exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed

Files

Joomla Phocagallery 3.0.0 / 4.0.0 Cross Site Scripting
Posted May 13, 2013
Authored by Rafay Baloch, Deepankar Arora

Joomla Phocagallery component versions 3.0.0 through 4.0.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7ac32fc5334a6c47399759bb86d3ae214d11b769a06e56788ca9a188b94cbb3b

Related Files

Joomla JooDatabase SQL Injection
Posted Apr 26, 2012
Authored by HauntIT

The Joomla JooDatabase component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d2f7d992ea4f21ee7fe16e184118c04b15166f192a9b59339d52fe06ee324110
Secunia Security Advisory 48958
Posted Apr 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability with an unknown impact has been reported in the NinjaXplorer component for Joomla!.

tags | advisory
SHA-256 | 6abe96039f8615e429097afdf6b97e87d074745c326fb901a19c22e5333853cd
Secunia Security Advisory 48934
Posted Apr 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the ccNewsletter component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | be98197b175615c957bf8d244d36418865e2d8aa9e58b058ffd27b84e72c8065
Red Hat Security Advisory 2012-0519-01
Posted Apr 25, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0519-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.1 serves as a replacement for JBoss Enterprise Portal Platform 5.2.0, and includes bug fixes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4314, CVE-2012-0818
SHA-256 | 4c2d7e867f2236c82154ad3fdca5b623e021c311c49562d7e1ef097fb83249f5
Joomla Video Gallery Local File Inclusion / SQL Injection
Posted Apr 24, 2012
Authored by KedAns-Dz

The Joomla Video Gallery component suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
SHA-256 | 462e3a42ad4cdf7f3d4b4fc799263665b5f88d737088527e7db190630d754023
Oracle GlassFish Server 3.1.1 Build 12 Cross Site Scripting
Posted Apr 21, 2012
Authored by Roberto Suggi Liverani | Site security-assessment.com

Security-Assessment.com has discovered that components of the Oracle GlassFish Server administrative web interface are vulnerable to both reflected and stored cross site scripting attacks. All pages where cross site scripting vulnerabilities were discovered require authentication. Oracle GlassFish Server version 3.1.1 build 12 is affected.

tags | exploit, web, vulnerability, xss
advisories | CVE-2012-0551
SHA-256 | 483308f8a564fa501d764b451f997bd57808a2fe9a67f2ce80beea114ee97f8c
Microsoft Internet Explorer VML Remote Code Execution
Posted Apr 18, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the "vgx.dll" component when processing certain VML behaviors, which could be exploited by attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.

tags | advisory, web
advisories | CVE-2012-0172
SHA-256 | b26b14f8e0513c5015cfa528b828f45892990e4d864673868941be4f05ba2bf9
Secunia Security Advisory 48806
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in the Phoca Favicon component for Joomla!, which can be exploited by malicious, local users to manipulate certain data and potentially gain escalated privileges.

tags | advisory, local
SHA-256 | 4944d8c9aa85c5af39e50ddc949164a66bcaf52bbbee5dd59cf81f47b7627170
Joomla Beatz 1.x Cross Site Scripting
Posted Apr 16, 2012
Authored by Aung Khant | Site yehg.net

Joomla Beatz component version 1.x suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b84b94a45bc53d232a111d9bdd1d9c10c5df673197a35b8910ddb9fad3485de7
Joomla Ponygallery SQL Injection
Posted Apr 15, 2012
Authored by xDarkSton3x

The Joomla Ponygallery component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 67e7bbee49917d860c028293a4907a46b89ac089c97cec57c928ba5e9e7e1dab
Quest InTrust Annotation Objects Uninitialized Pointer
Posted Apr 13, 2012
Authored by rgod, mr_me | Site metasploit.com

This Metasploit module exploits an uninitialized variable vulnerability in the Annotation Objects ActiveX component. The activeX component loads into memory without opting into ALSR so this module exploits the vulnerability against windows Vista and Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX points to part of the ROP chain in a heap chunk and the calculated call will hit the pivot in a separate heap chunk. This will take some time in the users browser.

tags | exploit, activex
systems | windows
advisories | OSVDB-80662
SHA-256 | d1cef6f9fc00e9c87f66184e541a23b487e22d0bf005602e5a91c795be80bb5e
Technical Cyber Security Alert 2012-101B
Posted Apr 11, 2012
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2012-101B - Adobe has released Security Bulletin APSB12-08, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat. As part of this update, Adobe Reader and Acrobat 9.x will use the system-wide Flash Player browser plug-in instead of the Authplay component. In addition, Reader and Acrobat now disable the rendering of 3D content by default.

tags | advisory, vulnerability
SHA-256 | 7b6efa396060be88ab58d1b9ba817b6174c0d8cac6c5b6a361ff1c72175a2467
Joomla The Estate Agent SQL Injection
Posted Apr 11, 2012
Authored by xDarkSton3x

The Joomla The Estate Agent component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f8119363f3290801042b0f1c3735641f9fc59f70c8602592130260e11f967745
Joomla Bearleague SQL Injection
Posted Apr 11, 2012
Authored by xDarkSton3x

The Joomla Bearleague component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c05f4b345fb2d1016095fd8e718636b8bde10eb1010efcb48159aaf1c75cf9ef
Zero Day Initiative Advisory 12-055
Posted Apr 10, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-055 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the WebCore component as used by WebKit. Specifically within the handling of element properties. When importing a node having a nonattribute property such as an attached event, an object is improperly freed and accessed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-3928
SHA-256 | d921ddf2635cdab4f6571381dd2e3b6fa6a4467d1396858dff4d080edc7e7e80
Secunia Security Advisory 48713
Posted Apr 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the VirtueMart component for Joomla!, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 1c26bf7398356770e92f6f78db5774b4ded00cca2a4204543e318b9e8ae6ab0d
E107 1.0.0 Flexicontent SQL Injection
Posted Mar 30, 2012
Authored by Am!r | Site irist.ir

The Flexicontent component in E107 version 1.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 415819e480c87949196e8660c90b6a6e0bf85fc7176806049bb428ec4a657981
HP Security Bulletin HPSBUX02755 SSRT100667
Posted Mar 29, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02755 SSRT100667 - A potential security vulnerability has been identified with certain HP-UX WBEM components. The vulnerability could be exploited remotely in HP-UX 11.11 and HP-UX 11.23 to gain unauthorized access to diagnostic data. The vulnerability could be exploited locally in HP-UX 11.31 to gain unauthorized access to diagnostic data. Revision 1 of this advisory.

tags | advisory
systems | hpux
advisories | CVE-2012-0125, CVE-2012-0126
SHA-256 | 9fd07bfa8869f71cca9fb93250c1b9fbc51d1386af49bf4fc333d3853b6b9890
OpenOffice.org Data Leakage
Posted Mar 23, 2012
Authored by Timothy D. Morgan | Site apache.org

An XML External Entity (XXE) attack is possible in OpenOffice.org versions 3.3 and 3.4 Beta. This vulnerability exploits the way in which external entities are processed in certain XML components of ODF documents.

tags | advisory, xxe
advisories | CVE-2012-0037
SHA-256 | 8eebd992aa35f4faf62775e9bf55d28de394b1f4f67b8928b0375d38ba17a838
Dell Webcam CrazyTalk ActiveX BackImage Vulnerability
Posted Mar 22, 2012
Authored by rgod, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability in Dell Webcam's CrazyTalk component. Specifically, when supplying a long string for a file path to the BackImage property, an overflow may occur after checking certain file extension names, resulting in remote code execution under the context of the user.

tags | exploit, remote, overflow, code execution
advisories | OSVDB-80205
SHA-256 | c9f9dfe042de7f5d659677f6a10aa38d77f8bd3e8e047325d2dceb11e6f8874c
MS10-002 Internet Explorer Object Memory Use-After-Free
Posted Mar 22, 2012
Authored by Peter Vreugdenhil, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Internet Explorer's mshtml component. Due to the way IE handles objects in memory, it is possible to cause a pointer in CTableRowCellsCollectionCacheItem::GetNext to be used even after it gets freed, therefore allowing remote code execution under the context of the user. This particular vulnerability was also one of 2012's Pwn2Own challenges, and was later explained by Peter Vreugdenhil with exploitation details. Instead of Peter's method, this module uses heap spraying like the 99% to store a specially crafted memory layout before re-using the freed memory.

tags | exploit, remote, code execution
advisories | CVE-2010-0248, OSVDB-61914
SHA-256 | 80aa8fe12f19503ea93e85f9cbe5047a17dec97794103ad2756b25cd88a949ee
Symfony 2 Unauthenticated Information Disclosure
Posted Mar 5, 2012
Authored by Phil Taylor | Site senseofsecurity.com.au

The XMLEncoder component of Symfony version 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system. Any application written in Symfony2 that parses user supplied XML is affected.

tags | exploit, arbitrary
SHA-256 | 41c5e9ed24bcfedc86e11b0fbb5e857209c2e898342bd3b498a8707a5985fdad
Red Hat Security Advisory 2012-0345-02
Posted Mar 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0345-02 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that JBoss Web did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make JBoss Web use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-0022
SHA-256 | 5f8ed354af7f93aae635f0011391c698a68ac7e5da46495e45b1d1b424d2b453
TrendMicro Control Manager 5.5 Buffer Overflow
Posted Feb 24, 2012
Authored by blue, Luigi Auriemma | Site metasploit.com

This Metasploit module exploits a vulnerability in the CmdProcessor.exe component of Trend Micro Control Manager up to version 5.5. The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet, controlled data is copied into a 256-byte stack buffer. This can be exploited to execute remote code under the context of the user.

tags | exploit, remote, tcp
advisories | CVE-2011-5001, OSVDB-77585
SHA-256 | a04483c90d2ea44a263aa576ce03bb6bfbcf03f1fa5d6ff7e8b522c7b58f3163
Joomla Web Scanner 1.3
Posted Oct 30, 2011
Authored by Pepelux | Site enye-sec.org

Joomla web scanning perl script that gets the version, components and shows possible bugs.

Changes: Version 1.3 now recognizes Joomla! versions up to 1.7.2 and shows possible bugs in the core and components.
tags | tool, web, scanner, perl
systems | unix
SHA-256 | dbf6afebc08cfab8556c7d449c2714a2f927de9e575f463d09ddc670e6dbb60d
Page 4 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close