what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 37 RSS Feed

Files Date: 2012-09-12

Sitecom MD-25x Reverse Root Shell
Posted Sep 12, 2012
Authored by Mattijs van Ommeren

Sitecom MD-253 and MD-254 Network Storage reverse shell exploit that combines file upload and command injection vulnerabilities.

tags | exploit, shell, vulnerability, file upload
SHA-256 | 4c49dfca908c07a42f80b9ba3833053ddca2ed0b88eee000424d387808d21d50
TWE CMS SQL Injection
Posted Sep 12, 2012
Authored by Ashiyane Digital Security Team

TWE CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f1f0355cdf1a8a35b7d3e9a315b67779df67052cbd13d6c00b34f654fd2788b6
Debian Security Advisory 2546-1
Posted Sep 12, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2546-1 - Timo Warns discovered that the EAP-TLS handling of freeradius, a high-performance and highly configurable RADIUS server, is not properly performing length checks on user-supplied input before copying to a local stack buffer. As a result, an unauthenticated attacker can exploit this flaw to crash the daemon or execute arbitrary code via crafted certificates.

tags | advisory, arbitrary, local
systems | linux, debian
advisories | CVE-2012-3547
SHA-256 | ed52d45c73c0d59fbc9ec78912eeefe168da4ef39d47e38fe08bbe2a2f58abb6
Red Hat Security Advisory 2012-1259-01
Posted Sep 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1259-01 - Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network.

tags | advisory, overflow, arbitrary, tcp, protocol
systems | linux, redhat
advisories | CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, CVE-2011-3326, CVE-2011-3327, CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, CVE-2012-1820
SHA-256 | 37b20bb55b5cac2a78ef3d512a2dcd040a9fa6e30e2802150f11501eda2c1742
Red Hat Security Advisory 2012-1258-01
Posted Sep 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1258-01 - Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network.

tags | advisory, overflow, arbitrary, tcp, protocol
systems | linux, redhat
advisories | CVE-2010-1674, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, CVE-2011-3326, CVE-2011-3327, CVE-2012-0249, CVE-2012-0250
SHA-256 | e7c3357cb6c8f7846df113bcf13f4689158037c3437cb2228958e385d53137be
Debian Security Advisory 2547-1
Posted Sep 12, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2547-1 - It was discovered that BIND, a DNS server, does not handle DNS records properly which approach size limits inherent to the DNS protocol. An attacker could use crafted DNS records to crash the BIND server process, leading to a denial of service.

tags | advisory, denial of service, protocol
systems | linux, debian
advisories | CVE-2012-4244
SHA-256 | eff9202309704a0080d4c59195a2cc92f4b75958b293c816b1cf95a4eae5ce45
Webify Business Directory Arbitrary File Deletion
Posted Sep 12, 2012
Authored by jiko

Webify Business Directory suffers from a remote arbitrary file deletion vulnerability.

tags | exploit, remote, arbitrary
SHA-256 | 8e19d1a444a7bd93acef46dd1822e9828a592ec9279ab441c740eb64db723273
Webify eDownloads Cart Arbitrary File Deletion
Posted Sep 12, 2012
Authored by jiko

Webify eDownloads Cart suffers from a remote arbitrary file deletion vulnerability.

tags | exploit, remote, arbitrary
SHA-256 | 006bdecd722d84197f1f5823d9c261de54427f122f4550a4cb5985fbadbe7bf2
CMS United SQL Injection
Posted Sep 12, 2012
Authored by s4r4d0

CMS United suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1b31e7c825bd2b0da07f93cb62620efec335570d3ebe4469182773e2a291b041
WordPress Krea3AllMedias SQL Injection
Posted Sep 12, 2012
Authored by Dark-Puzzle

WordPress Krea3AllMedias third party plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 82781413cae2166f326ac53a670a474a65d6db5c197757581b095f4f6d13833d
Centersite SQL Injection
Posted Sep 12, 2012
Authored by TUNISIAN CYBER

Sites designed by Centersite suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 2cb74f7fd2a3daf7b9da13be77c4c064c52c23e62dc6363e8950bccd66204ccf
S&S Computer Imaging SQL Injection
Posted Sep 12, 2012
Authored by Net.W0lf, Hack Center Security Team

Sites designed by S&S Computer Imaging suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 5f6b1b230881b9f7d90e592109e2903a72628af3bfef91c14ff7e8d7887058a7
Dynamics Of Design SQL Injection
Posted Sep 12, 2012
Authored by Net.W0lf, Hack Center Security Team

Dynamics of Design suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 52973b10fca6f0925d5ffa9b0be150ee5e1cec67eeda6ad2a4f166a65d080f6f
WordPress Tierra Audio Path Disclosure
Posted Sep 12, 2012
Authored by Dark-Puzzle

WordPress Tierra Audio third party plugin suffers from full path disclosure and directory listing vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, vulnerability, info disclosure
SHA-256 | eb8bf13ce083445d9f8934609a93b31fdbda0da617aced0b90568a7a46902d18
Secunia Security Advisory 50607
Posted Sep 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged multiple vulnerabilities in IBM Java, which can be exploited by malicious, local users to disclose potentially sensitive data and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, java, denial of service, local, vulnerability
SHA-256 | d66507a314fd4a1c5c50e36fad966bb3459c05d51bb4a9d1331c64fa545a1d5b
Secunia Security Advisory 50594
Posted Sep 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for compat-openssl097g. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.

tags | advisory
systems | linux, suse
SHA-256 | 0b8ebbcd79802cb13a8e53691abf2b921098a7e72b67b5f75bee743020e4b31e
Secunia Security Advisory 50605
Posted Sep 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - EMC has acknowledged a weakness in RSA BSAFE, which can be exploited by malicious people to disclose potentially sensitive information and hijack a user's session.

tags | advisory
SHA-256 | ea919627a70832af99f9916a0fa7436a890b000927459651dcd9ab780c889315
Secunia Security Advisory 50535
Posted Sep 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Bacula, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
SHA-256 | 00b889bf7c3f53e35dd56613f8a7887479246ec87db144e5c9c9bc96b6579321
Secunia Security Advisory 50601
Posted Sep 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - EMC has acknowledged a weakness and a vulnerability in RSA BSAFE, which can be exploited by malicious people to disclose sensitive information, hijack a user's session, and potentially compromise an application using the library.

tags | advisory
SHA-256 | c30573a5dee0abc28c4c8b866aa4f92637df44805b76944dca1e0df6162fad36
Secunia Security Advisory 50589
Posted Sep 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Smarty, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 284876a1e9b57851b2d2d73bd498b05cc16b223981f79b96022f0a989267a8e5
Secunia Security Advisory 50529
Posted Sep 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Python trytond Module, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory, python
SHA-256 | 8b4fc4431f3c32bf28600a573bc5ddd0665a5e8f08f015c6c4fbb161a33db63a
Secunia Security Advisory 50558
Posted Sep 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been discovered in Akcms, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | 98228f23d21c2bf4b6d3da9e1105fdac0bc317b6f4a8bf32fd337d3f62fc21ad
Chip And Skim: Cloning EMV Cards With The Pre-Play Attack
Posted Sep 12, 2012
Authored by Steven J. Murdoch, Mike Bond, Sergei Skorobogatov, Ross Anderson, Omar Choudary

EMV, also known as "Chip and PIN", is the leading system for card payments world- wide. It is used throughout Europe and much of Asia, and is starting to be introduced in North America too. Payment cards contain a chip so they can execute an authentication protocol. This protocol requires point-of-sale (POS) terminals or ATMs to generate a nonce, called the unpredictable number, for each transaction to ensure it is fresh. The authors have discovered that some EMV implementers have merely used counters, timestamps or home-grown algorithms to supply this number. This exposes them to a "pre-play" attack which is indistinguishable from card cloning from the standpoint of the logs available to the card-issuing bank, and can be carried out even if it is impossible to clone a card physically (in the sense of extracting the key material and loading it into another card).

tags | paper, protocol
SHA-256 | f84ee2e08154a6b99c6a080b531ba266efec1a3a793f9705959e779bb106cd3e
Raspberry Pi Linux/ARM Reverse Shell Shellcode
Posted Sep 12, 2012
Authored by midnitesnake

72 bytes small Raspberry Pi Linux/ARM reverse_shell(tcp,10.1.1.2,0x1337) shellcode.

tags | tcp, shellcode
systems | linux
SHA-256 | 33477d9d007d6784386a6fd40196c1a6cc8adde4241c48bc9ed3a6600246f486
Raspberry Pi Linux/ARM execve("/bin/sh",[0],[0 vars]) Shellcode
Posted Sep 12, 2012
Authored by midnitesnake

30 bytes small Raspberry Pi Linux/ARM execve("/bin/sh",[0],[0 vars]) shellcode.

tags | shellcode
systems | linux
SHA-256 | 812eace2fa0e2e4dde574596e94fbdef1a568d857abd26d44693db4443a5a932
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close