exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 51 RSS Feed

Files Date: 2010-05-12 to 2010-05-13

724CMS Enterprise 4.59 SQL Injection
Posted May 12, 2010
Authored by t@nzo0n

724CMS Enterprise version 4.59 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | e61ee7822c297df8048b72e7ad0fa84edb48385a2a580190880e87d3b586c301
Digital College 1.0 Arbitrary Upload
Posted May 12, 2010
Authored by indoushka

Digital College version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 6b1ccdb0c5ea3c771f5c53f357c5f6a317c3afc6abf2a6ca80f6e2bd7fa56195
Technical Cyber Security Alert 2010-131A
Posted May 12, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-131A - Microsoft has released updates to address vulnerabilities in Microsoft Outlook Express, Microsoft Windows Mail, Microsoft Windows Live Mail, Microsoft Office, and Microsoft Visual Basic for Applications.

tags | advisory, vulnerability
systems | windows
SHA-256 | 734937a93aad140f993320ea92d9ed2ca13f36c93bab8370832391104cef175e
Core Security Technologies Advisory 2010.0405
Posted May 12, 2010
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Adobe Director is prone to a vulnerability due to an invalid read in 'DIRAPI.DLL', when opening a malformed .dir file. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Adobe Director to open a specially crafted file.

tags | advisory, remote, arbitrary
advisories | CVE-2010-0128
SHA-256 | 7168bea5459b9ed347373ab8db050ec91b0f4575d1bcaa89f2013cb5eaab82f1
Saurus CMS 4.7.0 Cross Site Scripting
Posted May 12, 2010
Authored by High-Tech Bridge SA | Site htbridge.com

Saurus CMS version 4.7.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4fb1b69b324e2baa8dfedea1a8f0dd62b85bda31a52149cfb840ae85a5bc71ef
Fast Free Media 1.3 Adult Site Shell Upload
Posted May 12, 2010
Authored by indoushka

Fast Free Media 1.3 Adult Site suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 6a6692edd9ad1dd5bdfb0615e06557952283b72a4082ae9ce905b7ec711a7d65
e-Webtech SQL Injection
Posted May 12, 2010
Authored by CoBRa_21

e-Webtech suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | cdb12dca22886d63cbd25c32c3a66bfdc91f255a18db92855b3f32384ff9f7f8
Zero Day Initiative Advisory 10-086
Posted May 12, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-086 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getnnmdata.exe CGI. If this CGI is requested with an invalid Hostname parameter a sprintf() call is made to log the error. However, no length check is performed on the variable contents before copying in to a fixed-length stack buffer. This can be leveraged by remote attackers to execute arbitrary code under the context of the webserver process.

tags | advisory, remote, arbitrary, cgi
advisories | CVE-2010-1555
SHA-256 | c506d236bec0849d06da5bf422cd5205ac1a99d26baca5b0e87f982864fea9f2
Zero Day Initiative Advisory 10-085
Posted May 12, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-085 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getnnmdata.exe CGI. If this CGI is requested with an invalid iCount POST parameter a sprintf() call is made to log the error. However, no length check is performed on the variable contents before copying in to a fixed-length stack buffer. This can be leveraged by remote attackers to execute arbitrary code under the context of the webserver process.

tags | advisory, remote, arbitrary, cgi
advisories | CVE-2010-1554
SHA-256 | 8015452f65440290ba654f55ca908345c85c47a32758be472efab3338115e75c
Free Advertisement CMS SQL Injection
Posted May 12, 2010
Authored by Ashiyane Digital Security Team

Free Advertisement CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 657c9d92482a6e956562b4c1fc4f6cb9ecbde87f0941ce3585d81dd9cb417144
Woodall Creative SQL Injection
Posted May 12, 2010
Authored by Ashiyane Digital Security Team

Woodall Creative suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 72db659b74739a9c495916b4cb406e1cd5c056c053a16ed56fed24be773c987d
Marinet CMS Cross Site Scripting / HTML Injection / SQL Injection
Posted May 12, 2010
Authored by CoBRa_21

Marinet CMS suffers from cross site scripting, html injection and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 5a63ebd45bff76c3561b868f28dad53161294ca234c25d1abed7783ba670b2bb
Joomla Camp26 Visitor Data 1.1 Code Execution
Posted May 12, 2010
Authored by Chip D3 Bi0s

The Joomla Camp26 Visitor Data component version 1.1 suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | cb6dd0035c6093bdb03ba25096a7c831523ed95fb926a179af5d51870ec3ca45
DynamiXgate Affiliate Store Builder Cross Site Scripting
Posted May 12, 2010
Authored by High-Tech Bridge SA | Site htbridge.com

DynamiXgate Affiliate Store Builder suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c57a72c6659985eabaf7cb1591149cb11bd862bf2e37e5036f842dab48ba17a2
HP Security Bulletin HPSBMA02527 SSRT010098
Posted May 12, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2010-1550, CVE-2010-1551, CVE-2010-1552, CVE-2010-1553, CVE-2010-1554, CVE-2010-1555
SHA-256 | b8679c50a8aa94d63d460ccd120eae4f0fa1767849203be1affb0687ac3f1934
Zero Day Initiative Advisory 10-084
Posted May 12, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-084 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getnnmdata.exe CGI. If this CGI is requested with an invalid MaxAge parameter a sprintf() call is made to log the error. However, no length check is performed on the variable contents before copying in to a fixed-length stack buffer. This can be leveraged by remote attackers to execute arbitrary code under the context of the webserver process.

tags | advisory, remote, arbitrary, cgi
advisories | CVE-2010-1553
SHA-256 | eda2c51e493c29d2758ac012e9f0f3fd057ea0373fcf515d6c8e501fe446845b
Zero Day Initiative Advisory 10-083
Posted May 12, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-083 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the snmpviewer.exe CGI. The doLoad function in this process calls sprintf() with a %s format specifier and unsanitized user input retrieved from two separate POST variables (act and app). By providing large enough strings a remote attacker can cause a stack-based buffer overflow and eventually execute arbitrary code under the context of the webserver process.

tags | advisory, remote, overflow, arbitrary, cgi
advisories | CVE-2010-1552
SHA-256 | a162ea1fc08bd65d90da71128b74814b91dad7d4350ac1ae03a0c841a0a550b3
Zero Day Initiative Advisory 10-082
Posted May 12, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-082 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Network Monitor (netmon.exe) daemon. This process can be started by invoking the webappmon.exe CGI application through the webserver. When the _OVParseLLA function defined within ov.dll is called from netmon.exe it directly copies the value of the 'sel' POST variable into a fixed-length stack buffer with a call to strcpy(). This can be leveraged by remote attackers to execute arbitrary code under the context of the webserver process.

tags | advisory, remote, arbitrary, cgi
advisories | CVE-2010-1551
SHA-256 | 89e2936a1e93f217b1b452231b7aac6a726b12f437c13943a6195c014d5e7b63
Zero Day Initiative Advisory 10-081
Posted May 12, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-081 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovet_demandpoll.exe process. This process can be started by invoking the webappmon.exe CGI application through the webserver. The process calls vnsprintf() directly with the contents of the 'sel' POST variable. By providing a malicious value this format string vulnerability can be leveraged by remote attackers to execute arbitrary code under the context of the ovet_demandpoll.exe process.

tags | advisory, remote, arbitrary, cgi
advisories | CVE-2010-1550
SHA-256 | fff96a3554f43a33a6ca8e0b1aa473ed6e433cfe92c42041fbf4858c3d4df93d
Digital Upload 1.0 Shell Upload
Posted May 12, 2010
Authored by indoushka

Digital Upload version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
SHA-256 | 63439ca248d8b1e8c976aea989c32270559fd81609330b1b4f7f78bdbc80b35c
Debian Linux Security Advisory 2044-1
Posted May 12, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2044-1 - tixxDZ (DZCORE labs) discovered a vulnerability in the mplayer movie player. Missing data validation in mplayer's real data transport (RDT) implementation enable an integer underflow and consequently an unbounded buffer operation. A maliciously crafted stream could thus enable an attacker to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
SHA-256 | 23309c62e05d7344b505470ebce4aed58b2a331b1a25ddeaaad376b34062aabb
Debian Linux Security Advisory 2043-1
Posted May 12, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2043-1 - tixxDZ (DZCORE labs) discovered a vulnerability in vlc, the multimedia player and streamer. Missing data validation in vlc's real data transport (RDT) implementation enable an integer underflow and consequently an unbounded buffer operation. A maliciously crafted stream could thus enable an attacker to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
SHA-256 | 73b74735d3d20ed0e2ef42877b443d0fe3dfd751d97cb95d826e71f69fa8171c
Microsoft Windows Outlook Express And Windows Mail Integer Overflow
Posted May 12, 2010
Authored by Francis Provencher

Microsoft Windows Outlook Express and Windows Mail suffer from an integer overflow vulnerability.

tags | exploit, overflow
systems | windows
advisories | CVE-2010-0816
SHA-256 | 2acf22676b2db8c146ec43270d2c5a5e9f0d7b238abc38f7dbe2d45a0204f152
PointDev IDEAL Migration Buffer Overflow
Posted May 12, 2010
Authored by Dr_IDE, jduck, dookie | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in versions v9.7 through v10.5 of IDEAL Administration and versions 4.5 and 4.51 of IDEAL Migration. All versions are suspected to be vulnerable. By creating a specially crafted ipj file, an attacker may be able to execute arbitrary code. NOTE: IDEAL Administration 10.5 is compiled with /SafeSEH

tags | exploit, overflow, arbitrary
advisories | CVE-2009-4265
SHA-256 | d487bf3a03cfdebd126e3b50fa65fc5bba22a39f6bc020af9d9f9429f2ff2e0c
HP Security Bulletin HPSBMA02528 SSRT100106
Posted May 12, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with the HP Performance Center Agent running on Windows. The vulnerability could be exploited by a remote unauthenticated user to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | windows
advisories | CVE-2010-1549
SHA-256 | c28c089bb7e2b55d12d10cd135ce2619d9a5fbc8851ff9fbcf0681a576c06e87
Page 2 of 2
Back12Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close