what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Social Engine 4 Cross Site Scripting
Posted Jul 27, 2012
Authored by X-Cisadane

Social Engine version 4 suffers from persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 9cb66f52c5d1f11ad81ff910c9c102602740a914f20a0ffd26f00dea52754f32

Related Files

ManageEngine OpStor 7.4 Cross Site Scripting / SQL Injection
Posted Aug 17, 2012
Authored by Ibrahim El-Sayed, Vulnerability Laboratory | Site vulnerability-lab.com

ManageEngine OpStor version 7.4 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 0d32814a7c7e07a67aa2e95cf6174ae8d8c2d00a3fc33f9753921e77bd33d89f
Social Engine 4.2.5 Cross Site Scripting
Posted Aug 17, 2012
Authored by X-Cisadane, Vulnerability Laboratory | Site vulnerability-lab.com

Social Engine version 4.2.5 suffers from input validation and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 9cccc1f1afba3410682d642eec4bfad1139cc84cd5e5a5d4b0b60db0352e87f2
Secunia Security Advisory 50198
Posted Aug 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - loneferret has discovered a vulnerability in ManageEngine Service Desk Plus, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | 4b576f909e08c470239259f64d977553f3e5fa4e4a72ed165b1d7a788f36a797
Ubuntu Security Notice USN-1524-1
Posted Aug 9, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1524-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2011-3046, CVE-2011-3050, CVE-2011-3067, CVE-2011-3068, CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075, CVE-2011-3078, CVE-2012-0672, CVE-2012-3615, CVE-2012-3655, CVE-2012-3656, CVE-2012-3680
SHA-256 | cbaae6919431428ce28f0525f8b4610c12e3488e31906a3c083d3654bfca78e3
Triggering Windows 7
Posted Aug 8, 2012
Authored by Prateek Shukla

This is a brief whitepaper discussing how to BackTrack 5 and the Social Engineering Toolkit (SET) to generate a malicious java applet in order to gain a reverse shell on Windows 7.

tags | paper, java, shell
systems | windows
SHA-256 | c465ce76e11d434cefe598ce9ad6f6709a3c029e5620d87ca6bb83721ba8d677
Secunia Security Advisory 50144
Posted Aug 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Sauerbraten Game Engine, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 415bdb53a582f34c45fd6d68ab280ae7b73a6a7f56050e69f13483d539d6bbbe
Secunia Security Advisory 50095
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in SocialEngine, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | a97ca29acf0391a400db8256682379a894ac51298a22a1e4838fbd6c2fa0892f
Mandriva Linux Security Advisory 2012-110-1
Posted Jul 30, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-110 - Security issues were identified and fixed in mozilla firefox and thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Mario Gomes and research firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the address bar by canceling the page load. Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues. Various other security issues have also been addressed.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-1949, CVE-2012-1948, CVE-2012-1950, CVE-2012-1951, CVE-2012-1954, CVE-2012-1953, CVE-2012-1952, CVE-2012-1955, CVE-2012-1966, CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1960, CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1964, CVE-2012-1965, CVE-2012-1967
SHA-256 | fc759a56d0fd0415fcdc1530461fc3a3b4be19990db69c21c30eed023857e0e8
Secunia Security Advisory 50075
Posted Jul 30, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability with an unknown impact has been reported in VStar Blog Engine.

tags | advisory
SHA-256 | 530eeef54ad5b207dab3e0bd2e64eff11afbb1443a8a3bcc84dc2d6279af8b3d
Mandriva Linux Security Advisory 2012-110
Posted Jul 24, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-110 - Security issues were identified and fixed in mozilla firefox and thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Mario Gomes and research firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the address bar by canceling the page load. This causes the address of the previously site entered to be displayed in the address bar instead of the currently loaded page. This could lead to potential phishing attacks on users. Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues: two use-after-free problems, one out of bounds read bug, and a bad cast. Various other issues were also addressed.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-1949, CVE-2012-1948, CVE-2012-1950, CVE-2012-1951, CVE-2012-1954, CVE-2012-1953, CVE-2012-1952, CVE-2012-1955, CVE-2012-1966, CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1960, CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1964, CVE-2012-1965, CVE-2012-1967
SHA-256 | 1ce982533aa61dcb970d364a88b5efa396148d382b7871b4cc8d8b1681a6aafb
Suricata IDPE 1.3
Posted Jul 8, 2012
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: This release adds a TLS/SSL handshake parser, an HTTP user agent keyword, experimental rule reloading support, AF_PACKET bpf support and packet loss counters, Napatech hardware support, a configuration test mode, a rule analyzer, and on-the-fly MD5 calculation and matching for files. Performance and scalability have been improved.
tags | tool, intrusion detection
systems | unix
SHA-256 | e04c26178dc146b9bd7843e72fd7fdecf3195b883789550077a13046fd4cc69b
Netsniff-NG High Performance Sniffer 0.5.7
Posted Jun 30, 2012
Authored by Netsniff-NG Workgroup | Site netsniff-ng.org

netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.

Changes: This is a major release with lots of bug fixes and new features. Highlights include new dissectors for ICMPv6, IGMP, VLAN Q-in-Q, and MPLS, raw 802.11 support for capturing and replaying, and much more.
tags | tool, kernel, sniffer, protocol
systems | linux, unix
SHA-256 | ab4e1ef6aadb00b998349aff66e4e1cec53910113344c53ac8eb947fd46b5e89
Secunia Security Advisory 49646
Posted Jun 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in Cisco Application Control Engine products, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
systems | cisco
SHA-256 | 9599cf531e4083ef8df5f2742495afea519f6ce878470415003c457a67089a46
Cisco Security Advisory 20120620-ace
Posted Jun 21, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability exists in Cisco Application Control Engine (ACE) software. Administrative users may be logged into an unintended context (virtual instance) on the ACE when running in multicontext mode. Cisco has released free software updates that address this vulnerability. A workaround is available for this vulnerability.

tags | advisory
systems | cisco
SHA-256 | 543bfe7363a2968b41ab895f56066550f437e4aa52375a8a38bbe9e43155bb32
Red Hat Security Advisory 2012-0880-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0880-04 - Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A flaw was found in the way Qt handled X.509 certificates with IP address wildcards. An attacker able to obtain a certificate with a Common Name containing an IP wildcard could possibly use this flaw to impersonate an SSL server to client applications that are using Qt. This update also introduces more strict handling for hostname wildcard certificates by disallowing the wildcard character to match more than one hostname component.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2010-5076, CVE-2011-3922
SHA-256 | 88fdefaee5d521cf6eb6d97528778445e48f16725d34e7207c5a2cb76e6cb77b
Red Hat Security Advisory 2012-1013-01
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1013-01 - The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. When a JBoss server is configured to use JaccAuthorizationRealm, the WebPermissionMapping class creates permissions that are not checked and can permit access to users without checking their roles. If the ignoreBaseDecision property is set to true on JBossWebRealm, the web authorization process is handled exclusively by JBossAuthorizationEngine, without any input from JBoss Web. This allows any valid user to access an application, without needing to be assigned the role specified in the application's web.xml "security-constraint" tag.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-1167
SHA-256 | 00999837f17b1b0b26b7d6c7ae3e33974a469610cd0c968e5f9c9ec652967eac
Red Hat Security Advisory 2012-1014-01
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1014-01 - The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. When a JBoss server is configured to use JaccAuthorizationRealm, the WebPermissionMapping class creates permissions that are not checked and can permit access to users without checking their roles. If the ignoreBaseDecision property is set to true on JBossWebRealm, the web authorization process is handled exclusively by JBossAuthorizationEngine, without any input from JBoss Web. This allows any valid user to access an application, without needing to be assigned the role specified in the application's web.xml "security-constraint" tag.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-1167
SHA-256 | 67e1ea08d93cbca3238c670e8d691aa83c9a371df16c09c9749c576859ba213e
Netzob 0.3.3
Posted Jun 12, 2012
Site netzob.org

Netzob supports the expert in reverse engineering, evaluation, and simulation of communication protocols. Its main goals are to help security evaluators to assess the robustness of proprietary or unknown protocol implementations, simulate realistic communications to test third-party products (IDS, firewalls, etc.), and create an Open Source implementation of a proprietary or unknown protocol. Netzob provides a semi-automatic inferring process, and includes everything necessary to passively learn the vocabulary of a protocol and actively infer its grammar. The learnt protocol can afterward be simulated. Netzob handles text protocols (like HTTP and IRC), fixed field protocols (like IP and TCP), and variable field protocols (like ASN.1-based formats).

Changes: This release, codenamed "Flying Razorback", greatly enhances partitioning performance and offers many useful features, including a new visualization layer, a new search engine, more data manipulation functions, and import/export of projects and traces. In addition to Debian and Gentoo packages, a Windows installer is now available.
tags | tool, web, tcp, protocol
systems | unix
SHA-256 | 91fa98852cc51306077c49e5198bcaa8bc6229c3e02ab6e3a0db9b9a3a273542
Secunia Security Advisory 49271
Posted May 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Tiago Natel de Moura has discovered multiple vulnerabilities in SocialEngine, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and request forgery attacks.

tags | advisory, vulnerability, xss
SHA-256 | e124c0d562158eaaac866756fd5c64449c84ace9ff0384849a08d12c68d65cdc
Social Engine 4.2.2 Cross Site Request Forgery / Cross Site Scripting
Posted May 24, 2012
Authored by Tiago Natel de Moura

Social Engine version 4.2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2012-2216
SHA-256 | 0fa6f5de7bdbe3290ed0ede01f2bace1adff3a4674976586858e62e0e8ba2d18
Mandriva Linux Security Advisory 2012-081
Posted May 24, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed.

tags | advisory
systems | linux, windows, mandriva
advisories | CVE-2012-0468, CVE-2012-0467, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0472, CVE-2012-0473, CVE-2012-0474, CVE-2012-0477, CVE-2012-0478, CVE-2011-3062, CVE-2012-0479
SHA-256 | b4728ca55ce3cfd40444a11b5acd5298ece8e9bf6c775569b96cc5d90bcd9a33
HULK - Http Unbearable Load King
Posted May 18, 2012
Authored by Barry Shteiman | Site sectorix.com

HULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.

tags | tool, web, denial of service, python
SHA-256 | d9c1a1a5082375991a0038f05e0d43d9b63ed9ae620deaea9690c624aa50a37a
Secunia Security Advisory 49161
Posted May 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for gridengine. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, debian
SHA-256 | 158a0133a0d96405f70dd8b8ca43a4ab095c35ba1ea264eb57859f9f6a5b3d20
Debian Security Advisory 2472-1
Posted May 16, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2472-1 - Dave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitized before creating processes.

tags | advisory, root
systems | linux, debian
advisories | CVE-2012-0208
SHA-256 | fb5e1c809897c9f19723eac2b149d18e7bbd0d84cf8545cb5f93e9b78c5c44fb
SSLsplit 0.4.4
Posted May 12, 2012
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: This release adds improvements to OCSP denial and bugfixes.
tags | encryption
SHA-256 | 10da16c1be95d20157145da3dd5e9ffea69818889a25c2c134fcd14c97fbf6a3
Page 1 of 4
Back1234Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close