what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

SkaDate Lite 2.0 CSRF / Cross Site Scripting
Posted Jul 30, 2014
Authored by LiquidWorm | Site zeroscience.mk

SkaDate Lite version 2.0 suffers from multiple cross site request forgery and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | a342e8bef5f90b7cfd0703664b106bee5879eec947174e7edebd140cfb15231e

Related Files

Mandriva Linux Security Advisory 2012-108
Posted Jul 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-108 - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow. The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. The updated packages have been upgraded to the 5.3.15 version which is not vulnerable to these issues. Additionally the php-timezonedb packages has been upgraded to the latest version as well.

tags | advisory, remote, overflow, php
systems | linux, mandriva
advisories | CVE-2012-2688, CVE-2012-3365
SHA-256 | 8c8bb030e17e5411417b68b186f12f4c547e4fe82b46c174807e0d6a29db2919
Secunia Security Advisory 49933
Posted Jul 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been discovered in easyCMSlite, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | 9028ed891af6586d5ea9f5a39483f56dea6a5a30316047fb5c54f5d6d6a2ebab
easyCMSlite 1.0.9 Database Information Disclosure
Posted Jul 17, 2012
Authored by mr.pr0n

easyCMSlite version 1.0.9 suffers from a remote database information disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | d76b243f67795b89da6846818d5643c0c788edbdf1c583ff25b07a351804feaa
Elite Bulletin Board 2.1.19 SQL Injection
Posted Jul 15, 2012
Authored by T0xic

Elite Bulletin Board version 2.1.19 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 38ceedd2da888919b9e4f13ce5a14bd3fb372a6bf5708329aa373a96263aba8f
Red Hat Security Advisory 2012-1060-01
Posted Jul 9, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1060-01 - Cobbler is a network install server. Cobbler supports PXE, virtualized installs, and re-installing existing Linux machines. A command injection flaw was found in Cobbler's power management XML-RPC method. A remote, authenticated user who is permitted to perform Cobbler configuration changes via the Cobbler XML-RPC API, could use this flaw to execute arbitrary code with root privileges on the Red Hat Network Satellite server. Note: Red Hat Network Satellite uses a special user account to configure Cobbler. By default, only this account is permitted to perform Cobbler configuration changes, and the credentials for the account are only accessible to the Satellite host's administrator. As such, this issue only affected environments where the administrator allowed other users to make Cobbler configuration changes.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2012-2395
SHA-256 | a117798edbaaae98d35e372b2a965c0e26a3e98bfd81b95555118ca270a44f0b
Security Threats In Digital Satellite Television
Posted May 28, 2012
Authored by Adam Gowdiak | Site security-explorations.com

This is a presentation called Security Threats in the World of Digital Satellite Television. It is from a talk given at the Hack In The Box security conference in Amsterdam in 2012.

tags | paper
SHA-256 | 61103d4ce9bcf58777deab4ee4ff4c33b39828de0f9c1efaefc51fa159e8fffc
Red Hat Security Advisory 2012-0677-01
Posted May 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0677-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. CREATE TRIGGER did not do a permissions check on the trigger function to be called. This could possibly allow an authenticated database user to call a privileged trigger function on data of their choosing.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0866, CVE-2012-0868
SHA-256 | 99eb758e26ad01db7e3e088f497dd8ec98005e8f4fdef7cb43e51787e609733a
Red Hat Security Advisory 2012-0678-01
Posted May 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0678-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. When configured to do SSL certificate verification, PostgreSQL only checked the first 31 characters of the certificate's Common Name field. Depending on the configuration, this could allow an attacker to impersonate a server or a client using a certificate from a trusted Certificate Authority issued for a different name.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0866, CVE-2012-0867, CVE-2012-0868
SHA-256 | a11a5493acd610cf7f4bfdc27b2eba1d9d44ea753011012d38733b38292f077e
Android 2.3.7 SQLite Disclosure
Posted May 3, 2012
Authored by Roee Hay

SQLite databases stored on Android suffer from an insecure permission vulnerability. Version 2.3.7 is affected.

tags | advisory, info disclosure
SHA-256 | 84d02b3ee9f88069270f1d55a7a0419db6f4ee552b8001ed7d46641a2a66e816
Joomla nBill Lite Cross Site Scripting
Posted Apr 26, 2012
Authored by HauntIT

The Joomla nBill Lite component suffers from cross site scripting and html injection vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 3606d2ac2ff13bcedaf6d21dda5490b013927a9fc7dfcf91b3f1c0e6828a97b7
Havalite CMS 1.0.4 Cross Site Scripting
Posted Apr 23, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Havalite CMS version 1.0.4 suffers from persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 322f88d3c41d308f4807b8706507315c8cd49fb01199b1f3dab44952ac956f55
Secunia Security Advisory 48646
Posted Mar 30, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Havalite, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
SHA-256 | d142797f7dd77a9313414f41fe5d3420b6993e137b11125df0ae138f13b44b14
Secunia Security Advisory 48646
Posted Mar 30, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Havalite, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
SHA-256 | d142797f7dd77a9313414f41fe5d3420b6993e137b11125df0ae138f13b44b14
Secunia Security Advisory 48664
Posted Mar 30, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Red Hat Network Satellite, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | linux, redhat
SHA-256 | 0e39db5313135801d11626704ab28dd1f8ca677b51297e23da2fba7bed3b7ec4
Havalite CMS Shell Upload / SQL Injection / Disclosure
Posted Mar 30, 2012
Authored by KedAns-Dz

Havalite CMS suffers from database disclosure, shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection, info disclosure
SHA-256 | 5333f13c7d3a31da5790853e3d445f2ca1d0412733313afc050cc63a50eeae64
Red Hat Security Advisory 2012-0436-01
Posted Mar 29, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0436-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. It was found that a remote attacker could upload packages to an RHN Satellite server's NULL organization without any authorization or authentication. Although an attacker cannot put packages into an arbitrary channel and have client systems download them, they could use the flaw to consume all the free space in the partition used to store synced packages. With no free space, Satellite would be unable to download updates and new packages, preventing client systems from obtaining them.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2012-1145
SHA-256 | 45234674ce4a82856e27d9dd7d625e6bdb84280955a4e87847c7e1313febcba4
EasyPHP SQLite SQL Injection
Posted Mar 29, 2012
Authored by Skote Vahshat

EasyPHP SQLite suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a0576b5b89a27fa6194b062b630f90ef32e2b624c7702fb789e32b221a1c7d16
Secunia Security Advisory 48400
Posted Mar 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - K1P0D has discovered a vulnerability in LiteSpeed Web Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, web, xss
SHA-256 | 860769154eec9093bb6465e4c5a7b920200adfc6f8c9439376152a7ab3179eb5
LiteSpeed 4.1.11 Cross Site Scripting
Posted Mar 19, 2012
Authored by K1P0D

LiteSpeed versions 4.1.11 and below suffer from a cross site scripting vulnerability in the admin panel.

tags | exploit, xss
SHA-256 | 4673c5fc0a1d5af35f49f2fe5b245398727d8205e95e7aa7d94b7620983fabbc
Elite Gaming Ladder 3.7 SQL Injection
Posted Mar 17, 2012

Elite Gaming Ladders version 3.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 322ee99d2575634066dce5e5f30ff7afb9895556a73ef32ff20cad12784e334b
Simple Fuzzing Utility 0.7.0
Posted Mar 4, 2012
Authored by aaron conole | Site aconole.brad-x.com

Simple Fuzz is a simple fuzzer. It has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences. It is built to fill a need - the need for a quickly configurable black box testing utility that does not require intimate knowledge of the inner workings of C or require specialized software rigs. The aim is to just provide a simple interface, clear inputs/outputs, and reusability.

Changes: Fixed a long standing bug in the memory block replacement code. Added the ability to fuzz via blocks (ala spike/sulley fuzz frameworks). Added the ability to trap crashes via a harness program.
tags | fuzzer
SHA-256 | a65bb4d048c713dd9ecc4b42b98cc124516fd5c1df19deddfc664476aad7caac
Skype 5.x.x Information Disclosure
Posted Feb 13, 2012

Even if a user has their security settings with no history enabled, Skype 5.x.x fails to securely remove chat messages stored in the sqlite3 database.

tags | exploit, info disclosure
SHA-256 | 71d5feb9cc956c726042c458e08a52e135cac25deae5200ce474ea31c5489a36
Secunia Security Advisory 47905
Posted Feb 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for Red Hat Network Satellite Server. This fixes a weakness, which can be exploited by malicious users to disclose certain sensitive information.

tags | advisory
systems | linux, redhat
SHA-256 | 2bb1a067ce60696f49fa7609319bbb4b3a7264a656adfd9805f0acb265c12c5f
Red Hat Security Advisory 2012-0101-01
Posted Feb 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0101-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. If a user submitted a system registration XML-RPC call to an RHN Satellite server and that call failed, their RHN user password was included in plain text in the error messages both stored in the server log and mailed to the server administrator. With this update, user passwords are excluded from these error messages to avoid the exposure of authentication credentials.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-0059
SHA-256 | 0e357eb02cf1bd13d067a393447a97f98a191c81e71ec325288e3e621237287a
Mandriva Linux Security Advisory 2012-013
Posted Feb 4, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-013 - Security issues were identified and fixed in mozilla firefox and thunderbird. Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2011-3659, CVE-2011-3670, CVE-2012-0442, CVE-2012-0443, CVE-2012-0444, CVE-2012-0445, CVE-2012-0446, CVE-2012-0447, CVE-2012-0449, CVE-2012-0450
SHA-256 | 5c13b7ef97165e75959f465d2ce9e3b748e6c52f37c5fb1421c22c9982237007
Page 1 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close