exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed

Files

WordPress Download Manager Free 2.7.94 / Pro 4 XSS
Posted Jul 16, 2015
Authored by Filippos Mastrogiannis

WordPress Download Manager Free version 2.7.94 and Pro version 4 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0309ec8cd7dbe37e81c6995f0bb31b5a363fb77bdd24d0b90bc2454f50653838

Related Files

Cisco Security Advisory 20120328-pai
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability exists in the Cisco IOS Software that may allow a remote application or device to exceed its authorization level when authentication, authorization, and accounting (AAA) authorization is used. This vulnerability requires that the HTTP or HTTPS server is enabled on the Cisco IOS device. Products that are not running Cisco IOS Software are not vulnerable. Cisco has released free software updates that address these vulnerabilities. The HTTP server may be disabled as a workaround for the vulnerability described in this advisory.

tags | advisory, remote, web, vulnerability
systems | cisco
advisories | CVE-2012-0384
SHA-256 | d0a54650e8efd4c39e79421b011fe738bf7decc8c31ed82b1aed3488ad1654e3
Cisco Security Advisory 20120328-ssh
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Secure Shell (SSH) server implementation in Cisco IOS Software and Cisco IOS XE Software contains a denial of service (DoS) vulnerability in the SSH version 2 (SSHv2) feature. An unauthenticated, remote attacker could exploit this vulnerability by attempting a reverse SSH login with a crafted username. Successful exploitation of this vulnerability could allow an attacker to create a DoS condition by causing the device to reload. Repeated exploits could create a sustained DoS condition. The SSH server in Cisco IOS Software and Cisco IOS XE Software is an optional service, but its use is highly recommended as a security best practice for the management of Cisco IOS devices. Devices that are not configured to accept SSHv2 connections are not affected by this vulnerability. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, denial of service, shell
systems | cisco, osx
advisories | CVE-2012-0386
SHA-256 | 69dfd771334c9008e86b1f53b96091fcd37892da4c55275494bc282c59b6d36a
Cisco Security Advisory 20120328-nat
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software Network Address Translation (NAT) feature contains a denial of service (DoS) vulnerability in the translation of Session Initiation Protocol (SIP) packets. The vulnerability is caused when packets in transit on the vulnerable device require translation on the SIP payload. Cisco has released free software updates that address this vulnerability. A workaround that mitigates the vulnerability is available.

tags | advisory, denial of service, protocol
systems | cisco
advisories | CVE-2012-0383
SHA-256 | 621d511df36164003264ce4995e8cc2dd26b288bbfe0e1518a4cf0d7dddeebc1
Cisco Security Advisory 20120328-mace
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS Software contains a denial of service (DoS) vulnerability in the Wide Area Application Services (WAAS) Express feature that could allow an unauthenticated, remote attacker to cause the router to leak memory or to reload. Cisco IOS Software also contains a DoS vulnerability in the Measurement, Aggregation, and Correlation Engine (MACE) feature that could allow an unauthenticated, remote attacker to cause the router to reload. An attacker could exploit these vulnerabilities by sending transit traffic through a router configured with WAAS Express or MACE. Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to cause the router to leak memory or to reload. Repeated exploits could allow a sustained DoS condition. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
systems | cisco
advisories | CVE-2012-1312, CVE-2012-1314
SHA-256 | 788885399c203d07e2f188436e87b949677dbed1fe1b4f9d5901f2a746308dff
Cisco Security Advisory 20120328-ike
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software Internet Key Exchange (IKE) feature contains a denial of service (DoS) vulnerability. Cisco has released free software updates that address this vulnerability.

tags | advisory, denial of service
systems | cisco
advisories | CVE-2012-0381
SHA-256 | fa3fff97691020951e5f7756ce74f71c8b311fbe51096d2d5765371fb8a6d8ed
Cisco Security Advisory 20120328-smartinstall
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS Software contains a vulnerability in the Smart Install feature that could allow an unauthenticated, remote attacker to cause a reload of an affected device if the Smart Install feature is enabled. The vulnerability is triggered when an affected device processes a malformed Smart Install message on TCP port 4786. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.

tags | advisory, remote, tcp
systems | cisco
advisories | CVE-2012-0385
SHA-256 | c06f577fae4b43b9285492688c906f793f98c7b4ebd7e6f6ae73078b576a2bbe
Netsniff-NG High Performance Sniffer 0.5.6
Posted Mar 29, 2012
Authored by Netsniff-NG Workgroup | Site netsniff-ng.org

netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.

Changes: This is a major release with lots of new features.
tags | tool, kernel, sniffer, protocol
systems | linux, unix
SHA-256 | 64b06725a19d2103aeefa1b60d166657ed3008f8a94691a6ec883708348de227
Cisco Security Advisory 20120328-rsvp
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS Software and Cisco IOS XE Software contain a vulnerability in the RSVP feature when used on a device configured with VPN routing and forwarding (VRF) instances. This vulnerability could allow an unauthenticated, remote attacker to cause an interface wedge, which can lead to loss of connectivity, loss of routing protocol adjacency, and other denial of service (DoS) conditions. This vulnerability could be exploited repeatedly to cause an extended DoS condition. A workaround is available to mitigate this vulnerability. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco, osx
advisories | CVE-2012-1311
SHA-256 | 66b4808802d79e777b367723e8a72933aa4a79f44a9c183f78f6c8dee313e4cd
Cisco Security Advisory 20120328-msdp
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Multicast Source Discovery Protocol (MSDP) implementation of Cisco IOS Software and Cisco IOS XE Software could allow a remote, unauthenticated attacker to cause a reload of an affected device. Repeated attempts to exploit this vulnerability could result in a sustained denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, remote, denial of service, protocol
systems | cisco, osx
advisories | CVE-2012-0382
SHA-256 | fce89adc97cc27de40394846d5c1768ffb1a6670294415b5229d201a5b12c8e4
Cisco Security Advisory 20120328-zbfw
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS Software contains four vulnerabilities related to Cisco IOS Zone-Based Firewall features. These vulnerabilities are as follows: Memory Leak Associated with Crafted IP Packets. Memory Leak in HTTP Inspection. Memory Leak in H.323 Inspection. Memory Leak in SIP Inspection Workarounds that mitigate these vulnerabilities are not available. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, web, vulnerability, memory leak
systems | cisco
advisories | CVE-2012-0387, CVE-2012-0388, CVE-2012-1310, CVE-2012-1315
SHA-256 | 425933ced497ae1f0580d31d6cb0bf3be88e191f8a0fb78ae095f067dc8b03ca
Secunia Security Advisory 48475
Posted Mar 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in FreePBX, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 3e11e605551ce5aea6d41b5e3cfa6d51aef462e3688ddc49c631f9626177878e
Secunia Security Advisory 48463
Posted Mar 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in FreePBX, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | c63114d25e7f9af0569218dad87683e917da1784e07212f2fe8a4a747188bbc7
FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution
Posted Mar 26, 2012
Authored by muts | Site metasploit.com

This Metasploit module exploits FreePBX version 2.10.0,2.9.0 and possibly older. Due to the way callme_page.php handles the 'callmenum' parameter, it is possible to inject code to the '$channel' variable in function callme_startcall in order to gain remote code execution. Please note in order to use this module properly, you must know the extension number, which can be enumerated or bruteforced, or you may try some of the default extensions such as 0 or 200. Also, the call has to be answered (or go to voice). Tested on both Elastix and FreePBX ISO image installs.

tags | exploit, remote, php, code execution
SHA-256 | 732f9a89390a847e9a30d1b733961bd71e76e38457ac805770011388b929d0cc
Secunia Security Advisory 48508
Posted Mar 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for freetype. This fixes multiple vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | 11d4beff941b63f32055080120d1759531825e0556704db14ca1b89120d042af
FreePBX 2.10.0 / Elastic 2.2.0 Remote Code Execution
Posted Mar 23, 2012
Authored by muts

FreePBX version 2.10.0 and Elastic version 2.2.0 remote root code execution exploit.

tags | exploit, remote, root, code execution
SHA-256 | 984ef9b4d46d202068534bc7c0391749912cfe24b026e014bc264260d6e0af46
Ubuntu Security Notice USN-1401-2
Posted Mar 23, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1401-2 - USN-1401-1 fixed vulnerabilities in Xulrunner. This update provides the corresponding fixes for Thunderbird. It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash. Atte Kettunen discovered a use-after-free vulnerability in the Gecko Rendering Engine's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the Xulrunner based application. Atte Kettunen discovered an out of bounds read vulnerability in the Gecko Rendering Engine's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Soroush Dalili discovered that the Gecko Rendering Engine did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents of the frame or steal confidential data. Mariusz Mlynski discovered that the Home button accepted JavaScript links to set the browser Home page. An attacker could use this vulnerability to get the script URL loaded in the privileged about:sessionrestore context. Bob Clary, Vincenzo Iozzo, and Willem Pinckaers discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2011-3658, CVE-2012-0457, CVE-2012-0456, CVE-2012-0455, CVE-2012-0458, CVE-2011-3658, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0461, CVE-2012-0464
SHA-256 | 18ff4554ba8f49486a34fb7d8714a434cb13cd31e28f8877c79af56223cd9ced
Ubuntu Security Notice USN-1403-1
Posted Mar 23, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1403-1 - Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144, CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134
SHA-256 | e1d2d95c5ba578a362becf78fa57a40f69b72d40a1a08042c7718592277edb34
MS10-002 Internet Explorer Object Memory Use-After-Free
Posted Mar 22, 2012
Authored by Peter Vreugdenhil, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Internet Explorer's mshtml component. Due to the way IE handles objects in memory, it is possible to cause a pointer in CTableRowCellsCollectionCacheItem::GetNext to be used even after it gets freed, therefore allowing remote code execution under the context of the user. This particular vulnerability was also one of 2012's Pwn2Own challenges, and was later explained by Peter Vreugdenhil with exploitation details. Instead of Peter's method, this module uses heap spraying like the 99% to store a specially crafted memory layout before re-using the freed memory.

tags | exploit, remote, code execution
advisories | CVE-2010-0248, OSVDB-61914
SHA-256 | 80aa8fe12f19503ea93e85f9cbe5047a17dec97794103ad2756b25cd88a949ee
Ubuntu Security Notice USN-1400-3
Posted Mar 22, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1400-3 - USN-1400-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered an out of bounds read vulnerability in Firefox's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Various other issues have also been addressed.

tags | advisory, remote, arbitrary, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2012-0455, CVE-2012-0457, CVE-2012-0456, CVE-2012-0451, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0462, CVE-2012-0464, CVE-2012-0451, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0464
SHA-256 | 553d78be7f7ed2853eaa6177ea136db38c2d1a480fb986ca79ad0876030a8c06
FreePBX 2.10.0 Remote Command Execution / XSS
Posted Mar 21, 2012
Authored by Martin Tschirsich

FreePBX versions 2.10.0, 2.9.0, and perhaps earlier versions suffer from cross site scripting and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss
SHA-256 | c0dc63cbf6a988c5ad9949e03b41cdc392dd8ee9f96e32b725cc523d6c490d96
Debian Security Advisory 2434-1
Posted Mar 20, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2434-1 - Matthew Daley discovered a memory disclosure vulnerability in nginx. In previous versions of this web server, an attacker can receive the content of previously freed memory if an upstream server returned a specially crafted HTTP response, potentially exposing sensitive information.

tags | advisory, web
systems | linux, debian
advisories | CVE-2012-1180
SHA-256 | ca456b31ee8868c762fd70882f56920df02bb00f023f64312e9a4eadf08af45c
Adobe Photoshop 12.1 Tiff Parsing Use-After-Free
Posted Mar 20, 2012
Authored by Francis Provencher

Adobe Photoshop version 12.1 suffers from a tiff parsing use-after-free vulnerability.

tags | exploit
systems | linux
SHA-256 | f8d08b77d5e4ec2a3455310b3eb7514136a65d57d5965402861c27c213cecf32
Ubuntu Security Notice USN-1401-1
Posted Mar 19, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1401-1 - It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash. Atte Kettunen discovered a use-after-free vulnerability in the Gecko Rendering Engine's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the Xulrunner based application. Atte Kettunen discovered an out of bounds read vulnerability in the Gecko Rendering Engine's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-3658, CVE-2012-0457, CVE-2012-0456, CVE-2012-0455, CVE-2012-0458, CVE-2011-3658, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0461, CVE-2012-0464
SHA-256 | 72dd23ef0655b7dc1ad658c36b42d88462bc63744bcfe1aa8b0aa2db6ebbcf36
Microsoft Remote Desktop Use-After-Free
Posted Mar 17, 2012
Authored by Luigi Auriemma | Site aluigi.org

This archive encompasses an advisory about the MS12-020 use-after-free vulnerability in Microsoft Remote Desktop, details about the leaked exploit in relation to this report, and a proof of concept exploit.

tags | exploit, remote, proof of concept
systems | linux
SHA-256 | 9a94d068fd0f6a8f044593bfb8ff8e4f4527cff18adacfeaddb785decdbbaa82
Ubuntu Security Notice USN-1400-2
Posted Mar 16, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1400-2 - USN-1400-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered an out of bounds read vulnerability in Firefox's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Various other issues were also addressed.

tags | advisory, remote, arbitrary, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2012-0455, CVE-2012-0457, CVE-2012-0456, CVE-2012-0451, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0462, CVE-2012-0464
SHA-256 | 5b55ea6fffee26c72843021b56e71cfb46a31c56e38ee3b9f75b058db2e502a3
Page 4 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close