exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2010-01-16 to 2010-01-17

LetoDMS Local File Inclusion / Cross Site Request Forgery
Posted Jan 16, 2010
Authored by Daniel Fabian, Lukas Weichselbaum | Site sec-consult.com

LetoDMS versions 1.7.2 and below suffer from cross site request forgery and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
SHA-256 | c9b6e49cdbd9d24344a2e48a4b49a02dfc63f27df1f1c9790f6bea3a57ed26ab
Adobe Acrobat / Reader U3D Integer Overflow
Posted Jan 16, 2010
Authored by Nicolas Joly | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability affecting Adobe Acrobat and Reader. This vulnerability is caused by an integer overflow error in the U3D module when processing malformed data, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document. Versions 9.2 and below are affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-3959
SHA-256 | 1aa7c92056fdf6a92efa15fd83bcd82f7d102180f06fa7e2c1d656f2e3562927
Mandriva Linux Security Advisory 2010-009
Posted Jan 16, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-009 - The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. The updated packages have been patched to correct this issue.

tags | advisory, remote, php, xss
systems | linux, mandriva
advisories | CVE-2009-4142
SHA-256 | d1aeec67eec6887d76ca8f55deb110bf96caf2a2d7dc196f59f2420f47db0f9a
Joomla Uploader Shell Upload
Posted Jan 16, 2010
Authored by wlhaan Hacker

The Joomla Uploader component suffers from a shell upload vulnerability.

tags | exploit, shell
SHA-256 | e7a8ed914533ab8f44032d020abc9b1b5b343b92089b00cef55695849f9bd0db
Testlink TestManagement And Execution System Directory Traversal
Posted Jan 16, 2010
Authored by Prashant Khandelwal

Testlink TestManagement and Execution System suffers from directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion
SHA-256 | 83f339bed5abb1597662d74924888afa7fdc10c709333f7bf52d46be82a6cbe1
Testlink TestManagement And Execution System Cross Site Scripting
Posted Jan 16, 2010
Authored by Prashant Khandelwal

Testlink TestManagement and Execution System suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 8a208e2fc273c56399bdd1d85eaf21d90d1e06ad4d3f4357aba6e056b9c2bfd1
AthCon IT Call For Papers
Posted Jan 16, 2010
Site athcon.org

AthCon IT 2010 Call For Papers - This year the conference will take place in the Jockey's Country Club in Athens, Greece from June 3rd through the 4th, 2010.

tags | paper, conference
SHA-256 | aead2e21aa94d19811388ae9a86da1994a771a8921eb3a3aefcd6378e27670e1
Funk Gallery Cross Site Scripting
Posted Jan 16, 2010
Authored by LionTurk

Funk Gallery suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2693d7cb467c2c79d91050cdd91539afa12a10c282b339895ea1a798f93e07a0
Mandriva Linux Security Advisory 2010-008
Posted Jan 16, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-008 - The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.

tags | advisory, remote, php, xss
systems | linux, mandriva
advisories | CVE-2009-2626, CVE-2009-4142
SHA-256 | c5438a6562ebbc112246d9acf0442254a06cf7b21ae5ccf722fd2dc399400237
Packet Sniffing Whitepaper
Posted Jan 16, 2010
Site datairan.ir

This is a whitepaper called Packet Sniffing. Written in Persian.

tags | paper
SHA-256 | 28f05e70d4182aed3be7382328c2b3298d5cea3b1f552305a53bab3386bf7486
Mandriva Linux Security Advisory 2010-007
Posted Jan 16, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-007 - The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465. The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. The updated packages have been patched to correct these issues.

tags | advisory, remote, php, xss
systems | linux, mandriva
advisories | CVE-2007-5898, CVE-2009-2626, CVE-2009-4142
SHA-256 | a5e30a5cb2e7c44e5f7ca9485bed9a3fcf2dedcd62d54e21bee5b2d8140cdbab
Microsoft Animated Cursor .ANI Buffer Overflow
Posted Jan 16, 2010
Authored by Jacky

Microsoft Animated Cursor .ANI buffer overflow exploit written in Perl.Works on Windows XP SP2.

tags | exploit, overflow, perl
systems | windows
SHA-256 | 43aede19b0ac28f7f9411fea3b80041598e5233b0d8a97c97ff5aec340e5f6f5
OtsTurntables Free 1.00.047 SEH Overwrite
Posted Jan 16, 2010
Authored by Darkb0x | Site nullarea.net

OtsTurntables Free version 1.00.047 SEH overwrite exploit that generates a malicious .ofl file.

tags | exploit
SHA-256 | a7fdaa109e8fe81be46cdfcc3fb8311010c5f4907dea08453866bcf33b38e502
AB Micrologix Denial Of Service / Unauthorized Access
Posted Jan 16, 2010
Authored by Eyal Udassin | Site c4-security.com

Micrologix 1100 and 1400 controllers suffer from multiple vulnerabilities that allow unauthorized control of the PLC. Details of these vulnerabilities will be disclosed only to legitimate parties such as asset owners (utilities), after receiving the approval of the local CERT or any other local official entity.

tags | advisory, local, vulnerability
SHA-256 | 488ad569c5cecbf68d458ed4c08071d485ed70de51bbe59a8bd1260aa745c3cb
Surge FTP Admin Web Module Directory Traversal
Posted Jan 16, 2010
Authored by indoushka

Surge FTP's administrative web interface suffers from an Apache Tomcat 5.5.26 directory traversal vulnerability.

tags | exploit, web, file inclusion
SHA-256 | 5aa049891604b9dfa07b7722c2d65d120db87b6fa8bce970aa60b60c0e9d479d
Linux/x86 Overwrite MBR With LOL Shellcode
Posted Jan 16, 2010
Authored by root@thegibson

43 bytes small Linux/x86 MBR overwrite code that hits /dev/sda with LOL!

tags | x86, shellcode
systems | linux
SHA-256 | d5781e68ae3254e63aa024d28c5fa3b8bb4003a050b6fe75afadc434a7289359
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close