Whitepaper called Creating Windows Exploits with the Metasploit Framework, or Criar Exploits Para o Windows com a Ajuda da Metasploit Framework. Written in Portuguese.
301bb0feb08953721be67b31cd0b765b20729b7aa35a814c8315e4c5a03eed48This Metasploit module exploits a remote code execution vulnerability in Trend Micro Internet Security Pro 2010 ActiveX. When sending an invalid pointer to the extSetOwner() function of UfPBCtrl.dll an attacker may be able to execute arbitrary code.
c2a11c7983f91db8ab886e7660b02d16e3345e1caecf8da45a9e658400a2913fChipmunk Board version 1.3 suffers from a remote SQL injection vulnerability.
311d67f6b84606b8b462576aae2d7cc258a4bcbfb557591d370d2d4cdd70a403iGaming CMS versions 1.5 and below remote blind SQL injection exploit.
1b00329d1f8ee25a03cfcafc13ec8425e486f1d1deecb13f3ef36b5e91f00f49PhpMyShopping version 1.0.1505 suffers from cross site scripting and remote blind SQL injection vulnerabilities.
0cc2e1134812b389f8a59a6b6b29fb47e4397708ff1b92050462624009121ad8jCart version 1.1 suffers from cross site request forgery, cross site scripting and open redirect vulnerabilities.
37d8fb41ceb0f28568a4e8cc0862efe009e1edaa1362ee88731eee816d27916eEvaria CMS version 1.1 suffers from a file disclosure vulnerability.
11d7bd467c1c6989bce371d3712b62e770f4b8bc1844628f2d22723fdc57e7a5Zero Day Initiative Advisory 10-190 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nps.jar web application exposed via the Tomcat server running by default on TCP ports 8080 and 8443. The com.novell.nps.serviceProviders.PortalModuleInstallManager servlet exposes a function called getMultiPartParameters which parses POST variables from a multipart form request. The getEntry function that the above uses can be made to write an arbitrary file to disk. An attacker can abuse this to place a malicious JSP document in a web-accessible location. By uploading a malicious script, this can be leveraged to execute remote code under the context of the Tomcat process.
1699605969f4f4ceb62ec6179f5c66fa538641846826a8b80255c0423b295f72Zero Day Initiative Advisory 10-189 - This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in order to trigger this vulnerability. The flaw exists within Novell's eDirectory Server's NCP implementation which binds, by default, to TCP port 524. While handling a malformed request, the application explicitly trusts a field when translating it to an index into a table of counters. If this index is too large, the application will set a value outside the array and the ndsd process will become unresponsive resulting in an inability to authenticate to that server.
e56ecb116ae51cb4e73bc7ea2b7243fadbe052600a1642ced1479adf40a5a2e4This archive contains all of the 305 exploits added to Packet Storm in September, 2010.
3b64922137400b6c4d599c0c0c6ea4681bde2a5c6d9413cb6538011973303ce742 bytes small Win32/XP SP3 (Tr) cmd.exe shellcode.
a47cfd0226478f7609da02fc5721f8a3d186764a1bffb72704ee7ea44ee6f8e2Mandriva Linux Security Advisory 2010-191 - Multiple cross-site scripting vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving the list information field or the list description field.
69ac23bb749b1900777ce4b515706762e22cf782817709f51e127d014a70e691Netbiter webSCADA suffers from file and information disclosure vulnerabilities.
b74d2dea0d6285c157f5bdd67ae7e60c5a0411ee3a74aa6d8b04e0d1c6fc4df6Secunia Security Advisory - A vulnerability has been reported in IBM DB2, which can be exploited by malicious users or malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
ee96a2dc6e6bba0e13f1b3b7d00d10a83173f9403b7099f135c5c76c4eb1648dSecunia Security Advisory - A vulnerability has been reported in Novell iManager, which can be exploited by malicious people to compromise a vulnerable system.
491ea0171f345e33e99ffc2bc463adfdfa8f407436f9c63f5ea05aaef5b2e94cSecunia Security Advisory - Multiple vulnerabilities have been reported in Openswan, which can be exploited by malicious people to compromise a user's system.
eca9d01559886074c1ab9dfc19213c864abe681ed42104e8858f4c161ac7911bSecunia Security Advisory - A vulnerability has been reported in Barracuda Spam & Virus Firewall, which can be exploited by malicious users to disclose sensitive information.
1d60774803094d83fb1c5e473f2f066dbe186d502a9d95b7021d99d0d64c5ad5Secunia Security Advisory - Two vulnerabilities have been reported in FreeRADIUS, which can be exploited by malicious people to cause a DoS (Denial of Service).
b241acbf02fe5e80feffacc5ba124b0283ce3129603c093a40ba9b327e42044cSecunia Security Advisory - Multiple vulnerabilities have been reported in Zen Cart, which can be exploited by malicious people to conduct SQL injection and cross-site scripting attacks and to disclose sensitive information.
afef74bad63e6cb421315cd7681529ff9a2464eed1f963460f4a10be940d5d61Secunia Security Advisory - Ubuntu has issued an update for libmikmod. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
bbbeea76e6fbffd5bbf7fd77754c7090087ed683fd4c992af682ad4c16721465Secunia Security Advisory - Ubuntu has issued an update for mako. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting or script insertion attacks.
edab14cab87f824ad5d07a4cc0bc8eab31b4194d28638961ca31c51c3711bd39Secunia Security Advisory - Ubuntu has issued an update for avahi. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
d686fad3f7015402a0f5f4edc29db8574e799fcf6d7ef5b17747f6b70a15fd98Secunia Security Advisory - Debian has issued an update for moodle. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting, script insertion, cross-site request forgery, and SQL injection attacks.
e41fea7be2a589aacc713f1c6b0a9499140a4cd93e6c934c6eada5ff22b942c2The Thotcon 0x2 Call For Papers is now open. The conference will take place in Chicago, IL on April 22nd, 2011.
8b50dc40fac8305be72a83a6a7130c0b946cafe9167a7b52733fafa1d9c95efbRouterDefense is a Cisco IOS security assessment tool. It deep dives into router and switch configurations and reports security recommendations.
a361d271b4e0033888d7aeee72aacad0e7cb91505c1cd513a794723bdb61b6f1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed