Twenty Year Anniversary
Showing 1 - 25 of 25 RSS Feed

Files Date: 2012-10-08

Avaya IP Office Customer Call Reporter Command Execution
Posted Oct 8, 2012
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability on Avaya IP Office Customer Call Reporter, which allows a remote user to upload arbitrary files through the ImageUpload.ashx component. It can be abused to upload and execute arbitrary ASP .NET code. The vulnerability has been tested successfully on Avaya IP Office Customer Call Reporter 7.0.4.2 and 8.0.8.15 on Windows 2003 SP2.

tags | exploit, remote, arbitrary, asp, bypass
systems | windows
advisories | CVE-2012-3811, OSVDB-83399
MD5 | ae5423b0c82a1fdd0bf9cbca67d6a136
Conntrack Tools 1.4.0
Posted Oct 8, 2012
Authored by Pablo Neira Ayuso | Site conntrack-tools.netfilter.org

conntrack-tools is a set of userspace tools for Linux that allow system administrators to interact with the Connection Tracking System, the module which provides stateful packet inspection for iptables. It includes the userspace daemon conntrackd and the commandline interface conntrack.

Changes: This release adds the user-space helper infrastructure, which includes the RPC portmapper (to support NFSv3) and Oracle*TNS helpers.
tags | tool
systems | linux
MD5 | ee737c774e01349f75e935228a2d851b
Interspire Email Marketer 6.0.1 XSS / SQL Injection
Posted Oct 8, 2012
Authored by Ibrahim El-Sayed | Site vulnerability-lab.com

Interspire Email Marketer version 6.0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | a52c35c80a60afbc2e93e9c90a00d367
Linux IPTables Firewall 1.4.16.2
Posted Oct 8, 2012
Site iptables.org

iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.

Changes: This release includes aliasing support, which translates command lines using obsolete extensions into new ones. The option parser now flags illegal negative numbers in some more extensions. A division by zero was resolved in libxt_limit as well.
tags | tool, firewall
systems | linux
MD5 | 57220bb26866a713073e5614f88071fc
PhpTax pfilez Parameter Exec Remote Code Injection
Posted Oct 8, 2012
Authored by sinn3r, Jean Pascal Pereira | Site metasploit.com

This Metasploit module exploits a vulnerability found in PhpTax, an income tax report generator. When generating a PDF, the icondrawpng() function in drawimage.php does not properly handle the pfilez parameter, which will be used in a exec() statement, and then results in arbitrary remote code execution under the context of the web server. Please note: authentication is not required to exploit this vulnerability.

tags | exploit, remote, web, arbitrary, php, code execution
MD5 | 67557b07d0a3a9a2681bb5d846b2a463
Endpoint Protector 4.0.4.0 Cross Site Scripting
Posted Oct 8, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Endpoint Protector version 4.0.4.0 suffers from cross site scripting vulnerabilities. The vendor has contacted Packet Storm on 10/09/2013 and noted that they have addressed these issues in product update 4.4.0.1. The update is available through the Webadmin console :: Dashboard > Live Update.

tags | exploit, vulnerability, xss
MD5 | aa2aec261a501cc86c7429abde016fdb
Arctic Torrent 1.2.3 Memory Corruption
Posted Oct 8, 2012
Authored by Jean Pascal Pereira

Arctic Torrent version 1.2.3 remote memory corruption denial of service exploit.

tags | exploit, remote, denial of service
MD5 | b35c9e3af1707ad9d02a5ece1499d529
Paypal BugBounty 5 Cross Site Scripting
Posted Oct 8, 2012
Authored by Ibrahim El-Sayed | Site vulnerability-lab.com

Paypal.com suffered from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | fdfca4201114443f61877aad1a925712
Mandriva Linux Security Advisory 2012-161
Posted Oct 8, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-161 - Directory traversal vulnerability in html2ps before 1.0b7 allows remote attackers to read arbitrary files via directory traversal sequences in SSI directives. The updated packages have been upgraded to the 1.0b7 version which is not affected by this issue.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2009-5067
MD5 | 580a0d0c797b21219ef40eb9ce65266b
Red Hat Security Advisory 2012-1344-01
Posted Oct 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1344-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-1096
MD5 | b5987ecaec1135d3720ef5059dd9296e
Debian Security Advisory 2558-1
Posted Oct 8, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2558-1 - It was discovered that bacula, a network backup service, does not properly enforce console ACLs. This could allow information about resources to be dumped by an otherwise-restricted client.

tags | advisory
systems | linux, debian
advisories | CVE-2012-4430
MD5 | eb1bb319e995efa341b1af749748f455
Debian Security Advisory 2557-1
Posted Oct 8, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2557-1 - Timo Warns discovered that the internal authentication server of hostapd, a user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator, is vulnerable to a buffer overflow when processing fragmented EAP-TLS messages. As a result, an internal overflow checking routine terminates the process. An attacker can abuse this flaw to conduct denial of service attacks via crafted EAP-TLS messages prior to any authentication.

tags | advisory, denial of service, overflow
systems | linux, debian
advisories | CVE-2012-4445
MD5 | 3ad420a991bd274a94c20c7401d44706
Debian Security Advisory 2556-1
Posted Oct 8, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2556-1 - Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3959, CVE-2012-3962, CVE-2012-3969, CVE-2012-3972, CVE-2012-3978
MD5 | ba4960c4199089fd8de6675c31542518
Number Nine Design SQL Injection
Posted Oct 8, 2012
Authored by Net.W0lf, Hack Center Security Team

Number Nine Design suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | 3e8feb967eb54116b69aca77bd0adf2d
Icy Phoenix 2.0 Cross Site Scripting
Posted Oct 8, 2012
Authored by kurdish hackers team | Site kurdteam.org

Icy Phoenix CMS version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 220e0b3c53cc0ab8eb73e3c53432a882
Hostapd Missing EAP-TLS Message Length Validation
Posted Oct 8, 2012
Authored by Timo Warns | Site pre-cert.de

Hostapd versions 0.6 through 1.0 fail to validation EAP-TLS message length allowing for a possible denial of service condition.

tags | advisory, denial of service
advisories | CVE-2012-4445
MD5 | b80c51b831408369ebe42fc2c62904bc
Easy Fast Admin SQL Injection
Posted Oct 8, 2012
Authored by Andrea Bocchetti

Easy Fast Admin suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | cdaa570b4cd35269dc2edfca97ec768c
Secunia Security Advisory 50888
Posted Oct 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in hostapd, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 2412c41d452c72c19c81618b83145a24
Web Help Desk 11.0.7 Cross Site Scripting
Posted Oct 8, 2012
Authored by loneferret

Web Help Desk version 11.0.7 suffers from a stored cross site scripting vulnerability.

tags | exploit, web, xss
MD5 | 009e50e6e116669af0dfb511b60a9e0a
Secunia Security Advisory 50810
Posted Oct 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for icedove. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

tags | advisory, vulnerability
systems | linux, debian
MD5 | c56a0d8836a920d192907d01c1b3b236
Secunia Security Advisory 50805
Posted Oct 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for hostapd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, debian
MD5 | bf84f6eb31aece6b54a19ac9aeb7a586
Secunia Security Advisory 50881
Posted Oct 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and two vulnerabilities have been reported in IBM Tivoli Directory Server, which can be exploited by malicious people to conduct spoofing attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, spoof, vulnerability
MD5 | 0a72088c6ee1989b65df0e595b81d0fa
Secunia Security Advisory 50796
Posted Oct 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in SRWare Iron, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.

tags | advisory, vulnerability, xss
MD5 | 197ef88580901e3350057f5cc9d00c43
Secunia Security Advisory 50838
Posted Oct 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for libxslt. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

tags | advisory, denial of service, vulnerability
systems | linux, debian
MD5 | 2a12bff2986cd72b64a6954300fc8d45
Secunia Security Advisory 50818
Posted Oct 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in IBM Tivoli Access Manager for e-business, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
MD5 | 14c3768921b984a0bda3531bf4563eba
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close