what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution
Posted Nov 5, 2014
Authored by Fernando Munoz, Juan Escobar | Site metasploit.com

This Metasploit module exploits a post-auth vulnerability found in X7 Chat versions 2.0.0 up to 2.0.5.1. The vulnerable code exists on lib/message.php, which uses preg_replace() function with the /e modifier. This allows a remote authenticated attacker to execute arbitrary PHP code in the remote machine.

tags | exploit, remote, arbitrary, php
MD5 | de4a0bc1ebe4cdcafe9ecfde019dd9da

Related Files

PHP-Nuke SPChat SQL Injection
Posted Jul 20, 2012
Authored by Pr0T3cT10n

The PHP-Nuke SPChat module suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | ea0c697c6316e7a7a3559fe6961f1afa
Ubuntu Security Notice USN-1500-1
Posted Jul 9, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1500-1 - Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in the AIM and ICQ protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. Thijs Alkemade discovered that Pidgin incorrectly handled malformed voice and video chat requests in the XMPP protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, protocol
systems | linux, ubuntu
advisories | CVE-2011-4601, CVE-2011-4602, CVE-2011-4603, CVE-2011-4922, CVE-2011-4939, CVE-2012-1178, CVE-2012-2214, CVE-2012-2318, CVE-2012-3374, CVE-2011-4601, CVE-2011-4602, CVE-2011-4603, CVE-2011-4922, CVE-2011-4939, CVE-2012-1178, CVE-2012-2214, CVE-2012-2318, CVE-2012-3374
MD5 | 422fcc2933191191cceade8eaab9a688
Secunia Security Advisory 49810
Posted Jul 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Avatar Fearless has discovered multiple vulnerabilities in ElfChat, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | f329212d44a91ae781d6c7e836a5d976
Elfchat 5.1.2 Pro Cross Site Scripting
Posted Jul 6, 2012
Authored by Avatar Fearless

ElfChat version 5.1.2 Pro suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c529f8e3722c4baefe97b464319fbd6b
Secunia Security Advisory 49826
Posted Jul 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the PHPFreeChat plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 597b2898a8d37b9adbfad14fe7c538ae
Et-Chat Shell Upload
Posted Jun 12, 2012
Authored by FarbodEZRaeL

Et-Chat suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 470f35651afe51c8818b886e42bd7a92
Secunia Security Advisory 49419
Posted Jun 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the FCChat Widget plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | a644615758c98376318834cc71bd72ef
WordPress FCChat Widget 2.x Shell Upload
Posted Jun 6, 2012
Authored by Sammy FORGIT

WordPress FCChat Widget plugin versions 2.2.12.2 through 2.2.13.1 suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 36987a6330276ed2db5b98faa2ba6480
Active Collab "chat module" 2.3.8 Remote PHP Code Injection
Posted May 22, 2012
Authored by mr_me | Site metasploit.com

This Metasploit module exploits an arbitrary code injection vulnerability in the chat module that is part of Active Collab by abusing a preg_replace() using the /e modifier and its replacement string using double quotes. The vulnerable function can be found in activecollab/application/modules/chat/functions/html_to_text.php.

tags | exploit, arbitrary, php
advisories | OSVDB-81966
MD5 | bb5dd6f386c14e61316d4ebca6557bff
Secunia Security Advisory 49246
Posted May 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Chat module for activeCollab, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
MD5 | 39ab7d234ded0ac89930a8616c5ec416
X7 Chat 2.0.5.1 Cross Site Request Forgery
Posted May 9, 2012
Authored by DennSpec

X7 Chat versions 2.0.5.1 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | fe79a7456f8f204bcf8610d2b617309c
Secunia Security Advisory 48905
Posted Apr 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sony has discovered a vulnerability in ChatBlazer Enterprise Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 5e96e03f53a184a48468f246c8929615
ChatBlazer Flash Chat Cross Site Scripting
Posted Apr 19, 2012
Authored by Sony

ChatBlazer Flash Chat suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 061275d9d49eca0868ef22a71560f1b2
Fastpath WebChat 4.0.0 Cross Site Scripting
Posted Apr 16, 2012
Authored by Aung Khant | Site yehg.net

Fastpath WebChat version 4.0.0 suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 979d504fdf5a8a2603a2171b6348fe38
Secunia Security Advisory 48796
Posted Apr 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Chat plugin for Seditio, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
MD5 | 1ce2cd0170489f5b6742517570905c1c
Seditio Chat 1.0 Cross Site Request Forgery
Posted Apr 11, 2012
Authored by Akastep

Seditio Chat plugin version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | dd3f6378280f2561e905f9b5dde908a2
CarChat24 HTML Injection
Posted Mar 18, 2012
Authored by Sony

CarChat24 suffers from an html injection vulnerability.

tags | exploit
MD5 | 6a87350d28725dde324f13a06855eb13
Mandriva Linux Security Advisory 2012-029
Posted Mar 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-029 - The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service by changing a nickname while in an XMPP chat room. The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service via an OIM message that lacks UTF-8 encoding. This update provides pidgin 2.10.2, which is not vulnerable to these issues.

tags | advisory, remote, denial of service, protocol
systems | linux, mandriva
advisories | CVE-2011-4939, CVE-2012-1178
MD5 | 295d2211fd0f89bc631ecba1efb1ffb7
ProvideChat Cross Site Scripting
Posted Mar 16, 2012
Authored by Sony

ProvideChat suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e1d165b0b30e67e5c6c09cc8990a4b43
Volusion Chat Cross Site Scripting
Posted Mar 15, 2012
Authored by Sony

Volusion Chat suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | ddceae0a4bec49d4abf48d60878f16ac
AliveChat Cross Site Scripting
Posted Feb 29, 2012
Authored by Sony

AliveChat suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4a395ee410d43709cec872a5936ab543
LiveHelpNow Chat Cross Site Scripting
Posted Feb 22, 2012
Authored by Sony

LiveHelpNow Chat suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f0d6435b432b147e5d01bb51278ddf1d
P-Chat 0.9 Cross Site Scripting
Posted Feb 22, 2012
Authored by Eyup CELIK

P-Chat version 0.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e5e8e2059957ba21bdc39b460e71b99d
Red Hat Security Advisory 2012-0141-01
Posted Feb 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0141-01 - SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor. A heap-based buffer overflow flaw was found in the way SeaMonkey handled PNG images. A web page containing a malicious PNG image could cause SeaMonkey to crash or, possibly, execute arbitrary code with the privileges of the user running SeaMonkey. All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.

tags | advisory, web, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3026
MD5 | a49fdcfccfc93900f257527baea72311
Skype 5.x.x Information Disclosure
Posted Feb 13, 2012

Even if a user has their security settings with no history enabled, Skype 5.x.x fails to securely remove chat messages stored in the sqlite3 database.

tags | exploit, info disclosure
MD5 | c4d32e6a422eb5b37e409613e6b14f8e
Page 1 of 4
Back1234Next

File Archive:

February 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    33 Files
  • 2
    Feb 2nd
    30 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    8 Files
  • 5
    Feb 5th
    11 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    1 Files
  • 8
    Feb 8th
    37 Files
  • 9
    Feb 9th
    15 Files
  • 10
    Feb 10th
    11 Files
  • 11
    Feb 11th
    26 Files
  • 12
    Feb 12th
    8 Files
  • 13
    Feb 13th
    1 Files
  • 14
    Feb 14th
    1 Files
  • 15
    Feb 15th
    9 Files
  • 16
    Feb 16th
    33 Files
  • 17
    Feb 17th
    6 Files
  • 18
    Feb 18th
    10 Files
  • 19
    Feb 19th
    20 Files
  • 20
    Feb 20th
    1 Files
  • 21
    Feb 21st
    1 Files
  • 22
    Feb 22nd
    17 Files
  • 23
    Feb 23rd
    15 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    28 Files
  • 26
    Feb 26th
    25 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close