exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

GTA UTM Firewall GB 6.0.3 Cross Site Scripting
Posted Oct 1, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

GTA UTM Firewall GB version 6.0.3 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | cfa3764e13829a09db71866d8f36db163443a2644ea1d9231b821f9e7b3b542a

Related Files

Ubuntu Security Notice USN-1539-1
Posted Aug 15, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1539-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400, CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400
SHA-256 | 5f1ac3455cca303b5f6aca689847449cc9dd5b0bb1082518a0a561ff16855b85
Ubuntu Security Notice USN-1533-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1533-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400, CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400
SHA-256 | 5082c7fb8f2daf682cfc7378525c60b86fbdff934daf85b48b38b2fb8e3e9935
Ubuntu Security Notice USN-1532-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1532-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400, CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400
SHA-256 | d3bc5635bb481cc6a0e193e3e7c9e9b74aef3286e675b23aa6d47538518c4356
Secunia Security Advisory 50152
Posted Aug 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - GBS has acknowledged a vulnerability in multiple iQ.Suite products, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

tags | advisory, denial of service
SHA-256 | b6d4ac71ce3089e5e78315d51b8b103d09b1f36a1afa20e4b2fc34122a78b81b
MGB OpenSource Guestbook 0.6.9.1 Cross Site Scripting / SQL Injection
Posted Jul 17, 2012
Authored by Stefan Schurtz

MGB OpenSource Guestbook version 0.6.9.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | e30d0db62fbca895bd77c358db965a0d775079ae38b45f678fdec8aa710f86ac
Secunia Security Advisory 49776
Posted Jul 11, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Wangkongbao CNS-1000 and CNS-1100, which can be exploited by malicious people to disclose sensitive information.

tags | advisory, vulnerability
SHA-256 | 75cc4ea03a026e10c3d1efcd9a60707ba04b367c1e921810aa4ef95056f88614
Secunia Security Advisory 49804
Posted Jul 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Stefan Schurtz has discovered multiple vulnerabilities in MGB, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 5846214742426d4a659785f06deafc135309f463e644cede36d1c2d08cdfb915
WANGKONGBAO CNS-1000 / CNS-1100 Directory Traversal
Posted Jul 2, 2012
Authored by Dillon Beresford

WANGKONGBAO CNS-1000 and CNS-1100 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | d08faedbde9b8dbd524b59e4193f087991c4d236239f0b21829cb29d78dfe7f3
LANDesk Lenovo ThinkManagement Console Remote Command Execution
Posted Apr 10, 2012
Authored by Andrea Micalizzi, juan vazquez | Site metasploit.com

This Metasploit module can be used to execute a payload on LANDesk Lenovo ThinkManagement Suite 9.0.2 and 9.0.3. The payload is uploaded as an ASP script by sending a specially crafted SOAP request to "/landesk/managementsuite/core/core.anonymous/ServerSetup.asmx" , via a "RunAMTCommand" operation with the command '-PutUpdateFileCore' as the argument. After execution, the ASP script with the payload is deleted by sending another specially crafted SOAP request to "WSVulnerabilityCore/VulCore.asmx" via a "SetTaskLogByFile" operation.

tags | exploit, asp
advisories | CVE-2012-1195, CVE-2012-1196, OSVDB-79276, OSVDB-79277
SHA-256 | 0f339f9c1af48dbfe9bfacaefebfc2b71162b36ed475e3bea07c0a38fda09f1b
RadhikaGB Local File Inclusion
Posted Feb 17, 2012
Authored by T0xic

RadhikaGB suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 80b2b0881578c9dfb0e164730dbe6b67bca57a158d1a78dafc26d1482cf7bb71
pGB 2.12 SQL Injection
Posted Jan 18, 2012
Authored by 3spi0n

pGB version 2.12 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 249b134c21e78e3d3b7b6f54045a954016e5e010e436f08262c3feaafc1f2029
Secunia Security Advisory 47530
Posted Jan 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in pGB, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | cd2ed817d066d3759e378bbd873b0f6625affae1613c41563e5074fc31c916ff
Ggb Guestbook 0.3.1 Cross Site Scripting
Posted Jan 6, 2012
Authored by demonalex

Ggb Guestbook suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e4313dfb46979cc6f2d7f43549305ecbe77daaa1dd8b4ae1e1bf7e96c0701294
Bugbear FlatOut 2005 Buffer Overflow
Posted Nov 30, 2011
Authored by Silent Dream

Bugbear FlatOut 2005 buffer overflow exploit that creates a malicious .bed file.

tags | exploit, overflow
SHA-256 | bc3c99f35356951f3633ebafa0c89c0c906268e205967ca4a6f14d98b4168b1e
Zero Day Initiative Advisory 11-327
Posted Nov 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-327 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogBackupLocationStatus which does not properly validate or sanitize the backupLocationStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

tags | advisory, remote, web, arbitrary, tcp
advisories | CVE-2011-3161
SHA-256 | dcedd1f5279bffe71ebb152a88eb1b63bd0865f88191f86b8f3a11151ef3fbff
Zero Day Initiative Advisory 11-298
Posted Oct 26, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-298 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe Image parsing library. When Adobe Reader tries to parse an .IFF image. While it tries to copy the image data from the RGBA chunk insufficient boundary checks are performed on a row counter which could lead to a heap overflow. This could result in remote code execution with the rights of the current user.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2011-2436
SHA-256 | 7a7c5fc669ce9201949022c7f4d2f348d5a3a5565c7784c167c86cd5c86f2f9b
Mandriva Linux Security Advisory 2011-151
Posted Oct 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-151 - Multiple vulnerabilities has been discovered and corrected in libpng. The png_format_buffer function in pngerror.c in libpng allows remote attackers to cause a denial of service via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. Buffer overflow in libpng, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-2501, CVE-2011-2690, CVE-2011-2691, CVE-2011-2692
SHA-256 | acad0dfc8bb292aee7ddbc1a0ce9f17fb2448351051f964814c33efc660c99c8
Secunia Security Advisory 46464
Posted Oct 17, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in aSgbookPHP, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | f8f0f48ccb7c308a6c25b87201eee0ab42e80e35ac60bf32f237525d020ee22c
aSgbookPHP 1.9 Cross Site Scripting
Posted Oct 15, 2011
Authored by indoushka

aSgbookPHP version 1.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | fa1a2a00d58496a2268288ec516ff78e9ea410036ba43a047873b29febc8bae7
OpenSSH Resource Exhaustion Via GSSAPI
Posted Aug 2, 2011
Authored by Adam Zabrocki

OpenSSH with gssapi-with-mic support suffers from a resource exhaustion vulnerability. It is possible to provide any value to the xmalloc() function, which is a simple wrapper to the malloc() function. This forces an application to allocate a huge amount of the memory (4GB?) and naturally exhausts available resources. Repeating this attack, by simply open many session, can kill the server.

tags | advisory
SHA-256 | 65e738aed80888821cfc7b7291b21f403013fd57e28e24c9a17233bbb9662c26
GBook PHP Guestbook 1.7 Cross Site Scripting
Posted Jul 28, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

GBook PHP Guestbook version 1.7 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
SHA-256 | 59588e417db809bf333435c7a8cabc9f2c8964839b18cfe2446d56abeb28c186
Zero Day Initiative Advisory 11-236
Posted Jul 19, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-236 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Documentum eRoom Indexing Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the bundled implementation of OpenText's HummingBird Connector. When parsing a particular packet received from a TCP connection, the application will attempt to copy part of the packet's contents into a buffer located on the stack. Due to not completely accommodating for the size of the data in the packet, the application will overwrite variables positioned after the buffer. This can lead to code execution under the context of the server.

tags | advisory, remote, arbitrary, tcp, code execution
advisories | CVE-2011-1741
SHA-256 | c09c6ff148b85fb34a65bbcf03cb521e5a5c98dd3368e7056c611cea99909e84
RGBoard 4.2.1 SQL Injection
Posted Jun 28, 2011
Authored by hamt0ry

RGBoard version 4.2.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 57aa2d47fef865a72f348d580009d0555b652717cfa8d71f352148bed98e7683
SimpGB 1.49.02 Cross Site Scripting
Posted Jan 26, 2011
Authored by MustLive

SimpGB versions 1.49.02 and below suffer from cross site scripting, brute force, insufficient anti-automation, and abuse of functionality vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 9cb4976c249efe8db919a1b089f43b558fc4fcc89e16276cf184713fa3db6958
Wireshark ZigBee ZCL Dissector Denial Of Service
Posted Jan 11, 2011
Authored by Fred Fierling

This archive has a pcap file that demonstrates the Wireshark ZigBee ZCL dissector infinite loop denial of service vulnerability.

tags | exploit, denial of service
systems | linux
advisories | CVE-2010-4301
SHA-256 | 7211ea67fe5b4c0ebac815865af33fe662c004747752dbb8e69dc1f5aef26f6f
Page 1 of 4
Back1234Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close