exploit the possibilities
Showing 1 - 25 of 35 RSS Feed

Files Date: 2012-10-26

Gramophone 0.01b1 Cross Site Scripting
Posted Oct 26, 2012
Authored by G13

Gramophone version 0.01b1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7612f8ce0700a3c7acf4fc77915fe777
Allscripts Homecare Client Local Memory Corruption
Posted Oct 26, 2012
Authored by G13

Allscripts Homecare client versions 6.1.0 and 7.0.1 suffer from a local memory corruption vulnerability.

tags | exploit, local
MD5 | 1632366598fae412cbe2c52c7fae781c
WordPress Easy Webinar Blind SQL Injection
Posted Oct 26, 2012
Authored by Robert Cooper

WordPress Easy Webinar plugin suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6efc4d787371e8e0e065426d7ab35be6
Perl 5 Memory Corruption
Posted Oct 26, 2012
Authored by Tim Brown | Site nth-dimension.org.uk

The Perl 5 interpreter is vulnerable to a memory corruption vulnerability which results in memory disclosure and potentially arbitrary code execution when large values are supplied to the x operator.

tags | advisory, arbitrary, perl, code execution
advisories | CVE-2012-5195
MD5 | faabce97452d026be018183bfea09b1a
Ubuntu Security Notice USN-1619-1
Posted Oct 26, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1619-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2012-5077, CVE-2012-5085, CVE-2012-3143, CVE-2012-3159, CVE-2012-5068, CVE-2012-5083, CVE-2012-5084, CVE-2012-5086, CVE-2012-5089, CVE-2012-5074, CVE-2012-5081, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5067, CVE-2012-5068, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5076
MD5 | b9544b0eecedd9d25a8365f03cb1fce2
Ubuntu Security Notice USN-1620-1
Posted Oct 26, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1620-1 - Mariusz Mlynski and others discovered several flaws in Firefox that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. Antoine Delignat-Lavaud discovered a flaw in the way Firefox handled the Location object. If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections and perform cross-origin reading of the Location object. Various other issues were also addressed.

tags | advisory, remote, xss
systems | linux, ubuntu
advisories | CVE-2012-4196, CVE-2012-4194, CVE-2012-4195, CVE-2012-4196
MD5 | 34132c2bb684b6bc12f967bd0c409e0b
Debian Security Advisory 2568-1
Posted Oct 26, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2568-1 - IT was discovered that RTFM, the FAQ manager for Request Tracker, allows authenticated users to create articles in any class.

tags | advisory
systems | linux, debian
advisories | CVE-2012-4731
MD5 | 13da5506dab944832c536d03003c407e
Debian Security Advisory 2567-1
Posted Oct 26, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2567-1 - Several vulnerabilities were discovered in Request Tracker, an issue tracking system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-4730, CVE-2012-4732, CVE-2012-4734, CVE-2012-4735, CVE-2012-4884
MD5 | d9038613f9501b88c9e522542ec68d30
WAF-FLE ModSecurity Console 0.6.0rc2
Posted Oct 26, 2012
Authored by Klaubert Herr | Site waf-fle.org

WAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in detail, whether sent by one or many sensors.

Changes: This release fixes an issue with new sensor creation.
tags | tool
systems | unix
MD5 | f688cd1f5f15d6720e99a63ef4b9e623
NASA Tri-Agency Climate Education (TrACE) 1.0 SQL Injection
Posted Oct 26, 2012
Authored by LiquidWorm | Site zeroscience.mk

The Tri-Agency Climate Education (TrACE) Catalog provides search and browse access to a catalog of educational products and resources. TrACE focuses on climate education resources that have been developed by initiatives funded through NASA, NOAA, and NSF, comprising a tri-agency collaboration around climate education. The application suffers from an SQL Injection vulnerabilities when input is passed to the 'product_id' and 'grade' GET parameters in 'trace_results.php' script which is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 1.0 is affected.

tags | exploit, arbitrary, php, vulnerability, sql injection
MD5 | 239b2b50e1a5fb92fe47e68b8a260e9f
NASA Tri-Agency Climate Education (TrACE) 1.0 XSS
Posted Oct 26, 2012
Authored by LiquidWorm | Site zeroscience.mk

The Tri-Agency Climate Education (TrACE) Catalog provides search and browse access to a catalog of educational products and resources. TrACE focuses on climate education resources that have been developed by initiatives funded through NASA, NOAA, and NSF, comprising a tri-agency collaboration around climate education. The application suffers from a reflected cross site scripting vulnerability when input is passed to the 'product_id', 'pi', 'project_id' and 'funder' GET parameters in 'trace_results.php' script which is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 1.0 is affected.

tags | exploit, arbitrary, php, xss
MD5 | 01a0894757cc4194bd4653c35caba22e
Realplayer Watchfolders Long Filepath Overflow
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Realplayer version 15.0.5.109 is vulnerable to a stack buffer overflow vulnerability in the 'Watch Folders' facility.

tags | advisory, overflow
advisories | CVE-2012-4987
MD5 | f54a766630fec37edb9ac3cfe7a96c85
Layton Helpbox 4.4.0 Cross Site Scripting
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-4972
MD5 | dcb178f8685b235088ba3940461bd023
Layton Helpbox 4.4.0 Login Bypass
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 suffers from login bypass vulnerabilities due to improper cookie design.

tags | exploit, vulnerability, bypass
advisories | CVE-2012-4974
MD5 | 62351dcf94aed86c0ca2988927a042ff
Layton Helpbox 4.4.0 Stored Cross Site Scripting
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 suffers from embedded cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2012-4972
MD5 | 292e1fd793f8b032cff4d6d00f65cc14
Layton Helpbox 4.4.0 Password Disclosure
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 discloses login and password information for the database in an error page.

tags | exploit, info disclosure
advisories | CVE-2012-4976
MD5 | fe40553df877e1c38a5279ddee606734
Layton Helpbox 4.4.0 Unencrypted Login
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 fails to use encrypted transport for logging users into the system.

tags | advisory
advisories | CVE-2012-4977
MD5 | 3938314b9334a2fe989d236b849a7e13
Layton Helpbox 4.4.0 Authorization Bypass
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 suffers from an authorization bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2012-4975
MD5 | 912065984a59f52261b0a3f61169e58e
Layton Helpbox 4.4.0 SQL Injection
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2012-4971
MD5 | 3b7323ab7bab2855064588530d7fd88f
Inventory 1.0 Cross Site Scripting
Posted Oct 26, 2012
Authored by G13

Inventory version 1.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 7fc170471fb4504688c85c57f50bf2ab
Inventory 1.0 SQL Injection
Posted Oct 26, 2012
Authored by G13

Inventory version 1.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 23b9bd0eaaa79d8176460ce95af172cb
Aladdin Knowledge System Ltd. Active-X Buffer Overflow
Posted Oct 26, 2012
Authored by shinnai | Site shinnai.altervista.org

The Aladdin Knowledge System Ltd. PrivAgent active-x control version 2.0 suffers from buffer overflow and insecure file download vulnerabilities. Buffer overflow proof of concept included.

tags | exploit, overflow, vulnerability, activex, proof of concept
MD5 | 422a11e6eb6e42315f69e8973c8a4ef6
Debian Security Advisory 2566-1
Posted Oct 26, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2566-1 - It was discovered that Exim, a mail transport agent, is not properly handling the decoding of DNS records for DKIM. Specifically, crafted records can yield to a heap-based buffer overflow. An attacker can exploit this flaw to execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2012-5671
MD5 | d4a5988c777d484323b3e4f49bc19679
Ubuntu Security Notice USN-1618-1
Posted Oct 26, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1618-1 - It was discovered that Exim incorrectly handled DKIM DNS decoding. This flaw could allow a remote attacker to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-5671
MD5 | 62d0872d7d7c4bff07d7ab020ca6d379
HP Security Bulletin HPSBHF02819 SSRT100920 2
Posted Oct 26, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02819 SSRT100920 2 - Potential security vulnerabilities have been identified with HP, 3COM, and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2012-3268
MD5 | 60ecf2e61c3b56f8acf6d0a5c83dfb74
Page 1 of 2
Back12Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close