exploit the possibilities
Showing 26 - 46 of 46 RSS Feed

Files Date: 2011-10-13 to 2011-10-14

CalDAV SSL Certificate Validation
Posted Oct 13, 2011
Authored by Knud | Site nsense.fi

nSense Vulnerability Research Security Advisory - The calendar synchronization feature of iOS fails to validate the SSL certificate provided by the server. Therefore, CalDAV communication can be intercepted by a basic man in the middle attack. As every request contains a HTTP basic authentication header, which contains base64-encoded credentials, it is possible to intercept email account credentials by an attacker that is suitably positioned (e.g. the same LAN, WLAN) or is able to tamper with DNS records pointing to the CalDAV server. The application accepts the untrusted certificate without any warning or prompt, so the attack will go unnoticed by the user.

tags | advisory, web
systems | cisco
advisories | CVE-2011-3253
MD5 | 19bee85cade96df9b286ed03fb3f74ac
Procyon Core Server 1.06 Code Execution
Posted Oct 13, 2011
Authored by Knud | Site nsense.fi

nSense Vulnerability Research Security Advisory - The coreservice.exe process in Procyon core server versions 1.06 and below contains a remotely exploitable memory corruption flaw which allows for remote code execution. The affected component is coreservice.exe, which listens on port 23, running as SYSTEM. Sending a long string will trigger the overflow.

tags | advisory, remote, overflow, code execution
MD5 | 7862be1d876807d2610afc63f38d61f6
Azeotech DAQFactory Shutdown
Posted Oct 13, 2011
Authored by Knud | Site nsense.fi

nSense Vulnerability Research Security Advisory - The default configuration in Azeotech DAQFactory allows network connections towards the HMI without authentication. This allows an attacker on the network to shut down the machine running the HMI software by sending a simple packet.

tags | advisory
MD5 | 3b73d93eb551ee32d922981d78b2a635
BugFree 2.1.3 Cross Site Scripting
Posted Oct 13, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

BugFree version 2.1.3 suffers from multiple cross site scripting vulnerabilities. It suffers from irony as well.

tags | exploit, vulnerability, xss
MD5 | c6a8d973eb4d876a0e4ad55476f26694
WordPress GD Star Rating 1.9.10 SQL Injection
Posted Oct 13, 2011
Authored by Miroslav Stampar

WordPress GD Star Rating plugin versions 1.9.10 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 23bcaee3da77d671f7baa2dc016410fd
Mozilla Firefox Integer Overflow
Posted Oct 13, 2011
Authored by Matteo Memelli

Mozilla Firefox Integer Overflow | Mozilla Firefox Array.reduceRight() integer overflow exploit. James Besmertnuk has reported that this vulnerability is still present in Firefox version 9.0.1.

tags | exploit, overflow
advisories | CVE-2011-2371
MD5 | 0c130b815fbf67b41e790fd6a0e12dee
MyBB MyStatus 3.1 SQL Injection
Posted Oct 13, 2011
Authored by Mario_Vs

MyBB MyStatus version 3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 14f016373a49eb56222496064ead9497
Apple Security Advisory 2011-10-12-6
Posted Oct 13, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-12-6 - Numbers for iOS version 1.5 is now available and addresses multiple arbitrary code execution vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | cisco, apple
advisories | CVE-2010-3785, CVE-2010-3786
MD5 | 2d1aa505c9ce508e61ce0f974c69f5eb
Apple Security Advisory 2011-10-12-5
Posted Oct 13, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-12-5 - Pages for iOS version 1.5 is now available and addresses an arbitrary code execution vulnerability.

tags | advisory, arbitrary, code execution
systems | cisco, apple
advisories | CVE-2011-1417
MD5 | 814b045b5ba12eed0768a2fba86854dd
Apple Security Advisory 2011-10-12-4
Posted Oct 13, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-12-4 - Safari version 5.1.1 is now available and addresses a directory traversal issue, a policy issue, various arbitrary code execution issues, and 40+ other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2011-1440, CVE-2011-2338, CVE-2011-2339, CVE-2011-2341, CVE-2011-2351, CVE-2011-2352, CVE-2011-2354, CVE-2011-2356, CVE-2011-2359, CVE-2011-2788, CVE-2011-2790, CVE-2011-2792, CVE-2011-2797, CVE-2011-2799, CVE-2011-2800, CVE-2011-2805, CVE-2011-2809, CVE-2011-2811, CVE-2011-2813, CVE-2011-2814, CVE-2011-2815, CVE-2011-2816, CVE-2011-2817, CVE-2011-2818, CVE-2011-2819, CVE-2011-2820, CVE-2011-2823, CVE-2011-2827
MD5 | 8323a156c78b831dd67558b61d64c06b
Apple Security Advisory 2011-10-12-3
Posted Oct 13, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-12-3 - OS X Lion has a security update available that addresses findings in Apache, a format string vulnerability in the Application Firewall, an arbitrary code execution vulnerability when viewing a malicious font via ATS, and 60+ other issues.

tags | advisory, arbitrary, code execution
systems | apple, osx
advisories | CVE-2009-4022, CVE-2010-0097, CVE-2010-1157, CVE-2010-1634, CVE-2010-2089, CVE-2010-2227, CVE-2010-3436, CVE-2010-3613, CVE-2010-3614, CVE-2010-3718, CVE-2010-4172, CVE-2010-4645, CVE-2011-0013, CVE-2011-0185, CVE-2011-0187, CVE-2011-0224, CVE-2011-0226, CVE-2011-0229, CVE-2011-0230, CVE-2011-0231, CVE-2011-0249, CVE-2011-0250, CVE-2011-0251, CVE-2011-0252, CVE-2011-0259, CVE-2011-0260, CVE-2011-0411, CVE-2011-0419
MD5 | 50a5772c2540863ea47a21c4c5193ca5
Apple Security Advisory 2011-10-12-2
Posted Oct 13, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-12-2 - An Apple TV software update is now available and addresses credential interception, spoofing, information disclosure, and various other vulnerabilities.

tags | advisory, spoof, vulnerability, info disclosure
systems | apple
advisories | CVE-2011-0192, CVE-2011-0216, CVE-2011-0241, CVE-2011-3232, CVE-2011-3259, CVE-2011-3389, CVE-2011-3427
MD5 | f7ecb16f29f9a2120d8891dddb899d50
Apple Security Advisory 2011-10-12-1
Posted Oct 13, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-12-1 - An iOS 5 software update is now available. It addresses an SSL check in CalDAV, a script injection issue in Calendar, issues in CFNetwork, and 90+ other security issues.

tags | advisory
systems | cisco, apple
advisories | CVE-2011-0166, CVE-2011-0184, CVE-2011-0187, CVE-2011-0192, CVE-2011-0206, CVE-2011-0208, CVE-2011-0216, CVE-2011-0218, CVE-2011-0221, CVE-2011-0222, CVE-2011-0225, CVE-2011-0232, CVE-2011-0233, CVE-2011-0234, CVE-2011-0235, CVE-2011-0238, CVE-2011-0241, CVE-2011-0242, CVE-2011-0254, CVE-2011-0255, CVE-2011-0259, CVE-2011-0981, CVE-2011-0983, CVE-2011-1107, CVE-2011-1109, CVE-2011-1114, CVE-2011-1115, CVE-2011-1117
MD5 | 3e86039d23b7ab5190aefb21af1de575
Core Security Technologies Advisory 2011.0106
Posted Oct 13, 2011
Authored by Core Security Technologies, Daniel Kazimirow | Site coresecurity.com

Core Security Technologies Advisory - Microsoft Publisher is a desktop publishing application from Microsoft that uses a proprietary file format (.pub). A vulnerability has been found in Publisher 2007, that can be leveraged by an attacker to execute arbitrary code by enticing users to insert a specially-crafted .pub file into a document.

tags | advisory, arbitrary
advisories | CVE-2011-1508
MD5 | a5ecd4fc872d67b9589729947f9c3e56
AppSec 2012 Call For Papers
Posted Oct 13, 2011
Site appsecdc.org

OWASP is currently soliciting papers for the OWASP AppSec DC 2012 conference that will take place at the Walter E. Washington Convention Center in Washington, DC from April 2nd through the 5th.

tags | paper, conference
MD5 | 26fde4652527413054fe4c9d35c1bd35
Destination Search 4.0 Access Bypass
Posted Oct 13, 2011
Authored by Drew Calcott | Site security-assessment.com

Destination Search version 4.0 suffers from a direct access administrative console access control bypass vulnerability.

tags | exploit, bypass
MD5 | 30f562c7d11ae81721953576300a1c8f
Adobe FMS 3.5.6 / 4.0.2 Denial Of Service
Posted Oct 13, 2011
Authored by Knud | Site nsense.fi

nSense Vulnerability Research Security Advisory - Adobe Flash Media Servers (FMS) versions 3.5.6 and below and 4.0.2 and below suffer from a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2011-2132
MD5 | 23a956a7ad381717f9d1fb6744195484
Supermicro IPMI Default Accounts
Posted Oct 13, 2011
Authored by Floris Bos

The IPMI functionality of some Supermicro mainboards comes with two admin accounts by default but the manufacturer only notes that you should change the password for the ADMIN account. However, a second account, Anonymous, exists.

tags | exploit
MD5 | 472970e06e5c66907605029a18b48df1
WordPress Pretty Link 1.4.56 Cross Site Scripting
Posted Oct 13, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

The Pretty Link WordPress plugin version 1.4.56 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 183be2229a94ff73e1a58f5040d0c1e6
Supermicro IPMI Password Disclosure
Posted Oct 13, 2011
Authored by Floris Bos

The backup function for Supermicro IPMI backs up in a public web location allowing for remote disclosure.

tags | exploit, remote, web
MD5 | 37d868c03ee6e508687c679881037e4c
Buffer Overflow Exploitation - SEH
Posted Oct 13, 2011
Authored by Khalil Ezhani

Whitepaper called Buffer Overflow Exploitation - SEH.

tags | paper, overflow
MD5 | 7deb40adb97283b34aa30e5141c3e018
Page 2 of 2
Back12Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    28 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close