what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed

Files

Barracuda NG Firewall Remote Command Execution
Posted Jun 12, 2011
Authored by Lukas Nothdurfter, Wolfgang Neudorfer

It is possible to execute an arbitrary command with root privileges on phion netfence 4.0.x, phion netfence versions prior to 4.2.15 and NG Firewall versions prior to 5.0.2 boxes with activated external authentication scheme (i.e. Active Directory). An attacker with the knowledge of an admin's username is able to perform arbitrary shell commands during the ssh login procedure on the box. The knowledge of the admin's password is not required.

tags | advisory, arbitrary, shell, root
SHA-256 | fee59e2c3c8776e6ab9ed6abb4364a9562154ddc30dfed06de24b65179dd71f4

Related Files

Novell LDAP-SSL Daemon Denial Of Service
Posted May 16, 2011
Authored by Knud | Site nsense.fi

nSense Vulnerability Research Security Advisory - It is possible to cause a denial of service in Novell's LDAP-SSL daemon due to the system blindly allocating a user-specified amount of memory. Exploiting the issue on a Netware system will cause a system-wide DoS condition.

tags | exploit, denial of service
SHA-256 | 972238c95111a6fb64022b85c2982b7c92402fed540695e47f81e34f5d96e993
SPlayer 3.7 Content-Type Buffer Overflow
Posted May 12, 2011
Authored by sinn3r, xsploited Security | Site metasploit.com

This Metasploit module exploits a vulnerability in SPlayer versions 3.7 and below. When SPlayer requests the URL of a media file (video or audio), it is possible to gain arbitrary remote code execution due to a buffer overflow caused by an exceeding length of data as the 'Content-Type' parameter.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | OSVDB-72181
SHA-256 | 6f2550278cc4becee8ea4249e308c87e89641d1cb88d107eb931d8849ab4c457
Zero Day Initiative Advisory 11-158
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-158 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the OnChannelRedirect method. When an OBJECT element has no mChannel assigned, it is possible to call the |OnChannelRedirect| method, setting a nearly arbitrary object as the channel in use. |mChannel| will become a dangling pointer, allowing an attacker to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0065
SHA-256 | baf5cb4b2ab7dca06997273264474bc5c5809fb5af3408db491c5a0a763de998
Zero Day Initiative Advisory 11-157
Posted May 10, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-157 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Firefox handles user defined functions of a nsTreeSelection element. When executing the function invalidateSelection it is possible to free the nsTreeSelection object that the function operates on. Any further operations on the freed object can result in remote code execution.

tags | advisory, remote, arbitrary, code execution
SHA-256 | 766e4f1bea6c57dd6abff97f2c936258d3c2a92aab1a04dbdb224fc0df554a53
Oracle Database Server Network Denial Of Service
Posted May 3, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Sending a specially crafted network packet to an Oracle Database during the connection before the user authentication is performed it is possible to make the Oracle process consume all available CPU resources. To exploit this vulnerability no authentication is needed, the attacker needs to know the SID or Service Name of the database. Affected are Oracle Database Server versions 10gR1, 10gR2, 11gR1 and 11gR2 (on Windows platform).

tags | advisory
systems | windows
advisories | CVE-2011-0806
SHA-256 | 6061c4891857303cc29e065da2ea05260f71114bccb80e80eab2d4b335fe434d
Mandriva Linux Security Advisory 2011-079
Posted Apr 30, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-079 - Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system. Various other issues were also addressed.

tags | advisory, protocol
systems | linux, windows, mandriva
advisories | CVE-2011-1202, CVE-2011-0071, CVE-2011-0076, CVE-2011-0067, CVE-2011-0065, CVE-2011-0066, CVE-2011-0073, CVE-2011-0081, CVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072
SHA-256 | 1c95ea9cdefc67e8ee438446205a5ef410e3cfc12f3fd1aea55221701e09723d
Oracle JD Edwards JDENET SawKernel Remote Password Disclosure
Posted Apr 28, 2011
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. It is possible for a remote and unauthenticated attacker to retrieve passwords of users that are allowed to login to the SAW Kernel (System Administration Workbench Kernel) in default installations of JD Edwards EnterpriseOne servers. As SAW users are allowed to, among other things, remotely execute commands on the server, the exploitation of this vulnerability leads to a full compromise of the server.

tags | advisory, remote, kernel
SHA-256 | f5e070e8139c15730f71e2ea443c613b4a3d3b03b82fa0971259148856bc1535
Asterisk Project Security Advisory - AST-2011-006
Posted Apr 22, 2011
Authored by Matthew Nicholson | Site asterisk.org

Asterisk Project Security Advisory - It is possible for a user of the Asterisk Manager Interface to bypass a security check and execute shell commands when they should not have that ability. Sending the "Async" header with the "Application" header during an Originate action, allows authenticated manager users to execute shell commands. Only users with the "system" privilege should be able to do this.

tags | advisory, shell
SHA-256 | 31ede85ee7d0cff21021d4dd6f89dfc438a48a6a387fbe72033246f6071a6e17
Asterisk Project Security Advisory - AST-2011-005
Posted Apr 21, 2011
Authored by Tzafrir Cohen | Site asterisk.org

Asterisk Project Security Advisory - On systems that have the Asterisk Manager Interface, Skinny, SIP over TCP, or the built in HTTP server enabled, it is possible for an attacker to open as many connections to asterisk as he wishes. This will cause Asterisk to run out of available file descriptors and stop processing any new calls. Additionally, disk space can be exhausted as Asterisk logs failures to open new file descriptors.

tags | advisory, web, tcp
advisories | CVE-2011-1507
SHA-256 | 471ce01d238810bef4b672c13bed60968aa25283433c449bf7c0a05b6b29d2ae
Zero Day Initiative Advisory 11-135
Posted Apr 15, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-135 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the Webkit library handles WBR tags on a webpage. By adding children to a WBR tag and then consequently removing the tag through, for example, a 'removeChild' call it is possible to create a dangling pointer that can result in remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-1344
SHA-256 | be4c8dd019c0ab1ff982bb32c801b502ffe05b5d52a29f1a44bb8a75cc279411
Zero Day Initiative Advisory 11-134
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-134 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite r12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RegenerateReport stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the RegenerateReport stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
SHA-256 | 9604c9d1dba521a52fec22695da4ef25091e8b8ac4dd8e7c7d4451edd336a30c
Zero Day Initiative Advisory 11-133
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-133 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeleteReports stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the DeleteReports stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
SHA-256 | 63e6487bc5e04f7f5fb3b9d735fe4a94a20ce08835b90f30d5200a28f74fa88e
Zero Day Initiative Advisory 11-132
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-132 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeleteReportLayout stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the DeleteReportLayout stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
SHA-256 | 142dc870b1e27809cf5462bfb9c020f9b964670c2aa95a15de96b5c4fb38a774
Zero Day Initiative Advisory 11-131
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-131 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NonAssignedUserList stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the NonAssignedUserList stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
SHA-256 | c8588b14f2af9ae6351222e30cea70f2eabb552c5d74b4a76ef031ab0e46d0b7
Zero Day Initiative Advisory 11-130
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-130 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite Unified Network Control Management Console. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeleteFilter stored procedure, accessed via the MainApplication.html console. The Unified Network Control Management Console listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the DeleteFilter stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
SHA-256 | d01e6cf4fc6bdb05a9814da878a530840c02bb2c5cb63953ab07a0633c7b9416
Zero Day Initiative Advisory 11-129
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-129 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UnassignAdminRoles stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the UnAssignFunctionalUsers stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
SHA-256 | 0ec175efc79d75101fcc9188b8620d95bc4b3627a90310bc64e0d7834862b9d4
Zero Day Initiative Advisory 11-128
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-128 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UnAssignFunctionalRoles stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the UnAssignFunctionalUsers stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2011-1653
SHA-256 | d6e71067fdc7623aa9dc1e33e254f51ef48f0e2c1afe154361941ac748d11199
Zero Day Initiative Advisory 11-127
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-127 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the management.asmx module of the Management Web Service. This process responds to SOAP 1.2 requests on port 34444 for HTTP and port 34443 for HTTPS. Due to a flaw in the implementation of the getDBConfigSettings method, it is possible for an unauthenticated user to obtain the server's database credentials, which are transmitted via plaintext. Given the database credentials, it is trivial for a remote user to authenticate to the server and execute arbitrary code under the context of the database administrator.

tags | advisory, remote, web, arbitrary
advisories | CVE-2011-1655
SHA-256 | 9fa33067aa130781fbca691ab154e2e2a3db26473c6f6b321ca13b718821e3c0
Zero Day Initiative Advisory 11-126
Posted Apr 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-126 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Endpoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within CA.Itm.Server.ManagementWS.dll. Due to a failure to properly sanitize user-controlled input, it is possible for a remote unauthenticated attacker to upload and subsequently execute arbitrary code under the context of the CA Total Defense Heartbeat Web service. Requests delivered to FileUploadHandler.ashx are subject to arbitrary file writes, including directory traversal attacks, in the GUID parameter. The Heartbeat Web service listens for HTTP requests on port 8008 and 44344 for HTTPS.

tags | advisory, remote, web, arbitrary
advisories | CVE-2011-1654
SHA-256 | dad5be5eb24d551c6fb279d2bc92a6b4dd9214d0faf839139e13b499c4cdcdcc
Microsoft Reader 2.1.1.3143 NULL Byte
Posted Apr 12, 2011
Authored by Luigi Auriemma | Site aluigi.org

Microsoft Reader versions 2.1.1.3143 and below suffer a vulnerability where it is possible to write a NULL byte in an arbitrary location. Proof of concept code included.

tags | exploit, arbitrary, proof of concept
systems | linux
SHA-256 | 3ba8f6dc4e42fd99a33bc3b292421fe6ab97580ae939c9c6bfcabd8622df678f
Zero Day Initiative Advisory 11-114
Posted Apr 2, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-114 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Helix Server products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rmserver.exe process. This process is active by default on all Helix Server installations. Due to a failure to properly sanitize the contents of the 'x-wap-profile' header, it is possible to provide malicious data that is passed directly to a format string function. Remote attackers could leverage this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary
advisories | CVE-2010-4235
SHA-256 | 54fed41704520a09e4229da1427da75cd22e7ffa613a84893bfccada14f2167d
Zero Day Initiative Advisory 11-113
Posted Mar 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-113 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Zend Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Zend Java Bridge v3.1 component of the Zend Server framework. The javamw.jar service accepts TCP requests on port 10001 by default. With nothing more than the knowledge of the proprietary communication protocol used by the Zend Server Java Bridge, it is possible to send arbitrary Java code to javamw.jar service and remotely execute these commands under the context of the user running the web server process.

tags | advisory, java, remote, web, arbitrary, tcp, protocol
SHA-256 | 9ff00ca55c520c19871b67b0652dabe5ef5cf5dc7e91eb8cfb94fcdee37c8fb0
IGSS 8 ODBC Server Denial Of Service
Posted Mar 23, 2011
Authored by Jeremy Brown

There are multiple remote uninitialized pointer free conditions in IGSS's ODBC server. By sending a specially crafted packet to listening port 20222, it is possible to crash the server. Execution of arbitrary code is unlikely.

tags | exploit, remote, denial of service, arbitrary
SHA-256 | d82e97b8f0e340895167edfec6e1532847830e7ddab52ff2c288237ef372149f
Adobe Flash Player AVM Bytecode Verification
Posted Mar 23, 2011
Authored by bannedit | Site metasploit.com

This Metasploit module exploits a vulnerability in AVM2 action script virtual machine used in Adobe Flash Player versions 9.0 through 10. The AVM fails to properly verify bytecode streams prior to executing it. This can cause uninitialized memory to be executed. Utilizing heap spraying techniques to control the uninitialized memory region it is possible to execute arbitrary code. Typically Flash Player is not used as a standalone application. Often, SWF files are embedded in other file formats or specifically loaded via a web browser. Malcode was discovered in the wild which embedded a malformed SWF file within an Excel spreadsheet. This exploit is based off the byte stream found within that malcode sample.

tags | exploit, web, arbitrary
advisories | CVE-2011-0609
SHA-256 | 42f45f3260ab9c5b8cc16ebc8f87909c47dfc836d8362769726a745db24e2709
iDEFENSE Security Advisory 2011-03-21.1
Posted Mar 22, 2011
Authored by iDefense Labs, Tobias Klein

iDefense Security Advisory 03.21.11 -Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a certain maliciously constructed record. This record is used to describe a formula that is shared between multiple cells. In this record, the 'formula' field is used to specify the formula used. By corrupting certain opcodes within this formula it is possible to trigger a memory corruption vulnerability. This can lead to the execution of arbitrary code. Apple has reported Mac OS X and OS X Server 10.6 through 10.6.6 vulnerable.

tags | advisory, remote, arbitrary
systems | apple, osx
SHA-256 | 63116851ec25226dbd4100de9d28241e487287adbf0d2b37b83b6a4707c90918
Page 4 of 4
Back1234Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close