what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

e107 0.7.25_full Cross Site Scripting / Remote File Inclusion
Posted Apr 19, 2011
Authored by KedAns-Dz

e107 version 0.7.25_full suffers from cross site scripting and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, file inclusion
SHA-256 | a1009de0e9d35d4684ddf711c669b7f6adc01cfdf2acabcd1c1311d4efad15bb

Related Files

Mandriva Linux Security Advisory 2012-137
Posted Aug 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-137 - Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled power button events. A local attacker could use this to execute arbitrary code, and possibly escalate privileges. Helmut Grohne and Michael Biebl discovered that ACPI scripts were executed with a permissive file mode creation mask. A local attacker could read files and modify directories created by ACPI scripts that did not set a strict umask. The updated packages have been patched to correct these issues.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2011-2777, CVE-2011-4578
SHA-256 | bf64566f3857d8378c5f530d05dddf5ae935df9d405244ca913d69759b5cc8fb
Mandriva Linux Security Advisory 2012-136
Posted Aug 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-136 - Multiple cross-site scripting vulnerabilities was discovered by using the Database structure page with a crafted table name. This upgrade provides the latest phpmyadmin version to address this vulnerability.

tags | advisory, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2012-4345
SHA-256 | 4f113b7473341f4b5b1404d9fbf72c22dd8466370f6b383c45f0eb638cb6c89e
Lsoft ListServ 16 Cross Site Scripting
Posted Aug 17, 2012
Authored by Jose Carlos de Arriba

Lsoft ListServ version 16 suffers from a cross site scripting vulnerability. The issue is fixed in WA revision r4276.

tags | exploit, xss
SHA-256 | ffe1f02e0f063983d7edcebebc145edd536e5798c84727d1e438b00cb820d5c1
Jaow CMS 2.3 Cross Site Request Forgery
Posted Aug 17, 2012
Authored by DaOne

Jaow CMS version 2.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | c657173514edace566f414ca34f718968863e18646b9923687c4ad2e09b82608
Elastix 2.2.0 Local File Inclusion
Posted Aug 17, 2012
Authored by cheki

Elastix version 2.2.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | e3766268449894cd90fba749cdfdc3b110bd29043924e14cf6418689bfa23382
Hastymail2 Webmail 1.1 RC2 Cross Site Scripting
Posted Aug 17, 2012
Authored by Shai rod

Hastymail2 Webmail version 1.1 RC2 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e5603aa49a000259245c4d8c25c238c4b532a5ced67a9626f40e89c41de66dc6
T-dah Webmail 3.2.0 Cross Site Scripting
Posted Aug 17, 2012
Authored by Shai rod

T-dah Webmail version 3.2.0 suffers from stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | f849cce7db945350fcf31a0846493b9158d0a5016e1c297b052c01017c41218b
WeBid 1.0.4 RFI / File Disclosure / SQL Injection
Posted Aug 17, 2012
Authored by dun

WeBid versions 1.0.4 and below suffer from local file disclosure, remote file inclusion, and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, sql injection, file inclusion
SHA-256 | cadf34d43c06b4a8884f133bd4533936acc454d86939dd74decdbe83787a788e
ICS-CERT Advisory - Tridium Niagara Issues
Posted Aug 17, 2012
Authored by ICS-CERT | Site ics-cert.org

ICS-CERT Advisory ICSA-12-228-01 - Independent security researchers Billy Rios and Terry McCorkle have identified multiple vulnerabilities in the Tridium Niagara AX Framework software. The vulnerabilities include directory traversal, weak credential storage, session cookie weaknesses, and predictable session IDs, all of which can be exploited remotely. All known versions of the Tridium Niagara AX Framework software products are susceptible to these vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2012-4027, CVE-2012-4028, CVE-2012-3025, CVE-2012-3024
SHA-256 | a321597efe4a62df5a3a2266cf1f16eb392c55adffe8c8fa35b7747b79ea649b
GNU Transport Layer Security Library 3.1.0
Posted Aug 17, 2012
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: This release adds support for using and storing cryptographic keys in the system's TPM module and several other improvements.
tags | protocol, library
SHA-256 | 4fdb58572fb91fc0afbdfcd7845d4467d4b13ef2f9141bdaa955b959a319f8cc
GIMP 2.6 Script-Fu Command Execution
Posted Aug 17, 2012
Site reactionpenetrationtesting.co.uk

There is an arbitrary command execution vulnerability in the scriptfu network server console in the GIMP 2.6 branch. It is possible to use a python scriptfu command to run arbitrary operating-system commands and potentially take full control of the host.

tags | advisory, arbitrary, python
advisories | CVE-2012-4245
SHA-256 | 6bb8abc35df548c551fcf9ff102ee8db444b1e273993fe8a725e91885c36da04
ManageEngine OpStor 7.4 Cross Site Scripting / SQL Injection
Posted Aug 17, 2012
Authored by Ibrahim El-Sayed, Vulnerability Laboratory | Site vulnerability-lab.com

ManageEngine OpStor version 7.4 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 0d32814a7c7e07a67aa2e95cf6174ae8d8c2d00a3fc33f9753921e77bd33d89f
DNS Spider Multithreaded Bruteforcer 0.4
Posted Aug 17, 2012
Authored by noptrix | Site nullsecurity.net

DNS Spider is a multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.

Changes: Added postfix option. Upgraded wordlist. Fixed a bug for returned list. Colorized output. Changed error messages.
tags | tool, scanner
systems | unix
SHA-256 | 42aac743fdc74591a341e7fe933e13851912c3eae3ac0c04086913041adab349
Hashes Generation And Injection Tool
Posted Aug 17, 2012
Authored by Pedro Ribeiro | Site github.com

Hashes is a cross-platform tool that generates and injects different keys with the same hash code in order to test web applications against hash collision attacks. Written in Java. Has support for Java, PHP, ASP, and V8.

tags | tool, java, web, php, asp
systems | unix
SHA-256 | 6bedf1fbba1ca220222bc6be3b897176d50aac02f53df2ed5328792dd158289c
Mandriva Linux Security Advisory 2012-135
Posted Aug 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-135 - The DCP ETSI dissector could trigger a zero division. The MongoDB dissector could go into a large loop. The XTP dissector could go into an infinite loop. The AFP dissector could go into a large loop. The RTPS2 dissector could overflow a buffer. The CIP dissector could exhaust system memory. The STUN dissector could crash. The EtherCAT Mailbox dissector could abort. The CTDB dissector could go into a large loop. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4296, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4290
SHA-256 | ed1f626a9ec66091da1ced33f9dcf94853900a07685bff02a384520cb736cdfc
Roundcube Webmail 0.8.0 Cross Site Scripting
Posted Aug 17, 2012
Authored by Shai rod

Roundcube Webmail version 0.8.0 suffers from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 6dfa0a7ef6c176b11b524cca79272af01deb78987c2cd19c827f958047b30f1e
Nike+ Panel / Mobile App Cross Site Scripting
Posted Aug 17, 2012
Authored by Benjamin Kunz Mejri, Dhillon Kannabhiran, Vulnerability Laboratory | Site vulnerability-lab.com

Nike+ Panel and Mobile App suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 318952fc36f8ecd15a627349d8609286daecfc86c7dc03596b132349ec1fbeed
ShopperPress WordPress Theme 2.7 Cross Site Scripting
Posted Aug 17, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

ShopperPress WordPress theme version 2.7 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 491c4ea2642b413280ac3851a6e53813f20e256059abdc11931d3d115eea5543
Mandriva Linux Security Advisory 2012-134
Posted Aug 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-134 - The DCP ETSI dissector could trigger a zero division. The MongoDB dissector could go into a large loop. The XTP dissector could go into an infinite loop. The AFP dissector could go into a large loop. The RTPS2 dissector could overflow a buffer. The GSM RLC MAC dissector could overflow a buffer. The CIP dissector could exhaust system memory. The STUN dissector could crash. The EtherCAT Mailbox dissector could abort. The CTDB dissector could go into a large loop. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4296, CVE-2012-4297, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4290
SHA-256 | e7a2ce0735205d049fc69106cd58cf7bc1f4cbae6e55ed2fc256e52ad05d4759
ProQuiz 2.0.2 Cross Site Request Forgery
Posted Aug 17, 2012
Authored by DaOne

ProQuiz version 2.0.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 1d3692f82eccc72015fdd11936a3d8a2526c9cdc5a3e7bfa34d939d1a50b1171
Slackware Security Advisory - t1lib Updates
Posted Aug 17, 2012
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New t1lib packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. These fixes include overflows, crashes, and pointer bugs.

tags | advisory, overflow
systems | linux, slackware
advisories | CVE-2010-2642, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554
SHA-256 | aca91d3d6ff3435ba1461c911ecfeabf51d810fd120a10d94a1a06a0d8a10e46
Internet Explorer Remote Code Execution With DEP And ASLR Bypass
Posted Aug 17, 2012
Authored by FaryadR

The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized or is deleted, aka "Time Element Memory Corruption Vulnerability." This is an exploit for the vulnerability noted in MS11-050.

tags | exploit, remote, arbitrary
systems | windows
advisories | CVE-2011-1255
SHA-256 | ce6d03f8afb8da5e9fab7773161352eac8d3bfb7b25bc19d2aa5c97279ad7812
E-Mail Security Virtual Appliance (EVSA) Remote Command Execution
Posted Aug 17, 2012
Authored by iJoo

E-Mail Security Virtual Appliance (EVSA) suffers from a remote command execution vulnerability. Versions prior to 2.0.6 are affected.

tags | exploit, remote
SHA-256 | 6e4b74507cc0d89132a2039f65a75dcfe8903fdc24f6e4e066324b6bdfab2cac
Mandriva Linux Security Advisory 2012-133
Posted Aug 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-133 - It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the usbmux user. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0065
SHA-256 | 3ae2eaf49a9bfc802e659cf70f95a8ee4095350027b507c59c3be723c46cae97
ShopperPress WordPress Theme 2.7 SQL Injection
Posted Aug 17, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

The ShopperPress WordPress theme version 2.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ed35edb8650c19623a01a17b915ca31339739c6d58d3e1a859b296896830b99d
Page 2 of 4
Back1234Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close