exploit the possibilities
Showing 1 - 20 of 20 RSS Feed

Files Date: 2012-09-22

ZEN Load Balancer Filelog Command Execution
Posted Sep 22, 2012
Authored by Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in ZEN Load Balancer version 2.0 and 3.0-rc1 which could be abused to allow authenticated users to execute arbitrary code under the context of the 'root' user. The 'content2-2.cgi' file uses user controlled data from the 'filelog' parameter within backticks.

tags | exploit, arbitrary, cgi, root
MD5 | a4735e1bfb0a32b50337c1b4747c24a2
NTR ActiveX Control Check() Method Buffer Overflow
Posted Sep 22, 2012
Authored by Carsten Eiram, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in NTR ActiveX 1.1.8. The vulnerability exists in the Check() method, due to the insecure usage of strcat to build a URL using the bstrParams parameter contents, which leads to code execution under the context of the user visiting a malicious web page. In order to bypass DEP and ASLR on Windows Vista and Windows 7 JRE 6 is needed.

tags | exploit, web, code execution, activex
systems | windows, vista, 7
advisories | CVE-2012-0266, OSVDB-78252
MD5 | d9429e02b0749c6070e28df7c47954a1
NTR ActiveX Control StopModule() Remote Code Execution
Posted Sep 22, 2012
Authored by Carsten Eiram, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in the NTR ActiveX 1.1.8. The vulnerability exists in the StopModule() method, where the lModule parameter is used to dereference memory to get a function pointer, which leads to code execution under the context of the user visiting a malicious web page.

tags | exploit, web, code execution, activex
advisories | CVE-2012-0267, OSVDB-78253
MD5 | de0a843ca0d9e37bb628a6ee0568795c
Toshiba ConfigFree CF7 File Remote Command Execution
Posted Sep 22, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

There is a command execution vulnerability in the Toshiba ConfigFree CF7 file format used on Toshiba laptops to import and export network configurations. An attacker could execute arbitrary commands with the privileges of the current logged-in user by enticing a Toshiba laptop user to download and execute a crafted CF7 file.

tags | advisory, arbitrary
advisories | CVE-2012-4981
MD5 | cd32f5f37f2c2bb1d0332d80e401825f
Toshiba ConfigFree CF7 ProfileName Overflow
Posted Sep 22, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

There is a stack buffer overflow vulnerability in the Toshiba ConfigFree CF7 file format used on Toshiba laptops. An attacker could execute arbitrary code by enticing a Toshiba laptop user to download and execute a malicious CF7 file if they manipulate the ProfileName.

tags | advisory, overflow, arbitrary
advisories | CVE-2012-4980
MD5 | 820f5132e1bdda5c557f310f9f84aa4c
Apple Security Advisory 2012-09-19-3
Posted Sep 22, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-09-19-3 - Safari 6.0.1 is now available and addresses multiple vulnerabilities in itself and WebKit.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2011-3105, CVE-2012-2817, CVE-2012-2818, CVE-2012-2829, CVE-2012-2831, CVE-2012-2842, CVE-2012-2843, CVE-2012-3598, CVE-2012-3601, CVE-2012-3602, CVE-2012-3606, CVE-2012-3607, CVE-2012-3612, CVE-2012-3613, CVE-2012-3614, CVE-2012-3616, CVE-2012-3617, CVE-2012-3621, CVE-2012-3622, CVE-2012-3623, CVE-2012-3624, CVE-2012-3632, CVE-2012-3643, CVE-2012-3647, CVE-2012-3648, CVE-2012-3649, CVE-2012-3651, CVE-2012-3652
MD5 | bae79776f3851e4b182aaa6be73dd13e
Apple Security Advisory 2012-09-19-2
Posted Sep 22, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-09-19-2 - OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address Apache, BIND, CoreText, Data Security, and many other vulnerabilities.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2011-3026, CVE-2011-3048, CVE-2011-3368, CVE-2011-3389, CVE-2011-3607, CVE-2011-4313, CVE-2011-4317, CVE-2011-4599, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2012-0643, CVE-2012-0650, CVE-2012-0652, CVE-2012-0668, CVE-2012-0670, CVE-2012-0671, CVE-2012-0831, CVE-2012-1172, CVE-2012-1173, CVE-2012-1667, CVE-2012-1823, CVE-2012-2143, CVE-2012-2311, CVE-2012-2386, CVE-2012-2688, CVE-2012-3716, CVE-2012-3718
MD5 | 84dbb60b867b299238ac262bdf6502cf
Apple Security Advisory 2012-09-19-1
Posted Sep 22, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-09-19-1 - iOS 6 is now available and addresses CFNetwork, CoreGraphics, CoreMedia, DHCP, and many other vulnerabilities.

tags | advisory, vulnerability
systems | cisco, apple
advisories | CVE-2011-1167, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-2845, CVE-2011-3016, CVE-2011-3021, CVE-2011-3026, CVE-2011-3027, CVE-2011-3032, CVE-2011-3034, CVE-2011-3035, CVE-2011-3036, CVE-2011-3037, CVE-2011-3038, CVE-2011-3039, CVE-2011-3040, CVE-2011-3041, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2011-3048, CVE-2011-3050, CVE-2011-3053, CVE-2011-3059, CVE-2011-3060, CVE-2011-3064, CVE-2011-3067
MD5 | abb1cfa99a6e945bda478975a09addde
Toshiba ConfigFree CF7 Comment Field Overflow
Posted Sep 22, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

There is a stack buffer overflow vulnerability in the Toshiba ConfigFree CF7 file format used on Toshiba laptops. An attacker could execute arbitrary code by enticing a Toshiba laptop user to download and execute a malicious CF7 file.

tags | advisory, overflow, arbitrary
advisories | CVE-2012-4980
MD5 | 4533c50bec391ccf40667cd94c4401e8
Technical Cyber Security Alert 2012-265A
Posted Sep 22, 2012
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2012-265A - Microsoft has released Security Bulletin MS12-063 to address the use-after-free vulnerability that has been actively exploited this past week.

tags | advisory
MD5 | db1e9b4f1f1891b0aafe9cad38324510
John The Ripper 1.7.9 Jumbo 7
Posted Sep 22, 2012
Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.

Changes: This is mostly a bugfix release. Besides the many bugfixes (mostly for issues introduced with -jumbo-6), it adds support for cracking of KeePass 2.x and RAdmin 2.x passwords and more varieties of PKZIP archives. It also adds GPU support under recent Mac OS X releases, provides speedups for many of the previously-supported formats, and includes minor new features and documentation updates.
tags | cracker
systems | windows, unix, beos
MD5 | fbca743b51a503ced1aa29d3933123c7
Microsoft Security Bulletin Summary For September 2012
Posted Sep 22, 2012
Site microsoft.com

This bulletin summary lists 3 released Microsoft security bulletins for September, 2012.

tags | advisory
MD5 | d08397b321b7a6671b23c007211e156f
WordPress Sexy Add Template CSRF Shell Upload
Posted Sep 22, 2012
Authored by the_cyber_nuxbie

WordPress Sexy Add Template third party plugin suffers from a cross site request forgery vulnerability that can allow for a remote shell upload.

tags | exploit, remote, shell, csrf
MD5 | 614eb8704608e47f59099888ebd00efb
WordPress Add Multiple Users Cross Site Request Forgery
Posted Sep 22, 2012
Authored by the_cyber_nuxbie

WordPress Add Multiple Users third party plugin suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | efe82cc6ddf1930ffb1ddce2749a61bb
YCommerce Pro / Reseller SQL Injection
Posted Sep 22, 2012
Authored by Ricardo Almeida

YCommerce Pro / Reseller suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 22fedc3e13bda602f5500b45c718fd80
Ubuntu Security Notice USN-1580-1
Posted Sep 22, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1580-1 - Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2012-3412, CVE-2012-3430, CVE-2012-3412, CVE-2012-3430
MD5 | 5eb1fb322e1f3bf8db2feec33d5f7edd
Ubuntu Security Notice USN-1579-1
Posted Sep 22, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1579-1 - Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2012-3412, CVE-2012-3430, CVE-2012-3412, CVE-2012-3430
MD5 | aa37ebd13ea08441a167ca5121a1f27c
Ubuntu Security Notice USN-1578-1
Posted Sep 22, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1578-1 - Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2012-3412, CVE-2012-3430, CVE-2012-3412, CVE-2012-3430
MD5 | cfeae955b85c9fbee8c905739c233a92
WordPress 3.4.2 Cross Site Request Forgery
Posted Sep 22, 2012
Authored by Akastep

WordPress version 3.4.2 appears to suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | a47be2337a0b86ebeeb24becb17cbd90
Ubuntu Security Notice USN-1577-1
Posted Sep 22, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1577-1 - A flaw was discovered in the Linux kernel's KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2012-2121, CVE-2012-3412, CVE-2012-3430, CVE-2012-3511, CVE-2012-2121, CVE-2012-3412, CVE-2012-3430, CVE-2012-3511
MD5 | 30d4584103fc75c09e5794cc941eda9f
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    3 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close