exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2011-05-26 to 2011-05-27

Asterisk 1.8.4 SIP Username Enumeration
Posted May 26, 2011
Authored by Francesco Tornieri

The REGISTER method in use by Asterisk version 1.8.4 allows for remote user enumeration.

tags | exploit, remote
SHA-256 | 0066c93ed79feb1bd8f0719d5c48a08e733fb8a5cfe1689acb5d5038f5c6a643
Mandriva Linux Security Advisory 2011-101
Posted May 26, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-101 - lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service via a crafted e-mail message.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-1929
SHA-256 | 35441f3acca0c62584cc4ccaf85769dcc37fed324a8a8c976f3e8c4d50eeaf10
WordPress 2.6 / 3.x User Enumeration
Posted May 26, 2011
Authored by Veronica Valeros | Site talsoft.com.ar

WordPress versions 2.6, 3.1, 3.1.1, 3.1.3, and 3.2-beta2 suffer from a remote user enumeration vulnerability. Proof of concept is provided.

tags | exploit, remote, proof of concept
systems | linux
SHA-256 | 92185d9250787546800d4c9ddbe8a60b118b0ec4a2c58e59fc36ec4ac8449708
Google Chrome Cross Site Scripting Protection Bypass
Posted May 26, 2011
Authored by Manuel Fernandez

A bypass vulnerability has been discovered in the Google Chrome cross site scripting filter.

tags | exploit, xss, bypass
SHA-256 | b886bd58cbc97af25ae7bfe032c24f90a0af6592e1298754105810d537a22a39
RXS-3211 IP Camera Password Disclosure
Posted May 26, 2011
Authored by supernothing

The RXS-3211 IP camera suffers a remote password disclosure vulnerability. Three proof of concepts included.

tags | exploit, remote, proof of concept, info disclosure
systems | linux
SHA-256 | 7a9fa6381cb300874d71bdda164f95ddfe8413953deed572858f6cc994849a74
Design Extensions SQL Injection / Shell Upload
Posted May 26, 2011
Authored by Kalashinkov3

Design Extensions suffers from shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
SHA-256 | 2f69b55a2460678d60c9aebcf63d8418d63dbe9fb83edcba15217f385cd882d3
iDEFENSE Security Advisory 2011-05-24.4
Posted May 26, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 05.24.11 - Remote exploitation of a stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user. <BR> <BR> The vulnerability occurs during the processing of tag information contained within an Applix document. A memory copy operation within a loop may cause tag data to overflow the bounds of a stack buffer. This condition may lead to arbitrary code execution. Lotus Notes versions 6.0, 6.5, 7.0, 8.0, 8.5 are vulnerable.

tags | advisory, remote, overflow, arbitrary, code execution
SHA-256 | a8a2aeff464a0fe8020b6d54159559ad4b0b08a4817d14678068c1e961f04339
iDEFENSE Security Advisory 2011-05-24.1
Posted May 26, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 05.24.11 - Remote exploitation of a stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability occurs during the processing of header information contained within a LZH archive file. A length calculation may cause an integer value to underflow and result in a large length value. A memory copy operation using the length value may cause LZH data to overflow the bounds of a stack buffer. This condition may lead to arbitrary code execution. Lotus Notes versions 6.0, 6.5, 7.0, 8.0, 8.5 are vulnerable.

tags | advisory, remote, overflow, arbitrary, code execution
SHA-256 | 5fd65cb5d6986403e249afb125a0e9a9ae2a97494d1f961b19e52d154e4bb671
iDEFENSE Security Advisory 2011-05-24.3
Posted May 26, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 05.24.11 - Remote exploitation of a stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability occurs during the processing of hyperlink information contained within a Microsoft Office Document (DOC) file. The hyperlink may be crafted in a manner which can cause a strcpy function call to overflow the bounds of a stack buffer. This condition may lead to arbitrary code execution. Lotus Notes versions 6.0, 6.5, 7.0, 8.0, 8.5 are vulnerable.

tags | advisory, remote, overflow, arbitrary, code execution
SHA-256 | b15fb89627d7d366ecb6420f9f310e69bae8829c1cf7710622a7e5e5358e3e65
Cisco Security Advisory 20110525-iosxr-ssh
Posted May 26, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS XR Software contains a vulnerability in the SSH application that may result in a denial of service condition when the SSH version 1 (SSHv1) protocol is used. The vulnerability is a result of unremoved sshd_lock files consuming all available space in the /tmp filesystem. Cisco has released free software updates that address this vulnerability.

tags | advisory, denial of service, protocol
systems | cisco, osx
advisories | CVE-2011-0949
SHA-256 | 9423a49d885a27cb66c986c0b9fafb190ceaa087a348da8289b4575851d9205f
Cisco Security Advisory 20110525-iosxrspa
Posted May 26, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS XR Software Releases 3.9.0, 3.9.1, 3.9.2, 4.0.0, 4.0.1, 4.0.2, and 4.1.0 are affected by a vulnerability that an unauthenticated, remote user could use to trigger a reload of the Shared Port Adapters (SPA) Interface Processor by sending specific IP version 4 (IPv4) packets to an affected device. Cisco has released free Software Maintenance Units (SMU) that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote
systems | cisco, osx
advisories | CVE-2011-1651
SHA-256 | 9539674a9114ed61cd79a7256bba7ce6d3d1aff1f5341bc6c64b426f3af70e38
Allwin WinExec Add Administrator Shellcode
Posted May 26, 2011
Authored by RubberDuck

272 bytes small Allwin WinExec add new local administrator and ExitProcess shellcode.

tags | local, shellcode
SHA-256 | fcffff604ac12f2370e0553cc5fcf04d5217fdf0a4406d5e7ccede4416d5d574
iDEFENSE Security Advisory 2011-05-24.2
Posted May 26, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 05.24.11 - Remote exploitation of a stack buffer overflow vulnerability in IBM Corp.'s Lotus Notes could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability occurs during the processing of hyperlink information contained within a Rich Text Format (RTF) document. The hyperlink may be crafted in a manner which can cause a strcpy function call to overflow the bounds of a stack buffer. This condition may lead to arbitrary code execution. Lotus Notes versions 6.0, 6.5, 7.0, 8.0, 8.5 are vulnerable.

tags | advisory, remote, overflow, arbitrary, code execution
SHA-256 | 91558b82ec933f7adde1fcb12364cda4ebd05a89100271d7b360fcdea95e4c7d
Cisco Security Advisory 20110525-iosxr
Posted May 26, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS XR Software Releases 3.8.3, 3.8.4, and 3.9.1 are affected by a vulnerability that an unauthenticated, remote user can trigger by sending specific IP version 4 (IPv4) packets to or through an affected device. Successful exploitation could cause the NetIO process to restart. Under a sustained attack, the Cisco CRS Modular Services Card (MSC) on a Cisco Carrier Routing System (CRS) or a Line Card on a Cisco 12000 Series Router or Cisco ASR 9000 Series Aggregation Services Router will reload. Cisco has released free Software Maintenance Units (SMU) that address this vulnerability. There are no workarounds for this vulnerability.

tags | advisory, remote
systems | cisco, osx
advisories | CVE-2011-0943
SHA-256 | 104b800be8c77a505b91bf3100798e33c89caffc08b201eb0f299c45534c3b87
Pixprod SQL Injection
Posted May 26, 2011
Authored by Kalashinkov3

Pixprod suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4f14da5e2eba7ca7a8a87f39094df5b3d376593cf4a135c3881900789951bcc1
Cisco Security Advisory 20110525-rvs4000
Posted May 26, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco RVS4000 4-port Gigabit Security Routers and Cisco WRVS4400N Wireless-N Gigabit Security Routers have several web interface vulnerabilities that can be exploited by a remote, unauthenticated user. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

tags | advisory, remote, web, vulnerability
systems | cisco
SHA-256 | 6b4b4001597fa9f57b57ab89c6a63a8d46be1b90e97b71fe1bd90c4cf53e75c6
Cisco Security Advisory 20110525-spcdn
Posted May 26, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco Internet Streamer application, part of the Cisco Content Delivery System (Cisco CDS), contains a vulnerability in its web server component that could cause the web server engine to crash when processing specially crafted URLs. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, web
systems | cisco
advisories | CVE-2011-1649
SHA-256 | 6cb9ce2c097b9a758a4ae01c01194219e532506c121678b7559349ee9c251344
Debian Security Advisory 2242-1
Posted May 26, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2242-1 - It was discovered that the STARTTLS implementation of the Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place.

tags | advisory, imap
systems | linux, debian
advisories | CVE-2011-1926
SHA-256 | f37324dcc067286882e574ec8915f95149ac06b8464188d28a9c6684f2be52e4
Ubuntu Security Notice USN-1136-1
Posted May 26, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1136-1 - It was discovered that rdesktop incorrectly handled specially crafted paths when using disk redirection. If a user were tricked into connecting to a malicious server, an attacker could access arbitrary files on the user's filesystem.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-1595
SHA-256 | ebce6c817bd2bcfae813dc2229b4d0307bf51191961d75e66134340473967ee4
Ubuntu Security Notice USN-1135-1
Posted May 26, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1135-1 - It was discovered that the Exim daemon did not correctly handle certain DKIM identities. A remote attacker could send specially crafted email to run arbitrary code as the Exim user.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-1407
SHA-256 | 53826affe70ab5b8f32b22d9e0b121325db32ab7b83f1513cc66b90200261ecd
AWStats Totals 1.14 Remote Command Execution
Posted May 26, 2011
Authored by Patrick Webster | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the AWStats Totals PHP script. AWStats Totals version v1.0 - v1.14 are vulnerable.

tags | exploit, arbitrary, php
advisories | CVE-2008-3922, OSVDB-47807
SHA-256 | 5a5ef1d851e7541e28de7b53546932d0881adc18c9f19c4d8ea20156248a6ea5
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close