what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 38 RSS Feed

Files Date: 2011-10-20 to 2011-10-21

HP Power Manager 'formExportDataLogs' Buffer Overflow
Posted Oct 20, 2011
Authored by Alin Rad Pop, sinn3r, ipax | Site metasploit.com

This Metasploit module exploits a buffer overflow in HP Power Manager's 'formExportDataLogs'. By creating a malformed request specifically for the fileName parameter, a stack-based buffer overflow occurs due to a long error message (which contains the fileName), which may result in arbitrary remote code execution under the context of 'SYSTEM'.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | CVE-2009-3999
SHA-256 | 0e4c84f448f90124f9f12c53d533fe71d62881437ab85d0ea37f8f9dff741fe0
Ubuntu Security Notice USN-1235-1
Posted Oct 20, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1235-1 - Colin Watson discovered that iscsi_discovery in Open-iSCSI did not safely create temporary files. A local attacker could exploit this to to overwrite arbitrary files with root privileges.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2009-1297
SHA-256 | 4c6627307c93273bcf8436a3a9536516d67d681c3df14f342a64dda58cbab3c3
Debian Security Advisory 2324-1
Posted Oct 20, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2324-1 - The Microsoft Vulnerability Research group discovered that insecure load path handling could lead to execution of arbitrary Lua script code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2011-3360
SHA-256 | 9829b33336676c8fda20a44bf2bf4221d9194c7f95427d3ce90e35f02d3cf6af
Red Hat Security Advisory 2011-1392-01
Posted Oct 20, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1392-01 - The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3368
SHA-256 | 38d5d3cdd137a8ddd27f61f26b4d6bd80a8be345b51f7fcd45471eb5bb0f29ba
OCS Inventory NG 2.0.1 Cross Site Scripting
Posted Oct 20, 2011
Authored by Nicolas DEROUET

OCS Inventory NG version 2.0.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2011-4024
SHA-256 | 2edc29ba63a069d988d3b4b142e76efb8065de62461e42ceb42809493e2fbbd2
HP Security Bulletin HPSBPI02711 SSRT100647
Posted Oct 20, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02711 SSRT100647 - A potential security vulnerability has been identified with HP MFP Digital Sending Software running on Windows. The vulnerability could result in disclosure of personal information contained in workflow metadata to unintended recipients. Revision 1 of this advisory.

tags | advisory
systems | windows
advisories | CVE-2011-3163
SHA-256 | 25b09fb50cf641df93774cc845e055eabec6ea70cc83a3964de6ca4024915972
Opera Use-After-Free Proof Of Concept
Posted Oct 20, 2011
Authored by Roberto Suggi Liverani

Opera use-after-free proof of concept denial of service exploit. A full analysis is provided as well.

tags | exploit, denial of service, proof of concept
SHA-256 | 8419c6bd6968801cd9b15a92576ef242081b83329fd21b4ab556bdc4d0c512c6
Ubuntu Security Notice USN-1236-1
Posted Oct 20, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1236-1 - It was discovered that the Auerswald usb driver incorrectly handled lengths of the USB string descriptors. A local attacker with physical access could insert a specially crafted USB device and gain root privileges. It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. Various other issues were also addressed.

tags | advisory, remote, local, root, protocol
systems | linux, ubuntu
advisories | CVE-2009-4067, CVE-2011-1573, CVE-2011-2494, CVE-2011-2495, CVE-2011-3188
SHA-256 | b0bddf24cb995158c0eba5cfbdda2ed4a77f0705cd513bca55d2c0b412b0ac28
MIT krb5 Security Advisory 2011-006
Posted Oct 20, 2011
Site web.mit.edu

MIT krb5 Security Advisory 2011-006 - In releases krb5-1.9 and later, the KDC can crash due to a null pointer dereference if configured to use the LDAP back end. A trigger condition is publicly known but not known to be widely circulated. In releases krb5-1.8 and later, the KDC can crash due to an assertion failure. No exploit is known to exist, but there is public evidence that the unidentified trigger condition occurs in the field. In releases krb5-1.8 and later, the KDC can crash due to a null pointer dereference. No exploit is known to exist.

tags | advisory
advisories | CVE-2011-1527, CVE-2011-1528, CVE-2011-1529
SHA-256 | 8b04ece8c34bca3fda0990a86bfcf42198a26b09a9a26da0008d965a7b170253
Ubuntu Security Notice USN-1234-1
Posted Oct 20, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1234-1 - Vasiliy Kulikov discovered that acpid did not properly handle connections from poorly behaving clients. A local attacker could potentially exploit this to cause a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2011-1159
SHA-256 | 985aaa6d61e0f759fa5bd45f5426e0d1f307709b65882f1516bfc941c175725c
Red Hat Security Advisory 2011-1391-01
Posted Oct 20, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1391-01 - The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP servers for the retry timeout period or until all back-end servers were marked as failed.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3348, CVE-2011-3368
SHA-256 | fa52da6f043cacb48e73017394b763ecd084cb2327279a656bc387db875101fc
Red Hat Security Advisory 2011-1386-01
Posted Oct 20, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1386-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. Various other issues in the kernel have also been addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2009-4067, CVE-2011-1160, CVE-2011-1585, CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-2695, CVE-2011-2699, CVE-2011-2723, CVE-2011-2942, CVE-2011-3131, CVE-2011-3188, CVE-2011-3191, CVE-2011-3209, CVE-2011-3347
SHA-256 | a292c5086756cbebf4c05054f127313991d1329a2c63d6296b2aa08d6948fc72
Skype VoIP Zero Day Exploitation
Posted Oct 20, 2011
Authored by Benjamin Kunz Mejri, Pim J.F. Campers

Whitepaper called Skype Voice Over IP Software Vulnerabilities, Techniques and Methods - Zero Day Exploitation 2011.

tags | paper, vulnerability
SHA-256 | b0175858820b9e6438b1ec0ef4a41eeaa2957167c87f13ca78bade3f36b4401a
Cyclope Internet Filtering Proxy Cross Site Scripting
Posted Oct 20, 2011
Authored by loneferret

Cyclope Internet Filtering Proxy suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2ae6988217abbff9103711510b40b94c33812480a0cbdbb90ceefbd299e54ed1
Metasploit 4.1.0 Web UI Cross Site Scripting
Posted Oct 20, 2011
Authored by Stefan Schurtz

The Web UI in Metasploit version 4.1.0 suffers from a stored cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | 52ef03907b06a53b203a4e0f97b5e303c2199dd0b475cf6d74c7c993198f3050
Pre Studio Business Cards Designer SQL Injection
Posted Oct 20, 2011
Authored by dr_zig

Pre Studio Business Cards Designer suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 02b79738b456b46a060f9c6796dd51ab2a9e4766147700841e7356ca484f1d2c
Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers Buffer Overflow
Posted Oct 20, 2011
Authored by rgod | Site retrogod.altervista.org

Oracle DataDirect multiple native wire protocol ODBC drivers HOST attribute stack based buffer overflow proof of concept exploit. Oracle Hyperion Performance Management and BI version 11.1.2.1.0 is affected.

tags | exploit, overflow, protocol, proof of concept
SHA-256 | 819a9a7103b651bf569460c2245b8f99e365a77da86f7f58d8d1faa6db2a9fe0
HP Security Bulletin HPSBMU02716 SSRT100651
Posted Oct 20, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02716 SSRT100651 - Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely exploited to allow execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2011-3156, CVE-2011-3157, CVE-2011-3158, CVE-2011-3159, CVE-2011-3160, CVE-2011-3161, CVE-2011-3162
SHA-256 | b7853ac47e9218a7955989ca50fa8ca63e277aa9d5506ea37926e5b1dba524da
Tine 2.0 Cross Site Scripting
Posted Oct 20, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Tine version 2.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 694f7255e76308ce35b0db450a361b7ae0102347788c3d19b4f0a1d65da87496
Uiga Personal Portal Cross Site Scripting / Blind SQL Injection
Posted Oct 20, 2011
Authored by Eyup CELIK

Uiga Personal Portal suffers from cross site scripting and remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 0850b0373ceb33e2e98600dcf74d17019ae0aceb37c2be131cea4721f59bce44
CMSmini 0.2.2 Local File Inclusion
Posted Oct 20, 2011
Authored by I2Sec5-BSK

CMSmini version 0.2.2 suffers from a local file inclusion vulnerability in edit.php.

tags | exploit, local, php, file inclusion
SHA-256 | 702805a640d6eda3e44aef5fc8e7038fa46cbbcbc0b37d8ffa490299862bfbe4
UnrealIRCd 3.2.8.1 Stack Overflow
Posted Oct 20, 2011
Authored by DiGMi

UnrealIRCd version 3.2.8.1 local configuration stack overflow proof of concept exploit.

tags | exploit, overflow, local, proof of concept
SHA-256 | 71bfcad8bcbf78c8eb8c2135b6b8bf5399b78eae5d03c67e7d5e4610dc3236e6
Opera 11.52 Stack Overflow
Posted Oct 20, 2011
Authored by pigtail23

Opera versions 11.52 and below proof of concept stack overflow exploit.

tags | exploit, overflow, proof of concept
SHA-256 | d8e6d58f0c40d06f09f7f9e1562cc78db5502eabbfa08a284ed2ca5e41060dd9
Opera 11.52 Denial Of Service
Posted Oct 20, 2011
Authored by pigtail23

Opera versions 11.52 and below proof of concept denial of service exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | 2a6758138a9765d3cc1929bce5ecaa3ec9bfcd4368b4177f67a84d7ea0a2adb9
Secunia Security Advisory 46484
Posted Oct 20, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in wizmall, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory, vulnerability
SHA-256 | 3ab2a1917dbe0d94017ced6564a53e892c085c7fd447a3ac16881a8819070988
Page 1 of 2
Back12Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close