exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 39 RSS Feed

Files Date: 2012-03-23 to 2012-03-24

Mandriva Linux Security Advisory 2012-037
Posted Mar 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-037 - The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, imap
systems | linux, mandriva
advisories | CVE-2011-3481
SHA-256 | 6312ad5564a296e8450f12e2352d9bae331005446a5cb929d3c19bf32bef7291
Mandriva Linux Security Advisory 2012-036
Posted Mar 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-036 - Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a \%2e\%2e in a URI. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2011-2524
SHA-256 | 26acc85abfe4b0e0b1049ae10788b907f1be455d4875bed9464a7cabe9e748dd
Mandriva Linux Security Advisory 2012-035
Posted Mar 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-035 - Multiple out-of heap-based buffer read flaws and invalid pointer dereference flaws were found in the way file, utility for determining of file types processed header section for certain Composite Document Format files. A remote attacker could provide a specially-crafted CDF file, which once inspected by the file utility of the victim would lead to file executable crash. The updated packages for Mandriva Linux 2011 have been upgraded to the 5.11 version and the packages for Mandriva Linux 2010.2 has been patched to correct these issues.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2012-1571
SHA-256 | 4047982958ece3e56808e6732bee8a5b66fdecf385ac7aecc0043d63cb942a06
Apache Traffic Server Host Header Denial Of Service
Posted Mar 23, 2012
Site trafficserver.apache.org

Apache Traffic Server versions prior to 3.0.4 as well as all development releases prior to 3.1.3 suffers from a remote denial of service vulnerability.

tags | advisory, remote, denial of service
advisories | CVE-2012-0256
SHA-256 | 50e45d1fc3c80f0ffd90567d914e2c37381b34984bd4609430830c12a4807cc9
Prado 3.x Cross Site Scripting
Posted Mar 23, 2012
Authored by Gabor Berczi

Prado PHP Framework version 3.x suffers from a cross site scripting vulnerability.

tags | advisory, php, xss
SHA-256 | e0067f870c63011c9742578826cf7f033ef0e803f89d21e0429a18c300d259fb
Mandriva Linux Security Advisory 2012-034
Posted Mar 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-034 - libzip uses an incorrect loop construct, which can result in a heap overflow on corrupted zip files. libzip has a numeric overflow condition, which, for example, results in improper restrictions of operations within the bounds of a memory buffer. The updated packages have been upgraded to the 0.10.1 version to correct these issues.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2012-1162, CVE-2012-1163
SHA-256 | 6db493e438183f4ebbaad7e1c2affd218d766caa412b44524ae35b1ed9cd2a2a
Apache Struts2 Local Code Execution
Posted Mar 23, 2012
Authored by voidloafer

Apache Struts2 suffers from a xsltResult local code execution vulnerability.

tags | exploit, local, code execution
SHA-256 | 1434c6a8b301101ed2361aaea168b772441d8b9133e54c0572a3ccfa8e10e32d
phpFox 3.0.1 Remote Command Execution
Posted Mar 23, 2012
Authored by EgiX

phpFox versions 3.0.1 and below remote command execution exploit that leverages ajax.php.

tags | exploit, remote, php
SHA-256 | c9432ec7499c0b28219f60f4a0a9e0a7915c59a6eead830345f95d21eb018628
CoreCommerce SQL Injection
Posted Mar 23, 2012
Authored by ZeTH

CoreCommerce suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 63baa80b2878d9ead279874aac7d224d224c97a5dcd106c4c19cdc2c62695119
FreePBX 2.10.0 / Elastic 2.2.0 Remote Code Execution
Posted Mar 23, 2012
Authored by muts

FreePBX version 2.10.0 and Elastic version 2.2.0 remote root code execution exploit.

tags | exploit, remote, root, code execution
SHA-256 | 984ef9b4d46d202068534bc7c0391749912cfe24b026e014bc264260d6e0af46
mmPlayer 2.2 .ppl Buffer Overflow
Posted Mar 23, 2012
Authored by RjRjh Hack3r

mmPlayer version 2.2 buffer overflow exploit that makes a malicious .ppl file.

tags | exploit, overflow
SHA-256 | 54f3235692682f9b8c3b4effd6f627b90594b7057db694991ac145584a4d1409
mmPlayer 2.2 .m3u Buffer Overflow
Posted Mar 23, 2012
Authored by RjRjh Hack3r

mmPlayer version 2.2 buffer overflow exploit that makes a malicious .m3u file.

tags | exploit, overflow
SHA-256 | f75af1f295181f5bbeb62280bcd2bb415187a8c9a06120201c646c4d0b1657b2
Ubuntu Security Notice USN-1401-2
Posted Mar 23, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1401-2 - USN-1401-1 fixed vulnerabilities in Xulrunner. This update provides the corresponding fixes for Thunderbird. It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash. Atte Kettunen discovered a use-after-free vulnerability in the Gecko Rendering Engine's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the Xulrunner based application. Atte Kettunen discovered an out of bounds read vulnerability in the Gecko Rendering Engine's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Soroush Dalili discovered that the Gecko Rendering Engine did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents of the frame or steal confidential data. Mariusz Mlynski discovered that the Home button accepted JavaScript links to set the browser Home page. An attacker could use this vulnerability to get the script URL loaded in the privileged about:sessionrestore context. Bob Clary, Vincenzo Iozzo, and Willem Pinckaers discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2011-3658, CVE-2012-0457, CVE-2012-0456, CVE-2012-0455, CVE-2012-0458, CVE-2011-3658, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0461, CVE-2012-0464
SHA-256 | 18ff4554ba8f49486a34fb7d8714a434cb13cd31e28f8877c79af56223cd9ced
LT-Net Solucoes Blind SQL Injection
Posted Mar 23, 2012
Authored by the_cyber_nuxbie

LT-Net Solucoes suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d77b22812b7906589f986c96def819f83d5db3c69d93e26678e289a0569653f0
Ubuntu Security Notice USN-1403-1
Posted Mar 23, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1403-1 - Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144, CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134
SHA-256 | e1d2d95c5ba578a362becf78fa57a40f69b72d40a1a08042c7718592277edb34
Spotify 0.8.2.610 Memory Exhaustion
Posted Mar 23, 2012
Authored by LiquidWorm | Site zeroscience.mk

Spotify version 0.8.2.610 suffers from a memory exhaustion vulnerability. The vulnerability is caused due to the Search box function not checking the boundary of user input.

tags | exploit
SHA-256 | 35870d3ae8396b0acfd0a45b02518278493732b65963a58bf171950945e32bae
Wolfcms 0.75 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 23, 2012
Authored by Ivano Binetti

Wolfcms versions 0.75 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 2f3c5df1fe215b44429919ddc8444464f4a3e81e485dafe96f71b8a5dfb3f811
Sitecom WLM-2501 Cross Site Request Forgery
Posted Mar 23, 2012
Authored by Ivano Binetti

Sitecom WLM-2501 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 2bd6538fb61fb8f67c3eb37af1852776a9c88bbfebc647143bed8bf2164c8ab2
phpMoneyBooks 1.0.2 Local File Inclusion
Posted Mar 23, 2012
Authored by Mark Stanislav

phpMoneyBooks version 1.0.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2012-1669
SHA-256 | 6dc6c86f629a98762a450f97b26e5f4b93b2f042e881916b84b928ceba4cb29d
PHP Grade Book 1.9.4 SQL Database Export
Posted Mar 23, 2012
Authored by Mark Stanislav

PHP Grade Book version 1.9.4 suffers from an unauthenticated SQL database export vulnerability.

tags | exploit, php, sql injection
advisories | CVE-2012-1670
SHA-256 | 06099377d2ef1478efdf0d96eb23253f740de30c06fe4bb3495819bbd6f0540d
Apache Wicket 1.4.x / 1.5.x File Disclosure
Posted Mar 23, 2012
Authored by Sebastian van Erk

Apache Wicket versions 1.4.x and 1.5.x suffer from a file content disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2012-1089
SHA-256 | 0fa4f80f6dcd03dc55ab2007eca2d89b463e9eef5c97889f51443ba06329f9cc
Apache Wicket 1.4.x Cross Site Scripting
Posted Mar 23, 2012
Authored by Jens Schenck

Apache Wicket version 1.4.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2012-0047
SHA-256 | f7e9e8ba8a7d429b7130a704c5254df37de5a9393dab89c740984f8f7644bae1
Atheme IRC Services CertFP Privilege Escalation
Posted Mar 23, 2012
Site atheme.org

Atheme IRC Services CertFP suffers from an improper clean-up vulnerability that can allow for a privilege escalation or a crash.

tags | advisory
SHA-256 | 23faea638d79bb69553a39dc18d40e63d5b4907a1425ae1651654f1aa6dceeea
Secunia Security Advisory 48543
Posted Mar 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - rgod has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system.

tags | advisory, activex
systems | cisco
SHA-256 | 91fbeb70423639d51561f20fdc0fe7590c4836fc40a9423339c16503d32289da
Secunia Security Advisory 48525
Posted Mar 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the vBShout module for vBulletin, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | e30ac22fe90083c312aabc446538ba95383928e8348d9e20f8ba16d1113f9c55
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close