exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 59 RSS Feed

Files Date: 2011-04-14 to 2011-04-15

CVE Checker 3.1
Posted Apr 14, 2011
Authored by Sven Vermeulen | Site cvechecker.sourceforge.net

cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.

Changes: This bugfix release sanitizes the user defined key before it is put in the database and fixes a runtime problem when both SQLite and MySQL support are requested.
tags | vulnerability
systems | unix
SHA-256 | a7bed8adf2ecf6e23ed3f5339c1e7c15686d07059931a0cf2de3c60290e434f8
Suricata IDPE 1.0.3
Posted Apr 14, 2011
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Bugs in the detection engine, TCP stream engine, IP defrag engine, and HTTP parser were fixed.
tags | tool, intrusion detection
systems | unix
SHA-256 | df0245181057603a8dc37c937816adecbd8468cc2531d7431525df8205995d92
Zero Day Initiative Advisory 11-134
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-134 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite r12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RegenerateReport stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the RegenerateReport stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
SHA-256 | 9604c9d1dba521a52fec22695da4ef25091e8b8ac4dd8e7c7d4451edd336a30c
Zero Day Initiative Advisory 11-133
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-133 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeleteReports stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the DeleteReports stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
SHA-256 | 63e6487bc5e04f7f5fb3b9d735fe4a94a20ce08835b90f30d5200a28f74fa88e
NEdit 5.5 Format String
Posted Apr 14, 2011
Authored by Tosh

NEdit version 5.5 suffers from a format string vulnerability.

tags | exploit
SHA-256 | d8284e0cdee8b2f00cd71de61fc4d9da502bf41c1e1e588109e5c736af2dd4d5
Zero Day Initiative Advisory 11-132
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-132 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeleteReportLayout stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the DeleteReportLayout stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
SHA-256 | 142dc870b1e27809cf5462bfb9c020f9b964670c2aa95a15de96b5c4fb38a774
phpAlbum.net 0.4.1-14_fix06 XSS / XSRF / Command Execution
Posted Apr 14, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

phpAlbum.net version 0.4.1-14_fix06 suffers from cross site request forgery, cross site scripting, and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability, xss, csrf
SHA-256 | d3b3b2fe24c513488e371d057b26f458e7b0f4c91bfcc64d6293c28262d7bbbb
HP Security Bulletin HPSBMA02652 SSRT100432 3
Posted Apr 14, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02652 SSRT100432 3 - A potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited resulting in information disclosure. Revision 3 of this advisory.

tags | advisory, info disclosure
systems | linux, windows, solaris, hpux
advisories | CVE-2011-0895
SHA-256 | 2ed6982ddc7b1d8a69aec3fc693b4cf578266cf128028c21fcf97329f26ba511
Help And Manual Professional Edition 5.5.1 DLL Hijack
Posted Apr 14, 2011
Authored by LiquidWorm | Site zeroscience.mk

Help and Manual Professional Edition version 5.5.1 ijl15.dll DLL hijacking exploit.

tags | exploit
systems | windows
SHA-256 | ed443b5344c664ad0b6e377f3582578ad1f8a8c439eea4320164fd0a63b67c77
Qianbo Enterprise Web Site Management System Cross Site Scripting
Posted Apr 14, 2011
Authored by d3c0der

Qianbo Enterprise Web Site Management System suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | fbc64b22694c7ebc103fd98b1868964de106988978c151a96860e9e81840f953
Google Hack DB Tool 1.1
Posted Apr 14, 2011
Authored by SecPoint | Site secpoint.com

Google Hack DB Tool is a database tool with almost 8,000 entries. It allows administrators the ability to check their site for vulnerabilities based on data stored in Google.

Changes: Google query generating option added (-q).
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | 524a9eb3d4e911250194aabce955b783780df355774c38057c3c3e9cd7a7d944
Zero Day Initiative Advisory 11-131
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-131 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NonAssignedUserList stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the NonAssignedUserList stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
SHA-256 | c8588b14f2af9ae6351222e30cea70f2eabb552c5d74b4a76ef031ab0e46d0b7
CA Total Defense SQL Injection / Shell Upload
Posted Apr 14, 2011
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to security risks with CA Total Defense. Multiple vulnerabilities exist that can allow a remote attacker to possibly execute arbitrary code. CA issued an automatic update to address the vulnerabilities. The first set of vulnerabilities are due to insufficient handling of certain request parameters. A remote attacker can use various SQL injection attacks to potentially compromise the Unified Network Control (UNC) Server. The second vulnerability occurs due to insufficient handling of file upload parameters. A remote attacker can upload a file and use it to execute arbitrary code on the Total Defense Management Server. The third vulnerability is due to insufficient protection of sensitive information. A remote attack can acquire account credentials and take privileged action on the Unified Network Control (UNC) Server.

tags | advisory, remote, arbitrary, vulnerability, sql injection, file upload
advisories | CVE-2011-1653, CVE-2011-1654, CVE-2011-1655
SHA-256 | 9697f3a718cfbc9df64ba14c7c65ce50a6f140e9f9064d6822691eb7e5a4adcc
Blackberry WebDesktop Cross Site Scripting
Posted Apr 14, 2011
Authored by Ivan Huertas | Site cybsec.com

CYBSEC Security Advisory - A cross site scripting vulnerability was found in Blackberry WebDektop, because the application fails to sanitize user-supplied input. The vulnerability can be triggered if a logged-in user follows a specially crafted link, executing malicious Javascript code on the user's browser.

tags | exploit, javascript, xss
SHA-256 | 425100c93bdabb1ce32e4448daf3a93ed9596972d3ee05c2e2f14c674f1aeeac
EZ-Shop 1.02 SQL Injection
Posted Apr 14, 2011
Authored by Osirys | Site y-osirys.com

EZ-Shop version 1.02 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 83f97db3a90cce74a879bcd39d3d63097da8549f56aba09ae5f3a6948b2c3fca
Zero Day Initiative Advisory 11-130
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-130 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite Unified Network Control Management Console. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeleteFilter stored procedure, accessed via the MainApplication.html console. The Unified Network Control Management Console listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the DeleteFilter stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
SHA-256 | d01e6cf4fc6bdb05a9814da878a530840c02bb2c5cb63953ab07a0633c7b9416
MIT krb5 Security Advisory 2011-004
Posted Apr 14, 2011
Site web.mit.edu

MIT krb5 Security Advisory 2011-004 - The password-changing capability of the MIT krb5 administration daemon (kadmind) has a bug that can cause it to attempt to free() an invalid pointer under certain error conditions. This can cause the daemon to crash or induce the execution of arbitrary code (which is believed to be difficult). No exploit that executes arbitrary code is known to exist, but it is easy to trigger a denial of service manually.

tags | advisory, denial of service, arbitrary
advisories | CVE-2011-0285
SHA-256 | 0e3e5240220bc86a2ebbd53af919f5eb300431e7d92522bea43cb28a37d3570e
Linux Kernel 2.4 / 2.6 Denial Of Service
Posted Apr 14, 2011
Authored by Timo Warns | Site pre-cert.de

PRE-CERT Security Advisory - The Linux kernel contains a vulnerability that may lead to a denial-of-service due to corrupted partition tables on storage devices. The kernel automatically evaluates partition tables of storage devices. This happens independently of whether any auto-mounting is enabled or not. The code for evaluating EFI GUID partition tables contains a buffer overflow bug that allows to cause kernel oops resulting in a denial of service.

tags | advisory, denial of service, overflow, kernel
systems | linux
advisories | CVE-2011-1577
SHA-256 | c706d8f1111e5e6772c99b27b909ea43d70a53491a02c722e6e124b5baa947eb
Zero Day Initiative Advisory 11-129
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-129 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UnassignAdminRoles stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the UnAssignFunctionalUsers stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
SHA-256 | 0ec175efc79d75101fcc9188b8620d95bc4b3627a90310bc64e0d7834862b9d4
HP Security Bulletin HPSBMA02643 SSRT100416 2
Posted Apr 14, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMA02643 SSRT100416 2 - Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi). One vulnerability could be exploited by a local user to gain unauthorized access to files. The other vulnerability could result in remote cross site scripting (XSS). Revision 2 of this advisory.

tags | advisory, remote, local, vulnerability, xss
advisories | CVE-2011-0897, CVE-2011-0898
SHA-256 | 17dc50058509e2b3ffc2a464fa1d1660fc359f8cd06cfb9692e0d581c4d302b0
HP Security Bulletin HPSBUX02642 SSRT100415
Posted Apr 14, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02642 SSRT100415 - A potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, java, denial of service
systems | linux, windows, solaris, hpux
advisories | CVE-2010-4476
SHA-256 | c0680af27c9227db9da778bd256e51adbfc9635796e940324823d9a8c1b9b4cb
WordPress.com Compromised
Posted Apr 14, 2011
Authored by Matt Mullenweg

This is a blog entry from Matt at WordPress.com noting that they suffered from a break-in to multiple servers.

tags | advisory
SHA-256 | d00d0f5623b0d6b2c4c9dc552b2abc86c3bb5ac713f0ea32c14c2d8e60f84b1b
Uploadform ASP Script Shell Upload
Posted Apr 14, 2011
Authored by Net.Edit0r

The Uploadform ASP script suffers from a shell upload vulnerability.

tags | exploit, shell, asp
SHA-256 | c6100abc466fd1cb381d3b6023c361123c63e39eefc32312bc6c6fd0a12e68ff
TimThumb 1.24 XSS / DoS / Path Disclosure
Posted Apr 14, 2011
Authored by MustLive

TimThumb versions 1.24 and below suffer from cross site scripting, denial of service, path disclosure, and abuse of functionality vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, info disclosure
SHA-256 | c73e2b9a8df7da1c3a2dfe95fb62d16f4824514350f34bc2be9a17f9afe38165
Zero Day Initiative Advisory 11-128
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-128 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UnAssignFunctionalRoles stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the UnAssignFunctionalUsers stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
SHA-256 | d6e71067fdc7623aa9dc1e33e254f51ef48f0e2c1afe154361941ac748d11199
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close