Exploit the possiblities
Showing 1 - 25 of 61 RSS Feed

Files Date: 2012-07-13

Mandriva Linux Security Advisory 2012-107
Posted Jul 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-107 - An integer overflow in the function jpeg_data_load_data in the exif program could cause a data read beyond the end of a buffer, causing an application crash or leakage of potentially sensitive information when parsing a crafted JPEG file. The updated packages have been upgraded to the 0.6.21 version which is not vulnerable to this issue.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2012-2845
MD5 | e2a845f68a0585286f83ad85767be3e3
Joomla OS Property Shell Upload
Posted Jul 13, 2012
Authored by Daniel Barragan

The Joomla OS Property component suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | d7b60a39ac0780da48511402ebf25203
Joomla KSAdvertiser Shell Upload
Posted Jul 13, 2012
Authored by Daniel Barragan

The Joomla KSAdvertiser component suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | a03c1e7914b40cb21f06886f427e78bb
Mandriva Linux Security Advisory 2012-106
Posted Jul 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-106 - A heap-based out-of-bounds array read in the exif_entry_get_value function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags. A heap-based out-of-bounds array read in the exif_convert_utf16_to_utf8 function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags. Various other issues have also been addressed.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841
MD5 | 7e875bbc3f8b2b6d276ee7c343c9a53d
Airdroid 1.0.4 Beta Implementation Weaknesses
Posted Jul 13, 2012
Authored by Tobias Glemser, Dominique Dewitt, Kathrin Schaberle

Airdroid version 1.0.4 Beta suffers from multiple security design implementation weaknesses.

tags | advisory, info disclosure
advisories | CVE-2012-3884, CVE-2012-3885, CVE-2012-3886, CVE-2012-3887, CVE-2012-3888
MD5 | 82a485afe5f74547783d266d51caa6b9
WebPageTest 2.6 Shell Upload / File Disclosure / File Deletion
Posted Jul 13, 2012
Authored by dun

WebPageTest versions 2.6 and below suffer from local file inclusion, shell upload, file disclosure, and file deletion vulnerabilities.

tags | exploit, shell, local, vulnerability, file inclusion
MD5 | 6fe7fd922ccfc07bdf20f4269f11c32e
WordPress Resume Submissions / Job Postings 2.5.1 Shell Upload
Posted Jul 13, 2012
Authored by Chris Kellum

WordPress Resume Submissions and Job Postings plugin version 2.5.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | f4899f14244552c6921c182b8b197f23
Ajax Data Uploader Shell Upload
Posted Jul 13, 2012
Authored by Mr.XpR

Ajax Data Uploader suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 71f79bee89d9a6200be77bfecc1c504c
Zero Day Initiative Advisory 12-125
Posted Jul 13, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-125 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Quicktime.qts. The stack buffer overflow occurs as a result of an unbounded string copy function in Quicktime.qts, reachable through the IQTPluginControl::SetLanguage COM method exposed by the COM object QTPlugin.ocx. This vulnerability can be leveraged to execute code under the context of the user.

tags | advisory, remote, overflow, arbitrary
systems | apple
advisories | CVE-2012-0666
MD5 | 425fd990d9d1f04fa82ad12630cbfa66
VMware Security Advisory 2012-0012
Posted Jul 13, 2012
Authored by VMware | Site vmware.com

VMware Security Advisory 2012-0012 - VMware ESXi update addresses several security issues.

tags | advisory
advisories | CVE-2010-4008, CVE-2010-4494, CVE-2011-0216, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919, CVE-2012-0841
MD5 | 88bdb05b2e09a6f74db93a991c7c1834
Zero Day Initiative Advisory 12-124
Posted Jul 13, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-124 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 50 (0x32) and subcode 42 (0x2a), the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. This vulnerability can be leveraged to execute code under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary, tcp
advisories | CVE-2012-0409
MD5 | 1383ea0b809ddd749435019bd555cffc
Mandriva Linux Security Advisory 2012-105
Posted Jul 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-105 - Incorrect handing of inline images in incoming instant messages can cause a buffer overflow and in some cases can be exploited to execute arbitrary code. This update provides pidgin 2.10.6, which is not vulnerable to this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-3374
MD5 | d3b2bc179baaaec794ff0b4e64e89c29
Mandriva Linux Security Advisory 2012-104
Posted Jul 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-104 - OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG , would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-5030, CVE-2012-3358
MD5 | 5fa63a53e0b8b16aaf111231a34eba1e
Magento eCommerce Platform XXE Injection
Posted Jul 13, 2012
Authored by Kestutis Gudinavicius | Site sec-consult.com

Magento eCommerce platform uses a vulnerable version of Zend framework which is prone to XML eXternal Entity Injection attacks. The SimpleXMLElement class of Zend framework (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections.

tags | exploit, arbitrary, php, tcp
MD5 | b4c3759ec30e246aac884dcd47c7d37c
Zero Day Initiative Advisory 12-123
Posted Jul 13, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-123 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 50 (0x32) and subcode 60 (0xe9), the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. This vulnerability can be leveraged to execute code under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary, tcp
advisories | CVE-2012-0409
MD5 | a614c9c827a20365165cb7cc0a93c7ef
GLPI 0.83.2 Cross Site Scripting
Posted Jul 13, 2012
Authored by Prajal Kulkarni

GLPI version 0.83.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 831f7b759f97f4b699f307997cba4a22
Zero Day Initiative Advisory 12-122
Posted Jul 13, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-122 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 65 (0x41) and subcode 18 (0x12), the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. This vulnerability can be leveraged to execute code under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary, tcp
advisories | CVE-2012-0409
MD5 | e1fb0cb3697be36d38eb3e44c4373234
WaveSurfer 1.8.8p4 Memory Corruption
Posted Jul 13, 2012
Authored by Jean Pascal Pereira

WaveSurfer version 1.8.8p4 memory corruption proof of concept exploit.

tags | exploit, proof of concept
MD5 | e7831d769305e7dabfebca73ee8ee341
House Style 0.1.2 File Disclosure
Posted Jul 13, 2012
Authored by GolD_M

House Style version 0.1.2 suffers from a readfile() local file disclosure vulnerability.

tags | exploit, local, info disclosure
MD5 | 24426f2e29268813cb980aea6c4a582e
eCan 0.1 File Disclosure
Posted Jul 13, 2012
Authored by GolD_M

eCan version 0.1 suffers from a local file disclosure vulnerability.

tags | exploit, local, info disclosure
MD5 | 5512b01f270c3969916aa98b20f28d9d
Lc Flickr Carousel 1.0 File Disclosure
Posted Jul 13, 2012
Authored by GolD_M

Lc Flickr Carousel version 1.0 suffers from a local file disclosure vulnerability.

tags | exploit, local, info disclosure
MD5 | 8989600d7063f8320beac3d2fbdf422c
ZipItFast PRO 3.0 Heap Overflow
Posted Jul 13, 2012
Authored by C4SS!0 G0M3S

ZipItFast PRO version 3.0 heap overflow exploit that binds a shell to port 9988.

tags | exploit, overflow, shell
MD5 | 63571b457832efbebd1fb47147a6882d
Cura 1.4
Posted Jul 13, 2012
Site github.com

Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).

Changes: This release features a completely new UI for the Home (Login) screen where you are dropped upon launch. This is where you access/create/update/delete your server accounts, and it's had a complete do-over.
tags | tool, remote, wireless
MD5 | 7793c2a4d7768273e8677d80b00b06b6
Zero Day Initiative Advisory 12-121
Posted Jul 13, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-121 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 85 (0x55) and subcode 01, the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. This vulnerability can be leveraged to execute code under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary, tcp
advisories | CVE-2012-0409
MD5 | 11f2047611725a4058528cb634c2db0c
Mandriva Linux Security Advisory 2012-103
Posted Jul 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-103 - A race condition in automake could allow a local attacker to run arbitrary code with the privileges of the user running make distcheck. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2012-3386
MD5 | 42c406eab9aabd9f7e614ad50b2e48fb
Page 1 of 3
Back123Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    42 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close