exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2012-06-07 to 2012-06-08

Microsoft Windows OLE Object File Handling Remote Code Execution
Posted Jun 7, 2012
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a type confusion vulnerability in the OLE32 component of Windows XP SP3. The vulnerability exists in the CPropertyStorage::ReadMultiple function. A Visio document with a specially crafted Summary Information Stream embedded allows to get remote code execution through Internet Explorer, on systems with Visio Viewer installed.

tags | exploit, remote, code execution
systems | windows
advisories | CVE-2011-3400, OSVDB-77663
SHA-256 | 38a04eb9235c0ff6ef85f3b9bba40470be0f95a7efe95b58a475e3f84a0afc55
Samsung NET-i viewer Multiple ActiveX BackupToAvi() Remote Overflow
Posted Jun 7, 2012
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in the CNC_Ctrl.dll ActiveX installed with the Samsung NET-i viewer 1.37. Specifically, when supplying a long string for the fname parameter to the BackupToAvi method, an integer overflow occurs, which leads to a posterior buffer overflow due to the use of memcpy with an incorrect size, resulting in remote code execution under the context of the user.

tags | exploit, remote, overflow, code execution, activex
advisories | OSVDB-81453
SHA-256 | 03a28d9b585a04552b2af08e30b7a0771b1cda34693418914dcb8507b373570a
Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary code on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service. The service is exploitable even when RDS is configured to deny remote connections (handsafe.reg). The service is vulnerable to a heap overflow where the RDS DataStub 'Content-Type' string is overly long. Microsoft Data Access Components (MDAC) 2.1 through 2.6 are known to be vulnerable.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2002-1142, OSVDB-14502
SHA-256 | 5b8f51f6304db9028ffb31a8630bc9126a8b59e8dff7370fae1e12b8fd591199
Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary commands on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service using VbBusObj or AdvancedDataFactory to inject shell commands into Microsoft Access databases (MDBs), MSSQL databases and ODBC/JET Data Source Name (DSN). Based on the msadcs.pl v2 exploit by Rain.Forest.Puppy, which was actively used in the wild in the late Ninties. MDAC versions affected include MDAC 1.5, 2.0, 2.0 SDK, 2.1 and systems with the MDAC Sample Pages for RDS installed, and NT4 Servers with the NT Option Pack installed or upgraded 2000 systems often running IIS3/4/5 however some vulnerable installations can still be found on newer Windows operating systems. Note that newer releases of msadcs.dll can still be abused however by default remote connections to the RDS is denied. Consider using VERBOSE if you're unable to successfully execute a command, as the error messages are detailed and useful for debugging. Also set NAME to obtain the remote hostname, and METHOD to use the alternative VbBusObj technique.

tags | exploit, remote, arbitrary, shell
systems | windows
advisories | CVE-1999-1011
SHA-256 | 382234f494b3e6be1ceaa9dc39e8b06bf8faad703997a8f0eec9259b5d187113
TOR Virtual Network Tunneling Tool 0.2.2.36
Posted Jun 7, 2012
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This release updates the addresses for two of the eight directory authorities, fixes some potential anonymity and security issues, and fixes several crash bugs. Tor 0.2.1.x has reached its end-of-life. Those Tor versions have many known flaws, and nobody should be using them. You should upgrade. If you're using a Linux or BSD distribution and its packages are obsolete, stop using those packages and upgrade anyway.
tags | tool, remote, local, peer2peer
systems | unix
advisories | CVE-2011-4576
SHA-256 | 0e57e6e7dbc98aaa1b458ba745dac9fb19ed3ef59e4251d98de02068723148db
OpenSSL Toolkit 1.0.1c
Posted Jun 7, 2012
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Record length are now sanity checked before skipping explicit IV in TLS 1.2, 1.1, and DTLS, to avoid possible DoS attacks. A possible deadlock when decoding public keys has been fixed. The TLS 1.0 record version number is no longer used in the initial client hello if renegotiating. tkeylen in now initialized properly when encrypting CMS messages. In FIPS mode, composite ciphers are no longer used, as they are not approved.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2012-2333
SHA-256 | 2a9eb3cd4e8b114eb9179c0d3884d61658e7d8e8bf4984798a5f5bd48e325ebe
Zero Day Initiative Advisory 12-089
Posted Jun 7, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-089 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable applications using DataDirect's SequeLink. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application processes GIOP packets. When processing a specific GIOP packet, the application will trust a size field in the packet. The application will use this size in a copy operation into a statically sized buffer which can cause a buffer overflow. This can lead to code execution under the context of the service.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2011-4164
SHA-256 | 43d89dc6d8f2896d4073d62babb332c51c310b1770c3161b7ee5c9e499ed4724
Zero Day Initiative Advisory 12-088
Posted Jun 7, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-088 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP DataDirect SequeLink. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application parses a packet that is received. When parsing a field in this packet, the application will use a signed length to copy data into a statically sized buffer located on the stack. This can lead to a buffer overflow on the stack and allow for code execution under the context of the service.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2011-4163
SHA-256 | f203aea2ee76cb87d0d30eb0dcf903a08388cd2b6769d0937ce793c27023bc74
Neighbor Discovery Shield: Protecting against Neighbor Discovery Attacks
Posted Jun 7, 2012
Authored by Fernando Gont

This document specifies a mechanism that can be implemented in layer-2 devices to mitigate attack vectors based on Neighbor Discovery messages. It is meant to complement other mechanisms implemented in layer-2 devices such as Router Advertisement Guard (RA-Guard) and DHCPv6-Shield, with the goal of achieving a comprehensive IPv6 First Hop Security solution. This document is motivated by the desire to achieve feature parity with IPv4 with respect to First Hop Security mechanisms.

tags | paper
SHA-256 | b0bd48d4dfcf7fc338169df812038a282998457c61b3f8cfb9294a669b43f80a
Red Hat Security Advisory 2012-0715-01
Posted Jun 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0715-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947
SHA-256 | 9bf9246976f592bed20f872ed2417a507c1f7741236848f6ea9072b866a2f002
Drupal Protest 6.x / 7.x Cross Site Scripting
Posted Jun 7, 2012
Authored by Shawn Price | Site drupal.org

Drupal Protest third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 76092a55e6b9d30efe330e8fd8894c43054d3766b55c8460c34c37a3eaed9354
Drupal Authoring HTML 6.x Cross Site Scripting
Posted Jun 7, 2012
Authored by Eriksen Costa | Site drupal.org

Drupal Authoring HTML third party module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 19c6727ac3aa1fc751733d4d10647f65f1979d97c2fcaa6fa2fd0786305fc0f1
Zero Day Initiative Advisory 12-087
Posted Jun 7, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-087 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the raac.dll module. By editing the stsz atom in the mp4 file data, an attacker could change a sample size to force a loop in raac.dll to loop too many times, causing heap corruption. This vulnerability can be leveraged to execute code under the context of the user running the application.

tags | advisory, remote, arbitrary
advisories | CVE-2011-4260
SHA-256 | 2ce52b7504df49825da4887cac96c03aa28226252b6f7f55300204478c048607
Zero Day Initiative Advisory 12-086
Posted Jun 7, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-086 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rvrender module. When parsing an IVR file, the code within this module does not account for a negative value for the "RMFF 1.0 Flags" element within the input data. By providing a specially crafted file an attacker is able to achieve a program state that results in a function pointer value being retrieved from file data and subsequently called. This vulnerability can be leveraged to execute code under the context of the user running the application.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0922
SHA-256 | 95be120705ca4e062f32484ba1379b8274788104bd1a0ab24e69832485c9b78d
Drupal Simplenews 6.x / 7.x Information Disclosure
Posted Jun 7, 2012
Authored by Sascha Grossenbacher, Laza | Site drupal.org

Drupal Simplenews third party module versions 6.x and 7.x suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
SHA-256 | c6685213ac066fa6bc378bac975fe3b4f3589d5f1e3d5de4ed106c5fa290eb9a
Drupal Maestro 7.x Cross Site Scripting / Cross Site Request Forgery
Posted Jun 7, 2012
Authored by Steve Persch | Site drupal.org

Drupal Maestro third party module version 7.x suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
SHA-256 | bea74b2a86b66783035aa9b7818b9d39d67192aad10a1e02f4e54f6e4732270b
WordPress VideoWhisper Video Presentation 3.17 Shell Upload
Posted Jun 7, 2012
Authored by Sammy FORGIT

WordPress VideoWhisper Video Presentation plugin version 3.17 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 1e725372cf26adbf0e1855b1bdee73de2500d7305882f01e5d2990986d2afed8
Zero Day Initiative Advisory 12-085
Posted Jun 7, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-085 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dmp4 component. If the width value is altered inside the esds atom, arithmetic instructions within RealPlayer code can result in a loop counter wrapping to a large value. This can cause the loop to run too many times while operating on heap memory. By exploiting this condition, an attacker can corrupt memory and leverage that to execute code under the context of the user running the application.

tags | advisory, remote, arbitrary
advisories | CVE-2011-4261
SHA-256 | efbe76fedf3296c7ef451c7b351df87ac87091b6a35538b7186d05716162501f
WordPress MM Forms Community 2.2.5 / 2.2.6 Shell Upload
Posted Jun 7, 2012
Authored by Sammy FORGIT

WordPress MM Forms Community versions 2.2.5 and 2.2.6 suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | ff7b90dc1856fd55dc689b94a4e6b2c40f4969f143f5f3a25a70f19e12338a39
Serendipity 1.6.1 SQL Injection
Posted Jun 7, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

Serendipity version 1.6.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2012-2762
SHA-256 | 6e3df312750080c8c6d894fed47cc8aca0f08d4ecdf5c3c3381f93221a6a8180
Drupal Tokenauth 6.x Access Bypass
Posted Jun 7, 2012
Authored by John Morahan | Site drupal.org

Drupal Tokenauth third party module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 7221dc15d9c821c321728ee4f4fa17ddaf19ba6032017b4a8bec982d1568e3f5
SN News 1.2 SQL Injection
Posted Jun 7, 2012
Authored by WhiteCollarGroup

SN News versions 1.2 and below suffer from a remote SQL injection vulnerability in visualiza.php.

tags | exploit, remote, php, sql injection
SHA-256 | aacacee5354d62b76db5fa5c96305f3abdac02cc023a92e856b3744b9fa0bd72
JW Player 5.9 Cross Site Scripting / Content Spoofing
Posted Jun 7, 2012
Authored by MustLive

JW Player version 5.9.x suffers from cross site scripting and content spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss
SHA-256 | 745dad00f0d27c02390246bb3d97b20455221ab826e6936bd3380eebb74e5e06
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close