exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 61 RSS Feed

Files Date: 2012-07-13

Mandriva Linux Security Advisory 2012-107
Posted Jul 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-107 - An integer overflow in the function jpeg_data_load_data in the exif program could cause a data read beyond the end of a buffer, causing an application crash or leakage of potentially sensitive information when parsing a crafted JPEG file. The updated packages have been upgraded to the 0.6.21 version which is not vulnerable to this issue.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2012-2845
SHA-256 | b2dc97f87485b52e2552d28d3ed742ece7d392a5a8d9f71352f4c71ba1e77497
Joomla OS Property Shell Upload
Posted Jul 13, 2012
Authored by Daniel Barragan

The Joomla OS Property component suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 2319911a51d2f907dbdd7a4d6226212e3052f622977a3c72772152ecace5dd11
Joomla KSAdvertiser Shell Upload
Posted Jul 13, 2012
Authored by Daniel Barragan

The Joomla KSAdvertiser component suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 54de96cd083b6fb565bccf13177d146934ddaefac5016487fb873d261c227b3d
Mandriva Linux Security Advisory 2012-106
Posted Jul 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-106 - A heap-based out-of-bounds array read in the exif_entry_get_value function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags. A heap-based out-of-bounds array read in the exif_convert_utf16_to_utf8 function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive information from process memory via an image with crafted EXIF tags. Various other issues have also been addressed.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841
SHA-256 | 9975f4a1c9a3911947a68c0f0d057c9713a6d86149c2225f5521d35dd6f79e2b
Airdroid 1.0.4 Beta Implementation Weaknesses
Posted Jul 13, 2012
Authored by Tobias Glemser, Dominique Dewitt, Kathrin Schaberle

Airdroid version 1.0.4 Beta suffers from multiple security design implementation weaknesses.

tags | advisory, info disclosure
advisories | CVE-2012-3884, CVE-2012-3885, CVE-2012-3886, CVE-2012-3887, CVE-2012-3888
SHA-256 | e6777f2cf37fd0cc0c4fad4bc5839eb4b7f717137929dae19f8b618c9f4dfd25
WebPageTest 2.6 Shell Upload / File Disclosure / File Deletion
Posted Jul 13, 2012
Authored by dun

WebPageTest versions 2.6 and below suffer from local file inclusion, shell upload, file disclosure, and file deletion vulnerabilities.

tags | exploit, shell, local, vulnerability, file inclusion
SHA-256 | 89dcea13ec2ce098c36406bb3eb0f66cf4abc25e56f9529e8cf96f1886dc3447
WordPress Resume Submissions / Job Postings 2.5.1 Shell Upload
Posted Jul 13, 2012
Authored by Chris Kellum

WordPress Resume Submissions and Job Postings plugin version 2.5.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | abb9002f357afe4cc499af58b4cec029b8eafcb2610d8311454bcd553f75f567
Ajax Data Uploader Shell Upload
Posted Jul 13, 2012
Authored by Mr.XpR

Ajax Data Uploader suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 9f7ee95a3d29326c1ee467ff1021b8c1447ba8a1514a4d8fb8f20b122a2bb4bc
Zero Day Initiative Advisory 12-125
Posted Jul 13, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-125 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Quicktime.qts. The stack buffer overflow occurs as a result of an unbounded string copy function in Quicktime.qts, reachable through the IQTPluginControl::SetLanguage COM method exposed by the COM object QTPlugin.ocx. This vulnerability can be leveraged to execute code under the context of the user.

tags | advisory, remote, overflow, arbitrary
systems | apple
advisories | CVE-2012-0666
SHA-256 | fb13d8978ea5650ce09b46a706f138fc4b9467b174680a4bae8416e52d19ff04
VMware Security Advisory 2012-0012
Posted Jul 13, 2012
Authored by VMware | Site vmware.com

VMware Security Advisory 2012-0012 - VMware ESXi update addresses several security issues.

tags | advisory
advisories | CVE-2010-4008, CVE-2010-4494, CVE-2011-0216, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919, CVE-2012-0841
SHA-256 | 5b4b01c7d05b407f2019d9dcb62997fbe3639d1b4af2d9e365e42c1b2fc8c4ac
Zero Day Initiative Advisory 12-124
Posted Jul 13, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-124 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 50 (0x32) and subcode 42 (0x2a), the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. This vulnerability can be leveraged to execute code under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary, tcp
advisories | CVE-2012-0409
SHA-256 | 87313ef097a86bab73a342f52465b4b4cd830209fa7d28de5dd33b89c9045022
Mandriva Linux Security Advisory 2012-105
Posted Jul 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-105 - Incorrect handing of inline images in incoming instant messages can cause a buffer overflow and in some cases can be exploited to execute arbitrary code. This update provides pidgin 2.10.6, which is not vulnerable to this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-3374
SHA-256 | 7c185305688a5cfa89d9db251c3b24316e457ced47fbef3f5bb81d3426a8a0ee
Mandriva Linux Security Advisory 2012-104
Posted Jul 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-104 - OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG , would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-5030, CVE-2012-3358
SHA-256 | 9f38f2c466a44dab2094051c875f326f59d70477de49fef91e359f752d0711a2
Magento eCommerce Platform XXE Injection
Posted Jul 13, 2012
Authored by Kestutis Gudinavicius | Site sec-consult.com

Magento eCommerce platform uses a vulnerable version of Zend framework which is prone to XML eXternal Entity Injection attacks. The SimpleXMLElement class of Zend framework (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections.

tags | exploit, arbitrary, php, tcp, xxe
SHA-256 | 89d448f5823f6c330e5a4b53e23014a5b1fe003dd4087081ff3c078b9e4d3271
Zero Day Initiative Advisory 12-123
Posted Jul 13, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-123 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 50 (0x32) and subcode 60 (0xe9), the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. This vulnerability can be leveraged to execute code under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary, tcp
advisories | CVE-2012-0409
SHA-256 | 139726b2952af85d06f670b61700a45f677d9611c51028cd49892fdfb52b2905
GLPI 0.83.2 Cross Site Scripting
Posted Jul 13, 2012
Authored by Prajal Kulkarni

GLPI version 0.83.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f5b2c4c3483e2fc4f8c4c71cf68580c2f1cec99231c16a7d5963d408d62baeba
Zero Day Initiative Advisory 12-122
Posted Jul 13, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-122 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 65 (0x41) and subcode 18 (0x12), the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. This vulnerability can be leveraged to execute code under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary, tcp
advisories | CVE-2012-0409
SHA-256 | 2343a0f6c3d72d47cdb90a2defa9e361cf62dac4159838ad85ae956a032a0547
WaveSurfer 1.8.8p4 Memory Corruption
Posted Jul 13, 2012
Authored by Jean Pascal Pereira

WaveSurfer version 1.8.8p4 memory corruption proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | d4deff1bae6282d551700d55692f595d5773d5a0250ecd06933d407d8d9fca97
House Style 0.1.2 File Disclosure
Posted Jul 13, 2012
Authored by GolD_M

House Style version 0.1.2 suffers from a readfile() local file disclosure vulnerability.

tags | exploit, local, info disclosure
SHA-256 | f0e12ae5abdf3d6c1f4d058141489a08c550c3d153d77562c509b480d09570ae
eCan 0.1 File Disclosure
Posted Jul 13, 2012
Authored by GolD_M

eCan version 0.1 suffers from a local file disclosure vulnerability.

tags | exploit, local, info disclosure
SHA-256 | 3554c4524462040f5dda78c445352d07b4b18d5640ec8b6a0de6960bcda363d5
Lc Flickr Carousel 1.0 File Disclosure
Posted Jul 13, 2012
Authored by GolD_M

Lc Flickr Carousel version 1.0 suffers from a local file disclosure vulnerability.

tags | exploit, local, info disclosure
SHA-256 | dc7d17c6acb8edf73ecc37248cbc4108c8901dc3dbb59bf06deb7163d82d68e9
ZipItFast PRO 3.0 Heap Overflow
Posted Jul 13, 2012
Authored by C4SS!0 G0M3S

ZipItFast PRO version 3.0 heap overflow exploit that binds a shell to port 9988.

tags | exploit, overflow, shell
SHA-256 | ab680f9134fecd5dfa2d8333c77bceee24944dda8791109e831b9c78dcc248d1
Cura 1.4
Posted Jul 13, 2012
Site github.com

Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).

Changes: This release features a completely new UI for the Home (Login) screen where you are dropped upon launch. This is where you access/create/update/delete your server accounts, and it's had a complete do-over.
tags | tool, remote, wireless
SHA-256 | 79fd0da76674b5e455a947a43496357a83abbd086c7bf141c80764ec54afd32c
Zero Day Initiative Advisory 12-121
Posted Jul 13, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-121 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Autostart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ftAgent.exe service, which listens by default on TCP port 8045. When handling messages with opcode 85 (0x55) and subcode 01, the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. This vulnerability can be leveraged to execute code under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary, tcp
advisories | CVE-2012-0409
SHA-256 | 2cca7ada2304707f231b7deb60ff713216642325a2dab563de55c2d22e854147
Mandriva Linux Security Advisory 2012-103
Posted Jul 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-103 - A race condition in automake could allow a local attacker to run arbitrary code with the privileges of the user running make distcheck. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2012-3386
SHA-256 | b7e44752bd1585e84c1ef59436c05b16c74d4e75dfdf408a8bc3c28772eb47e1
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close