exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

WordPress Lightbox Photo Gallery 1.0 CSRF / XSS
Posted Dec 12, 2014
Authored by Morten Nortoft, Kenneth Jepsen, Mikkel Vej

WordPress Lightbox Photo Gallery plugin version 1.0 suffers from a cross site request forgery vulnerability that can be leveraged to trick an admin into storing cross site scripting code.

tags | exploit, xss, csrf
SHA-256 | 33298cd9bd72c5f9c115a62a9acb2577cb71061c0eef1456edbe8d941fd58ea9

Related Files

Zero Day Initiative Advisory 12-137
Posted Aug 17, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-137 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. Authentication is not required to exploit this vulnerability. The flaw exists within the libsecurity_cdsa_plugin which implements routines defined in libsecurity_cssm. The library defines an allocation routine as having an argument type uint32. The implemented methods in the cdsa_plugin accept parameter having type size_t, this value is truncated from 64 bits to 32 bits when being passed to the library routine. This can lead to an underallocated memory region and ultimately a write out of bounds. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2012-0651
SHA-256 | 46ab23dd80c0f29f56b1529836ab00f816dadca849f9f53aba67524769c8cb32
Secunia Security Advisory 50289
Posted Aug 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the RSVPMaker plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | 1308c5365a8a6322182004b702e1cffdb5aa396feec096ae18a853239f2a9478
Secunia Security Advisory 50305
Posted Aug 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for flash-plugin. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, redhat
SHA-256 | e49512d4b1183a2b7f7d1e89472e2bc893629bbfad4358cdbeb4e99198996262
Mandriva Linux Security Advisory 2012-132
Posted Aug 15, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-132 - Multiple cross-site request forgery and cross-site scripting flaws has been found and corrected in GLPI. This advisory provides the latest version of GLPI which are not vulnerable to these issues. Additionally the latest versions of the corresponding plugins are also being provided.

tags | advisory, xss, csrf
systems | linux, mandriva
advisories | CVE-2012-4002, CVE-2012-4003
SHA-256 | 278fcab2d1ab2e4d4ef8819f221aff25448777d5df0d2fe452abe0b3a7049fea
Red Hat Security Advisory 2012-1173-01
Posted Aug 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1173-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-18, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.238.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2012-1535
SHA-256 | c10d85f5137cb075e49ec0b6380b902d41df64cf1042cece8b3a15b524552b6a
Secunia Security Advisory 50258
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for icedtea-web. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the plugin.

tags | advisory, web, vulnerability
systems | linux, suse
SHA-256 | d2498827fbc60ac4f93763aa590a4f48b39ae08094bcfc93dd5231c7f75f3820
Secunia Security Advisory 50217
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Mz-jajak plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | ce183014f7a7034ef08b820c44de5dba4b085aa24a0e0ecc694575a83631fcac
WordPress Mz-Jajak 2.1 SQL Injection
Posted Aug 11, 2012
Authored by StRoNiX

WordPress third party plugin Mz-jajak versions 2.1 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 51b5a3e5fbb049ef9ed0a0da87e3242197a6526dbb1c51c5fa9bb3f9b7d8d988
Secunia Security Advisory 50207
Posted Aug 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - loneferret has reported a vulnerability in the Postie plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | 9104eb2fe16306c11ec227c41c5d34b5455bd5076fcbee6902d7b238037f7853
Secunia Security Advisory 50208
Posted Aug 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - loneferret has reported some vulnerabilities in the SimpleMail plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | f83e5e65043670becdc42a9b437540aa6f27a980121590167a6dcb2bdef541bf
AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution
Posted Aug 7, 2012
Authored by rgod | Site retrogod.altervista.org

AOL products downloadUpdater2 plugin suffers from a remote code execution vulnerability. Proof of concept included.

tags | exploit, remote, code execution, proof of concept
SHA-256 | 5dd419850203744eecbd83ce5e621ac6ad8521036c7ff6ea92f36ad34d871c9d
Secunia Security Advisory 50176
Posted Aug 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in the Vitamin plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.

tags | advisory, vulnerability
SHA-256 | 1e6925f6212da54846413366e7e3b4d07d6ebfec345eb2ac14ed9d043180c5dd
Secunia Security Advisory 48945
Posted Aug 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the AOL downloadUpdater2 plugin for Firefox, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 34d39d1cffd7365c1f403a934dc593cd61940b634fb29827fb014db038bf0b94
Secunia Security Advisory 50161
Posted Aug 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability with an unknown impact has been reported in the Featured Post with thumbnail plugin for WordPress.

tags | advisory
SHA-256 | 8fe95c8e80b2cecde85a6e3478176cfe6c1c0058ba329781caa0c0e302963b58
Secunia Security Advisory 50166
Posted Aug 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in the WP Lead Management plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | 621e4d11e8f52beb3c8001b1ec8daf4dad03ba1d03e991be2502975091df60c9
Secunia Security Advisory 50173
Posted Aug 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in the XVE Various Embed plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | f4d5fecdc356557b2890cf99029ffce4c3d7a8bb6bcb3bee9c7476681af88c42
Mandriva Linux Security Advisory 2012-122
Posted Aug 3, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-122 - Multiple vulnerabilities has been discovered and corrected in icedtea-web. An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code. It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface. When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution. The updated packages have been upgraded to the 1.1.6 version which is not affected by these issues.

tags | advisory, web, arbitrary, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2012-3422, CVE-2012-3423
SHA-256 | e54255ca79425edaf6f80ec86b150446915000646da9fc75bb873211676e0a94
Secunia Security Advisory 50100
Posted Aug 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in the G-Lock Double Opt-in Manager plugin for WordPress, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory, vulnerability
SHA-256 | e942775fee1c967f7a52b6df52468b0b3e0a60e953c7e6f0244b37ad318712ee
WordPress G-Lock Double Opt-in Manager 2.6.2 SQL Injection
Posted Aug 1, 2012
Authored by BEASTIAN

WordPress G-Lock Double Opt-in Manager plugin versions 2.6.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9b809a742da2c1d3b8cbdd4435983f048a1f070e4be8d8392cfd842d006b75ac
Secunia Security Advisory 50089
Posted Aug 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for icedtea-web. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the plugin.

tags | advisory, web, vulnerability
systems | linux, redhat
SHA-256 | 4f6b55a417d5a49358b50c60d81fdff58dda155a69260ce63b323a982ae9bfd5
Secunia Security Advisory 50106
Posted Aug 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for icedtea-web. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the plugin.

tags | advisory, web, vulnerability
systems | linux, ubuntu
SHA-256 | 8dee92a9db2efd34dc96d4cc062a43090f8ea0460543cd84330f8235b6031a6d
Ubuntu Security Notice USN-1521-1
Posted Jul 31, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1521-1 - Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. Steven Bergom and others discovered that the IcedTea-Web Java web browser plugin assumed that all strings provided by browsers are NULL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). A remote attacker could use this to craft a malicious Java applet that could cause a denial of service by crashing the web browser, expose sensitive information or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, java, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-3422, CVE-2012-3423, CVE-2012-3422, CVE-2012-3423
SHA-256 | 501fee417fe6ba2b16a422f5cde669441ffad8611bba304f314fbdf49e7846e3
Secunia Security Advisory 50063
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in the PoodLL plugins for Moodle, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 7f928e1ef9d46da2dadab131054e85fcc473662c2453689b842054730301fedd
Secunia Security Advisory 50099
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in the Backend Localization plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 77a4086ca6f20e915785181730d0675252f56b8f6f763f25404ec336d2103498
Photodex ProShow Producer 5.0.3256 Buffer Overflow
Posted Jul 26, 2012
Authored by mr.pr0n, Julien Ahrens, juan | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Photodex ProShow Producer version 5.0.3256 in the handling of the plugins load list file. An attacker must send the crafted "load" file to victim, who must store it in the installation directory. The vulnerability will be triggered the next time ProShow is opened. The module has been tested successfully on Windows XP SP3 and Windows 7 SP1.

tags | exploit, overflow
systems | windows
advisories | OSVDB-83745
SHA-256 | bf2514d474a7b08d3b8119c8f11509c92a1414014f2de791e9a5e94b2b9e0c03
Page 1 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close