exploit the possibilities
Showing 1 - 18 of 18 RSS Feed

Files Date: 2013-05-07

ERS Viewer 2011 ERS File Handling Buffer Overflow
Posted May 7, 2013
Authored by Parvez Anwar, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in ERS Viewer 2011 (version 11.04). The vulnerability exists in the module ermapper_u.dll where the function ERM_convert_to_correct_webpath handles user provided data in an insecure way. It results in arbitrary code execution under the context of the user viewing a specially crafted .ers file. This Metasploit module has been tested successfully with ERS Viewer 2011 (version 11.04) on Windows XP SP3 and Windows 7 SP1.

tags | exploit, overflow, arbitrary, code execution
systems | windows, xp, 7
advisories | CVE-2013-0726, OSVDB-92694
MD5 | ce4d2a58b86067ed152bb01baa094029
Ubuntu Security Notice USN-1818-1
Posted May 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1818-1 - It was discovered that Mesa incorrectly handled certain arrays. An attacker could use this issue to cause Mesa to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-5129
MD5 | edba70aa33a804d90c4c407238b59ce3
Ubuntu Security Notice USN-1817-1
Posted May 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1817-1 - It was discovered that libxml2 incorrectly handled memory management when parsing certain XML files. An attacker could use this flaw to cause libxml2 to crash, resulting in a denial of service, or to possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-1969
MD5 | 6d65f4a64770c2b1173819765efb2fe4
Cisco Linksys E4200 Cross Site Scripting / Local File Inclusion
Posted May 7, 2013
Authored by sqlhacker

Cisco Linksys E4200 firmware suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
systems | cisco
advisories | CVE-2013-2678, CVE-2013-2679, CVE-2013-2680, CVE-2013-2681, CVE-2013-2682, CVE-2013-2683, CVE-2013-2684
MD5 | 97db9ffc803e72b8c6f25adb23f46b58
Ubuntu Security Notice USN-1819-1
Posted May 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1819-1 - Ben Murphy discovered a vulnerability in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to execute arbitrary code. James Forshaw discovered a vulnerability in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit this to execute arbitrary code. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2013-0401, CVE-2013-1488, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436, CVE-2013-0401, CVE-2013-1488, CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422
MD5 | 1a417e5f3c3916196bbf08e8e8f3704e
OpenDocMan 1.2.6.5 Cross Site Scripting
Posted May 7, 2013
Authored by drone

OpenDocMan version 1.2.6.5 suffers from persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 64d27b831258808f2aa8fe67b0010d03
Hloun Support Management System 3.0 SQL Injection / Bypass
Posted May 7, 2013
Authored by i-Hmx

Hloun Support Management System version 3.0 suffers from authentication bypass and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 454ee942a6d84ef55d01ae0798dc23ad
MoinMelt Arbitrary Command Execution
Posted May 7, 2013
Authored by HTP

MoinMelt remote arbitrary command execution exploit as released in HTP version 5.

tags | exploit, remote, arbitrary
MD5 | 96bf76587ec480b930eacdd13570e34c
ColdFusion 9 / 10 Remote Root
Posted May 7, 2013
Authored by HTP

ColdFusion version 9 and 10 remote root zero day exploit as released in HTP version 5.

tags | exploit, remote, root
MD5 | 67d14c87a887064cd40dd3d35110f1d7
NetApp OnCommand System Manager 2.1 / 2.0.2 XSS / File Inclusion / Command Execution
Posted May 7, 2013
Authored by M. Heinzl | Site sec-consult.com

NetApp onCommand System Manager versions 2.1 and below and 2.0.2 and below suffer from cross site scripting, file inclusion, and OS command execution vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion
advisories | CVE-2013-3320, CVE-2013-3321, CVE-2013-3322
MD5 | d606bc87c94d0f0a14b00088e7a240dc
Xenotix Python Keylogger For Windows
Posted May 7, 2013
Authored by Ajin Abraham

Xenotix is a keylogger for windows that is written in Python. It has the ability to send logs remotely.

tags | system logging, python
systems | windows, unix
MD5 | 5ad1670ca95bd3522c2c9aa2123c56b0
Drupal Htmlarea 4.7.x-1.x Shell Upload
Posted May 7, 2013
Authored by Net.Edit0r

Drupal Htmlarea module version 4.7.x-1.x suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | e8d69ad38f880f13c059791852fc5bb7
Craigslist Gold SQL Injection
Posted May 7, 2013
Authored by Fallaga

Craigslist Clone Gold suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ed977544d3513b6dfd9702d89affd47b
PHPvocabtionary Code Injection
Posted May 7, 2013
Authored by Slotleet

PHPvocabtionary suffers from a PHP code injection vulnerability.

tags | exploit, php
MD5 | 62ce58b1ead31c12cf0236e3980d17ab
Microsoft Internet Explorer CGenericElement Object Use-After-Free
Posted May 7, 2013
Authored by sinn3r, juan vazquez, temp66, EMH | Site metasploit.com

This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CGenericElement object is freed, but a reference is kept on the Document and used again during rendering, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild on 2013 May, in the compromise of the Department of Labor (DoL) Website.

tags | exploit, arbitrary, code execution
advisories | CVE-2013-1347, OSVDB-92993
MD5 | 121143efb1ad20934800a561879eab41
Ruxcon 2013 Call For Papers
Posted May 7, 2013
Site ruxcon.org.au

Ruxcon 2013 Call For Papers - Ruxcon is the premier technical computer security conference in the Australia. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations. This year the conference will take place over the weekend of 26th and 27th of October at the CQ Function Centre, Melbourne, Australia.

tags | paper, conference
MD5 | bb1d2df5971a545a2274763bf3ba941a
SAP ERP Remote Code Injection
Posted May 7, 2013
Authored by Ertunga Arsal | Site esnc.de

SAP ERP Central Component PS-IS suffers from a remote code injection vulnerability.

tags | advisory, remote
advisories | CVE-2013-3244
MD5 | 36d826a089530b30856f1a70fd901da9
Sanewall 1.1.1
Posted May 7, 2013
Authored by Costa Tsaousis, Phil Whineray | Site sanewall.org

Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need.

Changes: When startup fails, both IPv4 and IPv6 firewalls are correctly restored. A regression test framework has been added. This release fixes the "mac" helper command for versions of iptables 1.4.12+ per 1.0.1, and also prevents MAC addresses being seen as IPv6 addresses.
tags | tool, spoof, firewall
systems | linux, unix
MD5 | 6da2d55102f712db5bc6395ce3325801
Page 1 of 1
Back1Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    1 Files
  • 17
    Nov 17th
    3 Files
  • 18
    Nov 18th
    22 Files
  • 19
    Nov 19th
    17 Files
  • 20
    Nov 20th
    7 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close