seeing is believing
Showing 1 - 25 of 32 RSS Feed

Files Date: 2012-08-07

AraDown Blind SQL Injection
Posted Aug 7, 2012
Authored by G-B

AraDown suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6c30b677c0ba2bc5d3786ec00566a8a8
WespaJuris 3.0 Shell Upload / SQL Injection
Posted Aug 7, 2012
Authored by WhiteCollarGroup

WespaJuris versions 3.0 and below exploit that leverages multiple vulnerabilities in order to upload a shell.

tags | exploit, shell, vulnerability
MD5 | 2a78ca2749eedfb5c2995af792146e22
Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow
Posted Aug 7, 2012
Authored by juan vazquez, Brian Gorenc | Site metasploit.com

This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).

tags | exploit, java, web, overflow, code execution, activex
advisories | CVE-2012-0549, OSVDB-81439
MD5 | 301b2e3f021a35617717fcccfd8f4870
Ubisoft uplay 2.0.3 Active X Control Arbitrary Code Execution
Posted Aug 7, 2012
Authored by Tavis Ormandy, Richard Hicks, phillips321, Ben Campbell | Site metasploit.com

The uplay ActiveX component allows an attacker to execute any command line action. User must sign in, unless auto-sign in is enabled and uplay is not already running. Due to the way the malicious executable is served (WebDAV), the module must be run on port 80, so please ensure you have proper privileges. Ubisoft released patch 2.04 as of Mon 20th July.

tags | exploit, activex
advisories | OSVDB-84402
MD5 | d11a8dbcc1ac1eb4891e9236623d06ea
CoolPlayer+ Portable 2.19.2 Buffer Overflow
Posted Aug 7, 2012
Authored by Robert Larsen

CoolPlayer+ Portable version 2.19.2 buffer overflow exploit with ASLR bypass.

tags | exploit, overflow
MD5 | 3b9c932b608c6adfb366d059b3e2fb27
Oracle BTM 12.1.0.2.7 Remote File Deletion
Posted Aug 7, 2012
Authored by rgod | Site retrogod.altervista.org

Oracle Business Transaction Management Server version 12.1.0.2.7 suffers from a FlashTunnelService remote file deletion vulnerability.

tags | exploit, remote
MD5 | 896c6723e4d3eb5be9d4fa7c77601292
YourOnlineAgents CMS Cross Site Scripting
Posted Aug 7, 2012
Authored by Crim3R

YourOnlineAgents CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | dcc5ba1061a0e5748c998d22d73bbd01
Opera.com Cross Site Scripting
Posted Aug 7, 2012
Authored by TayfunBasoglu

Opera.com suffers from a cross site scripting vulnerability during registration.

tags | exploit, xss
MD5 | 060f602ff412c9e3c2ecc5e7587bb2cd
Zoho BugTracker Cross Site Scripting
Posted Aug 7, 2012
Authored by LiquidWorm | Site zeroscience.mk

Zoho BugTracker suffers from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 4c0c0bff2e223b05a8201d4d63540300
Oracle BTM Server 12.1.0.2.7 Remote Code Execution
Posted Aug 7, 2012
Authored by rgod | Site retrogod.altervista.org

Oracle Business Transaction Management Server version 12.1.0.2.7 suffers from a remote code execution vulnerability in the FlashTunnelService WriteToFile message. Proof of concept included.

tags | exploit, remote, code execution, proof of concept
MD5 | 942dde996f9deaa3c951dcebc0fb416f
VMware Vendor Service Cross Site Scripting
Posted Aug 7, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

VMware's vendor website service application suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | c9c0343ea800e5377435905af90c31eb
iAuto Mobile Application 2012 Cross Site Scripting
Posted Aug 7, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

iAuto Mobile Application 2012 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | aefa8ae5d10f47614153515ed22a7b8d
Mandriva Linux Security Advisory 2012-125
Posted Aug 7, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-125 - It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This advisory provides the latest version of Wireshark (1.4.14, 1.6.8) which is not vulnerable to these issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-4048, CVE-2012-4049
MD5 | 7ff77d1aa63bca1a0638545356f74bd7
HP Security Bulletin HPSBMU02798 SSRT100908
Posted Aug 7, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02798 SSRT100908 - Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). Revision 1 of this advisory.

tags | advisory, vulnerability, xss
systems | linux, windows, solaris, hpux
advisories | CVE-2012-2022
MD5 | 9c4f0d725632ffd6c097ffed63f04fbf
AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution
Posted Aug 7, 2012
Authored by rgod | Site retrogod.altervista.org

AOL products downloadUpdater2 plugin suffers from a remote code execution vulnerability. Proof of concept included.

tags | exploit, remote, code execution, proof of concept
MD5 | 4e869fb75d06d79472c0d6cb106c9e8d
Inoutmail Webmail CMS 2012 Cross Site Scripting
Posted Aug 7, 2012
Authored by snup | Site vulnerability-lab.com

Inoutmail Webmail CMS 2012 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5c79be60f8d9872fca01f04dc56ca0d5
Entropy Broker RNG 1.0
Posted Aug 7, 2012
Authored by Folkert van Heusden | Site vanheusden.com

Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.

Changes: EGD client now fully implements the EGD protocol. A network protocol fix was implemented.
tags | encryption
systems | linux
MD5 | f6138b5aab418f3ad2c629194ea6cb46
Joomla Enmasse SQL Injection
Posted Aug 7, 2012
Authored by Daniel Barragan

Joomla Enmasse component remote SQL injection exploit.

tags | exploit, remote, sql injection
MD5 | d40266b095a569c7ae98ef4b954ac54d
Debian Security Advisory 2525-1
Posted Aug 7, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2525-1 - It was discovered that Expat, a C library to parse XML, is vulnerable to denial of service through hash collisions and a memory leak in pool handling.

tags | advisory, denial of service, memory leak
systems | linux, debian
advisories | CVE-2012-0876, CVE-2012-1148
MD5 | bee79272ea2be6e83d58703f36c60b28
Secunia Security Advisory 50085
Posted Aug 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in NVIDIA Graphics Drivers for Linux, which can be exploited by malicious, local users to potentially gain escalated privileges.

tags | advisory, local
systems | linux
MD5 | 55c0a84469bf6fab749c9d10437db2cd
Secunia Security Advisory 50185
Posted Aug 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for nvidia-graphics-drivers. This fixes a vulnerability which can be exploited by malicious, local users to potentially gain escalated privileges.

tags | advisory, local
systems | linux, ubuntu
MD5 | eb89fb757978f6c9b541b261e522e27b
Secunia Security Advisory 50138
Posted Aug 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for globus-gridftp-server. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
systems | linux, debian
MD5 | b7033271f917f74e4e1c3b75c9f2f577
Secunia Security Advisory 50199
Posted Aug 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Accuvant Labs has reported a vulnerability in KOffice, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | f41e5e79d555f60f68dcfd8f900fb43f
Secunia Security Advisory 50112
Posted Aug 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for expat. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, debian
MD5 | ecbb2e74a350eb926889ae4f0ba30af7
Secunia Security Advisory 50184
Posted Aug 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Intuit GoPayment, which can be exploited by malicious people to disclose certain sensitive information.

tags | advisory
MD5 | c2fe942458524ff49e5023c7b0cd8b31
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close