what you don't know can hurt you
Showing 26 - 40 of 40 RSS Feed

Files Date: 2010-11-16 to 2010-11-17

Simea CMS SQL Injection
Posted Nov 16, 2010
Authored by Cru3l.b0y

Simea CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a73c9169eef361a0e7116fbf4e07c7b02a1ed6296b19811ac982cd9bc28a4e9e
Phreebird DNSSEC Proxy 1.02
Posted Nov 16, 2010
Authored by Dan Kaminsky

Phreebird is a DNSSEC proxy that operates in front of an existing DNS server (such as BIND, Unbound, PowerDNS, Microsoft DNS, or QIP) and supplements its records with DNSSEC responses. Features of Phreebird include automatic key generation, realtime record signing, support for arbitrary responses, zero configuration, NSEC3 "White Lies", caching and rate limiting to deter DoS attacks, and experimental support for both Coarse Time over DNS and HTTP Virtual Channels. The suite also contains a large amount of sample code, including support for federated identity over OpenSSH. Finally, "Phreeload" enhances existing OpenSSL applications with DNSSEC support.

tags | tool, web, arbitrary
systems | unix
SHA-256 | 851f74625841584a432de6c57ae431f0553eb5bb5633b06087be46e51e44f01b
Mandriva Linux Security Advisory 2010-234
Posted Nov 16, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-234 - Cross-site request forgery vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings. The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted file. The web interface in CUPS, reads uninitialized memory during handling of form variables, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via unspecified vectors. The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the /var/cache/cups/job.cache file. ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. The updated packages have been upgraded to cups 1.3.10 and patched to correct these issues.

tags | advisory, remote, web, denial of service, arbitrary, local, csrf
systems | linux, mandriva
advisories | CVE-2010-0540, CVE-2010-0542, CVE-2010-1748, CVE-2010-2431, CVE-2010-2941
SHA-256 | 0dab4ef60a555b01565c5907cb2d99a63df8c8d71c529e3b72fcfb550aa56f4c
Joomla Alfurqan15x SQL Injection
Posted Nov 16, 2010
Authored by kaMtiEz | Site indonesiancoder.com

The Joomla Alfurqan15x component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7991552912198c9d5b238d147b28e3ea93e1d025de1ba497b70605c0fc7d227d
AbleDating Script 2010 Cross Site Scripting
Posted Nov 16, 2010
Authored by Dr-mosta

AbleDating Script 2010 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f22d2f87ea80aa4b9b215606e87249984e76fe497819fde95ebdab010de52303
Nuked-Klan Boutique Blind SQL Injection
Posted Nov 16, 2010
Authored by [AR51]Kevinos

The Nuked-Klan Boutique module suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ae2d25413ad0448009faf70893c6a483d295d4f302b8e43e69fe9b97909f3b68
Mandriva Linux Security Advisory 2010-233
Posted Nov 16, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-233 - Cross-site request forgery vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings. ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, denial of service, arbitrary, csrf
systems | linux, mandriva
advisories | CVE-2010-0540, CVE-2010-2941
SHA-256 | 4429a0ea4f7a712c583880adb10367e54b0ebca555534e9ce7b942a78300259e
Raised Eyebrow CMS SQL Injection
Posted Nov 16, 2010
Authored by Cru3l.b0y

Raised Eyebrow CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d38e7bb1bb4a16716aac2827dc2d0a5190ab53172965eac2f19383d0a82de8f3
Spiraleye CMS SQL Injection
Posted Nov 16, 2010
Authored by Cru3l.b0y

Spiraleye CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0cb957208799dd31d4880dc388a441de6322c9c9e5a08436ae01d2247c00c6a5
Mandriva Linux Security Advisory 2010-232
Posted Nov 16, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-232 - Cross-site request forgery vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings. The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted file. The web interface in CUPS, reads uninitialized memory during handling of form variables, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via unspecified vectors. The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the /var/cache/cups/job.cache file. ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

tags | advisory, remote, web, denial of service, arbitrary, local, csrf
systems | linux, mandriva
advisories | CVE-2010-0540, CVE-2010-0542, CVE-2010-1748, CVE-2010-2431, CVE-2010-2941
SHA-256 | 04e93c19aeb95affc703012416b9a127b061954e7f95f0664a38bba985b44c89
Gentoo Linux Security Advisory 201011-01
Posted Nov 16, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201011-1 - Multiple vulnerabilities were found in glibc, the worst of which allowing local attackers to execute arbitrary code as root. Multiple vulnerabilities were found in glibc, amongst others the widely-known recent LD_AUDIT and $ORIGIN issues. For further information please consult the CVE entries referenced below. Versions less than 2.11.2-r3 are affected.

tags | advisory, arbitrary, local, root, vulnerability
systems | linux, gentoo
advisories | CVE-2009-4880, CVE-2009-4881, CVE-2010-0296, CVE-2010-0830, CVE-2010-3847, CVE-2010-3856
SHA-256 | e7fd1080a732debd69f8864702d36b5571373a61bee34c47c11be74bc1e37420
Android 2.0 / 2.1 Use-After-Free Remote Code Execution
Posted Nov 16, 2010
Authored by Itzhak Avraham, mj

Android versions 2.0 and 2.1 use-after-free remote code execution on webkit exploit.

tags | exploit, remote, code execution
advisories | CVE-2010-1807
SHA-256 | 3a158fa65b67817ab860792bf9c8a91e63d6eff5a881daecfe0f045cc87710f4
Foxit Reader 4.1.1 Stack Overflow
Posted Nov 16, 2010
Authored by dookie

Foxit Reader version 4.1.1 stack overflow exploit with egghunter shellcode.

tags | exploit, overflow, shellcode
SHA-256 | 9780b51aa733813b396e6fc1a53431ca2e325e1962af0b5c9d51ca76f2250eef
vBulletin 4.0.8 Cross Site Scripting
Posted Nov 16, 2010
Authored by MaXe

vBulletin version 4.0.8 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 532b77cbe0f670822b9ca72b962634967c91c6ebf944208f42852cd4e2b6da83
CakePHP 1.3.5 / 1.2.8 Cache Corruption
Posted Nov 16, 2010
Authored by Felix

CakePHP versions 1.3.5 and below and 1.2.8 and below unserialize() cache corruption exploit.

tags | exploit
SHA-256 | 65a2b440d4696ecb893de017fe9da620c3ac3cbfb1083146551fa48a1d51dc2a
Page 2 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close