: 2012-06-28

Mod_auth_pubtkt 0.8
Posted Jun 28, 2012
Site neon1.net

mod_auth_pubtkt is a simple Web single sign-on (SSO) solution for Apache. It validates authentication tickets provided by the client in a cookie using public-key cryptography (DSA or RSA). Thus, only the login server that generates the tickets needs to possess the private key, while Web servers can verify tickets given only the public key. The implementation of the login server is left to the user, but an example and a library in PHP are provided with the distribution.

Changes: A new option and corresponding field in the ticket ("bauth") make it possible to specify the Basic authorization username/password in the ticket (e.g., when reverse proxying to a third party system which cannot use mod_auth_pubtkt). The credentials can optionally be encrypted in the ticket.
tags | web, php
systems | unix
MD5 | 9660892d78dd107f4318899653919b82
webERP 4.08.1 Local File Inclusion / Remote File Inclusion
Posted Jun 28, 2012
Authored by dun

webERP versions 4.08.1 and below suffer from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
MD5 | 29897d5e0da40e62521121cbf9e7bd4c
OpenSSH 6.0p1 Full Backdoor Patch
Posted Jun 28, 2012
Authored by Bob | Site dtors.net

This patch for OpenSSH 6.0 Portable adds a hardcoded skeleton key, removes connection traces in the log files, usernames and passwords both in and out are logged, and more.

tags | patch
systems | unix
MD5 | 7753b7580751d604a864a09175a5945c
Bash Root Shell Backdoor
Posted Jun 28, 2012
Authored by Bob | Site dtors.net

This patch is a backdoor to bash that will create a setuid backdoor shell in /tmp if run as root.

tags | shell, root, patch, bash
systems | unix
MD5 | 80a9346667b79669e3db8cb7e2ef3d24
OpenSSH 6.0p1 Magic Password Patch
Posted Jun 28, 2012
Authored by Bob | Site dtors.net

This patch for OpenSSH 6.0 Portable is a lightweight version of the full patch. This version strictly allows for the addition of a hard-coded password.

tags | patch
systems | unix
MD5 | 76830af90bed3531d0db957c8b264924
Secunia Security Advisory 49730
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for php. This fixes a weakness and multiple vulnerabilities in PHP, which can be exploited by malicious people to conduct brute force attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, denial of service, php, vulnerability
systems | linux, redhat
MD5 | b2aed74b5a60dff838b8941b3493fd01
Secunia Security Advisory 49512
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Mini-stream URL Hunter, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 059f2e05c8bdf3e8e46cc0aceb9f7437
Secunia Security Advisory 49629
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in bcfg2, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | 2b1ccb6023308fb9e5dc21ff13715f31
Secunia Security Advisory 49683
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Hashcash module for Drupal, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
MD5 | 0e2a0e20b8302df8a1a53e17abc898f2
Secunia Security Advisory 49736
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, manipulate certain data, cause a DoS (Denial of Service), gain escalated privileges, by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, suse
MD5 | 456bf228743c2e6c6af6e5131a5310eb
Secunia Security Advisory 49735
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Advanced MP3 Player module for PHP-Fusion, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, php
MD5 | f0260ec272902ad905e4b51eb499df62
Secunia Security Advisory 49681
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in IBM Rational ClearQuest, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

tags | advisory, vulnerability, xss
MD5 | 8416740b176b0438a978d65b2b8b434a
Secunia Security Advisory 49739
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in multiple HP Photosmart printers, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 7ddf4cb99973b7cc891634610059ee26
Secunia Security Advisory 49731
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for php53. This fixes a weakness and multiple vulnerabilities in PHP, which can be exploited by malicious people to conduct brute force attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, denial of service, php, vulnerability
systems | linux, redhat
MD5 | 36a50e74e7f03713830c5bac88241dc0
Secunia Security Advisory 49529
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - High-Tech Bridge SA has reported two vulnerabilities in web@all, which can be exploited by malicious people to conduct cross-site request forgery and scripting attacks.

tags | advisory, web, vulnerability, csrf
MD5 | 1b94f8e12a9873b6ca0168d3ee533d8a
Secunia Security Advisory 49726
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in WordPress, which can potentially be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose sensitive information.

tags | advisory, vulnerability
MD5 | 8d538debec9f04116310524e817c9132
Secunia Security Advisory 49599
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for php. This fixes two vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, denial of service, php, vulnerability
systems | linux, redhat
MD5 | 87c902cbac5b0da4215f1f01445d0040
Secunia Security Advisory 49750
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in WebEx Recording Format Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | 8fbcfcfd0a053b2531f6745f38ff25d3
Secunia Security Advisory 49751
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in WebEx Advanced Recording Format Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | a6a5d1f711653b82cee1850b26091e21
Secunia Security Advisory 49668
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Integrated Information Core, where some have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | e4abd289ef0ed8402c9b6e670f9cb2b3
Secunia Security Advisory 49756
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in the Job Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 859ca6923a95ea3b84decf283e0ca7e5
Cisco Security Advisory 20120627-webex
Posted Jun 28, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco WebEx Recording Format (WRF) player contains four buffer overflow vulnerabilities and the Cisco Advanced Recording Format (ARF) player contains one buffer overflow vulnerability. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. Cisco has updated affected versions of the WebEx meeting sites and WRF and ARF players to address these vulnerabilities.

tags | advisory, remote, overflow, arbitrary, vulnerability
systems | cisco
MD5 | 21504aa9f27ffeb707392f3a902356a3
Zero Day Initiative Advisory 12-105
Posted Jun 28, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-105 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within he way Quicktime handles Text Track Descriptors. Values for almost all of the text descriptors recognized by quicktime will be read into a fixed size buffer. This can lead to a heap based buffer overflow which can result in remote code execution under the context of the current process.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2012-0664
MD5 | 3612c709f69450be7a06020e0d327729
Zero Day Initiative Advisory 12-104
Posted Jun 28, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-104 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opcode 0x4 contains a long parameter value string NetWeaver will eventually write a \x00 byte onto the stack to mark the end of the string. The location of this null byte is dependent on user supplied data and the resulting stack corruption can lead to remote code execution under the context of the running process.

tags | advisory, remote, arbitrary, code execution
MD5 | 4f1b9ed9c98ee83d6ece0b66cf732d7d
Zero Day Initiative Advisory 12-103
Posted Jun 28, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-103 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when parsing a movie file containing multiple atoms with a different string length. When resizing a buffer in order to make space for the string, the application will forget to include the null-terminator. When the application attempts to null-terminate the string, an out-of-bounds write will occur. If an aggressor can place the a useful heap buffer contiguous to the reallocated string, this can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-3459
MD5 | ed1b2cee65d27f2fbaf52636369e52ce
Page 1 of 2
Back12Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close