what you don't know can hurt you
Showing 26 - 40 of 40 RSS Feed

Files Date: 2010-11-16 to 2010-11-17

Simea CMS SQL Injection
Posted Nov 16, 2010
Authored by Cru3l.b0y

Simea CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 9dd435d5a2d17af0516c8aa6a0381dd5
Phreebird DNSSEC Proxy 1.02
Posted Nov 16, 2010
Authored by Dan Kaminsky

Phreebird is a DNSSEC proxy that operates in front of an existing DNS server (such as BIND, Unbound, PowerDNS, Microsoft DNS, or QIP) and supplements its records with DNSSEC responses. Features of Phreebird include automatic key generation, realtime record signing, support for arbitrary responses, zero configuration, NSEC3 "White Lies", caching and rate limiting to deter DoS attacks, and experimental support for both Coarse Time over DNS and HTTP Virtual Channels. The suite also contains a large amount of sample code, including support for federated identity over OpenSSH. Finally, "Phreeload" enhances existing OpenSSL applications with DNSSEC support.

tags | tool, web, arbitrary
systems | unix
MD5 | 13afe1a7aa6ab753275c0b5289b6a8bc
Mandriva Linux Security Advisory 2010-234
Posted Nov 16, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-234 - Cross-site request forgery vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings. The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted file. The web interface in CUPS, reads uninitialized memory during handling of form variables, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via unspecified vectors. The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the /var/cache/cups/job.cache file. ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. The updated packages have been upgraded to cups 1.3.10 and patched to correct these issues.

tags | advisory, remote, web, denial of service, arbitrary, local, csrf
systems | linux, mandriva
advisories | CVE-2010-0540, CVE-2010-0542, CVE-2010-1748, CVE-2010-2431, CVE-2010-2941
MD5 | e52014d9e8f25781093b99d1ef0aae90
Joomla Alfurqan15x SQL Injection
Posted Nov 16, 2010
Authored by kaMtiEz | Site indonesiancoder.com

The Joomla Alfurqan15x component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 64e925c67641b0a609962d835616de8c
AbleDating Script 2010 Cross Site Scripting
Posted Nov 16, 2010
Authored by Dr-mosta

AbleDating Script 2010 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6f61cc92311f60880214f48ab867aa78
Nuked-Klan Boutique Blind SQL Injection
Posted Nov 16, 2010
Authored by [AR51]Kevinos

The Nuked-Klan Boutique module suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a26e7a20a4c370a0902838ba2a4465b2
Mandriva Linux Security Advisory 2010-233
Posted Nov 16, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-233 - Cross-site request forgery vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings. ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, denial of service, arbitrary, csrf
systems | linux, mandriva
advisories | CVE-2010-0540, CVE-2010-2941
MD5 | df9801953422c66c3f82907384e51b79
Raised Eyebrow CMS SQL Injection
Posted Nov 16, 2010
Authored by Cru3l.b0y

Raised Eyebrow CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | acd522f88ecfd99e3de24d83640eeb18
Spiraleye CMS SQL Injection
Posted Nov 16, 2010
Authored by Cru3l.b0y

Spiraleye CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 98149011803c750fd46e8da70f6573e6
Mandriva Linux Security Advisory 2010-232
Posted Nov 16, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-232 - Cross-site request forgery vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings. The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted file. The web interface in CUPS, reads uninitialized memory during handling of form variables, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via unspecified vectors. The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the /var/cache/cups/job.cache file. ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

tags | advisory, remote, web, denial of service, arbitrary, local, csrf
systems | linux, mandriva
advisories | CVE-2010-0540, CVE-2010-0542, CVE-2010-1748, CVE-2010-2431, CVE-2010-2941
MD5 | 0a142572090555283bd000b8f69b81b0
Gentoo Linux Security Advisory 201011-01
Posted Nov 16, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201011-1 - Multiple vulnerabilities were found in glibc, the worst of which allowing local attackers to execute arbitrary code as root. Multiple vulnerabilities were found in glibc, amongst others the widely-known recent LD_AUDIT and $ORIGIN issues. For further information please consult the CVE entries referenced below. Versions less than 2.11.2-r3 are affected.

tags | advisory, arbitrary, local, root, vulnerability
systems | linux, gentoo
advisories | CVE-2009-4880, CVE-2009-4881, CVE-2010-0296, CVE-2010-0830, CVE-2010-3847, CVE-2010-3856
MD5 | 5cea4225da35cf3fb30d0ffed4cc46a2
Android 2.0 / 2.1 Use-After-Free Remote Code Execution
Posted Nov 16, 2010
Authored by Itzhak Avraham, mj

Android versions 2.0 and 2.1 use-after-free remote code execution on webkit exploit.

tags | exploit, remote, code execution
advisories | CVE-2010-1807
MD5 | 7b90bebf767fe960f4b6a8e961d30488
Foxit Reader 4.1.1 Stack Overflow
Posted Nov 16, 2010
Authored by dookie

Foxit Reader version 4.1.1 stack overflow exploit with egghunter shellcode.

tags | exploit, overflow, shellcode
MD5 | 0e21f793646b5967b6389198167456f7
vBulletin 4.0.8 Cross Site Scripting
Posted Nov 16, 2010
Authored by MaXe

vBulletin version 4.0.8 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | bb74a229a7f6c429d86b75ac1fa85a22
CakePHP 1.3.5 / 1.2.8 Cache Corruption
Posted Nov 16, 2010
Authored by Felix

CakePHP versions 1.3.5 and below and 1.2.8 and below unserialize() cache corruption exploit.

tags | exploit
MD5 | 9d7b7f46b95d4cb6eadc3a043e39a342
Page 2 of 2
Back12Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close