what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

Files Date: 2012-10-06

Blog Mod 0.1.9 SQL Injection
Posted Oct 6, 2012
Authored by WhiteCollarGroup

Blog Mod versions 0.1.9 and below suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0732e7c34ee22e682f599f1653e569067a64acdd5b25bccd40f47d6d4cd6c83d
Rubilyn 0.0.1
Posted Oct 6, 2012
Authored by prdelka | Site nullsecurity.net

This is a 64bit Mac OS-X kernel rootkit that uses no hardcoded address to hook the BSD subsystem in all OS-X Lion and below. It uses a combination of syscall hooking and DKOM to hide activity on a host. String resolution of symbols no longer works on Mountain Lion as symtab is destroyed during load, this code is portable on all Lion and below but requires re-working for hooking under Mountain Lion.

tags | tool, kernel, rootkit
systems | unix, bsd, apple, osx
SHA-256 | b104cfd2f826400eb9d8d5a81941ae270ed54b62ebfb9893fc474185b717dd60
Utempter Fake Entry Manipulation
Posted Oct 6, 2012
Authored by Paul Szabo

Utempter allows for utmp manipulation that can deceive any software depending on it.

tags | exploit
SHA-256 | 158ebf754dd7aea0420f62e882dc07d1115a71b7b038eba49a746eceb19da362
MySQL Login Scanner
Posted Oct 6, 2012
Authored by Kingcope, mu-b, John Anderson

This is a modified version of synscan that checks credentials against MySQL instances and logs the output to mysqljack.pot.

tags | tool, scanner, sql injection
systems | unix
SHA-256 | 24847c2c7a4902a7f34c01a46299bad29d65594d3c31354d49f56ff691b37f51
et-chat SQL Injection
Posted Oct 6, 2012
Authored by Am!r | Site irist.ir

et-chat suffers from a remote blind SQL injection vulnerability. Note that these findings house site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 0a0da902b0edcdd2b314955a591b76d566139b09f9a32dd7bd827527961bb106
MyAuth3 Blind SQL Injection
Posted Oct 6, 2012
Authored by Marcio Almeida

MyAuth3 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 20fadbb2046474a1cd41ed731732fd403043fbffc82e2b5468d421ad6babefb0
Open-Realty 2.5.6 Local File Inclusion
Posted Oct 6, 2012
Authored by L0n3ly-H34rT

Open-Realty version 2.5.6 suffers from a local file inclusion vulnerability. Please note that local file inclusion issues have already been found in this software in versions up to 2.5.8.

tags | exploit, local, file inclusion
SHA-256 | 24a826948bbe7abd9a542e43ff3cbd1ca8aa1726a299b6ff7a498c23d2a9e47a
Windows Escalate UAC Protection Bypass
Posted Oct 6, 2012
Authored by David Kennedy, mitnick, mubix | Site metasploit.com

This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off.

tags | exploit, shell
systems | windows
SHA-256 | 6f5a8c2406a41e33a82abea58ad31e2ab24d2e47c5ad7403b51ed4ce3b1f2ca2
Mandriva Linux Security Advisory 2012-160
Posted Oct 6, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-160 - The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service via a crafted PNG file that triggers incorrect memory allocation. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-3437
SHA-256 | c30e96034a9153e00d6e271ca2203c39d52f16954e85dba12fd8244f8b459b53
Mandriva Linux Security Advisory 2012-150-1
Posted Oct 6, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-150 - Multiple security issues were identified and fixed in OpenJDK (icedtea6). Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited. The updated packages provides icedtea6-1.11.4 which is not vulnerable to these issues.

tags | advisory, java, remote, vulnerability
systems | linux, mandriva
advisories | CVE-2012-0547, CVE-2012-1682
SHA-256 | 7933914a5bd0818fcc659f45b174483e1b7b9524862e2697b1d2a54a18803dad
Mandriva Linux Security Advisory 2012-151-1
Posted Oct 6, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-151 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-4405
SHA-256 | 32f652449710b63d0996de9156bb7e612a4d76530c83ee10539186a5fed9ccf9
VMware Security Advisory 2012-0014
Posted Oct 6, 2012
Authored by VMware | Site vmware.com

VMware Security Advisory 2012-0014 - VMware has provided an upgrade path for vCenter Operations and CapacityIQ and an update for Movie Decoder. These updates address multiple security vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2012-4897, CVE-2012-5050, CVE-2012-5051
SHA-256 | 565b1e569c6a5e5ba677df58963e893634524f033da484353388c215a50747dd
Debian Security Advisory 2555-1
Posted Oct 6, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2555-1 - Nicholas Gregoire and Cris Neckar discovered several memory handling bugs in libxslt, which could lead to denial of service or the execution of arbitrary code if a malformed document is processed.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2012-2870, CVE-2012-2871, CVE-2012-2893
SHA-256 | c959d5eab09fe98d37976ab22e1513cafb038267dffd27b4d6a167bf65b379b7
Ubuntu Security Notice USN-1597-1
Posted Oct 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1597-1 - A flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-2745
SHA-256 | 258d218672b9c92001a7e024f697e1f4e71142d8eeeed7c16edc26c831b5234b
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close