exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

WordPress Download Manager Free 2.7.94 / Pro 4 XSS
Posted Jul 16, 2015
Authored by Filippos Mastrogiannis

WordPress Download Manager Free version 2.7.94 and Pro version 4 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0309ec8cd7dbe37e81c6995f0bb31b5a363fb77bdd24d0b90bc2454f50653838

Related Files

Slackware Security Advisory - Freetype Updates
Posted Jun 26, 2012
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New freetype packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2012-1126, CVE-2012-1144
SHA-256 | 41cb6e0675fc04dd566d6c6376f8c6fa71e90af8d43606c5430c148c6702b020
Debian Security Advisory 2499-1
Posted Jun 24, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2499-1 - Several vulnerabilities have been discovered in icedove, the Debian version of the Mozilla Thunderbird mail/news client. There were miscellaneous memory safety hazards (CVE-2012-1937, CVE-2012-1939) and a use-after-free issues (CVE-2012-1940).

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-1937, CVE-2012-1939, CVE-2012-1940
SHA-256 | 3ef5c267fafc1828b6ed570af3e07c3e42a3518ffbf521822678933115a7ad97
Mandriva Linux Security Advisory 2012-088-1
Posted Jun 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-088 - Security issues were identified and fixed in mozilla firefox and thunderbird. Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. Various other issues have also been addressed.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1947, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1945, CVE-2012-1944, CVE-2012-1938, CVE-2012-1939, CVE-2012-1937, CVE-2011-3101, CVE-2012-0441
SHA-256 | 1603e02157910f2d331b08402bdd06ee196b6de4cff5207982f9aa86d63b323f
Cisco Security Advisory 20120620-asaipv6
Posted Jun 21, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco Catalyst 6500 Series ASA Services Module (Cisco ASASM) contain a vulnerability that may allow an unauthenticated, remote attacker to cause the reload of the affected device. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, remote
systems | cisco
SHA-256 | b2138abe79ccd8a8c42dc9e1dd56625e65c8b779de339dfbe6292280c1a13fc6
Cisco Security Advisory 20120620-ace
Posted Jun 21, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability exists in Cisco Application Control Engine (ACE) software. Administrative users may be logged into an unintended context (virtual instance) on the ACE when running in multicontext mode. Cisco has released free software updates that address this vulnerability. A workaround is available for this vulnerability.

tags | advisory
systems | cisco
SHA-256 | 543bfe7363a2968b41ab895f56066550f437e4aa52375a8a38bbe9e43155bb32
Cisco Security Advisory 20120620-ac
Posted Jun 21, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco AnyConnect Secure Mobility Client is affected by multiple vulnerabilities including code execution. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

tags | advisory, vulnerability, code execution
systems | cisco
SHA-256 | 08cfe7a215d929cba091f6ca3cd541e7690b6f415bf90d797eed5ce00256ce26
Microsoft Internet Explorer GetAtomTable Remote Use-After-Free
Posted Jun 20, 2012
Authored by VUPEN, Jordan Gruskovnjak | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll module when processing GetAtomTable objects, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.

tags | advisory, remote, arbitrary
advisories | CVE-2012-1875
SHA-256 | 8e4efee72018e74d74bd0e481367967504569eb75b76d4050a7fef60ffc11887
Microsoft Internet Explorer CollectionCache Remote Use-After-Free
Posted Jun 20, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll module when processing CollectionCache objects, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.

tags | advisory, remote, arbitrary
SHA-256 | e3d29879255e1ff2003388a8d7447ab0c086cfdc1cb25b9bc5b4605cfe1e6951
Mandriva Linux Security Advisory 2012-093
Posted Jun 16, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-093 - There is a programming error in the DES implementation used in crypt() in ext/standard/crypt_freesec.c when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored. An integer overflow, leading to heap-based buffer overflow was found in the way Phar extension of the PHP scripting language processed certain fields by manipulating TAR files. A remote attacker could provide a specially-crafted TAR archive file, which once processed in an PHP application using the Phar extension could lead to denial of service , or, potentially arbitrary code execution with the privileges of the user running the application. The updated php packages have been upgraded to the 5.3.14 version which is not vulnerable to these issues.

tags | advisory, remote, denial of service, overflow, arbitrary, php, code execution
systems | linux, mandriva
advisories | CVE-2012-2143, CVE-2012-2386
SHA-256 | d629aa5ad6b017f11eebcaf00da0dc55ea69f71f8b4ab435942012f4d3efe4e7
Secunia Security Advisory 49549
Posted Jun 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - FreeBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | freebsd
SHA-256 | 54f582c0aff4414fc8e75b7598d8ceb035792aff8f25fce2ab55a3bcd03d74c9
Secunia Security Advisory 49518
Posted Jun 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in FreeBSD, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | freebsd
SHA-256 | 2598dd63ffe233bd938ac54ba0b4d96ea2fe3180da73643e74aefde90ec8b2c9
Microsoft Internet Explorer 8 / 9 Toolbar Code Execution
Posted Jun 14, 2012
Authored by Code Audit Labs | Site vulnhunt.com

Code Audit Labs has discovered that Microsoft Internet Explorer versions 8 and 9 suffer from a use-after-free vulnerability in the developer toolbar.

tags | advisory
advisories | CVE-2012-1874
SHA-256 | f7298e95d2549588ea1cd82324a1caedfe0a90734ffc624026081336553170f8
Microsoft Internet Explorer 8 Code Execution
Posted Jun 14, 2012
Authored by Code Audit Labs | Site vulnhunt.com

Code Audit Labs has discovered a remote code execution vulnerability in Microsoft Internet Explorer 8 due to a use-after-free issue having to do with property ids.

tags | advisory, remote, code execution
advisories | CVE-2012-1875
SHA-256 | d90822cc1fdf82eaf50e354edf2ba9269a59ae2ff8196eb2ba50bfbd36cfe29b
Red Hat Security Advisory 2012-0731-01
Posted Jun 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0731-01 - Expat is a C library written by James Clark for parsing XML documents. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. A memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted.

tags | advisory, denial of service, memory leak
systems | linux, redhat
advisories | CVE-2012-0876, CVE-2012-1148
SHA-256 | 394a7f79bd3236ad5f7df42375d2085ac2e3d0a734d4ee58e5ffc4674295dd95
FreeBSD Security Advisory - Kernel Privilege Escalation
Posted Jun 12, 2012
Authored by Rafal Wojtczuk, John Baldwin | Site security.freebsd.org

FreeBSD Security Advisory - The FreeBSD operating system implements a rings model of security, where privileged operations are done in the kernel, and most applications request access to these operations by making a system call, which puts the CPU into the required privilege level and passes control to the kernel. FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call. Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash.

tags | advisory, kernel, local
systems | freebsd
advisories | CVE-2012-0217
SHA-256 | 50ab73e18c85232ccd993cef89e2d46586aa4f827d36aa88ad33256fe4a53d2d
FreeBSD Security Advisory - BIND 9 Incorrect Handling
Posted Jun 12, 2012
Authored by Dan Luther, Jeffrey A. Spain | Site security.freebsd.org

FreeBSD Security Advisory - The named(8) server does not properly handle DNS resource records where the RDATA field is zero length, which may cause various issues for the servers handling them. Resolving servers may crash or disclose some portion of memory to the client. Authoritative servers may crash on restart after transferring a zone containing records with zero-length RDATA fields. These would result in a denial of service, or leak of sensitive information.

tags | advisory, denial of service
systems | freebsd
advisories | CVE-2012-1667
SHA-256 | 38bb62ce0e6626ae58f5bdcb8590d53027dcaccd01d33f928641394b6ad66427
Mandriva Linux Security Advisory 2012-088
Posted Jun 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-088 - Security issues were identified and fixed in mozilla firefox and thunderbird. Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1947, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1945, CVE-2012-1944, CVE-2012-1938, CVE-2012-1939, CVE-2012-1937, CVE-2011-3101, CVE-2012-0441
SHA-256 | e45d0a9ecaaa6aa2057a7a0d53316462d0da0cafa4345f6f72cf7e998d9be6ec
FreePost 0.1 R1 SQL Injection
Posted Jun 10, 2012
Authored by ThE g0bL!N

FreePost version 0.1 R1 suffers from remote SQL injection and cookie related vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | eb9ecf718ca8304e98fc3058a5dc1bbf4aa23d50b5929b09a17440c9d7df94ce
Secunia Security Advisory 49304
Posted May 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in FreeBSD, which can be exploited by malicious people to conduct brute force attacks.

tags | advisory
systems | freebsd
SHA-256 | 096d89e5f8bb66f7e25482daa3d537e6b8f732ea196a69e90fc5267468b4db01
Cisco Security Advisory 20120530-iosxr
Posted May 31, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS XR Software contains a vulnerability when handling crafted packets that may result in a denial of service condition. The vulnerability only exists on Cisco 9000 Series Aggregation Services Routers (ASR) Route Switch Processor (RSP440) and Cisco Carrier Routing System (CRS) Performance Route Processor (PRP). The vulnerability is a result of improper handling of crafted packets and could cause the route processor, which processes the packets, to be unable to transmit packets to the fabric. Cisco has released free software updates that address this vulnerability.

tags | advisory, denial of service
systems | cisco, osx
SHA-256 | fff41f08fd976df15727676fbdf3534859a2336101b9fdcdc8160a445d8bf795
FreeBSD Security Advisory - Incorrect crypt() Hashing
Posted May 30, 2012
Site security.freebsd.org

FreeBSD Security Advisory - There is a programming error in the DES implementation used in crypt() when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored.

tags | advisory
systems | freebsd
advisories | CVE-2012-2143
SHA-256 | c93d455eb30d8a248bc3a8f2e54b0feb1b59e15469c93c07b2e5518cbee945c4
Secunia Security Advisory 49132
Posted May 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in FreeRealty, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery and SQL injection attacks.

tags | advisory, vulnerability, sql injection, csrf
SHA-256 | 2ff5983779b5efd5e797d0f9340a827b6ec7cdfb2e1f2ade0e996f6b19c44cc5
Firefox 8/9 AttributeChildRemoved() Use-After-Free
Posted May 14, 2012
Authored by regenrecht | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability in Firefox 8/8.0.1 and 9/9.0.1. Removal of child nodes from the nsDOMAttribute can allow for a child to still be accessible after removal due to a premature notification of AttributeChildRemoved. Since mFirstChild is not set to NULL until after this call is made, this means the removed child will be accessible after it has been removed. By carefully manipulating the memory layout, this can lead to arbitrary code execution.

tags | exploit, arbitrary, code execution
advisories | CVE-2011-3659
SHA-256 | 0750feb0c6b04b3e549b1720e08f8946c5ad47833c85f2914592e886fe867eb0
Free Reality 3.1-0.6 XSS / CSRF / SQL Injection
Posted May 12, 2012
Authored by the_storm, Vulnerability Laboratory | Site vulnerability-lab.com

Free Reality version 3.1-0.6 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | 493f04f3ec7af900fb32e04bb9d6040d9d5478aa3e1ab908625ea0aa19e36bbd
OWASP Mantra - Lexicon 0.91 Beta
Posted May 11, 2012
Site getmantra.com

OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals, etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the source code release.

Changes: Firefox 12 is now used as the base. NoRedirect Extension, FireEncrypter, Ra.2 XSS scanner, and more have been added. Known issues have been addressed.
tags | web
SHA-256 | 541d48c626a68f4fde63c7fca65c1f14bbaf9ece1f236099d199f6a931b408c7
Page 2 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close