exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 645 RSS Feed

Files Date: 2012-12-01 to 2012-12-31

RealPlayer RealMedia File Handling Buffer Overflow
Posted Dec 28, 2012
Authored by suto | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow on RealPlayer versions 15.0.6.14 and below. The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section. This Metasploit module generates a malicious rm file which must be opened with RealPlayer via drag and drop or double click methods. It has been tested successfully on Windows XP SP3 with RealPlayer 15.0.5.109.

tags | exploit, overflow
systems | windows
advisories | CVE-2012-5691, OSVDB-88486
SHA-256 | f1c623bc1dcad36e79d57718a63066d97b024a30199457832d62e68170935185
WordPress Asset-Manager PHP File Upload
Posted Dec 28, 2012
Authored by Sammy FORGIT | Site metasploit.com

This Metasploit module exploits a vulnerability found in WordPress plugin Asset-Manager versions 2.0 and below. By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.

tags | exploit, arbitrary, php, code execution
advisories | OSVDB-82653
SHA-256 | 81b75da9229bb9ea397205ad2f8f36a7be52ab7edb32882060a059e87e819740
Mptcp Packet Manipulator 1.9.0
Posted Dec 28, 2012
Authored by Khun | Site hexcodes.org

Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.

Changes: Added support for Display Packet Content (tcpdump style). More hard compiler optimizations. Full support for Darwin OS. Various other additions and improvements.
tags | tool, scanner, tcp
systems | unix
SHA-256 | 877f0fde7a1b9bb0cdd0999db9a608db6beb44a3c5860736fcb665139c816ff8
SonicWall Email Security 7.4.1.x Cross Site Scripting
Posted Dec 28, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

SonicWall Email Security version 7.4.1.x suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7b65bbace4bdb5f0e1d2c16ffbaaeb17804008aad4232e2101248a191518d805
Log Analyzer 3.6.0 Cross Site Scripting
Posted Dec 28, 2012
Authored by Mohd Izhar Ali, Vulnerability Laboratory | Site vulnerability-lab.com

Log Analyzer version 3.6.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f987ab8bbed2ee70d4fd2071548210b7b53ce96342dea67455f31fb3d9addeb1
Malheur Malware Analyzer 0.5.3
Posted Dec 28, 2012
Authored by Konrad Rieck | Site mlsec.org

Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.

Changes: The tool's persistent state is stored in the local state directory for better maintenance. Several minor bugs have been fixed.
tags | tool, forensics
systems | unix
SHA-256 | feffed3a6f9712581d6d3919879040b1a1af45225b1010a4993bf862650b8bd0
Polycom HDX Video End Points Cross Site Scripting
Posted Dec 28, 2012
Authored by Fara Denise Rustein

The Polycom HDX Video End Points web management interface suffers from a cross site scripting vulnerability.

tags | advisory, web, xss
advisories | CVE-2012-4970
SHA-256 | c33a77f2c171969139be48d5bb5f627a19f1a2eb5aac6100b6844b72341d03ac
Debian Security Advisory 2591-1
Posted Dec 28, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2591-1 - Multiple security issues have been found in Mahara, an electronic portfolio, weblog, and resume builder, which can result in cross-site scripting, clickjacking or arbitrary file execution.

tags | advisory, arbitrary, xss
systems | linux, debian
advisories | CVE-2012-2239, CVE-2012-2243, CVE-2012-2244, CVE-2012-2246, CVE-2012-2247, CVE-2012-2253, CVE-2012-6037
SHA-256 | 390bb5471860b52761704077ff7b8ecce39f0e34112b25385a74becd6479363d
Insecure Authentication Control In J2EE
Posted Dec 28, 2012
Authored by Ashish Rao

This is a whitepaper discussing insecure authentication control in J2EE implemented using sendRedirect().

tags | paper, java
SHA-256 | b2a82a30b0720aba342064d33edf9fea0ba6e7a76c0c2af4a6533a79e5904233
THC-IPv6 Attack Tool 2.1
Posted Dec 27, 2012
Authored by van Hauser, thc | Site thc.org

THC-IPv6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.

Changes: 4 new tools, features, and bug fixes.
tags | tool, protocol
systems | unix
SHA-256 | c9a8ec278e090c1a11698c6399ae8d21b8d1b1937d18a41f8018cc9fdbbb4aa2
Mandriva Linux Security Advisory 2012-184
Posted Dec 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-184 - A stack-based buffer overflow was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-5581
SHA-256 | 63bb15678f98d3f88c55fc3fd9fdc5b2ab5cde83476b9ca26866d1e2f13c833b
AnonTwi 1.0
Posted Dec 27, 2012
Authored by psy | Site anontwi.sf.net

Anontwi is a tool for OAuth2 applications, such as GNUSocial and Twitter, that provides different layers of encryption, privacy methods and proxy features. It contains a GTk+ interface.

tags | tool, python
systems | unix
SHA-256 | c5703e4d6f26d918675cc3aafcb897b81f3a14dc863e0dcbbd16e2fe4340fc76
Hook Analyser Whitepaper
Posted Dec 27, 2012
Authored by Beenu Arora | Site hookanalyser.blogspot.com

Hook Analyser is a freeware project, started in 2011, to analyse an application during the run-time. The project can be potentially useful in analysing malwares (static and run time), and for performing application crash analysis. This paper breaks down the features and functionality of the tools and provides guidance on usage.

tags | paper
SHA-256 | ed9f551626fc0ef6a9249da2d0f785a54fd706f84324da2698fdb8fd408895f4
Another File Integrity Checker 3.3
Posted Dec 27, 2012
Authored by Eric Gerbier | Site afick.sourceforge.net

afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.

Changes: This release continued the rewrite with libraries and unit tests. Afick::Gen, a new library for generic code was added. A bug was fixed in the fix report_url option. The check_update feature was also fixed.
tags | tool, integrity
systems | linux, windows, unix
SHA-256 | 09e9674109a70567315f3b473402b481393dff4d7842f9bf2844db43d014279f
Guru Auction 2.0 SQL Injection
Posted Dec 27, 2012
Authored by v3n0m

Guru Auction version 2.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 432bf701264880c31dea851f61f3256e26b800ff0bcebbd2e38fa86eccaabb96
NVidia Display Driver Buffer Overflow
Posted Dec 27, 2012
Authored by Peter Winter-Smith

This is an exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability.

tags | exploit, remote, overflow
systems | windows
SHA-256 | a93753892580d6dad44444623d6355d154269fccaba04b2dcab06daf83d116a5
Debian Security Advisory 2590-1
Posted Dec 27, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2590-1 - Bjorn Mork and Laurent Butti discovered crashes in the PPP and RTPS2 dissectors, which could potentially result in the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2012-4048, CVE-2012-4296
SHA-256 | 8358c2231282a77c235e3d741a2b73ed644cb0841106bc049aaebc27be235305
WHM editfilter.html Stored Cross Site Scripting
Posted Dec 27, 2012
Authored by Rafay Baloch

WHM suffers from a persistent cross site scripting vulnerability in editfilter.html.

tags | exploit, xss
SHA-256 | 498c8c6dadd5adfb705f89ba68b3ada04597df8845b2cbf34b67a9eec9df6b9d
Secunia Security Advisory 51688
Posted Dec 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged multiple vulnerabilities in IBM Rational Functional Tester, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
SHA-256 | 20fb5fdb5853535438de4f31e4a7ba5e2d5a87ca5902175ae6bae09b3a4ad71d
Secunia Security Advisory 51651
Posted Dec 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in cPanel, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | f25333031b6c0a2fe516314619a923ac5a7ec755420487cd7eda2176fdcbaf81
Secunia Security Advisory 51672
Posted Dec 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in EMC Data Protection Advisor, which can be exploited by malicious people to disclose certain sensitive information.

tags | advisory
SHA-256 | 9f4fc1e569b9318d8a4429c477a69c16ac5cb8642b67681951b1ce26e380b1a8
Secunia Security Advisory 51519
Posted Dec 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in FreeType, which can be exploited by malicious people to potentially compromise an application using the library.

tags | advisory
SHA-256 | 1c5bc6e202f8040b64fe882300d8e8cab737d0c242b1bc555c13a03c456ff0b9
Secunia Security Advisory 51664
Posted Dec 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Hitachi has acknowledged a vulnerability in multiple products, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | a0da1db9b47c414190cab764db59d0be8b281d3fbf51e9f1c249e591901541a1
Secunia Security Advisory 51585
Posted Dec 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Aung Khant has reported a vulnerability in Open-Realty, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | d3727f37f6894e1377087525084f8bff805ec69d78c2a24fb9084f7c10f2d2d1
Secunia Security Advisory 51666
Posted Dec 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in grep, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory
SHA-256 | 4203930f74e8f9e413ed4ba318cf0126857ad31fc57ecdf570ffd6918a03e3e0
Page 2 of 26
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close