what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files Date: 2012-12-18

WordPress Clockstone Theme File Upload
Posted Dec 18, 2012
Authored by DigiP | Site attack-scanner.com

The Clockstone WordPress theme appears to suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | c5c62b70f95fe9932f14fd229bfe88499c762fcf65f2241447059818767b8ab3
Centrify Deployment Manager 2.1.0.283 Local Root
Posted Dec 18, 2012
Authored by Larry W. Cashdollar

Centrify Deployment Manager version 2.1.0.283 local root exploit that leverages a race condition in /tmp.

tags | exploit, local, root
advisories | CVE-2012-6348
SHA-256 | 38f44fe5235206c1815107ebecea1649a3da90ccbf7baa70c756abbb16cd7901
Enterpriser16 LB 7.1 Cross Site Scripting
Posted Dec 18, 2012
Authored by Ibrahim El-Sayed, Vulnerability Laboratory | Site vulnerability-lab.com

Enterpriser16 LB version 7.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | aa91eebfe06d0523d5a5bc5c93c855ec94ee4813c161cbd2081469cf89caa728
SonicWall SonicOS 5.8.1.8 WAF Cross Site Scripting
Posted Dec 18, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

SonicWall SonicOS version 5.8.1.8 suffers from a POST-based cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 69736c270ef6a91bbb98fe08a560c38028dab2cab42b016f68ad8173c6b98034
MyBB MyYoutube Cross Site Scripting
Posted Dec 18, 2012
Authored by limb0

MyBB MyYoutube plugin suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5442668c0b43e318f6415ef1ecbfd2ae45e2284829bd212ed0c8016ef762a3ee
MyBB Xbox Live ID Cross Site Scripting
Posted Dec 18, 2012
Authored by limb0

MyBB Xbox Live ID plugin suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7e0ca0889c7441be6bab586be3052a685789dc0fb626292b68cecb36254a3a25
MyBB Profile Skype ID 1.0 Cross Site Scripting
Posted Dec 18, 2012
Authored by limb0

MyBB Profile Skype ID plugin version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5e013aabc0196147facbf7738386c71c57b37bcc6a6f4f5840cf55448e173435
MyBB MyTube 1.0 Cross Site Scripting
Posted Dec 18, 2012
Authored by Kim Kun Bum

MyBB MyTube plugin version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d325c54a1faea9eed66d459ba6d4bbded28e0f02cd268edf7ebc3bf3a722f7cd
MyBB Facebook Profile 2.4 Cross Site Scripting
Posted Dec 18, 2012
Authored by limb0

MyBB Facebook Profile plugin version 2.4 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3b097c11871b6cf5ca13bc88715d08e215a08bdee3fffc396cb40fc0ca2f5733
MyBB Bank Transactions 2.0 SQL Injection
Posted Dec 18, 2012
Authored by limb0

MyBB Bank Transactions plugin version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b5222aa3da9434e51331f92cb0cbda2b2fa97e5fbd76eddfa0fe0fd087c25916
Address Application Layer Attacks With Mod Security
Posted Dec 18, 2012
Authored by Archana Sharma

This article sheds some light concepts pertaining to the WAF-like feature functionality of mod_security in Apache.

tags | paper
SHA-256 | 0cb4b60c0c3ea5e263be963453ba59377f9eef3408d3895a2c3f2a4dddd99595
Firefox 17.0.1 Crash Proof Of Concept
Posted Dec 18, 2012
Authored by limb0

Firefox version 17.0.1 crash proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | 8f52c23e864a01cfd2602317604d93d20ad4e5ae9071d033b024a5a3778f49eb
Secunia Security Advisory 51591
Posted Dec 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM Intelligent Operations Center, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | 98e42d1353764d69bcf6170002bea46509fda2bea8338cb8a83bc345c3208a7f
Secunia Security Advisory 51625
Posted Dec 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for bogofilter. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, ubuntu
SHA-256 | 24dd34427f345f8b85df8839658486917fa3b2a1019c573e241a4c42c3b77808
Secunia Security Advisory 51612
Posted Dec 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the User Profile Skype ID plugin for MyBB, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | fcb3f67d335c94b425c94822809f23a41545563df6b35dfb8bc095697003d49c
Secunia Security Advisory 51586
Posted Dec 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged two vulnerabilities in IBM InfoSphere BigInsights, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | f538aa4be5579c353697ab75160b9ef339f95220c003bc9427c1cbf7a2b7df6b
Secunia Security Advisory 51603
Posted Dec 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been discovered in SANLock, which can be exploited by malicious, local users to manipulate certain data.

tags | advisory, local
SHA-256 | 263badd31e09775f064a03b6ac0a3306613886c8fd16109706f4f3d8e027cd95
Secunia Security Advisory 51627
Posted Dec 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for aptdaemon. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security features.

tags | advisory
systems | linux, ubuntu
SHA-256 | 0957d9fd29492787eb7fdcac56b396308650c801c82e4deb862ada2ad291e907
Secunia Security Advisory 51611
Posted Dec 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Larry Cashdollar has reported a security issue in Centrify Deployment Manager, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
SHA-256 | c9a94a6b154988cc85919cc2ce544f50a3aaa3bd4ea92941c2582a8b39c87fc1
Secunia Security Advisory 51609
Posted Dec 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, suse
SHA-256 | 9505c4923c53c57875cde1cd38531218ffa5a1ea2a4261e9af3f86b7e75072fd
Secunia Security Advisory 51558
Posted Dec 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Deloitte has reported a vulnerability in Axway SecureTransport, which can be exploited by malicious people to disclose certain sensitive information or manipulate certain data.

tags | advisory
SHA-256 | ea793890490460972141da64818304548906565818890d02edcb657c1b7335b1
Crystal Reports CrystalPrintControl ActiveX ServerResourceVersion Property Overflow
Posted Dec 18, 2012
Authored by Dr_IDE, Dmitriy Pletnev, juan vazquez | Site metasploit.com

This Metasploit module exploits a heap based buffer overflow in the CrystalPrintControl ActiveX, while handling the ServerResourceVersion property. The affected control can be found in the PrintControl.dll component as included with Crystal Reports 2008. This Metasploit module has been tested successfully on IE 6, 7 and 8 on Windows XP SP3 and IE 8 on Windows 7 SP1. The module uses the msvcr71.dll library, loaded by the affected ActiveX control, to bypass DEP and ASLR.

tags | exploit, overflow, activex
systems | windows
advisories | CVE-2010-2590, OSVDB-69917
SHA-256 | e2e444f4f608cf2a5267e52972251a3f6dc63fb45578a2ac18f6eb5ad4684ec0
Haveged 1.6
Posted Dec 18, 2012
Site issihosts.com

haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.

Changes: The runtime test implementation has been corrected to remove an alignment fault which appeared in AIS test0 on arm64 hosts. The build procedure for clock_gettime() support has been altered to provide better control (now an override for all architectures) and correctly determine dependencies. Minor typos and inaccuracies in the source and man page have been corrected.
tags | tool
systems | linux, unix
SHA-256 | d47db0cf9a58f7ec9877eec543a062f01309916f569639c27a8b0dd004b24541
Security / Robustness Assessment Of IPv6 ND Implementations
Posted Dec 18, 2012
Authored by Fernando Gont

Recent security research seems to indicate that a number of IPv6 Neighbor Discovery implementations fail to implement basic sanity checks on received packets and/or fail to properly manage protocol data structures, being subject of trivial Denial of Service (DoS) attacks. Additionally, some IPv6 protocol features allow a number of attacks, ranging from man-in-the-middle to Denial of Service (DoS). This document discusses how to conduct a security/robustness assessment of Neighbor Discovery implementations by means of the SI6 Networks' IPv6 toolkit - a free, portable, and fully-featured IPv6 security assessment and trouble-shooting toolkit. Additionally, it provides pointers to ongoing work in this area, such that the aforementioned issues can be mitigated where appropriate.

tags | paper, denial of service, protocol
SHA-256 | 00689e040da9e663b0fd1da9b9db7839be24c443cac8af491a0154bbdf4e6c94
Security Assessment Of Neighbor Discovery (ND) For IPv6
Posted Dec 18, 2012
Authored by van Hauser, Fernando Gont

Neighbor Discovery is one of the core protocols of the IPv6 suite, and provides in IPv6 similar functions to those provided in the IPv4 protocol suite by the Address Resolution Protocol (ARP) and the Internet Control Message Protocol (ICMP). Its increased flexibility implies a somewhat increased complexity, which has resulted in a number of bugs and vulnerabilities found in popular implementations. This document provides guidance in the implementation of Neighbor Discovery, and documents issues that have affected popular implementations, in the hopes that the same issues do not repeat in other implementations.

tags | paper, vulnerability, protocol
SHA-256 | 776720fc1a25b2e907c4a468e1b19348a3ea339fb5630e617a7932a7e2ea9b23
Page 1 of 2
Back12Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close