exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

F*EX 20140313-1 HTTP Response Splitting / Cross Site Scripting
Posted Jun 3, 2014
Authored by Eric Sesterhenn | Site lsexperts.de

F*EX version 20140313-1 suffers from HTTP response splitting and cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
advisories | CVE-2014-3875, CVE-2014-3876, CVE-2014-3877
MD5 | c0784a5327d748c2156b16fe82993527

Related Files

Oracle BTM 12.1.0.2.7 Remote File Deletion
Posted Aug 7, 2012
Authored by rgod | Site retrogod.altervista.org

Oracle Business Transaction Management Server version 12.1.0.2.7 suffers from a FlashTunnelService remote file deletion vulnerability.

tags | exploit, remote
MD5 | 896c6723e4d3eb5be9d4fa7c77601292
Oracle BTM Server 12.1.0.2.7 Remote Code Execution
Posted Aug 7, 2012
Authored by rgod | Site retrogod.altervista.org

Oracle Business Transaction Management Server version 12.1.0.2.7 suffers from a remote code execution vulnerability in the FlashTunnelService WriteToFile message. Proof of concept included.

tags | exploit, remote, code execution, proof of concept
MD5 | 942dde996f9deaa3c951dcebc0fb416f
PDFResurrect PDF Analyzer 0.11
Posted May 31, 2012
Authored by enferex | Site 757labs.com

PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.

Changes: This is a bugfix release.
tags | tool, forensics
systems | unix
MD5 | fb18831369d07a98ac96e7a4d9314b53
Debian Security Advisory 2422-2
Posted May 10, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2422-2 - A regression was discovered in the security update for file, which lead to false positives on the CDF format. This update fixes that regression.

tags | advisory
systems | linux, debian
advisories | CVE-2012-1571
MD5 | e4d790aa3eb653a4ef8b336eab2bb6f6
ClubHACK Magazine Issue 26
Posted Mar 13, 2012
Authored by clubhack | Site chmag.in

ClubHACK Magazine Issue 26 - Topics covered include Network Security, Who wants to be a Millionaire, Section 66A - Sending offensive or false messages, and more.

tags | magazine
MD5 | b766b847726bc31c435ff41d44a964ab
False SQL Injection / Advanced Blind SQL Injection
Posted Dec 22, 2011
Authored by wh1ant

This is a brief whitepaper called False SQL Injection and Advanced Blind SQL Injection.

tags | paper, sql injection
MD5 | 05040c813b44124bbd7a6080eb4585c3
Secunia Security Advisory 47242
Posted Dec 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SignalSEC Labs has reported a vulnerability in HTC Touch2, which can be exploited by malicious people to compromise a user's device.

tags | advisory
MD5 | a34c6fcc664c27ba9e6044d93b47c383
Secunia Security Advisory 47225
Posted Dec 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and two vulnerabilities have been reported in Pulse Pro CMS, which can be exploited by malicious people to disclose sensitive information and conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 52109f3ed154193a1f156779bf8558da
Pulse Pro CMS 1.7.2 Cross Site Scripting
Posted Dec 13, 2011
Authored by d3v1l, RandomStorm

Pulse Pro CMS version 1.7.2 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
MD5 | ba934e8692bb4b9a0bd5ad88b1a044ed
ELSEVIER Call For Papers
Posted Nov 30, 2011
Site ees.elsevier.com

This is a Call For Papers for a special issue of Elsevier called "Botnet Activity: Analysis, Detection and Shutdown".

tags | paper
MD5 | 38fe7389f49f035948bfcb53b004c41e
Apple Safari file:// Arbitrary Code Execution
Posted Oct 17, 2011
Authored by sinn3r, Aaron Sigel | Site metasploit.com

This Metasploit module exploits a vulnerability found in Apple Safari on OSX platform. A policy issue in the handling of file:// URLs may allow arbitrary remote code execution under the context of the user. In order to trigger arbitrary remote code execution, the best way seems to be opening a share on the victim machine first (this can be SMB/WebDav/FTP, or a fileformat that OSX might automount), and then execute it in /Volumes/[share]. If there's some kind of bug that leaks the victim machine's current username, then it's also possible to execute the payload in /Users/[username]/Downloads/, or else bruteforce your way to getting that information. Please note that non-java payloads (*.sh extension) might get launched by Xcode instead of executing it, in that case please try the Java ones instead.

tags | exploit, java, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3230
MD5 | f95a36d638b942780d7aafe3920c0218
secureURL.php Design Flaws
Posted Sep 22, 2011
Authored by G. Pek, B. Bencsath, BME CrySyS Lab, L. Buttyan

Design flaws make it possible to find out hash of the secret used for URL generation in secureURL.php version 2.0. The problem enables malicious parties to calculate checksum over fabricated URL parameters. The design flaws render the system ineffective against attacks and gives a false sense of security.

tags | advisory, php
MD5 | 0ad6045bf3d0a03d5cfddb27301eb592
ZoneMinder Video Camera Security Tool 1.25.0
Posted Sep 2, 2011
Authored by Philip Coombes | Site zoneminder.com

ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.

Changes: This release is mainly focused around a complete rewrite of the logging and debug functionality, which now includes a Web log viewer and fully consolidated logging. Support has also been added for SFTP in event uploads. There are also a small number of other useful new features and fixes.
tags | web
systems | linux, unix
MD5 | eaefa14befd482154970541252aa1a39
ELSEVIER Call For Papers
Posted Aug 25, 2011
Site ees.elsevier.com

ELSEVIER journal has announced a call for papers for a special issue titled "Botnet Activity: Analysis, Detection and Shutdown".

tags | paper, conference
MD5 | 43387003d37d6eff0ba1a7239d9caa29
ZoneMinder Video Camera Security Tool 1.24.4
Posted May 31, 2011
Authored by Philip Coombes | Site zoneminder.com

ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.

Changes: This release primarily addresses a number of system and configuration issues that arose from 1.24.3, but also includes significant improvements to version management and upgrades.
tags | web
systems | linux, unix
MD5 | f34331325c5efd47197eca902976c93d
ZoneMinder Video Camera Security Tool 1.24.3
Posted May 18, 2011
Authored by Philip Coombes | Site zoneminder.com

ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.

Changes: This long awaited release brings improved compatibility with a number of updated third party packages. There were many reliability and performance updates plus a number of new features and fixes. A contributed iPhone interface was included.
tags | web
systems | linux, unix
MD5 | 6dad313df893995375a14532bc78379d
Yahoo! Pulse Cross Site Scripting
Posted May 18, 2011
Authored by Thinh Q. Hoang | Site bluemoon.com.vn

Yahoo! Pulse suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 847e540a492723b807b75011f0960124
Zero Day Initiative Advisory 11-167
Posted May 11, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-167 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Internet Name Service (WINS). Authentication is not required to exploit this vulnerability. The specific flaw exists within the wins.exe service distributed with Microsoft Windows 2003 Server. This service is designed to resolve NetBIOS requests and accepts connections on port 42. Due to a logic error when handling a socket send exception, certain user-supplied values remain within a stack frame and are re-used in another context. A remote attacker can abuse this flaw to cause a call to LeaveCriticalSection to operate upon a controlled location in memory. Such a condition could lead to remote code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, code execution
systems | windows
advisories | CVE-2011-1248
MD5 | 80622f42f8cbd277a79c4c1c70bb38d0
Secunia Security Advisory 44423
Posted May 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for xmlsec1. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, redhat
MD5 | 75e315b5b3913cbe52801307d404e930
Secunia Security Advisory 44315
Posted Apr 22, 2011
Site secunia.com

Secunia Security Advisory - A weakness has been discovered in Pulse CMS, which can be exploited by malicious people to disclose sensitive information.

MD5 | 145609d353a41a20dc61f23265a54a35
Secunia Security Advisory 44315
Posted Apr 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been discovered in Pulse CMS, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | 145609d353a41a20dc61f23265a54a35
PulseCMS Basic 1.3_Get.Pro Backup Download / Cross Site Scripting
Posted Apr 21, 2011
Authored by KedAns-Dz

PulseCMS Basic versions 1.3_Get.Pro and below suffers from backup disclosure, file upload, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, file upload
MD5 | 5a8e15dd404d76f6c93033ed94231ed4
DNSpoison 1.0
Posted Apr 21, 2011
Authored by Vilmain Nicolas

DNSpoison is a DNS request sniffer tool that forges a false DNS response for IPv4 and IPv6 addresses. Hijacked traffic is needed before starting the program. Tested on GNU/Linux and FreeBSD.

tags | tool
systems | linux, unix, freebsd
MD5 | 488241379823c1efe781e2d16b159a5f
Debian Security Advisory 2219-1
Posted Apr 19, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2219-1 - Nicolas Gregoire discovered that the XML Security Library xmlsec allowed remote attackers to create or overwrite arbitrary files through specially crafted XML files using the libxslt output extension and a ds:Transform element during signature verification.

tags | advisory, remote, arbitrary
systems | linux, debian
advisories | CVE-2011-1425
MD5 | a1b83e4e1da8a8482052703ac581f51b
Secunia Security Advisory 44167
Posted Apr 19, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for xmlsec1. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, debian
MD5 | 8f1b4f7c1180ab1eda7fa775c32a88c5
Page 1 of 4
Back1234Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    14 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close