exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 51 RSS Feed

Files Date: 2010-07-14 to 2010-07-15

Technical Cyber Security Alert 2010-194A
Posted Jul 14, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-194A - Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office.

tags | advisory, vulnerability
systems | windows
SHA-256 | 99a9c8eeec835f953c8577416f59faa96dfeaa0405662a82678e3b47b9361d29
HP Security Bulletin HPSBMA02553 SSRT100184
Posted Jul 14, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP Insight Software Installer for Windows . The vulnerabilities could be exploited locally to allow unauthorized access to data and remotely to allow Cross Site Request Forgery (CSRF), cross site scripting (XSS), and unauthorized access to data.

tags | advisory, vulnerability, xss, csrf
systems | windows
advisories | CVE-2010-1970, CVE-2010-1971, CVE-2009-1523, CVE-2009-1524
SHA-256 | d8dafbbea8549b769795f7069358f102168b2a1861c06cd84b8985bfe9768e20
Ubuntu Security Notice 961-1
Posted Jul 14, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 961-1 - David Srbecky discovered that Ghostscript incorrectly handled debug logging. It was discovered that Ghostscript incorrectly handled certain malformed files. Dan Rosenberg discovered that Ghostscript incorrectly handled certain recursive Postscript files. Rodrigo Rubira Branco and Dan Rosenberg discovered that Ghostscript incorrectly handled certain malformed Postscript files.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2009-4270, CVE-2009-4897, CVE-2010-1628, CVE-2010-1869
SHA-256 | fc3e534dc69b0ee865fdb2519e7623cba43d1b89824c7c118c7d038004559fd7
Zero Day Initiative Advisory 10-122
Posted Jul 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-122 - This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability but may be bypassed. The specific flaw exists in the handling of the 'preauth' variable to the script index.php used in the administration server running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service.

tags | advisory, remote, arbitrary, php
SHA-256 | 93a62185ef8d18e9a29cfd9b57696ef14f36acaa2101b02cf3b5a2fb86c0cff8
Zero Day Initiative Advisory 10-121
Posted Jul 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-121 - This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability but may be bypassed. The specific flaw exists in the handling of the 'selector[0]' variable to the script index.php used in the administration server running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service.

tags | advisory, remote, arbitrary, php
SHA-256 | 48b582d620ae4d20b1dc5efd5459042a2efe4806e63f5df7d7a53cd406c9eb73
HP Security Bulletin HPSBMA02551 SSRT100165
Posted Jul 14, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP Virtual Connect Enterprise Manager for Windows . The vulnerability could be exploited to allow remote cross site scripting (XSS).

tags | advisory, remote, xss
systems | windows
advisories | CVE-2010-1969
SHA-256 | 51d7e13a4ccd3dbf7273cd65a07356af1c6d1930554bb2a062c96116437ec228
Struts2/XWork Remote Command Execution
Posted Jul 14, 2010
Authored by Meder Kydyraliev

Struts2/XWork suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2010-1870
SHA-256 | 4bfaf1025cecb689d125b743ac0333bad9a7f8606514866a6849cf570bfdb557
Kismet Wireless Network Sniffer 2010-07-R1
Posted Jul 14, 2010
Authored by Mike Kershaw | Site kismetwireless.net

Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.

Changes: Bugfixes to TCP Async handling and capture IPC, workarounds for broken ncurses on some installs, new no-data options to prevent any logging or processing of data packets, and zero-priv drone-only operation.
tags | tool, wireless
systems | cisco, linux, freebsd, openbsd, apple, osx
SHA-256 | b1bae7a97e7a904bf620f285aa0d62ebc1fd3b54b671fbca125405036f949e80
Joomla QContacts SQL Injection
Posted Jul 14, 2010
Authored by mlk

The Joomla QContacts component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8b01faff09ed91c8743362570cd562871681a3389f4f6871e08d74fe72146dc2
AJ Article Cross Site Scripting
Posted Jul 14, 2010
Authored by Sid3 effects

AJ Article suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 80aca8fbffb9bcc611ac8352f122fd4d82ff736db91dfe73f921f41927ec663d
CustomCMS Cross Site Scripting
Posted Jul 14, 2010
Authored by Sid3 effects

CustomCMS suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6e13567f08da3121cc7314e41a267b999d68edac6a13a024930725ef40317a83
ASX To MP3 Converter 3.1.2.1 SEH Exploit
Posted Jul 14, 2010
Authored by Node

ASX to MP3 Converter version 3.1.2.1 SEH exploit with DEP and ASLR bypass for multiple OSes.

tags | exploit
SHA-256 | ce61ba7b398470428b6cefbcf780bb472a2833827ac8ad45ffa4bdf04cd89f32
Microsoft Help Center XSS and Command Execution
Posted Jul 14, 2010
Authored by Tavis Ormandy | Site metasploit.com

Help and Support Center is the default application provided to access online documentation for Microsoft Windows. Microsoft supports accessing help documents directly via URLs by installing a protocol handler for the scheme "hcp". Due to an error in validation of input to hcp:// combined with a local cross site scripting vulnerability and a specialized mechanism to launch the XSS trigger, arbitrary command execution can be achieved. On IE7 on XP SP2 or SP3, code execution is automatic. If WMP9 is installed, it can be used to launch the exploit automatically. If IE8 and WMP11, either can be used to launch the attack, but both pop dialog boxes asking the user if execution should continue. This exploit detects if non-intrusive mechanisms are available and will use one if possible. In the case of both IE8 and WMP11, the exploit defaults to using an iframe on IE8, but is configurable by setting the DIALOGMECH option to "none" or "player".

tags | exploit, arbitrary, local, code execution, protocol, xss
systems | windows
advisories | CVE-2010-1885
SHA-256 | 07c1cc154c365b6b6fe8ed04e2065a13f163682327a94dc589df58c765512b0d
Diem 5.1.2 Cross Site Scripting
Posted Jul 14, 2010
Authored by High-Tech Bridge SA | Site htbridge.com

Diem version 5.1.2 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | b882a5a79583536f69c157f2384d2c88cf2b67758b1af9e8bdd94c2cf2d41c93
Zero Day Initiative Advisory 10-120
Posted Jul 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-120 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability. The specific flaw exists in the handling of variables to the property_box.php script located on the Oracle Secure Backup administration server. Due to the lack of filtering on special characters it is possible to specify arbitrary commands to the command line being executed by the administration server. Successful exploitation of this can lead to remote compromise under the credentials of the web server.

tags | advisory, remote, web, arbitrary, php
SHA-256 | 61f830c320fdec0772ce945d9ce3be52e3fec38c4da37fd3e68022a304d2bf32
Zero Day Initiative Advisory 10-119
Posted Jul 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-119 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability. The specific flaw exists in the handling of variables to the property_box.php script located on the Oracle Secure Backup administration server. Due to the lack of filtering on special characters it is possible to specify arbitrary commands to the command line being executed by the administration server. Successful exploitation of this can lead to remote compromise under the credentials of the web server.

tags | advisory, remote, web, arbitrary, php
SHA-256 | 97fed0676d2071c69c2c9f377c677e4efb75bb0ed4ea9ead9a0d07709bd5bbcb
HP Security Bulletin HPSBMA02550 SSRT100170
Posted Jul 14, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP Insight Software Installer for Windows . The vulnerabilities could be exploited locally to allow unauthorized access to data and remotely to allow Cross Site Request Forgery (CSRF).

tags | advisory, vulnerability, csrf
systems | windows
advisories | CVE-2010-1967, CVE-2010-1968
SHA-256 | 9dafbefd4473d84b90d2b6ee70f37fe46ab09dd617df0c63cf5b3f6469c34fcc
HP Security Bulletin HPSBMA02549 SSRT090158
Posted Jul 14, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP Insight Control power management for Windows . The vulnerability could be exploited locally to allow unauthorized access to data and Denial of Service (DoS).

tags | advisory, denial of service
systems | windows
advisories | CVE-2010-1966
SHA-256 | 6f3974f8b32e30cc857b5387dcab9b80f67a2d81c709eae73687d00e30811de2
Zero Day Initiative Advisory 10-118
Posted Jul 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-118 - This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of user input to the uname variable of the login.php script running on the administration page of Oracle Secure Backup. Do to the lack of proper shell metacharacter filtering it is possible to bypass the login check. Successful exploitation of this vulnerability allows the attacker to access sensitive information running on the administration server without proper credentials.

tags | advisory, remote, shell, php
SHA-256 | a84daf45f55774169b51adedbd1ae06c4420baede8def2a3b970b7bb38d2066a
Zero Day Initiative Advisory 10-117
Posted Jul 14, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-117 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required in that a user must browse to a malicious website. The specific flaws exists in the instantiation of three specific ActiveX controls. The combination of loading all three controls in a particular order results in a transfer of control to unallocated memory which can be leveraged by remote attackers to execute arbitrary code under the context of the currently logged in user.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2010-0814
SHA-256 | 2df2850b9ccf6c84c116a1112d822637a0afc32cb493717b88134c82b546c945
HP Security Bulletin HPSBMA02548 SSRT100126
Posted Jul 14, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP Insight Orchestration for Windows . The vulnerability could be exploited remotely to allow unauthorized access.

tags | advisory
systems | windows
advisories | CVE-2010-1965
SHA-256 | 5503e0eb2b385aee7cbd841f7ed19b5c5de4d53c0dc51c2b3136c57e588525cc
HP Security Bulletin HPSBMA02547 SSRT100179
Posted Jul 14, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerabilities could be exploited remotely to execute arbitrary code and other exploits.

tags | advisory, arbitrary, vulnerability
systems | linux, windows, hpux
advisories | CVE-2008-4546, CVE-2009-3555, CVE-2009-3793, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839
SHA-256 | 27420ba971df7b22139b1f921417d90f92bfe900d17874fa4918c86891833e39
CMSQLite Cross Site Scripting / SQL Injection
Posted Jul 14, 2010
Authored by High-Tech Bridge SA | Site htbridge.com

CMSQLite suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 855f2e4388d8bc6e4a4b1ed91638bd498dad6498f46499bf53b0e539bf6a8a88
Campsite CMS Cross Site Scripting
Posted Jul 14, 2010
Authored by D4rk357

Campsite CMS suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9b30a39213b3f27e38514196c6e71099dfc8a38104e2b949ac13dd90627e8382
VMware Security Advisory 2010-0011
Posted Jul 14, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - VMware Studio 2.1 addresses security vulnerabilities in virtual appliances created with Studio 2.0.

tags | advisory, vulnerability
advisories | CVE-2010-2427, CVE-2010-2667
SHA-256 | 0db53c597e93d42d1dc1c70847ad8b7ad162e5bfd7ee81e6fd69c060ab801465
Page 2 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close