exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 75 RSS Feed

Files Date: 2010-05-25 to 2010-05-26

MOPS-2010-036 - PHP htmlentities() / htmlspecialchars() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP’s htmlentities() and htmlspecialchars() functions can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | 6d393c315c5467e139f5d0406c2433248990c6ecc6bf52111a89f5d78d6333f9
Real Estate Portal Shell Upload
Posted May 25, 2010
Authored by MasterGipy

Real Estate Portal suffers from a shell upload vulnerability.

tags | exploit, shell
SHA-256 | bc773363b1f3f1f39ab864e23861a3c9c74a5eee069655b206392472ca0f0b33
MOPS-2010-035 - e107 BBCode PHP Code Execution
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - It was discovered that access control to the [php] bbcode which allows executing PHP code is wrongly implemented in e107. This allows unauthenticated users to execute arbitrary PHP code easily. e107 versions 0.7.20 and below are affected.

tags | exploit, arbitrary, php
SHA-256 | 9e5e13070e5b1bbb208fabf81b566739464738bffb9c5bb3ff0a0421519c348e
MKPortal Horoscop Cross Site Scripting
Posted May 25, 2010
Authored by Inj3ct0r

The MKPortal Horoscop module suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5cd99b2b28c90012d2621fce1bc0d12c673e3eed4cf702644ac3592edd5f809f
MOPS-2010-034 - PHP iconv_mime_encode() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP's iconv_mime_encode() function can be abused for information leak attacks, because of the call time pass by reference feature. This vulnerability also demonstrates that fixing zend_parse_parameters() is not enough to kill some of these vulnerabilities. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php, vulnerability
SHA-256 | 08ee43cbc95c598ee383529242b6261189ff5b0ff455b68a97bde61b467737a1
HostFriendz.com SQL Injection
Posted May 25, 2010
Authored by Ivan Sanchez

Software from HostFriendz.com suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 3b2094ccb61611208696bd23284f3bccbec8f621821c9bb28508a7739e661935
MOPS-2010-033 - PHP iconv_subsrt() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP’s iconv_substr() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | 645c4430db4a9b9297b0921897e599d7efa4b474715e9e39c3c5c3413aff47a3
Lizzard Active Media SQL Injection
Posted May 25, 2010
Authored by CoBRa_21

Lizzard Active Media suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 60547b8115aaac6da072ca02e708470c806e2c9c0d8e4e1341e12f2cbc507893
MOPS-2010-032 - PHP iconv_mime_decode() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP’s iconv_mime_decode() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
SHA-256 | d18872107c1dda39b76981664dc3403c8e50ea470b81d3b0498d2a2b02444189
MOPS-2010-031 - e107 SQL Injection
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - An SQL Injection vulnerability was discovered in the user settings dialog of e107 that allows any user to become an admin easily. Versions 0.7.20 and below are affected.

tags | exploit, php, sql injection
SHA-256 | 7764fa816c681b9e1f35443ed5a5834ca32d0cf19952369802e37f00f1158457
Scientific Atlanta DPC2100 Cable Modem Cross Site Request Forgery
Posted May 25, 2010
Authored by Dan Rosenberg

The Scientific Atlanta DPC2100 Cable Modem suffers from cross site request forgery and insufficient authentication vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2010-2025, CVE-2010-2026
SHA-256 | 526edd304fca1c5a00df908a6e6c705539bd6f5e7a759e2196082becea2fc227
Debian Linux Security Advisory 2052-1
Posted May 25, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2052-1 - Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for authenticating users and services on a network, a null pointer dereference flaw in the Generic Security Service Application Program Interface (GSS-API) library could allow an authenticated remote attacker to crash any server application using the GSS-API authentication mechanism, by sending a specially-crafted GSS-API token with a missing checksum field.

tags | advisory, remote
systems | linux, debian
advisories | CVE-2010-1321
SHA-256 | 6f3d78e03ea57964721893e934702126fc045a2b77d0bd036864e7d173302c72
MOPS-2010-030 - CMSQlite mod Parameter Local File Inclusion
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - A local file inclusion vulnerability was discovered in CMSQlite that might allow remote PHP code execution. Versions 1.2 and below are affected.

tags | exploit, remote, local, php, code execution, file inclusion
SHA-256 | c42ae5c025360afcc5198f641ee48d83cab08933bf20481af75643e96227a51d
MOPS-2010-029 - CMSQlite c Parameter SQL Injection
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - An SQL Injection vulnerability was discovered in CMSQlite that allows to retrieve all data from the database. Versions 1.2 and below are affected.

tags | exploit, php, sql injection
SHA-256 | d891d11b3e1bf5820eb5f73a06da57a12a760c688e8c28e1aca1ae8888a888a2
MOPS-2010-028 - PHP phar_wrapper_open_url Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains several format string vulnerabilities in the internal phar_wrapper_open_url() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php, vulnerability
SHA-256 | 88778104d5539c71d1331b422cb8c82ae5e1b58fcc633a019260fff969c2644a
MOPS-2010-027 - PHP phar_parse_url Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains several format string vulnerabilities in the internal phar_parse_url() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php, vulnerability
SHA-256 | 9e0eb74b07d6b55063f896a9f5ca562cc45dd241ff70b6b37c470608c91cdd9e
SQL Injection Filtering
Posted May 25, 2010
Authored by d3c0der

Whitepaper called SQL Injection Filtering. Written in Persian.

tags | paper, sql injection
SHA-256 | 471f2f35cac4b774613c5c87f33f9439226204686687b4aa52a6690d0be6aa40
BigAce Cross Site Scripting / Cross Site Request Forgery
Posted May 25, 2010
Site bkis.com

BigAce versions 2.7.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
SHA-256 | e1ed4583798dfdd2f64c7245007020d142877493b13f66362674c6b54442493d
Secunia Security Advisory 39918
Posted May 25, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, fedora
SHA-256 | d9970ef0d764c75ecf3bb66a82714be10cca66dd00299476056ec6b28769047a
Secunia Security Advisory 39939
Posted May 25, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for postgresql-8.3. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | linux, debian
SHA-256 | 75a1c7a74fafec8503da002aadc61b5aece04db0e858f95963bd0f93a1722e02
Secunia Security Advisory 39889
Posted May 25, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - David K. has reported a vulnerability in the USR5463 802.11g Wireless Router, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | 8ff4e731433fad273ea8e5816e3ff70250e0c00f4da282ecd9647b651cd96389
Secunia Security Advisory 39938
Posted May 25, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for kdegraphics. This fixes multiple vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | b3cb8ff2b199baccd660ac26f7b0523455e21df20350d0a6120272d3d8bac2f3
Secunia Security Advisory 39901
Posted May 25, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Rad L. Sneak has discovered a vulnerability in ManageEngine ADManager Plus, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | d9997452259c548af7a247b6b6a873d95825c1dda00d94b69f710070bc3be940
Secunia Security Advisory 39913
Posted May 25, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - John Leitch has discovered a vulnerability in The Uniform Server, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | 35fed674f28f1de504ba9ff3b40fe932769610a7763dc770040178bf2370e384
Secunia Security Advisory 39856
Posted May 25, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Maksymilian Arciemowicz has discovered a vulnerability in Sun Solaris, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
systems | solaris
SHA-256 | 584c02125616e49deba87256342e6fb86974ee646ca2b03be714a7b1737a96ab
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close