what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Joomla Jooproperty SQL Injection / Cross Site Scripting
Posted Dec 11, 2012
Authored by Daniel Barragan

Joomla Jooproperty component version 1.13.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | ecb0bb0f7042b4fec4ad2c830d6701de883a1b4f5539f0e112f83b938f85f6b0

Related Files

Adobe Flash Player 11.3 Font Parsing Code Execution
Posted Aug 17, 2012
Authored by sinn3r, Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.3.300.271. By supplying a corrupt Font file used by the SWF, it is possible to gain arbitrary remote code execution under the context of the user, as exploited in the wild.

tags | exploit, remote, arbitrary, code execution, activex
advisories | CVE-2012-1535, OSVDB-84607
SHA-256 | b495613b72210817067894eb7ff5c08f46dcd44c9088ea935d0a7be729049d9a
Zero Day Initiative Advisory 12-140
Posted Aug 17, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-140 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee SmartFilter Administration Server. Authentication is not required to exploit this vulnerability. The flaw exists within the Remote Method Invocation (RMI) component which is exposed by SFAdminSrv.exe process. This process exposes various RMI services to TCP ports 4444 (JBoss RMI HTTPInvoker), 1098 (rmiactivation), 1099 (rmiregistry). Requests to these services are not authenticated and can be used to instantiate arbitrary classes or to upload and execute arbitrary archives. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
SHA-256 | 6d44dbf9f816ae47b69459fc6a3ae55af8b47454af0c493a2b31bcdd640effcb
Zero Day Initiative Advisory 12-139
Posted Aug 17, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-139 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. Authentication is not required to exploit this vulnerability. The flaw exists within the ebus-3-3-2-7.dll component which is used by the crystalras.exe service. This process listens on a random TCP port. When unmarshalling GIOP ORB encapsulated data the process invokes a memcpy constrained by a user controlled value. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
SHA-256 | b5cd95c093a6d7c698cda8f5b0501a67a51fa6615c044079dd187f2f91b82aa0
Joomla Fireboard SQL Injection
Posted Aug 9, 2012
Authored by Nafsh, Vulnerability Laboratory | Site vulnerability-lab.com

The Joomla Fireboard component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8d0c501fd44b32f026ce7af1a5f8051a166362be2831982e2e13f188b4977cdb
Secunia Security Advisory 50220
Posted Aug 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the En Masse component for Joomla!, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 60a963331192fcc92f50d2f9dd3c437bf5576a63b0c1cf60843bf0062447a34d
Ubisoft uplay 2.0.3 Active X Control Arbitrary Code Execution
Posted Aug 7, 2012
Authored by Tavis Ormandy, Richard Hicks, phillips321, Ben Campbell | Site metasploit.com

The uplay ActiveX component allows an attacker to execute any command line action. User must sign in, unless auto-sign in is enabled and uplay is not already running. Due to the way the malicious executable is served (WebDAV), the module must be run on port 80, so please ensure you have proper privileges. Ubisoft released patch 2.04 as of Mon 20th July.

tags | exploit, activex
advisories | OSVDB-84402
SHA-256 | b06a8a97e093f62b1f9d8ff1ae71702688d1cb47e94160036dd253ab69142e43
Joomla Enmasse SQL Injection
Posted Aug 7, 2012
Authored by Daniel Barragan

Joomla Enmasse component remote SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | cf821d066145cc0aaa6bf61dac10e9bf55b1cb6536262dcf10639062c8982c56
Secunia Security Advisory 50181
Posted Aug 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the En Masse component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 86e058797cdebae4c518aed42b1eb24dfbbe687279be2bcf4f01d8696bb0b189
Joomla Photo SQL Injection
Posted Aug 6, 2012
Authored by Chokri Ben Achor, Vulnerability Laboratory | Site vulnerability-lab.com

The Joomla Photo component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8fe953054e31882214e9fc9a64a5172e3e675a3dd3e4d88642f716cfb0aa5589
Debian Security Advisory 2524-1
Posted Aug 6, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2524-1 - Two denial of service vulnerabilities have been discovered in the server component of OpenTTD, a free reimplementation of Transport Tycoon Deluxe.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2012-0049, CVE-2012-3436
SHA-256 | 82de0800c15326cda8e2ec48a7a9ac834e43a7b5df1a83b728c5aa0d720510f6
Debian Security Advisory 2523-1
Posted Aug 6, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2523-1 - It was discovered that the GridFTP component from the Globus Toolkit, a toolkit used for building Grid systems and applications performed insufficient validation of a name lookup, which could lead to privilege escalation.

tags | advisory
systems | linux, debian
advisories | CVE-2012-3292
SHA-256 | b6337585790cbaa70a41e8a15f2ad98e6536faf0969ee375b41118d80a7b921e
Joomla Package SQL Injection
Posted Aug 6, 2012
Authored by Chokri Ben Achor, Vulnerability Laboratory | Site vulnerability-lab.com

The Joomla Package component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8e0d07408dd254a57780cf1b916f1db843819bf3e73affbb15a99a5037a6688b
Zero Day Initiative Advisory 12-131
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-131 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Microsoft .NET handling of XAML Browser Applications (XBAP) graphics components. It is possible to cause an undersized allocation for a buffer which is populated with user-supplied glyph data, resulting in memory corruption which can be leveraged to remotely execute code.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0162
SHA-256 | 2ba150accd380124e735108b1edaea64553b981dcdfde6e7789e26f7a74b150f
Secunia Security Advisory 50154
Posted Aug 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Joomgalaxy component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 8b3ed7abae548ce9026010ff8ba933707b2d23b449e2236ec9fbee5b59a1e6d8
Mandriva Linux Security Advisory 2012-121
Posted Aug 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-121 - A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-2806
SHA-256 | f2ad581b2eb2a623f29ef94aceecd64aa6519150410652e8ff0180d2a6b74f2e
Joomla Joomgalaxy 1.2.0.4 Shell Upload / SQL Injection
Posted Aug 2, 2012
Authored by Daniel Barragan

Joomla Joomgalaxy component version 1.2.0.4 suffers from remote shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
SHA-256 | a888750b9ceb89e199e602d4d15951f68d359c9deab51b4b81286e8927d32431
Joomla Nice Ajax Poll 1.3.0 SQL Injection
Posted Aug 1, 2012
Authored by Patrick de Brouwer

Joomla Nice Ajax Poll component versions 1.3.0 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | eb9f2498b2712b4c06f0df8709124960b7e70c6252b6b88c6df54785b9ebade9
Secunia Security Advisory 50119
Posted Aug 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in the RSGallery2 component for Joomla!, which can be exploited by malicious users to conduct script insertions attacks and by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 8f68a8b8ad0d3199333c07c436a3cd3930236a451b8673e1559d8fd15c48fc03
Secunia Security Advisory 50109
Posted Aug 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Movm component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 59942a037456ced97fd18ae42d16cce6f3e542cdebbdb6767edc9bedbe268816
Joomla Movm 1.0 SQL Injection
Posted Aug 1, 2012
Authored by Daniel Barragan

Joomla Movm component version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e3427894cce8d8fa4ad201fc6f9ca8c75931c67318be35e15f273c5f4d5c3dc3
Joomla Odudeprofile 2.x SQL Injection
Posted Jul 25, 2012
Authored by Daniel Barragan

Joomla Odudeprofile component version 2.x suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8b5536a92abeb5455576bdcda4e58fb09ea7f7b74b19c495050cdfec88ce5f79
Red Hat Security Advisory 2012-1109-01
Posted Jul 23, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1109-01 - JBoss Application Server is the base package for JBoss Enterprise Portal Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
SHA-256 | 78dd41f8b5b34025ec971ccb9596f9551cde8d2534b3816a8c8e07e50a8da9ef
Joomla Hello Local File Inclusion
Posted Jul 19, 2012
Authored by Ajax Security Team

The Joomla Hello component suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | f473f0c61e9e8c0ec07cfd80bd2864d9cc825caedb6e1771e7d868909f818c36
Metasploit Framework 4.4
Posted Jul 17, 2012
Authored by H D Moore | Site metasploit.com

The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

Changes: 101 modules have been added. Meterpreter has been modernized. Various other improvements.
tags | tool, ruby
systems | unix
SHA-256 | ddcc7890a394d8154120a163c90b11119a0322b62d937ad1a3a14ef3fe6cf74e
Joomla Web Scanner 1.4
Posted Jul 16, 2012
Authored by Pepelux | Site enye-sec.org

Joomla web scanning perl script that gets the version, components and shows possible bugs.

Changes: Version 1.4 of JoomlaScan recognizes Joomla! versions 1.x, 1.5.x, 1.7.x, and 2.5.x and shows possible bugs in core and components.
tags | tool, web, scanner, perl
systems | unix
SHA-256 | 0ab018e39405e6084e40c17103e2371d3366a4af2159ce098bae85b710b3f1ab
Page 1 of 4
Back1234Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close