exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

Paypal BugBounty 5 Cross Site Scripting
Posted Oct 8, 2012
Authored by Ibrahim El-Sayed, Vulnerability Laboratory | Site vulnerability-lab.com

Paypal.com suffered from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 830b99c97288997b434a67b496389dd1abe41e3409067abdeb8904aadb08121e

Related Files

Secunia Security Advisory 48503
Posted Mar 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 1344d931b33df5b015c5d13a06878d9760e33c10dc320f742d730dfb5365148f
ManageEngine Device Expert 5.6 Directory Traversal
Posted Mar 19, 2012
Authored by rgod | Site retrogod.altervista.org

ManageEngine Device Expert version 5.6 suffers from a Java Server ScheduleResultViewer servlet unauthenticated remote directory traversal vulnerability.

tags | exploit, java, remote, file inclusion
SHA-256 | ac9ce0ef47d738091d599b3ea17bfa50dae411a0fcf3d690ac1f2757cfe3424d
Secunia Security Advisory 48500
Posted Mar 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | d7c5a4b1cfbb1455ae006f126e1a88d87147b0812c3241bd9d9a4ca0ce6aa61e
VLC Media Player 1.1.11 Denial Of Service
Posted Mar 13, 2012
Authored by Senator of Pirates

VLC Media Player versions 1.1.11 and below denial of service exploit that makes a malicious .flv file.

tags | exploit, denial of service
SHA-256 | 0eca42f600feb65e6a323e108ff5b1100d57ba6652c470f72002fe4d1c68fa73
Secunia Security Advisory 48313
Posted Mar 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for linux-mvl-dove. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, ubuntu
SHA-256 | bcd3f739790e41e92e906cfe0ea2482ae10e8e7aa483a4abc8987c2f84001489
HP Security Bulletin HPSBUX02741 SSRT100728 2
Posted Mar 7, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02741 SSRT100728 2 - Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass. The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 2 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2006-7243, CVE-2011-4858, CVE-2011-4885, CVE-2012-0022
SHA-256 | 55cdfcc13a7fe14d92fa9c28027368bdaa391209c80e57fec15c56acf2bdeff9
VLC Media Player RealText Subtitle Overflow
Posted Mar 3, 2012
Authored by Tobias Klein, SkD, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow vulnerability in VideoLAN VLC versions prior to 0.9.6. The vulnerability exists in the parsing of RealText subtitle files. In order to exploit this, this module will generate two files: The .mp4 file is used to trick your victim into running. The .rt file is the actual malicious file that triggers the vulnerability, which should be placed under the same directory as the .mp4 file.

tags | exploit, overflow
advisories | CVE-2008-5036, OSVDB-49809
SHA-256 | 9952cf454696629976235ec8de966c57016db79252896be88870fdf2312f2133
Red Hat Security Advisory 2012-0116-01
Posted Feb 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0116-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. Non-member VLAN packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2011-1020, CVE-2011-3347, CVE-2011-3637, CVE-2011-3638, CVE-2011-4110
SHA-256 | 71cb08ef2d809cd41a86b8da8e6cf0581e7d7544405546ba07d973f409a56d8f
HP Security Bulletin HPSBUX02741 SSRT100728
Posted Feb 8, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02741 SSRT100728 - Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass. The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2006-7243, CVE-2011-4858, CVE-2011-4885, CVE-2012-0022
SHA-256 | 4a4c267d9d541a369ea92c687c9df43f531dfb40dcc39d4aae8a349d0e276192
Debian Security Advisory 2401-1
Posted Feb 2, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2401-1 - Several vulnerabilities have been found in Tomcat, a servlet and JSP engine.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-3190, CVE-2011-3375, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064, CVE-2012-0022
SHA-256 | fd0c86bea564b0c59c9ad7ec2cb55320fe1b0189ef7552749d858a50adad96a8
Red Hat Security Advisory 2012-0078-01
Posted Feb 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0078-01 - The JBoss Communications Platform is an open source VoIP platform certified for JAIN SLEE 1.1 and SIP Servlets 1.1 compliance. JBCP serves as a high performance core for Service Delivery Platforms and IP Multimedia Subsystems by leveraging J2EE to enable the convergence of data and video in Next-Generation Intelligent Network applications. This JBoss Communications Platform 5.1.3 release serves as a replacement for JBoss Communications Platform 5.1.2, and includes various bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-2526, CVE-2011-4610, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064, CVE-2012-0022
SHA-256 | 1b76efafa7c43f4568ee8540f9a99ef162667ab5441d65314304195616d9d9b0
Red Hat Security Advisory 2012-0074-01
Posted Feb 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0074-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".

tags | advisory, java, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-2526, CVE-2011-4610, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064, CVE-2012-0022
SHA-256 | 695e031cafab885e3b33ac9cfc4d29d7d6668de2559566e57b6c6021f0e19b4e
Red Hat Security Advisory 2012-0075-01
Posted Feb 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0075-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".

tags | advisory, java, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-2526, CVE-2011-4610, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064, CVE-2012-0022
SHA-256 | 3967876ba80d348d6a7fa18fec993a5850529c859a7070df5abbd60a9a1cc5c2
Red Hat Security Advisory 2012-0077-01
Posted Feb 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0077-01 - JBoss Web is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the "-Dorg.apache.tomcat.util.http.Parameters.MAX_COUNT=x" and "-Dorg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT=x" system properties as JAVA_OPTS entries in "jboss-as-web/bin/run.conf".

tags | advisory, java, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-2526, CVE-2011-4610, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064, CVE-2012-0022
SHA-256 | 62189c2efd836c99ad687dbdd17abd498e1f9ee30e32a8d54d4d85ae4f68bce5
Red Hat Security Advisory 2012-0076-01
Posted Feb 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0076-01 - JBoss Web is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the "-Dorg.apache.tomcat.util.http.Parameters.MAX_COUNT=x" and "-Dorg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT=x" system properties as JAVA_OPTS entries in "jboss-as-web/bin/run.conf".

tags | advisory, java, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-2526, CVE-2011-4610, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064, CVE-2012-0022
SHA-256 | c37cdb370faed7aec780b9b7f3059e2ba1f342262670c61553cb34a4e6c9b355
VLC 1.2.0 Divide By Zero Denial of Service
Posted Jan 20, 2012
Authored by nomnom

VLC versions 1.2.0 and 1.1.11 divide by zero denial of service exploit that creates a malicious .ape file.

tags | exploit, denial of service
SHA-256 | 1fc02c07be4fb6c8bec8cc2ea9f95b4f25bbd2a8c2df3caa1f313b10455793fe
Secunia Security Advisory 47568
Posted Jan 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for linux-mvl-dove. This fixes one vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
systems | linux, ubuntu
SHA-256 | 4b5995520da2fcce4b427eb23f816128c4cb8116fac5d3f29ba1bd15dc3f8638
VLC Media Player 1.1.11 Proof Of Concept
Posted Jan 4, 2012
Authored by Fabi

VLC Media Player version 1.1.11 local crash proof of concept exploit that creates a malicious .amr file.

tags | exploit, denial of service, local, proof of concept
SHA-256 | 3654b16d4f40690e87c6db730f6a6a8e8d68a8e12ea1c3ac542e32750b0de54a
Secunia Security Advisory 47325
Posted Dec 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 3883b5b4df526065c87fa832186337b859739de4bab03919334bcb9ea5e1340e
Red Hat Security Advisory 2011-1845-01
Posted Dec 20, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1845-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system. A cross-site scripting flaw was found in the Manager application, used for managing web applications on Apache Tomcat. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages.

tags | advisory, java, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2010-3718, CVE-2011-0013, CVE-2011-1184, CVE-2011-2204
SHA-256 | 3793c6fc1e12931835b9486790eaeaec2b11866eebf59fdbbba3730d61befa79
Debian Security Advisory 2364-1
Posted Dec 18, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2364-1 - The Debian X wrapper enforces that the X server can only be started from a console. "vladz" discovered that this wrapper could be bypassed.

tags | advisory
systems | linux, debian
advisories | CVE-2011-4613
SHA-256 | 82594992626681bfa754de5238bc3f543f5d7e88a43d6589f9a0ef5888292669
Mandriva Linux Security Advisory 2011-189
Posted Dec 16, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-189 - Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted numrlvls value in a JPEG2000 file. The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a malformed JPEG2000 file. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2011-4516, CVE-2011-4517
SHA-256 | 46af9b534c46d06cfd6da996d0cfe4b3b0a15d7995cbf4be5b4cffcac8d5d385
Ubuntu Security Notice USN-1308-1
Posted Dec 15, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1308-1 - vladz discovered that executables compressed by bzexe insecurely create temporary files when they are ran. A local attacker could exploit this issue to execute arbitrary code as the user running a compressed executable.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2011-4089
SHA-256 | 4a8012363905770b4fb451c70e1c7dcb0c5389c1b75c79707921defd538ff18b
Secunia Security Advisory 47060
Posted Dec 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for linux-mvl-dove. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges and by malicious people to cause a DoS.

tags | advisory, denial of service, local, vulnerability
systems | linux, ubuntu
SHA-256 | a71d1dd83eedc90b4b30cb4e804aa5c287c739385b85b6dc690690d2a636a6d5
Red Hat Security Advisory 2011-1530-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1530-03 - The kernel packages contain the Linux kernel, the core of any Linux operating system. The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. Non-member VLAN packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2011-1020, CVE-2011-3347, CVE-2011-3638, CVE-2011-4110
SHA-256 | 0ea0d8d1bd62a748fefde36e3fb68a6860a5459a3012b4b4223b673f37abf7b8
Page 2 of 4
Back1234Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close