exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 44 of 44 RSS Feed

Files Date: 2012-06-28 to 2012-06-29

Zero Day Initiative Advisory 12-102
Posted Jun 28, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-102 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within the exposed GetDriverSettings method in the nipplib component imported by ienipp and npnipp. When encountering a realm parameter this user supplied value's length is not properly verified before copying into a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary
advisories | CVE-2011-4187
SHA-256 | dad2278a888a8b86768114f8246f8e419ae73d969cf93902e9da0f392a230cc8
Zero Day Initiative Advisory 12-101
Posted Jun 28, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-101 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Cognos. Authentication is not required to exploit this vulnerability. The flaw exists within the tm1admsd.exe component. This process listens on TCP port 5498 by default. Requests to the service include a request type field, a data length field, and a data field. Multiple request types (opcodes) fail to validate user supplied length and data fields before copying their contents to a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2012-0202
SHA-256 | 948d1a63f76e7397259aaddc98b7c87f1d5c6ecaaaaa72a571270335007c2ac7
Hook Analyser Malware Tool 2.0
Posted Jun 28, 2012
Authored by Beenu Arora | Site hookanalyser.blogspot.com

Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.

Changes: This is a major release with improved static analysis functionality, a nice fingerprinting feature, improvements on modules, and more.
SHA-256 | 40872e53db04f39bca6a732865f07e2f6c917473b1e6b14b9b3cf3270a04df6d
Chiangrai Enter Soft Design SQL Injection
Posted Jun 28, 2012
Authored by 3spi0n

Chiangrai Enter Soft Design suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e301577863b80f8afebc3fab0af02f6a7bc28c1cefa52659a270e1b1dd1244eb
Proper Password Hashing
Posted Jun 28, 2012
Authored by bwall, drone | Site ballastsec.blogspot.com

Ballast Security felt the need to write this paper as almost countless services that we trust with our passwords are handling them irresponsibly. This is a good read for anyone who needs to store password hashes.

tags | paper
SHA-256 | 9b72c8fd503ebd25cdbebb177f28dba5b59183730431d92ae584879271c90add
HP Security Bulletin HPSBMU02786 SSRT100877
Posted Jun 28, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02786 SSRT100877 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows
advisories | CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823, CVE-2012-2012, CVE-2012-2013, CVE-2012-2014, CVE-2012-2015, CVE-2012-2016
SHA-256 | 856251204fbecc5944b74b48232e96b353c5844f102f2b4ea9de3e11e27b5a7d
Real Player 10 Gold Exception Handling
Posted Jun 28, 2012
Authored by Dark-Puzzle

This is a local exploit for Real Player 10 Gold that uses a division by zero to trigger an exception handler.

tags | exploit, denial of service, local
SHA-256 | bef48a2af7c152b4698cbb3e2c9b4d15795525b8bf8b700a9f8abe631953ac07
VLC 2.0.1 Denial Of Service
Posted Jun 28, 2012
Authored by Dark-Puzzle

VLC version 2.0.1 suffers from an avi playlist denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 6400dd1a7d12ff853c19c53043a4fdc93b5051de204e01bf898e62de9dd1b0da
Top Nepal SQL Injection
Posted Jun 28, 2012
Authored by Taurus Omar

Top Nepal suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 3ba635007f36f932c35f438db58d698a1d107c3d5ab8dd5f34fde15067be1fb9
Rubysoft Solutions SQL Injection
Posted Jun 28, 2012
Authored by Taurus Omar

Rubysoft Solutions suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ba290eedef8200b1eb3154a06936e7759014d52573641910f37674f180b975c1
Rhdesign SQL Injection
Posted Jun 28, 2012
Authored by Taurus Omar

Rhdesign suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 994b3f6e5919e91c1ef54e6bb6a1a043d9a4a5d9b2f422fabca853fc9f8a7e19
Rainbowdigital SQL Injection
Posted Jun 28, 2012
Authored by Taurus Omar

Rainbowdigital suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 99d02de14a1f053395b2d6291f379842ae9851cf7644f89cd9216c54bd15763f
Pixel Identity SQL Injection
Posted Jun 28, 2012
Authored by Taurus Omar

Pixel Identity suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 53f5fcf3cc37318783474b06a01479a5a240e95c4363fa65ca213b751405f7d5
MUSOYAN SQL Injection
Posted Jun 28, 2012
Authored by Taurus Omar

MUSOYAN suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e648a2199ca11ed45130c62574b55d301604796519c02fe8df2432b5d4b892f5
HR Software SQL Injection
Posted Jun 28, 2012
Authored by Taurus Omar

HR Software suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6ed4ebd0a76076b433760b7c0c296cc21d0a71d1c745f6a84694b245381d769e
ExNet SQL Injection
Posted Jun 28, 2012
Authored by Taurus Omar

ExNet suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c394b2e5c9255f4aba70b868255f74dd75974463ba07a272ba4e772dfd07b87d
Red Hat Security Advisory 2012-1046-01
Posted Jun 28, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1046-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2010-2950, CVE-2011-4153, CVE-2012-0057, CVE-2012-0781, CVE-2012-0789, CVE-2012-1172, CVE-2012-2143, CVE-2012-2336, CVE-2012-2386
SHA-256 | fe71e26fd75c9403f91014baf93c4a6d167a5d5aef0be73d9f6c0fe60b8a1865
Red Hat Security Advisory 2012-1045-01
Posted Jun 28, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1045-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2011-4153, CVE-2012-0057, CVE-2012-0789, CVE-2012-1172, CVE-2012-2336
SHA-256 | 57bee9f577390f47d09269171763d581bac37a4751fb81fddb955d4db237ace9
Red Hat Security Advisory 2012-1047-01
Posted Jun 28, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1047-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2010-2950, CVE-2011-4153, CVE-2012-0057, CVE-2012-0789, CVE-2012-1172, CVE-2012-2143, CVE-2012-2336, CVE-2012-2386
SHA-256 | ad1e0d74169944968d087c38eeee1c4b790cf754e68c22a60bc2f608214be628
Page 2 of 2
Back12Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close