exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 829 RSS Feed

Files Date: 2011-12-01 to 2011-12-31

HP Security Bulletin HPSBPI02728 SSRT100692 2
Posted Dec 29, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02728 SSRT100692 2 - A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2011-4161
SHA-256 | ff6f22298de3f425de467f22cf364320ca21ac4e7ef6bb1908722100799044d9
HP Security Bulletin HPSBPI02732 SSRT100435
Posted Dec 29, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02732 SSRT100435 - Potential security vulnerabilities have been identified with HP Managed Printing Administration. These vulnerabilities could be exploited remotely for execution of arbitrary code, directory traversal, creation and deletion of arbitrary files, and unauthorized access to the application database. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2011-4166, CVE-2011-4167, CVE-2011-4168, CVE-2011-4169
SHA-256 | a49ce43d61ed9a2b50fc8032fe132797b1be9ec0a71f4e8cc8cb8d94a3664f15
Neturf Cross Site Scripting
Posted Dec 29, 2011
Authored by Farbod Mahini | Site h4ckcity.org

Neturf suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f8844c5f1bd3eca2f9d03e41d1c8a6a0d2ae543565113f67b8a53189c6bba5ee
Bugzilla XSS / XSRF / Unauthorized Account Creation
Posted Dec 29, 2011
Site bugzilla.org

Bugzilla versions 2.17.1 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from a cross site scripting vulnerability. Versions 2.23.3 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from an unauthorized account creation vulnerability. Versions 2.0 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from a cross site request forgery vulnerability.

tags | advisory, xss, csrf
advisories | CVE-2011-3657, CVE-2011-3667
SHA-256 | d7fe9cc19e92befb40189c8947a6c9db762e9a8c444631d574538ff2387c7051
Winn Guestbook 2.4.8c Cross Site Scripting
Posted Dec 29, 2011
Authored by G13

Winn Guestbook version 2.4.8c suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2011-5026
SHA-256 | 76441a300785f9b23fe2dd495a0b22b826a7a86b7d54df31233b683bc976d1a8
Red Hat Security Advisory 2011-1854-01
Posted Dec 29, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1854-01 - The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. A buffer overflow flaw was found in the MIT krb5 telnet daemon. A remote attacker who can access the telnet port of a target machine could use this flaw to execute arbitrary code as root. Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.

tags | advisory, remote, overflow, arbitrary, root
systems | linux, redhat
advisories | CVE-2011-4862
SHA-256 | 83eeef5fda24f5ac7761e4f57831e666f9cbabd3903c9a02dd52b0a24721586b
Microsoft Security Bulletin Advance Notification For December 2011
Posted Dec 29, 2011
Site microsoft.com

This is an advance notification of a security bulletin that Microsoft is intending to release on December 29th, 2011.

tags | advisory
SHA-256 | b43366a05e12c62f798d5883630b281ffa0bdb367b308bb896f83cfa75f7b829
Akiva Webboard SQL Injection
Posted Dec 29, 2011
Authored by Alexander Fuchs

Akiva Webboard suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 211402d2c517885e10873e4ced610e001b81d752ddfb47e6c3493e5729b6e804
Brute Forcing Wi-Fi Protected Setup
Posted Dec 29, 2011
Authored by Stefan Viehboeck

This paper discusses a vulnerability in WPS that allows attackers to recover WPA/WPA2 keys in a matter of hours.

tags | paper, wireless
SHA-256 | 3459acb0683358926b929b6818957b6738776254a54447d79a99c502aad973c3
Reaver-WPS 1.0
Posted Dec 29, 2011
Authored by Craig Heffner | Site code.google.com

Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases. Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations. On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.

tags | tool, wireless
systems | unix
SHA-256 | ded5b9b2c8f52c1ee9a2ccae0a4957eee5c2a8acbd45a13ae2480551c9a9a525
Red Hat Security Advisory 2011-1853-01
Posted Dec 29, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1853-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. A buffer overflow flaw was found in the MIT krb5 telnet daemon. A remote attacker who can access the telnet port of a target machine could use this flaw to execute arbitrary code as root. Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.

tags | advisory, remote, overflow, arbitrary, root
systems | linux, redhat
advisories | CVE-2011-4862
SHA-256 | 3769a5da3eca30398718bea8bed258601bbb8e2a1a21a41031c17dcfeb542759
Patator Brute Forcer 0.3
Posted Dec 29, 2011
Authored by Sebastien Macke | Site hsc.fr

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. When Medusa, Hydra or other brute-force tools fail to do what you want, Patator might be what you need.

tags | tool, cracker
SHA-256 | 04d67703d07d6304a50ace799e5784300b90ddaac6f446d3a216caa1d2e51e88
Pound Reverse HTTP Proxy 2.6
Posted Dec 29, 2011
Authored by roseg | Site apsis.ch

Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.

Changes: Support for SNI via multiple Cert directives. A pre-defined number of threads for better performance on small hardware. Translation of hexadecimal characters in the URL for pattern matching. Support for a "Disabled" directive in the configuration. More detailed error logging. Allows multiple AddHeader directives.
tags | tool, web
systems | linux
SHA-256 | 0ad25e3652e22117abbc17a70b5d8913e05991318a5506bc7437e662616fdf21
Joomla Simple File Upload 1.3 Remote Code Execution
Posted Dec 29, 2011
Authored by gmda

The Joomla Simple File Upload component version 1.3 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution, file upload
SHA-256 | 805ef7cfd9b8a1d4ba413bccf67b38b7c55142606663af6ab35e092bc08e9e50
DIY-CMS Blog Mod SQL Injection
Posted Dec 29, 2011
Authored by Hubert Wojciechowski

DIY-CMS Blog suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 17ed391b7e78d75cb9a3278149b1974ff661d7d523986e5c3ed9f9f83827b13e
Secunia Security Advisory 46706
Posted Dec 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - mghack has discovered multiple vulnerabilities in e107, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | c482e45f6fdd9faa612e29b97ed32928d834721b371e24055f9a2ebf57296b54
Secunia Security Advisory 47361
Posted Dec 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Database Archiving Software, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | 59121f3ad2ba81b4079bd901998078604bedda0f49a1f5d6b18d41487248ec73
Secunia Security Advisory 47359
Posted Dec 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, redhat
SHA-256 | 433f583085ab3ed5d7b11c68817e121541314fe966b934c3234981f4079c625f
Secunia Security Advisory 47357
Posted Dec 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for krb5-appl. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, redhat
SHA-256 | 3c98b75aa88d856beca6f503057b9d9b9c9506070f3a12060804bda9742e95a7
Secunia Security Advisory 47343
Posted Dec 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in CoCSoft Stream Down, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 39e0b5510e8c71d6ee583e4bd5146a77e857bf1365b54f5050c6ef1593c7e380
Secunia Security Advisory 46097
Posted Dec 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in the WP Symposium plugin for WordPress, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | f603ca2942ad30ac7966b577e0d88c9cb23679a649720909f275b9132b7a34ac
Secunia Security Advisory 47305
Posted Dec 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - F5 has acknowledged two security issues and multiple vulnerabilities in F5 Enterprise Manager, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to cause a DoS (Denial of Service), and by malicious people to bypass certain security restrictions.

tags | advisory, denial of service, local, vulnerability
SHA-256 | e53ade522b25bf127ef1c4ead55cce2ca0a39d60add47bf7428b4bf33bbd9b6d
Secunia Security Advisory 47414
Posted Dec 29, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Rack, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | f9a7437ba5058f5000cbc5e11490b22eaab0059380440552855abf7e82add7c2
Mandriva Linux Security Advisory 2011-196
Posted Dec 28, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-196 - ipmievd as used in the ipmitool package uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file. In Mandriva the ipmievd daemon from the ipmitool package does not have an initscript to start and stop the service, however one could rather easily craft an initscript or start the service by other means rendering the system vulnerable to this issue. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2011-4339
SHA-256 | e7ceb452eacf5294054577ed0e7859c33ab09a7e6112efc684299aa6865ac1a1
Hash Table Collisions
Posted Dec 28, 2011
Authored by Alexander Klink, Julian Walde | Site nruns.com

Most hash functions used in hash table implementations can be broken faster than by using brute-force techniques (which is feasible for hash functions with 32 bit output, but very expensive for 64 bit functions) by using one of two "tricks": equivalent substrings or a meet-in-the-middle attack.

tags | advisory
advisories | CVE-2011-4815
SHA-256 | 5ba7d905a60a09b9e51b4bfc83a4c27718fe15666e0535630b7937cc69f6152f
Page 2 of 34
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close