exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Audio Editor Master 5.4.1.217 Denial Of Service
Posted Jun 6, 2012
Authored by Onying

Audio Editor Master version 5.4.1.217 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | b6930c08d1b40f2adf2de7921d89da8214fff73ac57df097378d448e1c3d2690

Related Files

Password Safe Cracker
Posted Jul 19, 2012
Authored by bwall | Site github.com

This cracker was created to brute force master passwords for the Password Safe tool at http://passwordsafe.sourceforge.net/.

tags | web, cracker
systems | unix
SHA-256 | 9240452d901cbdc70840e61553e42a2cb50559acbc476a049ea72583be9c28e1
Ubuntu Security Notice USN-1506-1
Posted Jul 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1506-1 - It was discovered that Puppet incorrectly handled certain HTTP GET requests. An attacker could use this flaw with a valid client certificate to retrieve arbitrary files from the Puppet master. It was discovered that Puppet incorrectly handled Delete requests. If a Puppet master were reconfigured to allow the "Delete" method, an attacker on an authenticated host could use this flaw to delete arbitrary files from the Puppet server, leading to a denial of service. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-3864, CVE-2012-3865, CVE-2012-3866, CVE-2012-3867, CVE-2012-3864, CVE-2012-3865, CVE-2012-3866, CVE-2012-3867
SHA-256 | 2db822b8deddc568488cbb2592bc0d946bcd94f89af0b800dc6692643cf7a671
Secunia Security Advisory 49422
Posted Jun 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Audio Editor Master, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 166184546641d35f54b018dc4af673f13166413c2251678187b2728f812a49f8
Drupal Hostmaster 6.x Cross Site Scripting / Access Bypass
Posted May 16, 2012
Authored by STE Jones, Ivo Van Geertruyen | Site drupal.org

Drupal Hostmaster third party module version 6.x suffers from access bypass and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | 7c02451f79ba6d4bfe66bd38a9d30bc0c21b9498c33fec40e740f123d695f5e5
Ramui Forum Script Cross Site Scripting
Posted May 7, 2012
Authored by 3spi0n

Ramui Forum Script suffers from a cross site scripting vulnerability. The webmaster of this site has contacted us and has addressed this issue.

tags | exploit, xss
SHA-256 | bb143f148ba5864fdc8665fdc8e1b51a1816c3792af5e9cdadbd6943fa22317f
TFTP Fuzzer Script
Posted Mar 26, 2012
Authored by TheXero | Site nullsecurity.net

This is a master TFTP fuzzing script that is part of the ftools series of fuzzers.

tags | tool, fuzzer
SHA-256 | 755340a7bf126ffa85a75b665f2ab8d8bbce4423a7d9465e50f20688867b3732
BJMaster Design SQL Injection
Posted Mar 3, 2012
Authored by 3spi0n

BJMaster Design suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d323aa76e46e4fbf4c806cecdf82910166fc0b60ec2453524fc4b5f5b91454cb
Secunia Security Advisory 48037
Posted Feb 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 9731674ad7c7d05f29ca679e9e884253cb1dda449dbdbd784bc725248fe27731
BSD/x86 execve ('/bin/sh -c "/etc/master.passwd"') setreuid(0,0) Shellcode
Posted Jan 16, 2012
Authored by KedAns-Dz

94 bytes small BSD/x86 execve ('/bin/sh -c "/etc/master.passwd"') setreuid(0,0) shellcode.

tags | x86, shellcode
systems | bsd
SHA-256 | fa8695efffe51e32d85a7add93904eb75c24cf151a45133bc12107cd8d25c95f
Overview To HTML5 Web Security
Posted Dec 15, 2011
Authored by Michael Schmidt | Site csnc.ch

Whitepaper called Overview to HTML5 web security. This article is an extract of the master thesis written by Michael Schmidt. It needs to be considered that the content of this document was released in May 2011.

tags | paper, web
SHA-256 | 80db6816d328e2047d44c3b598a2a9756e6a4f2de1f01ef7af19901983063af3
Secunia Security Advisory 46101
Posted Nov 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Hostmaster (Aegir) module for Drupal, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | fa10a1ee5aa26ee90d117e8e12ab75faa3df1e4e21e5345d4169c893c31d30a5
Ubuntu Security Notice USN-1238-2
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1238-2 - USN-1238-1 fixed vulnerabilities in Puppet. The upstream patch introduced a regression in Ubuntu 11.04 when executing certain commands. This update fixes the problem. It was discovered that Puppet incorrectly handled the non-default "certdnsnames" option when generating certificates. If this setting was added to puppet.conf, the puppet master's DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master's certificate. An attacker that has an incorrect agent certificate in his possession can use it to impersonate the puppet master in a man-in-the-middle attack.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-3872
SHA-256 | 24f1ff0a4bf1e3e276009e4999f192df87a00a2098234c3807f2ffc5f471cff2
Ubuntu Security Notice USN-1238-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1238-1 - It was discovered that Puppet incorrectly handled the non-default "certdnsnames" option when generating certificates. If this setting was added to puppet.conf, the puppet master's DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master's certificate. An attacker that has an incorrect agent certificate in his possession can use it to impersonate the puppet master in a man-in-the-middle attack.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2011-3872
SHA-256 | ae7ab9a381c1ba9bfec6b237a0e254fca36b4e9df829004852518239d8c13d45
Ubuntu Security Notice USN-1217-1
Posted Sep 29, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1217-1 - Kristian Erik Hermansen discovered a directory traversal vulnerability in the SSLFile indirection base class. A remote attacker could exploit this to overwrite files with the privileges of the Puppet Master.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2011-3848
SHA-256 | cb0df75e0ea4625a8f572eb50a779b751932821421ee7b8d18861e0a3ad2212f
Perfect PDF 7 Master / Reader Insecure Libraries
Posted Jun 19, 2011
Authored by Stefan Kanthak

Perfect PDF 7 Master and Reader both ship with outdated and vulnerable libraries.

tags | advisory
SHA-256 | 14dde26f1a2df99002e81efe5c28e7c71adb7d2004dafc01c10244d4eb0397e2
Red Hat Security Advisory 2011-0843-01
Posted Jun 1, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0843-01 - Postfix is a Mail Transport Agent, supporting LDAP, SMTP AUTH, and TLS. A heap-based buffer over-read flaw was found in the way Postfix performed SASL handlers management for SMTP sessions, when Cyrus SASL authentication was enabled. A remote attacker could use this flaw to cause the Postfix smtpd server to crash via a specially-crafted SASL authentication request. The smtpd process was automatically restarted by the postfix master process after the time configured with service_throttle_time elapsed. Various other issues were also addressed.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2011-1720
SHA-256 | 290f32e19e804868ba34739ec9704dcafcfdf5319694188c9ac9fd4eb3c9d6dd
Moscrack WPA Cluster Cracker 2.07b
Posted May 18, 2011
Authored by Ryan Babchishin | Site moscrack.sourceforge.net

Moscrack is intended to facilitate the use of a WPA cracker on a cluster. Currently, it has only been used with Mosix (clustering software) and SSH nodes. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to separate processes that run in parallel. The parallel processes can then execute on different nodes in your cluster. All results are checked (to a degree) and recorded on your master node. Logging, error handling, etc. are all handled for you. Moscrack is designed to be run for long periods of time (days, weeks, or more).

Changes: A plugin framework and API were created. A dehasher plugin was created to crack SHA256/512, MD5, DES, and *Blowfish Unix password hashes. A bug in hot config was fixed.
tags | cracker
systems | unix
SHA-256 | e066d79a30cdb3c958d794bd619c49b023fc0f43e65b86c4e24c58d6d74e4bdd
Secunia Security Advisory 44553
Posted May 13, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM Datacap Taskmaster Capture, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 567a6f4115953a6969869bc182614dede8641ec383da25b3d252c1795d634dd7
PassmanLite Cleartext Secrets
Posted May 7, 2011
Authored by Simon Roses | Site simonroses.com

The PassManLite Password Manager for Android stores the master password and database accounts in clear text.

tags | advisory
SHA-256 | c0936d08387690ca03232c6cd9336db5a134ebe29782f62511f4b45ddefb231a
Moscrack WPA Cluster Cracker 2.06b
Posted Apr 25, 2011
Authored by Ryan Babchishin | Site moscrack.sourceforge.net

Moscrack is intended to facilitate the use of a WPA cracker on a cluster. Currently, it has only been used with Mosix (clustering software) and SSH nodes. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to separate processes that run in parallel. The parallel processes can then execute on different nodes in your cluster. All results are checked (to a degree) and recorded on your master node. Logging, error handling, etc. are all handled for you. Moscrack is designed to be run for long periods of time (days, weeks, or more).

Changes: This is a minor bugfix release because 2.05b had an error in the sample config file that was causing Moscrack to fail to load. Other small things have been fixed at the same time. If you had trouble getting 2.05b to work, update to 2.06b.
tags | cracker
systems | unix
SHA-256 | 6264c658b35443b0abef0c3dc2b58d0e401c4637a21dee626b12c9027294bf3c
Moscrack WPA Cluster Cracker 2.05b
Posted Apr 21, 2011
Authored by Ryan Babchishin | Site moscrack.sourceforge.net

Moscrack is intended to facilitate the use of a WPA cracker on a cluster. Currently, it has only been used with Mosix (clustering software) and SSH nodes. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to separate processes that run in parallel. The parallel processes can then execute on different nodes in your cluster. All results are checked (to a degree) and recorded on your master node. Logging, error handling, etc. are all handled for you. Moscrack is designed to be run for long periods of time (days, weeks, or more).

Changes: This release added various automatic chunk size options, hung node detection, dynamic node configuration, improved CPU demands, TCP-based status checks, and a CGI interface.
tags | cracker
systems | unix
SHA-256 | 4b26d31504786a1ad4422ca5b61802511847d6c0251eadc36194d0932ed7c4d1
1024cms ACP 1.1.0 Master-cPanel Cross Site Scripting
Posted Apr 8, 2011
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

1024cms Admin Control Panel version 1.1.0 Beta Master-cPanel package suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | ee30cc9ef6e3c2fbccfc4751f4a67c2589a0bea5b4988189e37b6e9bbbb7287d
1024cms ACP 1.1.0 Master-cPanel Local File Inclusion
Posted Apr 8, 2011
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

1024cms Admin Control Panel version 1.1.0 Beta Master-cPanel package suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 7975b0f9f1c6865f41f7054ad4a84e1a382158deff42c3fd8fde2fef9aa1a5d6
Moscrack WPA Cluster Cracker 2.04b
Posted Apr 4, 2011
Authored by Ryan Babchishin | Site moscrack.sourceforge.net

Moscrack is intended to facilitate the use of a WPA cracker on a cluster. Currently, it has only been used with Mosix (clustering software) and SSH nodes. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to separate processes that run in parallel. The parallel processes can then execute on different nodes in your cluster. All results are checked (to a degree) and recorded on your master node. Logging, error handling, etc. are all handled for you. Moscrack is designed to be run for long periods of time (days, weeks, or more).

Changes: This release adds RSH, Pyrit, and checkpoint/resume features.
tags | cracker
systems | unix
SHA-256 | 9e3266b4a6f5ae2e53b40d3c5e991124d65109c96cbb495ee2ede2af43102b27
Mandriva Linux Security Advisory 2011-056
Posted Mar 30, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-056 - chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server. bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name, which allows remote attackers to bypass intended access restrictions via an arbitrary password. modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service via a relative Distinguished Name that contains an empty value for the OldDN field. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, arbitrary, root
systems | linux, mandriva
advisories | CVE-2011-1024, CVE-2011-1025, CVE-2011-1081
SHA-256 | ace7fafa9471fca6031d43a03d644b937b041bcea223a3fb3b08278136c49d2e
Page 1 of 4
Back1234Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close