exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 748 RSS Feed

Files Date: 2011-02-01 to 2011-02-28

WordPress Zotpress 2.6 Cross Site Scripting
Posted Feb 26, 2011
Authored by AutoSec Tools | Site autosectools.com

WordPress Zotpress version 2.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 60782f41cea55e5e0a2c3ce9309ab66504f1a16250b8664f8735e2e80c0be95d
Ubuntu Security Notice USN-1074-1
Posted Feb 26, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1074-1 - Multiple vulnerabilities have been discovered and addressed in the Linux kernel. Al Viro discovered a race condition in the TTY driver. Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly check file permissions. Neil Brown discovered that NFSv4 did not correctly check certain write requests. David Howells discovered that DNS resolution in CIFS could be spoofed. Various other issues have also been addressed.

tags | advisory, kernel, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-4895, CVE-2010-2066, CVE-2010-2226, CVE-2010-2240, CVE-2010-2248, CVE-2010-2478, CVE-2010-2495, CVE-2010-2521, CVE-2010-2524, CVE-2010-2538, CVE-2010-2798, CVE-2010-2803, CVE-2010-2942, CVE-2010-2943, CVE-2010-2946, CVE-2010-2954, CVE-2010-2955, CVE-2010-2959, CVE-2010-2962, CVE-2010-2963, CVE-2010-3015, CVE-2010-3067, CVE-2010-3078, CVE-2010-3079, CVE-2010-3080, CVE-2010-3081, CVE-2010-3084, CVE-2010-3296
SHA-256 | f173020807305076d904d843200bcb5d00acee46687f271c4a2338df4358536b
eXPert PDF Reader 4.0 NULL Pointer Dereference / Heap Corruption
Posted Feb 26, 2011
Authored by LiquidWorm | Site zeroscience.mk

eXPert PDF Reader version 4.0 suffers from a NULL pointer dereference and heap corruption denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 290623376432a2f10c80421fb38a2d32682190ff9321dac7e355092b1f5512ff
Ubuntu Security Notice USN-1073-1
Posted Feb 26, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1073-1 - Multiple vulnerabilities have been discovered and addressed in the Linux kernel. Gleb Napatov discovered that KVM did not correctly check certain privileged operations. Dan Jacobson discovered that ThinkPad video output was not correctly access controlled. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. Dan Rosenberg discovered that the USB subsystem did not correctly initialize certain structures. Various other issues have also been addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-0435, CVE-2010-3448, CVE-2010-3698, CVE-2010-3859, CVE-2010-3865, CVE-2010-3873, CVE-2010-3874, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-4074, CVE-2010-4078, CVE-2010-4079, CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083, CVE-2010-4157, CVE-2010-4160, CVE-2010-4165, CVE-2010-4169, CVE-2010-4248, CVE-2010-4249
SHA-256 | 6ba8f6c6dc8aeeea6fd8953752f7beab7c32ebb9e112702d7ac851c16c79263a
Nitro PDF Reader 1.4.0 Heap Corruption
Posted Feb 26, 2011
Authored by LiquidWorm | Site zeroscience.mk

Nitro PDF Reader version 1.4.0 remote heap memory corruption proof of concept denial of service exploit and advisory.

tags | exploit, remote, denial of service, proof of concept
systems | linux
SHA-256 | 6f7251db7965fc6a2cb851fe9fe21e4f69d15e09dae81c217b971fb2bc6b0484
Ubuntu Security Notice USN-1072-1
Posted Feb 26, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1072-1 - Multiple vulnerabilities have been discovered and addressed in the Linux kernel. Gleb Napatov discovered that KVM did not correctly check certain privileged operations. Dave Chinner discovered that the XFS filesystem did not correctly order inode lookups when exported by NFS. Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. Dan Jacobson discovered that ThinkPad video output was not correctly access controlled. Various other issues have also been addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-0435, CVE-2010-2943, CVE-2010-3296, CVE-2010-3297, CVE-2010-3448, CVE-2010-3698, CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3873, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-4072, CVE-2010-4074, CVE-2010-4078, CVE-2010-4079, CVE-2010-4080, CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4160, CVE-2010-4248
SHA-256 | 812b3e28ec2f6132fd1f95415c8a0227bd33b2de0533cab3591015f15aead3cb
GNU SIP Witch Telephony Server 0.10.0
Posted Feb 26, 2011
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: This release consolidates the use of usecure for computing digests to simplify the configure script and to introduce a cmake build script. This will make it easy to build and debug with IDEs like kdevelop and codeblocks on GNU/Linux, as well as IDEs on other platforms such as xcode, Visual Studio (yes, sipwitch is cross-platform), etc.
tags | telephony
systems | unix
SHA-256 | 72da911bfc77431234e0bff1286afe803d438992f016d2dd1f846b745e94dabf
Ubuntu Security Notice USN-1071-1
Posted Feb 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1071-1 - Tavis Ormandy discovered that the Linux kernel did not properly implement exception fixup. A local attacker could exploit this to crash the kernel, leading to a denial of service. Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. A local attacker could exploit this to cause the kernel to hang, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2010-3086, CVE-2010-3859, CVE-2010-3873, CVE-2010-3875, CVE-2010-3876, CVE-2010-3880, CVE-2010-4078, CVE-2010-4080, CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4160
SHA-256 | 138f0d9acd9028b53e4c02afea0172fcf4090c982287a6d77f401f9155e9023b
Exec2Shell Converter Tool
Posted Feb 25, 2011
Authored by C3lt1c

This is a simple executable to shellcode converter tool. Video for usage is included.

tags | shellcode
SHA-256 | 615bb76846010e2d9b02e6e2405d54049a777f9250aebb20c701cbffbd929de8
Altigen Gateway Service Heap Overflow
Posted Feb 25, 2011
Authored by Patrick Kelley

Altigen's Gateway Service suffers from a heap overflow vulnerability that can be triggered by a simple nmap portscan.

tags | advisory, overflow
SHA-256 | 75c19fef6c874b519ac2c9baf65be73e2f21b601e31e7302e468dff495e2082c
Joomla XCloner Remote Command Execution
Posted Feb 25, 2011
Authored by mr_me

Joomla XCloner component remote command execution exploit. This component also suffers from information disclosure, local file inclusion, denial of service, and cross site scripting vulnerabilities.

tags | exploit, remote, denial of service, local, vulnerability, xss, file inclusion, info disclosure
SHA-256 | bd1d11cc383f303dac4cb1520a59452b77f741b76b084b5ea0df94bb38723392
Linksys Cisco Wag120n Cross Site Request Forgery
Posted Feb 25, 2011
Authored by IRCRASH, Khashayar Fereidani | Site ircrash.com

The Linksys Cisco Wag120n suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
systems | cisco
SHA-256 | dd16115896453d01f25228f86f2b3ddaef343f8a7937d67e06a50aa3bf8827de
Website By MIC SQL Injection
Posted Feb 25, 2011
Authored by eXeSoul

Website By MIC suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e4812b17d0b37e224f232c9974a3e6126178f549ad85888d440cc4cebcbf0b57
Prestashop Cartium 1.3.3 - 0.246s SQL Injection
Posted Feb 25, 2011
Authored by Antonio San Martino

Prestashop Cartium version 1.3.3 - 0.246s suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 235ad64da715d21ee421f82520eb1abfa2e9936d9d965014f9cfda3d83de594a
glFusion CMS Blind SQL Injection
Posted Feb 25, 2011
Authored by H3X

glFusion CMS suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 002f00d412b223b8c47ffe2113ec5755cab7b22632218f1804e4baea4e8ae938
Pragyan CMS Code Execution / SQL Injection
Posted Feb 25, 2011
Authored by villy

Pragyan CMS versions prior to 3.0 rev 274 suffer from code execution and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, sql injection
SHA-256 | 8b9afe976dfc4540c9079a9bb30cb84209dbd90c3bd9da57324bcd80fe2a9762
web.go Insecure Cookie
Posted Feb 25, 2011
Authored by Nam Nguyen | Site bluemoon.com.vn

web.go suffers from an insecure cookie vulnerability. Their cookie is modeled after Tornado which had the same issue reported on in 2010.

tags | advisory, web, insecure cookie handling
SHA-256 | ee2dc2d011a705d23606558d2a5af6c6a4bbf9a22dfdf2f4a9697f1c61fde09f
RaksoCT SQL Injection
Posted Feb 25, 2011
Authored by p0pc0rn

RaksoCT Web Design suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, sql injection
SHA-256 | 9aab71f6692e60a432af4d062c8c8dc8f477dc4c6ca13435df0be45adaec494c
iPhone MyDocs 2.7 Directory Traversal
Posted Feb 25, 2011
Authored by IRCRASH, Khashayar Fereidani | Site ircrash.com

iPhone MyDocs version 2.7 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
systems | apple, iphone
SHA-256 | fae04cfee781085d2fd6f8575af3648f4d7585f0588a5efb5b7bb8d73098d99c
iPhone iFile 2.0 Directory Traversal
Posted Feb 25, 2011
Authored by IRCRASH, Khashayar Fereidani | Site ircrash.com

iPhone iFile version 2.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
systems | apple, iphone
SHA-256 | aff27d1aa9bc27dc2109e98973b6ef23d319663bb2a0db4d43129ef37389f697
iPhone Folders 2.5 Directory Traversal
Posted Feb 25, 2011
Authored by IRCRASH, Khashayar Fereidani | Site ircrash.com

iPhone Folders version 2.5 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
systems | apple, iphone
SHA-256 | 1062f972a62f2727426510070897b782cbcae9833e2586c9aff82fee5f8b0622
Edraw Office Viewer Component 7.4 Active-X Buffer Overflow
Posted Feb 25, 2011
Authored by Alexander Gavrun

Edraw Office Viewer component version 7.4 active-x related stack buffer overflow exploit.

tags | exploit, overflow, activex
SHA-256 | 0cb6d86d4889168c48cf40d301af90cb71f2d53474310ed6503c5096390544cd
Cewolf 1.1.4 Denial Of Service
Posted Feb 25, 2011
Authored by MustLive

Cewolf - Chart Enabling Web Object Framework versions 1.1.4 and below suffer from a denial of service vulnerability.

tags | advisory, web, denial of service
SHA-256 | 8638638ee3109eed0bea5b2326a39b8428de034acd9b0f2f5efad8022120a4b1
WATOBO Web Application Toolbox Auditor 0.9.6rev266
Posted Feb 25, 2011
Authored by Andreas Schmidt | Site watobo.sourceforge.net

WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.

Changes: Now supports one-time tokens. NTLM authentication added. FileFinder plugin added. Various other additions.
tags | tool, web, local, scanner, vulnerability, xss, sql injection
systems | unix
SHA-256 | 478a1566e4c6f7dc28d734eedcb6ba04390148a32396154c928a3e2488959054
PHPShop 0.8.1 Cross Site Scripting
Posted Feb 25, 2011
Authored by Aung Khant | Site yehg.net

PHPShop versions 0.8.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a25bef9b70e1ce9498c17a7a5c93f602c1a3332be03b85ec863193217dd67c26
Page 2 of 30
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close