what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 71 of 71 RSS Feed

Files Date: 2010-02-12 to 2010-02-13

SAP J2EE Engine MDB Path Traversal
Posted Feb 12, 2010
Site onapsis.com

Onapsis Security Advisory - The Message-Driven Bean Example application in the SAP J2EE Engine suffers from a path traversal vulnerability, which may enable remote attackers to access sensitive files in the server filesystem.

tags | advisory, remote
SHA-256 | 56c2759f5a5395466ea0430458e765fc8c5964df18ac2d688fd40e06ead19690
SAP J2EE Authentication Phishing Vector
Posted Feb 12, 2010
Site onapsis.com

Onapsis Security Advisory - The Authentication mechanism of the SAP J2EE Engine (which is shared by the Enterprise Portal and other solutions) suffers from a phishing vector vulnerability, which may allow a remote attacker to perform different attacks to the organization's SAP users.

tags | advisory, remote
SHA-256 | 1cb2ce7956efa6260341088406256bfdfee382787854d2d01097084af316806b
SAP WebDynpro Runtime XSS/CSS Injection
Posted Feb 12, 2010
Site onapsis.com

Onapsis Security Advisory - SAP WebDynPro suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 9d48719f814da197b6bccfd0a7fd3e0631c617593a3bd21587145058a1d90bbf
Radasm .rap Local Buffer Overflow
Posted Feb 12, 2010
Authored by fl0 fl0w

Radasm local buffer overflow proof of concept exploit that creates a malicious .rap file.

tags | exploit, overflow, local, proof of concept
SHA-256 | e4c3d722260b66655d90ed7d614dfaa7b189d85b1dcbad2eac228e1811f84483
Cisco Collaboration Server 5 Cross Site Scripting / Code Disclosure
Posted Feb 12, 2010
Authored by sasquatch

Cisco Collaboration Server 5 suffers from cross site scripting and source code disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
systems | cisco
SHA-256 | d147352c5323a808713a580b492c711f95ae0827dd27940e43e6d98790b13d57
X-Cart Pro 4.0.13 SQL Injection
Posted Feb 12, 2010
Authored by sasquatch

X-Cart Pro version 4.0.13 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f2f9df02ca4d04d0c057e02c779a5c1e1f690fca242a3f57ce3cbc95cc53ac61
Mandriva Linux Security Advisory 2010-035
Posted Feb 12, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-035 - This updates provides a new OpenOffice.org version 3.1.1. It provides various security and bug fixes.

tags | advisory
systems | linux, mandriva
advisories | CVE-2009-0200, CVE-2009-0201, CVE-2009-2139, CVE-2009-2140, CVE-2009-3736
SHA-256 | 15452c2e00718b55e66bf276cc3026e3e54a4cf7060996539f34030036aab8a2
PHP 5.2.12 / 5.3.1 safe_mode / open_basedir Bypass
Posted Feb 12, 2010
Authored by Grzegorz Stachowiak | Site securityreason.com

PHP versions 5.2.12 and 5.3.1 suffer from session.save_path safe_mode and open_basedir bypass vulnerabilities.

tags | exploit, php, vulnerability, bypass
SHA-256 | 7dcc838a841856b83315acd73fc8696e95d01d8f2039a17682da581d5a38446a
Omnidocs SQL Injection
Posted Feb 12, 2010
Authored by thebluegenius

Omnidocs suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b30334ba3e777caf602ae3b41f15638fb89bde06059cf6202df728339db15e56
Nikiara Fraud Management System Cross Site Scripting
Posted Feb 12, 2010
Authored by thebluegenius

The Nikiara Fraud Management System suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a879d89dd457a400639f1f20988e549522696f05b6083abf4da8ac640fdfd2e5
Exploiting PL/SQL Injection With Only Create Session Privileges In Oracle 11g
Posted Feb 12, 2010
Authored by David Litchfield

Whitepaper called Exploiting PL/SQL Injection With Only CREATE SESSION Privileges In Oracle 11g.

tags | paper, sql injection
SHA-256 | 31157f3cb6f553cf34b6e768826f981a7cca2b5b1cc22b2d008070e67dfeea5a
Hacking Aurora In Oracle 11g
Posted Feb 12, 2010
Authored by David Litchfield

Whitepaper called Hacking Aurora In Oracle 11g.

tags | paper
SHA-256 | 0feb80641a5561dcb72d5ac33a246623657479f00c1457155b7e072996ee1aa7
Core Impact Denial Of Service
Posted Feb 12, 2010
Authored by Beenu Arora | Site beenuarora.com

Core Impact version 7.5 denial of service exploit.

tags | exploit, denial of service
SHA-256 | 09c07a36e9c1b3e69eb3c90d9044cb0b2ccdb6eed9810e9b1f16ae6c4e103a6a
Phishing On XSS Way
Posted Feb 12, 2010
Authored by Xss mAn

Whitepaper called Phishing on XSS way. Written in Arabic.

tags | paper
SHA-256 | 9bfa857c10578300a3d0e90b32f3dca05d735640854f0caeb3fa3174acf7d6f1
WSH PHP Backdoor
Posted Feb 12, 2010
Authored by pleed

WSH is a very tiny PHP script backdoor with a python client that implements functionality to download and upload files and provides an interactive shell.

tags | tool, shell, php, rootkit, python
systems | unix
SHA-256 | 1aa3bc57e09a913a0676c75b4255e479584d5a6ea3100fc434e851193aedce0b
Keimpx SMB Credential Checker 0.2
Posted Feb 12, 2010
Authored by Bernardo Damele | Site code.google.com

Keimpx is a tool to check the usefulness of credentials across a network over SMB.

tags | tool
systems | unix
SHA-256 | cb076ae0382c319ba7868b91e0b87f391f2c0860288321aed4da9e0b1ffb4a76
Debian Linux Security Advisory 1993-1
Posted Feb 12, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1993-1 - It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise input data that is used on SQL queries, which might be used to inject arbitrary SQL to, for example, escalate privileges on a system that uses otrs2.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2010-0438
SHA-256 | 2d22a2f366d7eef4bd12a512745d5154ebcf506247153d301e137ef70bf6989b
Radasm .rap Universal Buffer Overflow
Posted Feb 12, 2010
Authored by Dz_attacker

Radasm universal local buffer overflow exploit that creates a malicious .rap file.

tags | exploit, overflow, local
SHA-256 | 64ddd4c64ca6294e0dbb0ba6095908bca0f48abd25b104034b4f03c83a0fab9e
Microsoft Internet Explorer Data Binding Memory Corruption
Posted Feb 12, 2010
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a vulnerability in the data binding feature of Internet Explorer. In order to execute code reliably, this module uses the .NET DLL memory technique pioneered by Alexander Sotirov and Mark Dowd. This method is used to create a fake vtable at a known location with all methods pointing to our payload. Since the .text segment of the .NET DLL is non-writable, a prefixed code stub is used to copy the payload into a new memory segment and continue execution from there.

tags | exploit
advisories | CVE-2008-4844
SHA-256 | c7921d15e333daf28b7fef1fddc614a29a08d3a01e4604616b9e695146f13c61
PeaZip <= 2.6.1 Zip Processing Command Injection
Posted Feb 12, 2010
Authored by Nine:Situations:Group::pyrokinesis, jduck | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in PeaZip. All versions prior to 2.6.2 are suspected vulnerable. Testing was conducted with version 2.6.1 on Windows. In order for the command to be executed, an attacker must convince someone to open a specially crafted zip file with PeaZip, and access the specially file via double-clicking it. By doing so, an attacker can execute arbitrary commands as the victim user.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2009-2261
SHA-256 | 707e4841498bdac3329fa0f7e22bc3d0c9b9a42bba87d345bc291f263c5a5231
Right To Left Override Unicode Can Be Used In Multiple Spoofing Cases
Posted Feb 12, 2010
Authored by Jordi Chancel

Whitepaper called Right To Left Override Unicode Can Be Used In Multiple Spoofing Cases. English version.

tags | paper, spoof
SHA-256 | 0233ec76b184dcfa9bd6cd2763e44fec5a71f08000fb6d6526e2fcdd4fc0d97b
Page 3 of 3
Back123Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close