what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2013-01-04

Enterasys NetSight nssyslogd.exe Buffer Overflow
Posted Jan 4, 2013
Authored by Jeremy Brown | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Enterasys NetSight. The vulnerability exists in the Syslog service (nssylogd.exe) when parsing a specially crafted PRIO from a syslog message. The module has been tested successfully on Enterasys NetSight 4.0.1.34 over Windows XP SP3 and Windows 2003 SP2.

tags | exploit, overflow
systems | windows
advisories | CVE-2011-5227, OSVDB-77971
SHA-256 | a2a7abb62b7094d36913fa79d19bb69245717566e1704427edc640d574c4528e
pfSense 2.0.1 XSS / CSRF / Command Execution
Posted Jan 4, 2013
Authored by Yann CAM

pfSense version 2.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities. The cross site request forgery proof of concept also demonstrates a remote command execution vulnerability.

tags | exploit, remote, vulnerability, xss, proof of concept, csrf
SHA-256 | 94f420cccc815bf5e6c23bf9a91dc74dd47d39e3a3f76ad09f158b2b4de134dc
TomatoCart 1.x Unrestricted File Creation
Posted Jan 4, 2013
Authored by Aung Khant | Site yehg.net

TomatoCart 1.x versions are susceptible to an unrestricted file creation vulnerability.

tags | exploit
SHA-256 | 2e147796802b3248ce966051f2fcfd93c44a0046998a2ef2d6eb55d5f1e43a7d
ICEstate SQL Injection
Posted Jan 4, 2013
Authored by cr4wl3r

ICEstate (Real Estate Marketplace) suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a56773bcdbedc688b681eb604b350ff68209816e603ac33aef3639c9061359da
Nova: Network Anti-Reconnaissance Tool 12.12
Posted Jan 4, 2013
Authored by PerricOxide

Nova is a software application for preventing and detecting hostile network reconnaissance (such as nmap scans). It does this by first creating the Haystack: a large collection of low interaction honeypots using an updated version of Honeyd. Finding real machines on the network becomes like finding a needle in a haystack of fake machines. Second, Nova uses machine learning algorithms to automatically detect and classify attempts at hostile reconnaissance, so there's no need to go searching manually through your honeypot's log files. It provides an easy to use Web-based interface powered by Node.js to configure itself and Honeyd instances.

Changes: A significantly streamlined and improved Quasar UI.
tags | tool, web, intrusion detection
systems | unix
SHA-256 | dcf0af64744f50d72354c2d8ba08b21cee25a77e04152cf9fe497674d64387fe
Eye-Fi Helper Directory Traversal
Posted Jan 4, 2013
Authored by Paul Johnston

Eye-Fi Helper versions prior to 3.4.23 suffer from a directory traversal vulnerability. Exploit included in eyepwn.zip.

tags | exploit
systems | linux
advisories | CVE-2011-4696
SHA-256 | 486ed903af6a54bddbbd537029507f28d201e93ea101acb92735932e27476b9c
Elastix 2.3 PHP Code Injection
Posted Jan 4, 2013
Authored by i-Hmx

Elastix versions prior to 2.4 php code injection exploit.

tags | exploit, php
SHA-256 | ce6fb46f23d7953423aa20792ce1ddf8ea18fa14c699cbeb5f77d90e4edbdf0d
160By2 / Way2SMS Cross Site Request Forgery
Posted Jan 4, 2013
Authored by Sabari Selvan

160By2.com and Way2SMS.com suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | a4a9f06aa2fcd3dd3f76d0df5feae4276c85baf17e37179900569cdd9bb6f840
MyBB Profile Wii Friend Code 1.0 Cross Site Scripting / SQL Injection
Posted Jan 4, 2013
Authored by Ichi

MyBB Profile Wii Friend Code version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 7a87a90be849ac2aabfe617153d559794e0bcf703f0f44a1cdd7b86d9bc66ab1
Secunia Security Advisory 51683
Posted Jan 4, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in WHMCompleteSolution, which can be exploited by malicious users to bypass certain security restrictions and conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 34321d0eea7e226de684c383229e4760eaaa47476749725b5950c15bd311c686
Secunia Security Advisory 51709
Posted Jan 4, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in SWI-Prolog, which can be exploited by malicious people to potentially compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | b033be527d364e3c943070cecc48b42de373750d3667cf1739f0a9b35ede8b89
Secunia Security Advisory 51736
Posted Jan 4, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Web Server. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory, web
systems | linux, redhat
SHA-256 | 9103ca580658f95c21d48f2033999af6532778490d0936a971915a28a3de1190
Secunia Security Advisory 51719
Posted Jan 4, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in WHMCompleteSolution, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 02e091045f29dcabf25d800fca59de71fec996c0ffcf0bff303ec318f3ea2844
Secunia Security Advisory 51699
Posted Jan 4, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Mohamed Ramadan has discovered a security issue in Facebook Camera for iOS, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | cisco
SHA-256 | 8624b1fda76ebf7a859f6939fdb132d4bd2e5c3e79f7838bcc61cc15d58aa115
Secunia Security Advisory 51706
Posted Jan 4, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in RPM Package Manager, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | f9b691bcb1faf0787be0a6974791ddabe05fe259fd11e32bb6dd0bfdcf62b28f
Secunia Security Advisory 51714
Posted Jan 4, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in multiple WPScientist themes for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | e73d7ee29764291aa547ce2040aa13561707c8c42aacc8db6c7404d3f07a1e6c
Secunia Security Advisory 51708
Posted Jan 4, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in nginx, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
SHA-256 | a6a116ec8d5ef34913b76ad6a8ffa50d0f370962ae31ec106e0ffa2a6508a4d6
Nova: Network Anti-Reconnaissance Tool 12.11
Posted Jan 4, 2013
Authored by PerricOxide

Nova is a software application for preventing and detecting hostile network reconnaissance (such as nmap scans). It does this by first creating the Haystack: a large collection of low interaction honeypots using an updated version of Honeyd. Finding real machines on the network becomes like finding a needle in a haystack of fake machines. Second, Nova uses machine learning algorithms to automatically detect and classify attempts at hostile reconnaissance, so there's no need to go searching manually through your honeypot's log files. It provides an easy to use Web-based interface powered by Node.js to configure itself and Honeyd instances.

Changes: Many bugfixes, and stability and UI improvements. This is the first release marked as stable.
tags | tool, web, intrusion detection
systems | unix
SHA-256 | bf855aa9570e5b9b8c04298118b358b1a649cf4648014873770e74d97913879e
Aastra IP Telephone Crypto Failure
Posted Jan 4, 2013
Authored by Timo Juhani Lindfors

The Aastra 6753i IP telephone uses 3DES encrypted payloads in ECB mode to pass configuration files, allowing for modification to the phone's set up.

tags | advisory, telephony
SHA-256 | 37afa236f204f396a881ea999505cdbd4d8047d6b315beac681e7afeab78a829
Red Hat Security Advisory 2013-0005-01
Posted Jan 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0005-01 - Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3546
SHA-256 | 0781355ec770743c0f5222d41d87037e6506287f3cf0801ea39ecd4edcfa3653
Red Hat Security Advisory 2013-0004-01
Posted Jan 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0004-01 - Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3546
SHA-256 | 86d90b0aae88ee00e8b987ea78a78e2e0aa310557e81ede1b766617c80dbd528
Ratbox IRCd Denial Of Service
Posted Jan 4, 2013
Authored by Aph3x, UberLame, O_O, Apetrick | Site zempirians.com

This exploit demonstrates a remotely trigger-able crash in ircd-ratbox version 2.0. It affects Shadowircd version 6.3.3 and Charybdis version 3.4.2.

tags | exploit
advisories | CVE-2012-6084
SHA-256 | 505feddc38f244f05e0a7faef634f09df484c9f17abd9e04dfc0e53aceb6f6ad
WordPress Valums Uploader Shell Upload
Posted Jan 4, 2013
Authored by JingoBD

The WordPress Valums Uploader plugin suffers from a remote shell upload vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, shell
SHA-256 | ff9d417dcdb72cecdfe6693ce266a4e1d5cd7e902fc64c64b4368480a4ecf888
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    49 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close