ignore security and it'll go away
Showing 1 - 21 of 21 RSS Feed

Files Date: 2011-05-26 to 2011-05-27

Asterisk 1.8.4 SIP Username Enumeration
Posted May 26, 2011
Authored by Francesco Tornieri

The REGISTER method in use by Asterisk version 1.8.4 allows for remote user enumeration.

tags | exploit, remote
MD5 | 6ace8cf92a25fee42b7224a2a586931f
Mandriva Linux Security Advisory 2011-101
Posted May 26, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-101 - lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service via a crafted e-mail message.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-1929
MD5 | 1600341be1cd72154030a52bf94fa5af
WordPress 2.6 / 3.x User Enumeration
Posted May 26, 2011
Authored by Veronica Valeros | Site talsoft.com.ar

WordPress versions 2.6, 3.1, 3.1.1, 3.1.3, and 3.2-beta2 suffer from a remote user enumeration vulnerability. Proof of concept is provided.

tags | exploit, remote, proof of concept
systems | linux
MD5 | f0552de323e7ca6af87d42a6997e0ed7
Google Chrome Cross Site Scripting Protection Bypass
Posted May 26, 2011
Authored by Manuel Fernandez

A bypass vulnerability has been discovered in the Google Chrome cross site scripting filter.

tags | exploit, xss, bypass
MD5 | 2bb8bbef6d064963a4422cbc671d95d7
RXS-3211 IP Camera Password Disclosure
Posted May 26, 2011
Authored by supernothing

The RXS-3211 IP camera suffers a remote password disclosure vulnerability. Three proof of concepts included.

tags | exploit, remote, proof of concept, info disclosure
systems | linux
MD5 | f669eadda63e8445d0e22c865640d098
Design Extensions SQL Injection / Shell Upload
Posted May 26, 2011
Authored by Kalashinkov3

Design Extensions suffers from shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
MD5 | 19f176eb7d4b973a65e86d5b007fa16b
iDEFENSE Security Advisory 2011-05-24.4
Posted May 26, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 05.24.11 - Remote exploitation of a stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user. <BR> <BR> The vulnerability occurs during the processing of tag information contained within an Applix document. A memory copy operation within a loop may cause tag data to overflow the bounds of a stack buffer. This condition may lead to arbitrary code execution. Lotus Notes versions 6.0, 6.5, 7.0, 8.0, 8.5 are vulnerable.

tags | advisory, remote, overflow, arbitrary, code execution
MD5 | d2ef9e2eb6a92afdd050132ac7698135
iDEFENSE Security Advisory 2011-05-24.1
Posted May 26, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 05.24.11 - Remote exploitation of a stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability occurs during the processing of header information contained within a LZH archive file. A length calculation may cause an integer value to underflow and result in a large length value. A memory copy operation using the length value may cause LZH data to overflow the bounds of a stack buffer. This condition may lead to arbitrary code execution. Lotus Notes versions 6.0, 6.5, 7.0, 8.0, 8.5 are vulnerable.

tags | advisory, remote, overflow, arbitrary, code execution
MD5 | b7ff13c0677bbee84d79455b1f6e08f9
iDEFENSE Security Advisory 2011-05-24.3
Posted May 26, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 05.24.11 - Remote exploitation of a stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability occurs during the processing of hyperlink information contained within a Microsoft Office Document (DOC) file. The hyperlink may be crafted in a manner which can cause a strcpy function call to overflow the bounds of a stack buffer. This condition may lead to arbitrary code execution. Lotus Notes versions 6.0, 6.5, 7.0, 8.0, 8.5 are vulnerable.

tags | advisory, remote, overflow, arbitrary, code execution
MD5 | a07968869bfc83922e7b357c773c6b89
Cisco Security Advisory 20110525-iosxr-ssh
Posted May 26, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS XR Software contains a vulnerability in the SSH application that may result in a denial of service condition when the SSH version 1 (SSHv1) protocol is used. The vulnerability is a result of unremoved sshd_lock files consuming all available space in the /tmp filesystem. Cisco has released free software updates that address this vulnerability.

tags | advisory, denial of service, protocol
systems | cisco, osx
advisories | CVE-2011-0949
MD5 | 3c78b9d0c5c90e2a3a665f42ed2b6ce6
Cisco Security Advisory 20110525-iosxrspa
Posted May 26, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS XR Software Releases 3.9.0, 3.9.1, 3.9.2, 4.0.0, 4.0.1, 4.0.2, and 4.1.0 are affected by a vulnerability that an unauthenticated, remote user could use to trigger a reload of the Shared Port Adapters (SPA) Interface Processor by sending specific IP version 4 (IPv4) packets to an affected device. Cisco has released free Software Maintenance Units (SMU) that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote
systems | cisco, osx
advisories | CVE-2011-1651
MD5 | 12add70cc9f33c5db0c30032bc5c9ff7
Allwin WinExec Add Administrator Shellcode
Posted May 26, 2011
Authored by RubberDuck

272 bytes small Allwin WinExec add new local administrator and ExitProcess shellcode.

tags | local, shellcode
MD5 | a79274c69a9c1455b41b27fa89d3b850
iDEFENSE Security Advisory 2011-05-24.2
Posted May 26, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 05.24.11 - Remote exploitation of a stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability occurs during the processing of hyperlink information contained within a Rich Text Format (RTF) document. The hyperlink may be crafted in a manner which can cause a strcpy function call to overflow the bounds of a stack buffer. This condition may lead to arbitrary code execution. Lotus Notes versions 6.0, 6.5, 7.0, 8.0, 8.5 are vulnerable.

tags | advisory, remote, overflow, arbitrary, code execution
MD5 | 5066dfcf2cb4181aa8be510179a61c21
Cisco Security Advisory 20110525-iosxr
Posted May 26, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS XR Software Releases 3.8.3, 3.8.4, and 3.9.1 are affected by a vulnerability that an unauthenticated, remote user can trigger by sending specific IP version 4 (IPv4) packets to or through an affected device. Successful exploitation could cause the NetIO process to restart. Under a sustained attack, the Cisco CRS Modular Services Card (MSC) on a Cisco Carrier Routing System (CRS) or a Line Card on a Cisco 12000 Series Router or Cisco ASR 9000 Series Aggregation Services Router will reload. Cisco has released free Software Maintenance Units (SMU) that address this vulnerability. There are no workarounds for this vulnerability.

tags | advisory, remote
systems | cisco, osx
advisories | CVE-2011-0943
MD5 | 45db01e39d8a201e14359fc3bac2099e
Pixprod SQL Injection
Posted May 26, 2011
Authored by Kalashinkov3

Pixprod suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a5400557b9964870283911c9043ac44a
Cisco Security Advisory 20110525-rvs4000
Posted May 26, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco RVS4000 4-port Gigabit Security Routers and Cisco WRVS4400N Wireless-N Gigabit Security Routers have several web interface vulnerabilities that can be exploited by a remote, unauthenticated user. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

tags | advisory, remote, web, vulnerability
systems | cisco
MD5 | f57c73d004bfdd093bee4b9e0eb6f23e
Cisco Security Advisory 20110525-spcdn
Posted May 26, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco Internet Streamer application, part of the Cisco Content Delivery System (Cisco CDS), contains a vulnerability in its web server component that could cause the web server engine to crash when processing specially crafted URLs. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, web
systems | cisco
advisories | CVE-2011-1649
MD5 | 7cdff880ad12bdb5b24fc895cae8dc0c
Debian Security Advisory 2242-1
Posted May 26, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2242-1 - It was discovered that the STARTTLS implementation of the Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place.

tags | advisory, imap
systems | linux, debian
advisories | CVE-2011-1926
MD5 | d20e8cec88afe776aee621e23ae7d78f
Ubuntu Security Notice USN-1136-1
Posted May 26, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1136-1 - It was discovered that rdesktop incorrectly handled specially crafted paths when using disk redirection. If a user were tricked into connecting to a malicious server, an attacker could access arbitrary files on the user's filesystem.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-1595
MD5 | db918de589fcf1606a3d6995eb6f2abf
Ubuntu Security Notice USN-1135-1
Posted May 26, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1135-1 - It was discovered that the Exim daemon did not correctly handle certain DKIM identities. A remote attacker could send specially crafted email to run arbitrary code as the Exim user.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-1407
MD5 | 7cd56abe04fa6ff5de5c6a47f677b9a3
AWStats Totals 1.14 Remote Command Execution
Posted May 26, 2011
Authored by Patrick Webster | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the AWStats Totals PHP script. AWStats Totals version v1.0 - v1.14 are vulnerable.

tags | exploit, arbitrary, php
advisories | CVE-2008-3922, OSVDB-47807
MD5 | b51970618acc82762fe370a163a1d655
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    6 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close