exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files Date: 2011-12-22 to 2011-12-23

phpMyAdmin 3.4.8 Cross Site Scripting
Posted Dec 22, 2011
Authored by Jason Leyrer | Site trustwave.com

phpMyAdmin version 3.4.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2011-4782
SHA-256 | a8c40f3aee84c74d540c2097d20b0799688cc7300895c4ba59bc51a7b094009f
Debian Security Advisory 2369-1
Posted Dec 22, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2369-1 - It was discovered that libsoup2.4, a HTTP library implementation in C, is not properly validating input when processing requests made to SoupServer. A remote attacker can exploit this flaw to access system files via a directory traversal attack.

tags | advisory, remote, web
systems | linux, debian
advisories | CVE-2011-2524
SHA-256 | e634802cfae069d5d50208bd0bc4815d5ddbbfd3098ea941bd70b031e1a7a505
False SQL Injection / Advanced Blind SQL Injection
Posted Dec 22, 2011
Authored by wh1ant

This is a brief whitepaper called False SQL Injection and Advanced Blind SQL Injection.

tags | paper, sql injection
SHA-256 | c69a3b2da9530405c3ed93af845dd91cd134b73575ef841656393f8c04acc185
Zero Day Initiative Advisory 11-354
Posted Dec 22, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-354 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely create arbitrary files.

tags | advisory, remote, arbitrary, asp
advisories | CVE-2011-4168
SHA-256 | f0495e468274c9e38b074f2dfd175ca4189b4a874d12ce564e49d2ef2f0d5c5d
Red Hat Security Advisory 2011-1850-01
Posted Dec 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1850-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access to the entire block device.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-4127
SHA-256 | 22b74347f86b8270406e2b6e7d57aac603828a1c39676ba682aa4f68f794b50d
Drupal 6.22 / SuperCron 6.x-1.3 Cross Site Scripting
Posted Dec 22, 2011
Authored by Justin C. Klein Keane

Drupal version 6.22 with SuperCron version 6.x-1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8a89f2d6aafb86f8a2a868799cba22ec0847d46793c38a7e65f20270b976c80e
Whois Cart Billing Cross Site Scripting / Disclosure
Posted Dec 22, 2011
Authored by Chokri Ben Achor, Vulnerability Laboratory | Site vulnerability-lab.com

Whois Cart Billing suffers from cross site scripting and credential disclosure vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 14544ef73256873b243f248ee7ddffc710806649b369ac24542d5fedfed61670
Debian Security Advisory 2370-1
Posted Dec 22, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2370-1 - It was discovered that Unbound, a recursive DNS resolver, would crash when processing certain malformed DNS responses from authoritative DNS servers, leading to denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2011-4528, CVE-2011-4869
SHA-256 | e000da874c7e25eebb25bcd0318bb4cd093a50d621919fe8f74cae1ca32435f3
Ubuntu Security Notice USN-1254-1
Posted Dec 22, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1254-1 - It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Thunderbird 3.1. An attacker could potentially exploit a user who had installed an add-on that used loadSubscript in vulnerable ways. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2011-3647, CVE-2011-3648, CVE-2011-3650
SHA-256 | 7380de76d3f7ae9d28ad3d7ebd18e2d1d0c2c421ee05e83463651e5d8cf20229
Red Hat Security Advisory 2011-1849-01
Posted Dec 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1849-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access to the entire block device.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2011-4127
SHA-256 | 59c592d94b44d37b278d4bf844f5506f5e4dd75ac7fedd8ac9b88a73109d048f
Zero Day Initiative Advisory 11-353
Posted Dec 22, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-353 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPAUploader.dll file. An extended length string can be passed into scripts within the management website on port 80 (the 'uploadfile' multipart form data 'filename' parameter in Default.asp) and ultimately to MPAUploader.dll. As a static stack allocation is used to store the buffer and the string length is not handled properly, a remote attacker may overwrite the stack and ultimately execute remote code.

tags | advisory, remote, arbitrary, asp
advisories | CVE-2011-4167
SHA-256 | 5cb9d7c743d97359533a6a87e86ceb46ffdb1c08c4b3556a2c176533ab6a35a5
Zero Day Initiative Advisory 11-352
Posted Dec 22, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-352 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to MPAUploader.Uploader.1.UploadFiles() to remotely create arbitrary files.

tags | advisory, remote, arbitrary
advisories | CVE-2011-4166
SHA-256 | 0fb0a3d7bd2a7b49dd9316a286d97947a5671246c119e459edc6c1cab2b9909a
Google Hack DB Tool 1.5
Posted Dec 22, 2011
Authored by SecPoint | Site secpoint.com

Google Hack DB Tool is a database tool with almost 8,000 entries. It allows administrators the ability to check their site for vulnerabilities based on data stored in Google.

Changes: Friendly output and examples. Database update.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | 12b7469e4b9b834912c6f00c0fee5914c6b1ade79491520bd138743b393b095e
pfSense x509 Insecure Certificate Creation
Posted Dec 22, 2011
Authored by Florent Daigniere | Site trustmatta.com

pfSense version 2.0 suffers from an insecure x509 certificate creation vulnerability.

tags | advisory
advisories | CVE-2011-4197
SHA-256 | 3b7b79a0f1b97c9c7fca044603df65f48dd8eadf29bf8a745b42255bc9c6afe4
Iran Sports Network SQL Injection
Posted Dec 22, 2011
Authored by S.Azadi

Iran Sports Network suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 313de7f72a01e2adc00846d8d25134e08fcad8a8004e4e385dd96b4a476b5ffb
Zero Day Initiative Advisory 11-351
Posted Dec 22, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-351 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wellintek KingView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the protocol parsing code inside nettransdll.dll. The parent service is called HistoryServer.exe and listens on port 777. When a packet with op-code 3 is received, the service allocates memory from the heap based on the 10th and 11th bytes of the packet (element count). Packet data is then copied into the allocated buffer based on the first two bytes of the packet (packet size). These values can be manipulated to create a heap overflow and and attacker can exploit this to remotely execute arbitrary code in the context of the service (Local System).

tags | advisory, remote, overflow, arbitrary, local, protocol
advisories | CVE-2011-4536
SHA-256 | 85ff49462a0a23bcdb93a84c14d5cea4bf254fce9874f80d0a8ca842bb90e051
Secunia Security Advisory 47338
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | d10f9a2348cc53f33afdaaba4e4ba2497f0312ad17311078840093fbf29e159b
Secunia Security Advisory 46780
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and multiple vulnerabilities have been reported in pfSense, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability, xss
SHA-256 | 1066245f999660154e89add7d2fe3fd41206b802a3d2f3ece8898b3b6538384d
Secunia Security Advisory 47223
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in epesi BIM, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 6a9695e0c57eeeed2f761355b150af1952e218f9eb3332d3dd7eb3b9cf323b04
Secunia Security Advisory 47327
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in 7-Technologies Interactive Graphical SCADA System, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 2b61db7a3695c6fbf25e189b37fc17ac81ee4f094ceadb1e6d814866c956b5b0
Secunia Security Advisory 47306
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for jasper. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | 8f7d56c05de8b0c5a19091c8cf905b960d120a155bb839b124cc22c41535da99
Secunia Security Advisory 47299
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for libsoup2.4. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
systems | linux, debian
SHA-256 | 1c6f45a6782524e148794230a08a0dfb59eee2cd58ca015516e859d1910e071e
Secunia Security Advisory 47295
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IDAPython, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 9837af998568d24d564c2d87fa10c0bf3fb4c50d437d506c9100b40fe27d5bde
Secunia Security Advisory 47339
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in KingView, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 3c3efb3462f6c5aa8ec982afedccfc641fce74bf1909ce41de24b328c286016c
Secunia Security Advisory 47349
Posted Dec 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in SafeNet Sentinel HASP Run-time Environment, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | a71253d54fdfdfd708d15e8f5d4d88cb551f34cc184b4542267f2bcad1e7ab45
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close