exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 920 RSS Feed

Files Date: 2008-01-01 to 2008-01-31

bubbling-lfi.txt
Posted Jan 28, 2008
Authored by Stack-Terrorist | Site v4-team.com

The Bubbling Library version 1.32 suffers from multiple local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | 69765615987118a20ea833a5b5af9cbff352a4acfd80efa2e16e3afc161c87bf
simple32-xss.txt
Posted Jan 28, 2008
Authored by tomplixsee

Simple Forum version 3.2 suffers from file disclosure and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c519964329b114e8d760a77e6a685612e9b12ead3d55187f74e177968841bad4
mambo-xssxsrf.txt
Posted Jan 28, 2008
Authored by AmnPardaz Security Research Team | Site bugreport.ir

Mambo version 4.6.3 suffers from path disclosure, cross site scripting, cross site request forgery, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, csrf
SHA-256 | 11fd34395ce14c48e3d329b487a2ffb8e5f8d0ce02bab9147296b7bf6926edd3
Secunia Security Advisory 28655
Posted Jan 28, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - nnposter has reported a vulnerability in F5 BIG-IP Application Security Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | debc1d44ad71170d2fba979b4a0714a585304778a24ac410eb1d780deeedc7d6
Secunia Security Advisory 28662
Posted Jan 28, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in CandyPress Store, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 3887f96914facdba972ec08deff6ad37812041b31bea294386285f5bc6fc802a
framework-3.1.tar.gz
Posted Jan 28, 2008
Authored by H D Moore | Site metasploit.com

The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

Changes: The latest incarnation of the framework includes a bristling arsenal of exploit modules that are sure to put a smile on the face of every information warrior. Notable exploits in the 3.1 release include a remote, unpatched kernel-land exploit for Novell Netware, written by toto, a series of 802.11 fuzzing modules that can spray the local airspace with malformed frames, taking out a wide swath of wireless-enabled devices, and a battery of exploits targeted at Borland's InterBase product line.
tags | tool, ruby
systems | unix
SHA-256 | dda9009180f2f6c72446afb6c8e1a755810698fee39e22d94bd033d712b69f84
clansphere-disclose.txt
Posted Jan 28, 2008
Authored by p4imi0

ClanSphere version 2007.4.4 suffers from a remote file disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | a7b24c05d9b1513e2fb809a2ba8b468ada1abdb15005daa3a9e8fa01cd5d3711
nipper-0.11.3.zip
Posted Jan 28, 2008
Authored by Ian Ventura-Whiting | Site nipper.titania.co.uk

nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing. This is the Windows version.

Changes: This release improves support for SonicWALL SonicOS firewalls, Cisco PIX / ASA / FWSM firewalls, CheckPoint Firewall-1 and Nokia IP firewalls.
systems | cisco, windows, juniper
SHA-256 | 47520bff7fb56027f4f9be5624fe8b097c9f7584e592d2c4d88351bae023e747
nipper-0.11.3.tgz
Posted Jan 28, 2008
Authored by Ian Ventura-Whiting | Site nipper.titania.co.uk

nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing.

Changes: This release improves support for SonicWALL SonicOS firewalls, Cisco PIX / ASA / FWSM firewalls, CheckPoint Firewall-1 and Nokia IP firewalls.
systems | cisco, juniper
SHA-256 | 1e09de2e8206bd86d6775b0b4c4a7fe4dcfe636dcb0821c1f5584fe4157b4e1d
eticket156-xss.txt
Posted Jan 28, 2008
Authored by Alessandro Tanasi | Site tanasi.it

eTicket version 1.5.6-RC4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5c28a89d9866f0b6b900fbca6c5f86e59645564048de68cb55ce474a307852ea
phpip-sql.txt
Posted Jan 28, 2008
Authored by Charles Hooper

phpIP version 4.3.2 suffers from numerous SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection
SHA-256 | 6c1a3c40f46f705114b15018c36dcbb0c5b9ff5e18e3124f43189359ffd1dfdc
aspired-sql.txt
Posted Jan 28, 2008
Site aria-security.net

ASPired2Protect suffers from a login bypass vulnerability via SQL injection.

tags | exploit, sql injection, bypass
SHA-256 | ca2eea31b502c72b6b8565b81bdc647fe49fddb0bb704fe7e5e21a056c7585f8
statcounter-expose.txt
Posted Jan 28, 2008
Authored by Gianni Amato

Statcounter.com was susceptible to a remote credential disclosure vulnerability.

tags | advisory, remote
SHA-256 | f78aa90af0b889ce27d5934a0084dc1edccdd2fee270b731cde7ef3e73249276
oracle-dropsql.txt
Posted Jan 28, 2008
Authored by Sh2kerr | Site dsecrg.com

Oracle 10g R1 xdb.xdb_pitrig_pkg.pitrig_drop SQL injection exploit that changes the system password.

tags | exploit, sql injection
SHA-256 | 09f212700f03bbc061c6451881af6f4f48e1044a3d2ee32a479c24063ef6a259
oracle-truncatesql.txt
Posted Jan 28, 2008
Authored by Sh2kerr | Site dsecrg.com

Oracle 10g R1 xdb.xdb_pitrig_pkg.pitrig_truncate SQL injection exploit that grabs password hashes.

tags | exploit, sql injection
SHA-256 | 86f4d3757762e79f037895d1489b92f16c57f753e5979972b0d765d12247fbfb
oracle-pitrigsql.txt
Posted Jan 28, 2008
Authored by Sh2kerr | Site dsecrg.com

Oracle 10g R1 xdb.xdb_pitrig_pkg.pitrig_drop SQL injection exploit that grabs password hashes.

tags | exploit, sql injection
SHA-256 | 4a5e9c7385fc08b30bdeda08fb53856cad444bdd11e613f300b8767e710c033c
oracle-xdboverflow.txt
Posted Jan 28, 2008
Authored by Sh2kerr | Site dsecrg.com

Oracle 10g R1 xdb.xdb_pitrig_pkg.pitrig_truncate buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
SHA-256 | 54d9ffbf19acfdb085440aa8eb8e8e04745be17094a93099bae803beefd4ff64
Fwknop Port Knocking Utility
Posted Jan 28, 2008
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Added ENABLE_OUTPUT_ACCESS keyword to access.conf file parsing. Added command line argument display to fwknop client --verbose mode. Various other extensive updates and additions.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | 9c097761644f7cbf79a72b6aadd95384ab2965187bb8d9f8346c7de9905db08d
phpress-sql.txt
Posted Jan 28, 2008
Authored by Hasadya Raed

PhPress version 0.3.0 leaks SQL information via allowing direct arbitrary access to the data.

tags | advisory, arbitrary, sql injection
SHA-256 | 0de7f6f8f0c7bdeceeb71a7a3c81f7bf6bb278635b03bc4b5aa46d06d3c3010d
f5asm-xss.txt
Posted Jan 28, 2008
Authored by nnposter

The F5 BIG-IP ASM web management interface contains a cross site scripting vulnerability in the Security Report function.

tags | exploit, web, xss
SHA-256 | be5853d6c1feb0d2d28a99d8dd2b940172e7ed485a42fccadfab738de35c73b8
Debian Linux Security Advisory 1477-1
Posted Jan 28, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1477-1 - Duncan Gilmore discovered that yarssr, an RSS aggregator and reader, performs insufficient input sanitizing, which could result in the execution of arbitrary shell commands if a malformed feed is read.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2007-5837
SHA-256 | c43ba6d88dec4cd237a726c4ec9dd961d8a693dc9d079c1357058080341568a7
Debian Linux Security Advisory 1476-1
Posted Jan 28, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1476-1 - Marcus Meissner discovered that the PulseAudio sound server performed insufficient checks when dropping privileges, which could lead to local privilege escalation.

tags | advisory, local
systems | linux, debian
advisories | CVE-2008-0008
SHA-256 | 79f4f6a4708e4996f23285eb55ae4f15bf089d97e6f67ead00f9b8de74101c61
Debian Linux Security Advisory 1475-1
Posted Jan 28, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1475-1 - Jose Ramon Palanco discovered th a cross site scripting vulnerability in GForge, a collaborative development tool, allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user's session.

tags | advisory, remote, web, arbitrary, xss
systems | linux, debian
advisories | CVE-2007-0176
SHA-256 | 71eb66ebb10d21f250807147e7a4b9e0c3d06d4897aaabf0e6fcef2cb4767b13
Gentoo Linux Security Advisory 200801-14
Posted Jan 28, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200801-14 - The /usr/bin/blam script sets the LD_LIBRARY_PATH environment variable incorrectly, which might result in the current working directory (.) being included when searching for dynamically linked libraries of the Mono Runtime application. Versions less than 1.8.4 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2005-4790
SHA-256 | 3f5369e615881d85093c15e888233ac85ef3a385dfde99e2e089ccce89737027
Gentoo Linux Security Advisory 200801-13
Posted Jan 28, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200801-13:02 - The IRC_PART() function in the file irc-channel.c does not properly check the number of parameters, referencing an invalid pointer if no channel is supplied. Versions less than 0.10.4 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2008-0285
SHA-256 | c30de200d3fc302afeb9c46883102addc98d5e3a7abf99bc1526c5a5b546cf4c
Page 4 of 37
Back23456Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close