exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 34 RSS Feed

Files Date: 2012-04-23 to 2012-04-24

Asterisk Project Security Advisory - AST-2012-006
Posted Apr 23, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the SIP channel driver if a SIP UPDATE request is processed within a particular window of time.

tags | advisory
SHA-256 | 2f5947f61b2053c1b2b1488965d4ff29d455c8f4c71b6f1e91940a3f62d70d5f
Asterisk Project Security Advisory - AST-2012-005
Posted Apr 23, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - In the Skinny channel driver, KEYPAD_BUTTON_MESSAGE events are queued for processing in a buffer allocated on the heap, where each DTMF value that is received is placed on the end of the buffer. Since the length of the buffer is never checked, an attacker could send sufficient KEYPAD_BUTTON_MESSAGE events such that the buffer is overrun.

tags | advisory, overflow
SHA-256 | 135fdb3c4091f47c3bd1cc61841154a28cbda243b8fb16a579ebff1ce30c23ef
Asterisk Project Security Advisory - AST-2012-004
Posted Apr 23, 2012
Authored by Jonathan Rose | Site asterisk.org

Asterisk Project Security Advisory - A user of the Asterisk Manager Interface can bypass a security check and execute shell commands when they lack permission to do so. Under normal conditions, a user should only be able to run shell commands if that user has System class authorization. Users could bypass this restriction by using the MixMonitor application with the originate action or by using either the GetVar or Status manager actions in combination with the SHELL and EVAL functions. The patch adds checks in each affected action to verify if a user has System class authorization. If the user does not have those authorizations, Asterisk rejects the action if it detects the use of any functions or applications that run system commands.

tags | advisory, shell
SHA-256 | 98ea67fda37608ee4b744ee6c51c819b2fd3cdd1838c33bc4c08c48b26462701
Red Hat Security Advisory 2012-0509-01
Posted Apr 23, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0509-01 - Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.

tags | advisory, denial of service, arbitrary
systems | linux, redhat
advisories | CVE-2011-1143, CVE-2011-1590, CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2011-4102, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-1595
SHA-256 | a8e8a801da4b7a24fc2903f6f33c984e1248132f1730c633edd984d26d065336
Red Hat Security Advisory 2012-0508-01
Posted Apr 23, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0508-01 - The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2011-3389, CVE-2011-3557, CVE-2011-3560, CVE-2011-3563, CVE-2012-0498, CVE-2012-0499, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507
SHA-256 | 86cdccdd75a2167c965a21dcf8b602ed42e2bf5e67e39de3e1dd59929dafce0e
ChurchCMS 0.0.1 SQL Injection
Posted Apr 23, 2012
Authored by G13

ChurchCMS version 0.0.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | daf142bf714b4c86657eb17fad71cfb835dab67218e8b0d57cc94cd82c369f65
.NET Framework EncoderParameter Integer Overflow
Posted Apr 23, 2012
Authored by Yorick Koster | Site akitasecurity.nl

An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, one or more user-supplied buffers are copied in the new buffer, resulting in a corruption of the heap.

tags | exploit, overflow
SHA-256 | 9f691c33118729de8b1118c45e101699844a3903353809ae5aaae2e5abda61ad
HITB Magazine Volume 1 Issue 8
Posted Apr 23, 2012
Authored by hitb | Site hackinthebox.org

HITB Magazine Volume 1 Issue 8 - Topics include Online Security At The Crossroads, Reverse Shell Traffic Obfuscation, and more.

tags | shell, magazine
SHA-256 | ce9505a07999c10f769a572fc687092df7190d5051db686f1aac5f5692f848c0
School Website Solutions Cross Site Scripting
Posted Apr 23, 2012

School Website Solutions suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 80af71695150018fd717350d968e6d200dcb7528844b325608fb32140f234a4d
ExponentCMS 2.0.5 Cross Site Scripting / SQL Injection
Posted Apr 23, 2012
Authored by Onur YILMAZ | Site netsparker.com

ExponentCMS version 2.0.5 suffers from cross site scripting and remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 68603c7e8c2f5997c0f69c3794e2233a415b93ed2b8acfd1beee701a907b284c
Mobipocket Reader 6.2 Build 608 Buffer Overflow
Posted Apr 23, 2012
Authored by shinnai | Site shinnai.altervista.org

Mobipocket Reader version 6.2 build 608 suffers from a buffer overflow vulnerability. Proof of concept included.

tags | exploit, overflow, proof of concept
SHA-256 | 956ac848bb2710f1365550adfff0b8787d1dfb621595612c0d1b192087b80cb7
SumatraPDF 2.0.1 Memory Corruption
Posted Apr 23, 2012
Authored by shinnai | Site shinnai.altervista.org

SumatraPDF version 2.0.1 suffers from chm and mobi file memory corruption vulnerabilities. Proof of concept included.

tags | exploit, vulnerability, proof of concept
systems | linux
SHA-256 | 2c48263ca242c08c83e3159ab0488a34d4ec0b9ed8c46ee7db29a49caef65b02
GNU Transport Layer Security Library 3.0.19
Posted Apr 23, 2012
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: PKCS #11 URLs support reading the PIN from a file. Updates in DSA, ECDSA, and Diffie-Hellman handling.
tags | protocol, library
SHA-256 | d9a436ea8718c38a564812e465c883f4f37ddc8c80c6f8bee54819e6e4089c37
Mega File Manager 1.0 File Download
Posted Apr 23, 2012
Authored by i2sec-Min Gi Jo

Mega File Manager version 1.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | 82d8be8c8a197aff6162ca8c6654d71c3bbc7be6d45c8e286a8be96f62d01204
Chengdu Bureau Of Commerce SQL Injection
Posted Apr 23, 2012
Authored by Benjamin Kunz Mejri, Chokri Ben Achor, Vulnerability Laboratory | Site vulnerability-lab.com

The Chengdu Bureau of Commerce suffered from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 485022ae694ea017c10886b769a85def92a56b4c1995fdc791c6874eb3483ce2
PSFTP 1.8 Build 921 Denial Of Service
Posted Apr 23, 2012
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

PSFTP version 1.8 build 921 suffers from a NULL pointer denial of service vulnerability.

tags | advisory, denial of service
SHA-256 | 6cedf29fc659f2cd0c64391437f038105fadb2a16b9f4d6f8e7ae6eccd68b0da
Joomla CCNewsLetter 1.0.7 SQL Injection
Posted Apr 23, 2012
Authored by E1nzte1N

The Joomla CCNewsLetter module version 1.0.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d2c897d67407427434081f218fb0089ff1365eac5a2eba24124029029063349c
Firefox 11 Denial Of Service
Posted Apr 23, 2012
Authored by Lostmon | Site lostmon.blogspot.com

Firefox 11 suffers from a denial of service condition when using exponential string growth and document.write().

tags | advisory, denial of service
SHA-256 | e6169f26969ab9aa9399cca746e0d10bf95dfab65d2e74bb8d282c1637de31bd
SocketMail Pro 2.2.9 Cross Site Request Forgery / Cross Site Scripting
Posted Apr 23, 2012
Authored by MetaiZm

SocketMail Pro version 2.2.9 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 8c6779a1eadb006c8062a398d4c92c4cbce1b3d62daf99afa8ff5199b15e3922
Havalite CMS 1.0.4 Cross Site Scripting
Posted Apr 23, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Havalite CMS version 1.0.4 suffers from persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 322f88d3c41d308f4807b8706507315c8cd49fb01199b1f3dab44952ac956f55
IPhone TreasonSMS HTML Injection / File Inclusion
Posted Apr 23, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

IPhone TreasonSMS suffers from html injection and file inclusion vulnerabilities.

tags | exploit, vulnerability, file inclusion
systems | apple, iphone
SHA-256 | 970c996aa7c982bb7a6e11f66d1c1cddee59c395b7871150919ec0fabb8a448b
Net-Shops SQL Injection
Posted Apr 23, 2012
Authored by Andrea Bocchetti

Net-Shops suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5ead4e933a3d3e2a1b3112845c501bd40d2bb2e1d092310a54f72c40f18c6a9d
WordPress Organizer 1.2.1 Cross Site Scripting / Path Disclosure
Posted Apr 23, 2012
Authored by MustLive

WordPress Organizer version 1.2.1 suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | cb5eaf654ba60434ea63c8dd98d4f667086ce8f96b6c93a73f6f3eeaf17f507a
phpMyBible 0.5.1 Cross Site Scripting
Posted Apr 23, 2012
Authored by G13

phpMyBible version 0.5.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 00eaf52410c8bbe334ebef0b88b348137723faa8547488832b47369f0ea9b4ea
HTC IQRD Android Permission Leakage
Posted Apr 23, 2012
Authored by Dan Rosenberg | Site vsecurity.com

VSR identified a vulnerability in IQRD. The IQRD service listens locally on a TCP socket bound to port 2479. This socket is intended to allow the Carrier IQ service to request device-specific functionality from IQRD. Unfortunately, there is no restriction or validation on which applications may request services using this socket. As a result, any application with the android.permission.INTERNET permission may connect to this socket and send specially crafted messages in order to perform potentially malicious actions.

tags | advisory, tcp
advisories | CVE-2012-2217
SHA-256 | 62460a143a7893941f8c2a7a320f48f1e15c0964c0c6ff6e99e6284cd21d8be2
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close