what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 34 RSS Feed

Files Date: 2012-07-06

Poison Ivy 2.3.2 C&C Server Buffer Overflow
Posted Jul 6, 2012
Authored by juan vazquez, Gal Badishi, Andrzej Dereszowski | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Poison Ivy 2.3.2 C&C server. The exploit does not need to know the password chosen for the bot/server communication. If the C&C is configured with the default 'admin' password, the exploit should work fine. In case of the C&C configured with another password the exploit can fail. The 'check' command can be used to determine if the C&C target is using the default 'admin' password. Hopefully an exploit try won't crash the Poison Ivy C&C process, just the thread responsible of handling the connection. Because of this the module provides the RANDHEADER option and a bruteforce target. If RANDHEADER is used a random header will be used. If the bruteforce target is selected, a random header will be sent in case the default for the password 'admin' doesn't work. Bruteforce will stop after 5 tries or a session obtained.

tags | exploit, overflow
SHA-256 | a5fb5f9fb5256f9b9ed0a73d71160bd6699b2d23e1947554a86a9c745e5bff43
Umbraco CMS Remote Command Execution
Posted Jul 6, 2012
Authored by juan vazquez, Toby Clarke | Site metasploit.com

This Metasploit module can be used to execute a payload on Umbraco CMS 4.7.0.378. The payload is uploaded as an ASPX script by sending a specially crafted SOAP request to codeEditorSave.asmx, which permits unauthorised file upload via the SaveDLRScript operation. SaveDLRScript is also subject to a path traversal vulnerability, allowing code to be placed into the web-accessible /umbraco/ directory. The module writes, executes and then overwrites an ASPX script; note that though the script content is removed, the file remains on the target. Automatic cleanup of the file is intended if a meterpreter payload is used. This Metasploit module has been tested successfully on Umbraco CMS 4.7.0.378 on a Windows 7 32-bit SP1. In this scenario, the "IIS APPPOOL\ASP.NET v4.0" user must have write permissions on the Windows Temp folder.

tags | exploit, web, asp, file upload
systems | windows
SHA-256 | a969edd9061df64ff92c55db7b277da617626bfa9448eab4978dfbd56a0d42bb
Tiki Wiki <= 8.3 unserialize() PHP Code Execution
Posted Jul 6, 2012
Authored by EgiX, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in Tiki Wiki <= 8.3 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the 'tiki-print_multi_pages.php' script, which is called with user controlled data from the 'printpages' parameter. The exploit abuses the __destruct() method from the Zend_Pdf_ElementFactory_Proxy class to write arbitrary PHP code to a file on the Tiki Wiki web directory. In order to run successfully three conditions must be satisfied (1) display_errors php setting must be On to disclose the filesystem path of Tiki Wiki, (2) The Tiki Wiki Multiprint feature must be enabled to exploit the unserialize() and (3) a php version older than 5.3.4 must be used to allow poison null bytes in filesystem related functions. The exploit has been tested successfully on Ubuntu 9.10 and Tiki Wiki 8.3.

tags | exploit, web, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2012-0911
SHA-256 | 04e6daabf6b6a5dba1b8fa576bc4f910b4df1c7b90652847142a832796744523
Basilic 1.5.14 diff.php Arbitrary Command Execution
Posted Jul 6, 2012
Authored by Larry W. Cashdollar, sinn3r, juan vasquez | Site metasploit.com

This Metasploit module abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account.

tags | exploit, arbitrary, php
SHA-256 | 80e3ce82a2d97fa36f0665883aecc56cc126a901567bd0c4251832c7ded7ffe7
Hack Box With DotDotPwn Directory Traversal Fuzzer
Posted Jul 6, 2012
Authored by Levi Francisco Pineda

This is a brief whitepaper that demonstrates using DotDotPwn for directory traversal fuzzing against the Lyric Xibelis CSF.

tags | paper
SHA-256 | ff84469d0184c84c0a03b4b6268f4e4a0fc7743706154150f36511ad985f17fd
sflog! 1.00 LFI / Password Disclosure / Shell Upload
Posted Jul 6, 2012
Authored by dun

sflog! versions 1.00 and below suffer from local file inclusion, administrative password disclosure, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion, info disclosure
SHA-256 | a330468dd724ab2f78215e629c1c00b9dcb52c8249a68c63ac563236adda7e5a
Apache Sling 2.1.0 Denial Of Service
Posted Jul 6, 2012
Authored by IO Active | Site sling.apache.org

The CopyFrom operation of the Sling POST servlet allows for copying a parent node to one of its descendant nodes, creating an infinite loop that ultimately results in denial of service, once memory and/or storage resources are exhausted.

tags | exploit, denial of service
advisories | CVE-2012-2138
SHA-256 | 8995843141b2cea69c3716091acf10088f9d4eadff4f7ee2520234cfcb689c33
Mandriva Linux Security Advisory 2012-102
Posted Jul 6, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-102 - A vulnerability has been discovered and corrected in krb5. A kadmind denial of service issue has been addressed, which could only be triggered by an administrator with the create privilege. The updated packages have been patched to correct this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2012-1013
SHA-256 | 9811d67a56f6266e921605d63970c98925047dd6fd4ff986c85c9011098f43e2
Asterisk Project Security Advisory - AST-2012-011
Posted Jul 6, 2012
Authored by Nicolas Bouliane, Kinsey Moore | Site asterisk.org

Asterisk Project Security Advisory - If a single voicemail account is manipulated by two parties simultaneously, a condition can occur where memory is freed twice causing a crash.

tags | advisory
advisories | CVE-2012-3812
SHA-256 | c4c29da204c724036feeafa9e5d1fe5e12c23b551ecfc323429909297800ebda
Asterisk Project Security Advisory - AST-2012-010
Posted Jul 6, 2012
Authored by Terry Wilson, Steve Davies | Site asterisk.org

Asterisk Project Security Advisory - If Asterisk sends a re-invite and an endpoint responds to the re-invite with a provisional response but never sends a final response, then the SIP dialog structure is never freed and the RTP ports for the call are never released. If an attacker has the ability to place a call, they could create a denial of service by using all available RTP ports.

tags | advisory, denial of service
SHA-256 | 7393ac1f7dc8c09c81891ad81cc71a05d76badd9fadaf47998c0f0251965ab45
IPv6 Redirect Messages Assessment Tool 1.0
Posted Jul 6, 2012
Authored by Fernando Gont

rd-attack is a tool for finding vulnerabilities based on ICMPv6 Redirect messages.

tags | tool, vulnerability
systems | unix
SHA-256 | 75ef138e80c715c496ab039939f1aa91edb626d283e4705e8ad8c770aa02c623
IPv6 Node Information Assessment Tool 1.0
Posted Jul 6, 2012
Authored by Fernando Gont

ni6 is a security assessment tool that exploits potential flaws in the processing of ICMPv6 Node Information messages.

tags | tool
systems | unix
SHA-256 | ef026e19bb05a8e35114e31349134c5a2a5d5688a0963bba15b3d387466c534c
IPv6 Jumbograms Assessment Tool 1.0
Posted Jul 6, 2012
Authored by Fernando Gont

jumbov6 is a tool to assess IPv6 implementations with respect to attack vectors based on IPv6 jumbograms.

tags | tool
systems | unix
SHA-256 | 70bfa103033977fae419ba459c2326bf358ca0f22ea9e70abc5986d263dfaae1
UK CPNI IPv6 Toolkit 1.1
Posted Jul 6, 2012
Authored by Fernando Gont

This toolkit house various IPv6 tool that have been tested to compile and run on Debian GNU/Linux 6.0, FreeBSD 8.2, NetBSD 5.1, OpenBSD 5.0, and Ubuntu 11.10.

tags | tool, scanner
systems | linux, netbsd, unix, freebsd, openbsd, debian, ubuntu
SHA-256 | 495e347d4bbbe9c0d3103f47b8d7a0f7d1a5f329d8d7205e15208bf12efcc139
IPv6 Address Monitoring Tool 0.1
Posted Jul 6, 2012
Authored by Fernando Gont

ipv6mon is a tool for IPv6 address monitoring on local area networks.

tags | tool, local
systems | unix
SHA-256 | 87998c9beb90c410776520cb78807d8b97edb1ae4718be2cd8ed998cb9c50079
IPv6 ICMPv6 Assessment Tool 1.0
Posted Jul 6, 2012
Authored by Fernando Gont

icmp6-attack is a tool for assessing vulnerabilities in ICMPv6 error messages.

tags | tool, vulnerability
systems | unix
SHA-256 | ea6d02dca82a6ab1ff31fe84a06fc2903dd5f62c1fff178f155d3db8be6f32d2
IPv6 Fragmentation Assessment Tool 1.0
Posted Jul 6, 2012
Authored by Fernando Gont

frag6 is a security assessment tool for attack vectors based on IPv6 fragmentation.

tags | tool
systems | unix
SHA-256 | ff17013fa710766492566513213184ed833099c8a1d20510c6d0688633371093
IPv6 Flow Assessment Tool 1.0
Posted Jul 6, 2012
Authored by Fernando Gont

flow6 is a tool that performs a security assessment of the IPv6 Flow Label Field.

tags | tool
systems | unix
SHA-256 | fec38fb5001ec4bc83eaff5713607b708f5dff5075d86fa4946185e0b8774005
Elfchat 5.1.2 Pro Cross Site Scripting
Posted Jul 6, 2012
Authored by Avatar Fearless

ElfChat version 5.1.2 Pro suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5dbc0c25c91ac9c248972741c037874ae862593c456258d1c27f34c121b8cf11
Secunia Security Advisory 49826
Posted Jul 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the PHPFreeChat plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 4e4dfae1d2d31df99da08a5522d54b24e7199f00899121c3fbf42eae6c3ca680
Secunia Security Advisory 49825
Posted Jul 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Knews Multilingual Newsletters plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | f46b22b703464c1c0511904b0ea5258a6a49c0323e95c819d3f658ab34556693
Secunia Security Advisory 49821
Posted Jul 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Contus Vblog plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 0ff2417c74091799c32bf1e597e7aef40b81f282cf3a097ff1220a3ff19b3944
Secunia Security Advisory 49823
Posted Jul 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the custom tables plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 220fe9d65f81acd053ef51471802014765e9abed1b49dc7b22ea6a5c9c8be0ce
Secunia Security Advisory 49827
Posted Jul 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the church_admin plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | be28034156cfbf05ed35a6fd69452d00912abd1cd795f9e7df7fd71ee2b53e7a
Secunia Security Advisory 49814
Posted Jul 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | b7947a87aac075fa7aa6e3df7d8e6620d59bd7ecd00abf0a98895f209630fd34
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close