exploit the possibilities
Showing 1 - 25 of 44 RSS Feed

Files Date: 2012-09-05

Ubuntu Security Notice USN-1555-1
Posted Sep 5, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1555-1 - Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service.

tags | advisory, denial of service, overflow, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2012-0044, CVE-2012-2372, CVE-2012-0044, CVE-2012-2372
MD5 | d0fea1a8b7c4035f97102b8599e19cca
Ubuntu Security Notice USN-1554-1
Posted Sep 5, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1554-1 - A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2012-2372
MD5 | 99339c77c604190cd5acdc6f7ce4b7ff
Debian Security Advisory 2538-1
Posted Sep 5, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2538-1 - It was discovered that Moin, a Python clone of WikiWiki, incorrectly evaluates ACLs when virtual groups are involved. This may allow certain users to have additional permissions (privilege escalation) or lack expected permissions.

tags | advisory, python
systems | linux, debian
advisories | CVE-2012-4404
MD5 | 5103528adcaff6a3c2e95abe0dd93e2c
Red Hat Security Advisory 2012-1235-01
Posted Sep 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1235-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. This flaw did not affect the default use of KVM.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2012-3515
MD5 | d710969a0fc8ca095ac8e5181b9796da
Red Hat Security Advisory 2012-1234-01
Posted Sep 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1234-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. This flaw did not affect the default use of KVM.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-3515
MD5 | 9b9e4bef3ead93c3baa76a00c93ec969
Red Hat Security Advisory 2012-1236-01
Posted Sep 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1236-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu process on the host or, possibly, escalate their privileges on the host. This flaw did not affect the default use of the Xen hypervisor implementation in Red Hat Enterprise Linux 5. This problem only affected fully-virtualized guests that have a serial or parallel device that uses a virtual console back-end. By default, the virtual console back-end is not used for such devices; only guests explicitly configured to use them in this way were affected.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2012-3515
MD5 | 06e05aaec11e8b26715d93a248496102
Red Hat Security Advisory 2012-1232-01
Posted Sep 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1232-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.2 serves as a replacement for JBoss Enterprise Portal Platform 5.2.1, and includes bug fixes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2009-2625, CVE-2011-2908, CVE-2011-4605, CVE-2012-0213, CVE-2012-1167, CVE-2012-2377
MD5 | 9599ac9aa28cd37e1f3b1763a768a63f
Red Hat Security Advisory 2012-1233-01
Posted Sep 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1233-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. When using qemu-kvm-rhev on a Red Hat Enterprise Linux 6 host not managed by Red Hat Enterprise Virtualization:

tags | advisory
systems | linux, redhat
advisories | CVE-2012-3515
MD5 | 6ae66993967f64b6d11d8246f44644fb
How To Use PyDbg As A Powerful Multitasking Debugger
Posted Sep 5, 2012
Authored by Brian Mariani, High-Tech Bridge SA, Frederic Bourla | Site htbridge.com

Since its introduction in 2006, PyDbg has become an essential tool for security researchers and reverse engineers. It is mainly used to discover various software vulnerabilities and weaknesses, as well to analyze malware and perform computer forensics. The present publication is aimed to provide a reader with an introduction to the Python based debugger and deliver practical and real examples of this powerful security tool usage.

tags | paper, vulnerability, python
MD5 | fa1f0192c2612420c406a7e1a7afe027
Kiwicon Six Call For Papers
Posted Sep 5, 2012
Site kiwicon.org

Kiwicon Six Call For Papers - This year Kiwicon will be held from November 17th through 18th, 2012 in Wellington, New Zealand.

tags | paper, conference
MD5 | 77d872426a003d0ff5c89ec0dda03c6c
2xpress CMS SQL Injection
Posted Sep 5, 2012
Authored by Am!r | Site irist.ir

2xpress CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | 56277d4a9938b261f9531f5fb85ceb76
Drop CMS SQL Injection
Posted Sep 5, 2012
Authored by Am!r | Site irist.ir

Drop CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | 26e0988cdb75b9fb33d487fe5677a247
WEBSKINZ CMS SQL Injection
Posted Sep 5, 2012
Authored by Am!r | Site irist.ir

WEBSKINZ CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | de0da050d178e4a284c9d0595e65a21b
Syracus CMS SQL Injection
Posted Sep 5, 2012
Authored by Am!r | Site irist.ir

Syracuse CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | 6c1de9ed6d67729bbf973d1828c823b7
Thoughtmedia CMS SQL Injection
Posted Sep 5, 2012
Authored by Am!r | Site irist.ir

Thoughtmedia CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | 92926b5160c8174c7a749d85b898071f
Ask.com Cross Site Scripting
Posted Sep 5, 2012
Authored by TayfunBasoglu

mws.ask.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 09164c40633b182938d35188321bab0f
Symbion Productions CMS SQL Injection
Posted Sep 5, 2012
Authored by Am!r | Site irist.ir

Symbion Productions CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | ff0e8f5291342d1da34bbbee7592f341
ExtCalendar 2 SQL Injection / Cross Site Scripting
Posted Sep 5, 2012
Authored by Ashiyane Digital Security Team

ExtCalendar 2 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | d922980d25683f929ab3974bf3f31f78
VMWare Tools Binary Planting
Posted Sep 5, 2012
Authored by Moshe Zioni

VMWare Tools is susceptible to binary planting / DLL hijacking.

tags | exploit
systems | windows
advisories | CVE-2012-1666
MD5 | 0dca8292dc24918002bdffd9c3048258
Gentoo Linux Security Advisory 201209-01
Posted Sep 5, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-1 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which could result in execution of arbitrary code. Versions less than 11.2.202.238 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167, CVE-2012-4168
MD5 | f837ee1fe5f4b8bde17b6efd3da8d275
JBoss DeploymentFileRepository WAR Deployment
Posted Sep 5, 2012
Authored by Patrick Hof, Jens Liebchen, h0ng10 | Site metasploit.com

This Metasploit module can be used to execute a payload on JBoss servers that have an exposed HTTPAdaptor's JMX Invoker exposed on the "JMXInvokerServlet". By invoking the methods provided by jboss.admin:DeploymentFileRepository a stager is deployed to finally upload the selected payload to the target. The DeploymentFileRepository methods are only available on Jboss 4.x and 5.x.

tags | exploit
advisories | CVE-2007-1036, OSVDB-33744
MD5 | 440b6d7a412efddd6180d40db230fd1c
MobileCartly 1.0 Arbitrary File Creation
Posted Sep 5, 2012
Authored by sinn3r, Yakir Wizman | Site metasploit.com

This Metasploit module exploits a vulnerability in MobileCartly. The savepage.php file does not do any permission checks before using file_put_contents(), which allows any user to have direct control of that function to create files under the 'pages' directory by default, or anywhere else as long as the user has WRITE permission.

tags | exploit, php
MD5 | d33635eaeda85500cd598453a23c60f1
Barracuda Web Filter 910 5.0.015 Cross Site Scripting
Posted Sep 5, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Barracuda Web Filter 910 version 5.0.015 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
MD5 | 8f8c459a67b0cbc1161148a23a9448e5
eFront Enterprise 3.6.11 Cross Site Scripting
Posted Sep 5, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

eFront Enterprise version 3.6.11 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 57c67a08c70a3884b5e0ef437a1c5152
360-FAAR Firewall Analysis Audit And Repair 0.2.5
Posted Sep 5, 2012
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release adds 'end.' comments to rr mode "enter search INC EX string" instructions and an 'exit' menu option. This release also resolves netscreen MIP(ipaddr) objects from interface mip statements and adds them to the NATs tables. Various other fixes and additions.
tags | tool, perl
systems | unix
MD5 | 275fb64dcbf393c7bbab61d4c15ce68b
Page 1 of 2
Back12Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    6 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close