exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Travel Portal II 6.0 Cross Site Request Forgery
Posted Sep 12, 2014
Authored by KnocKout

Travel Portal II version 6.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 62a86dc8112532213efcb4069d4e0905784a3f5239b1a32bb2fa868ea3dd6b04

Related Files

Simple Packet Sender 3.0
Posted Jul 17, 2012
Authored by Hohlraum | Site sourceforge.net

Simple Packet Sender (SPS) is a Linux packet crafting tool. It supports IPv4, IPv6 (but not extension headers yet), and tunneling IPv6 over IPv4. Written in C on Linux with GUI built using GTK+. Both source and binaries are included. Features include packet crafting and sending one, multiple, or flooding packets of type TCP, ICMP, or UDP. All values within ethernet frame can be modified arbitrarily. Supports TCP, ICMP and UDP data as well, with input from either keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file. Various other features exist as well.

Changes: Various additions and bug fixes.
tags | tool, udp, scanner, tcp
systems | linux, unix
SHA-256 | 3e2b136f015fae19c61b2b118d1d58402b2d75b2f9c0c22031532788387ffcbe
Umbraco CMS Remote Command Execution
Posted Jul 6, 2012
Authored by juan vazquez, Toby Clarke | Site metasploit.com

This Metasploit module can be used to execute a payload on Umbraco CMS 4.7.0.378. The payload is uploaded as an ASPX script by sending a specially crafted SOAP request to codeEditorSave.asmx, which permits unauthorised file upload via the SaveDLRScript operation. SaveDLRScript is also subject to a path traversal vulnerability, allowing code to be placed into the web-accessible /umbraco/ directory. The module writes, executes and then overwrites an ASPX script; note that though the script content is removed, the file remains on the target. Automatic cleanup of the file is intended if a meterpreter payload is used. This Metasploit module has been tested successfully on Umbraco CMS 4.7.0.378 on a Windows 7 32-bit SP1. In this scenario, the "IIS APPPOOL\ASP.NET v4.0" user must have write permissions on the Windows Temp folder.

tags | exploit, web, asp, file upload
systems | windows
SHA-256 | a969edd9061df64ff92c55db7b277da617626bfa9448eab4978dfbd56a0d42bb
Microsoft IIS Tilde Character Name Disclosure / Denial Of Service
Posted Jul 2, 2012
Authored by Soroush Dalili

Microsoft IIS suffers from a short file/folder name disclosure vulnerability when handling tilde characters. The .NET framework may also suffer from a denial of service condition relating to the handling of tilde. Proof of concept scanner included.

tags | exploit, denial of service, proof of concept
systems | linux
SHA-256 | ac7e17676655fc32991058e316c32da4c4a71a9100a0f1c88e9530581b4638c8
Mandriva Linux Security Advisory 2012-093
Posted Jun 16, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-093 - There is a programming error in the DES implementation used in crypt() in ext/standard/crypt_freesec.c when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored. An integer overflow, leading to heap-based buffer overflow was found in the way Phar extension of the PHP scripting language processed certain fields by manipulating TAR files. A remote attacker could provide a specially-crafted TAR archive file, which once processed in an PHP application using the Phar extension could lead to denial of service , or, potentially arbitrary code execution with the privileges of the user running the application. The updated php packages have been upgraded to the 5.3.14 version which is not vulnerable to these issues.

tags | advisory, remote, denial of service, overflow, arbitrary, php, code execution
systems | linux, mandriva
advisories | CVE-2012-2143, CVE-2012-2386
SHA-256 | d629aa5ad6b017f11eebcaf00da0dc55ea69f71f8b4ab435942012f4d3efe4e7
Alphanumeric Shellcode
Posted Jun 12, 2012
Authored by hatter of BHA | Site blackhatacademy.org

Alphanumeric shellcode is similar to ascii shellcode in that it is used to bypass character filters and evade intrusion-detection during buffer overflow exploitation. This article documents alphanumeric code on multiple architectures, but primarily the 64 bit x86 architecture. Alphanumeric shellcode requires a basic understanding of bitwise math, assembly and shellcode.

tags | paper, overflow, x86, shellcode
SHA-256 | 58bd7026c178df13e32741aeefd385da0fd61df0dd758c8fe3d294c3c7f8be08
Microsoft IIS 6.0 / 7.5 Authentication Bypass
Posted Jun 11, 2012
Authored by Kingcope

Microsoft IIS versions 6.0 and 7.5 suffer from various authentication bypass vulnerabilities. 7.5 also suffers from a source code disclosure flaw.

tags | exploit, vulnerability, bypass
SHA-256 | 31f691d3442ef019996f5131a36d46a349b82fb445d8c3c399201566683d7edb
Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary code on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service. The service is exploitable even when RDS is configured to deny remote connections (handsafe.reg). The service is vulnerable to a heap overflow where the RDS DataStub 'Content-Type' string is overly long. Microsoft Data Access Components (MDAC) 2.1 through 2.6 are known to be vulnerable.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2002-1142, OSVDB-14502
SHA-256 | 5b8f51f6304db9028ffb31a8630bc9126a8b59e8dff7370fae1e12b8fd591199
Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary commands on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service using VbBusObj or AdvancedDataFactory to inject shell commands into Microsoft Access databases (MDBs), MSSQL databases and ODBC/JET Data Source Name (DSN). Based on the msadcs.pl v2 exploit by Rain.Forest.Puppy, which was actively used in the wild in the late Ninties. MDAC versions affected include MDAC 1.5, 2.0, 2.0 SDK, 2.1 and systems with the MDAC Sample Pages for RDS installed, and NT4 Servers with the NT Option Pack installed or upgraded 2000 systems often running IIS3/4/5 however some vulnerable installations can still be found on newer Windows operating systems. Note that newer releases of msadcs.dll can still be abused however by default remote connections to the RDS is denied. Consider using VERBOSE if you're unable to successfully execute a command, as the error messages are detailed and useful for debugging. Also set NAME to obtain the remote hostname, and METHOD to use the alternative VbBusObj technique.

tags | exploit, remote, arbitrary, shell
systems | windows
advisories | CVE-1999-1011
SHA-256 | 382234f494b3e6be1ceaa9dc39e8b06bf8faad703997a8f0eec9259b5d187113
FreeBSD Security Advisory - Incorrect crypt() Hashing
Posted May 30, 2012
Site security.freebsd.org

FreeBSD Security Advisory - There is a programming error in the DES implementation used in crypt() when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored.

tags | advisory
systems | freebsd
advisories | CVE-2012-2143
SHA-256 | c93d455eb30d8a248bc3a8f2e54b0feb1b59e15469c93c07b2e5518cbee945c4
Miibeian SQL Injection
Posted Mar 18, 2012
Authored by the_cyber_nuxbie

Miibeian suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1a4f8c24aaacb1f43dfbb343d4a08dff44a3e4511cd7110c3a648099781971fe
Orbit Downloader URL Unicode Conversion Overflow
Posted Feb 24, 2012
Authored by Diego Juarez, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Orbit Downloader. The vulnerability is due to Orbit converting an URL ascii string to unicode in a insecure way with MultiByteToWideChar. The vulnerability is exploited with a specially crafted metalink file that should be opened with Orbit through the "File->Add Metalink..." option.

tags | exploit, overflow
advisories | CVE-2008-1602, OSVDB-44036
SHA-256 | 3fabd80b37cf0e1969d54e9e5602e17e7766d95225a456a310cee421d520516c
ShakaCon IV Call For Papers
Posted Feb 23, 2012
Site shakacon.org

The Shakacon IV Call For Papers has been announced. It will take place June 18th through the 21st, 2012 in Honolulu, Hawaii.

tags | paper, conference
SHA-256 | d66a1000d9487f2cbdc728cc8d1f23c5ecbd2de6df28b48ec5117c44f7c158ec
Secunia Security Advisory 47984
Posted Feb 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the cformsII plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 6771201e9f6ad3021c289b6de76bd7b56516fc4965ae5d4819d9347b5390b63b
Malware Reverse Engineering Part 1 - Static Analysis
Posted Jan 18, 2012
Authored by Rick Flores

This malware report is part 1 of 2. This report is an effort to track, categorize, contain, understand root cause and infection vector of said user account/s, networked equipment or computer/s. This report pertains to all incidents reported by TIER II help desk, TIER III engineers, customer complaints or random IT Security audit/finding/pen test.

tags | paper, root, virus
SHA-256 | 8ace29513474b3ae5ebf23335d1c8782b885f19d4f5db31bcf348fcb6e7db1b8
Secunia Security Advisory 46659
Posted Nov 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in the ZTE ZXDSL 831 II modem, which can be exploited by malicious people to conduct cross-site request forgery attacks and to disclose sensitive information.

tags | advisory, vulnerability, csrf
SHA-256 | b7cf4aabea0687bdaa8a7ca61f9c2c8706a71eb41a5961132249781bd082708c
Red Hat Security Advisory 2011-1423-01
Posted Nov 3, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1423-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2011-0708, CVE-2011-1148, CVE-2011-1466, CVE-2011-1468, CVE-2011-1469, CVE-2011-1471, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483
SHA-256 | 9894f6c0e2fdb3b67eeaea494961dacdfac8d7872d371ab453608b2c9d5afcf1
ZTE ZXDSL Authentication Bypass / Cross Site Request Forgery
Posted Oct 29, 2011
Authored by Mehdi Boukazoula, Ibrahim Debeche

ZTE ZXDSL version 831IIV7.5.0a_Z29_OV suffers from authentication bypass and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, bypass, csrf
SHA-256 | b0cdee2ba4dc214b8a6c019458a09d907d2a3782ad951c3b3a90bef136744d61
Zero Day Initiative Advisory 11-306
Posted Oct 26, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-306 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles IIOP deserialization. Due to insufficient type checking it is possible to trick java into allowing access to otherwise protected and private fields in built-in objects. This could be used, for example, to disable to security manager normally in place for applets. This leads to remote code execution under the context of the current user.

tags | advisory, java, remote, arbitrary, code execution
advisories | CVE-2011-3521
SHA-256 | 361a262ae72479a4afab85c66c4c74c4946348a51ecd9466a86252761ade0d32
Apple Safari Webkit libxslt Arbitrary File Creation
Posted Oct 18, 2011
Authored by Nicolas Gregoire | Site metasploit.com

This Metasploit module exploits a file creation vulnerability in the Webkit rendering engine. It is possible to redirect the output of a XSLT transformation to an arbitrary file. The content of the created file must be ASCII or UTF-8. The destination path can be relative or absolute. This Metasploit module has been tested on Safari and Maxthon. Code execution can be achieved by first uploading the payload to the remote machine in VBS format, and then upload a MOF file, which enables Windows Management Instrumentation service to execute the VBS.

tags | exploit, remote, arbitrary, code execution
systems | windows
advisories | CVE-2011-1774, OSVDB-74017
SHA-256 | c3cc069840b33d66dc0f5eb936fd86d7c0e81a9ca3077cb540669d0523d716eb
Red Hat Security Advisory 2011-1378-01
Posted Oct 17, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1378-01 - PostgreSQL is an advanced object-relational database management system. A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-2483
SHA-256 | 3dce6fe4950d383fb5e277970c2589c8bba4428442b17bb8c8c6f042b025a953
Red Hat Security Advisory 2011-1377-01
Posted Oct 17, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1377-01 - PostgreSQL is an advanced object-relational database management system. A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-2483
SHA-256 | 62d71099a12234ad587d5b84f596dd84d4431bbca94d0f79ad05d05c1fe2b9f0
Joomla Biitatemplateshop SQL Injection
Posted Sep 26, 2011
Authored by BHG Security Group

The Joomla Biitatemplateshop component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 52bb9485d37a1a44d3eb97b2c195061f55ea3d332b38ebc3eb88c7124742b21d
Sneak Peak At The Metasploit Framework - II
Posted Aug 19, 2011
Authored by Karthik R

Whitepaper called Sneak Peak at the Metasploit Framework - II. This article covers using databases with the Metasploit Framework in detail.

tags | paper
SHA-256 | e2fd5239e0ac4b7622e1680a42e1476e166f4701849942f1a604ec249819ee28
Zero Day Initiative Advisory 11-263
Posted Aug 16, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-263 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within vxsvc.exe. The problem affecting the part of the server running on TCP port 2148 is an integer overflow in the function vxveautil.value_binary_unpack during the handling of the ascii strings (opcode 6) where the 32-bit field supplied by the attacker is used for allocating a destination buffer by adding an additional byte to its value. This integer overflow can be used to create a small allocation which will be subsequently overflowed, allowing the attacker to execute arbitrary code under the context of the SYSTEM.

tags | advisory, remote, overflow, arbitrary, tcp
advisories | CVE-2011-0547
SHA-256 | 0fcbff142d7610a53b48282940d56393214feea54905383c4a36f0cf94dbadb5
Flash Cookies And Privacy II: Now With HTML5 And ETag Respawning
Posted Aug 16, 2011
Authored by Nathaniel Good, Mika D. Ayenson, Chris Jay Hoofnagle, Ashkan Soltani, Dietrich J. Wambach

Whitepaper called Flash Cookies And Privacy II: Now With HTML5 And ETag Respawning. This is a follow-up study that reassesses the flash cookie landscape and examines a new tracking vector, HTML5 local storage, and cache-cookies via ETags.

tags | paper, local
SHA-256 | d034027c4b2e69e75390f976a780e8fc1fab1ac887010dcf7e3bc3bc82d11ac4
Page 1 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close