exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Silver Peak VX Command Injection / Shell Upload / File Read
Posted Sep 14, 2015
Authored by Daniel Jensen | Site security-assessment.com

Silver Peak VX virtual appliance running VXOA before version 6.2.11 contains a number of security vulnerabilities, including command injection, unauthenticated file read, mass assignment, shell upload, and hardcoded credentials. By combining these vulnerabilities, an attacker may remotely obtain root privileges on the underlying host.

tags | exploit, shell, root, vulnerability
SHA-256 | 36799a3c7e2af82faa6d01908af9360ddba720c30151c46a004891b6be136f05

Related Files

Adobe Flash Player 11.3 Font Parsing Code Execution
Posted Aug 17, 2012
Authored by sinn3r, Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.3.300.271. By supplying a corrupt Font file used by the SWF, it is possible to gain arbitrary remote code execution under the context of the user, as exploited in the wild.

tags | exploit, remote, arbitrary, code execution, activex
advisories | CVE-2012-1535, OSVDB-84607
SHA-256 | b495613b72210817067894eb7ff5c08f46dcd44c9088ea935d0a7be729049d9a
Internet Explorer Script Interjection Code Execution
Posted Aug 17, 2012
Authored by Derek Soeder

The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.

tags | advisory, web, arbitrary, code execution, protocol
systems | windows
SHA-256 | 96288d159c287c058009d8e91825a92c22beb920a6169e740a20af44b919357b
Mandriva Linux Security Advisory 2012-130
Posted Aug 14, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-130 - slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-1164
SHA-256 | 15e682bf17192a767c067672be6251b9e0fad5a2b5601ea063b950e8a67a46ae
FreeBSD Security Advisory - named Denial Of Service
Posted Aug 8, 2012
Authored by Einar Lonn | Site security.freebsd.org

FreeBSD Security Advisory - BIND 9 stores a cache of query names that are known to be failing due to misconfigured name servers or a broken chain of trust. Under high query loads, when DNSSEC validation is active, it is possible for a condition to arise in which data from this cache of failing queries could be used before it was fully initialized, triggering an assertion failure. A remote attacker that is able to generate high volume of DNSSEC validation enabled queries can trigger the assertion failure that causes it to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | freebsd
advisories | CVE-2012-3817
SHA-256 | 14ce0ceb3dfdd72660f83035bfda8974a44d0c866f0212093a308b810aac8df9
PolarisCMS Cross Site Scripting
Posted Aug 6, 2012
Authored by LiquidWorm | Site zeroscience.mk

PolarisCMS suffers from a cross site scripting issue when input passed to the function 'WebForm_OnSubmit()' via the URL to blog.aspx is not properly sanitized before being returned to the user.

tags | exploit, xss
SHA-256 | 0aa6444ecc73043ef5429138f03b93cf4e5521b6824da406cad980ccbdaae119
Zero Day Initiative Advisory 12-128
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-128 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within nsINode::ReplaceOrInsertBefore() in content/base/src/nsGenericElement.cpp. A use-after-free condition can be triggered by adding an already parented option element to an option collection and then removing its associated select element during an event handler execution. Successful exploitation of this vulnerability will lead to code execution in the context of the browser.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-3671
SHA-256 | f0da9b5ef6fab41061ead47f03f210ae169ca522e644b97eac719b6f7a7aa4db
FreeBSD Kernel SCTP Denial Of Service
Posted Aug 3, 2012
Authored by Shaun Colley

The SCTP implementation used by FreeBSD ("reference implementation") is vulnerable to a remote NULL pointer dereference in kernel due to a logic bug. When parsing ASCONF chunks, an attempt is made to find an association by address. if the address found is INADDR_ANY, sctp_findassoc_by_vtag() is called and an attempt is made to find an association by vtag. Before searching for the vtag in a hash table, a pointer is set to NULL, with the intention of redefining it after finding the association. However, if the specified vtag is not found, the function returns and the ptr is never reinitialized, causing a kernel panic when the NULL pointer is later dereferenced by the SCTP_INP_DECR_REF macro when flow returns to sctp_process_control(). This is a proof of concept denial of service exploit.

tags | exploit, remote, denial of service, kernel, proof of concept
systems | freebsd
SHA-256 | 318b17b766a7c0e5fc891db3c6cd991c6323ae2a559c0d010ec2ec369599711b
WebPageTest Arbitrary PHP File Upload
Posted Aug 1, 2012
Authored by dun, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in WebPageTest's Upload Feature. By default, the resultimage.php file does not verify the user-supplied item before saving it to disk, and then places this item in the web directory accessable by remote users. This flaw can be abused to gain remote code execution.

tags | exploit, remote, web, php, code execution
advisories | OSVDB-83822
SHA-256 | 12ff7aba4342dfbb7f5a516aa01579569cbaf4c1cb86bb84f42047ca2ada8e0b
Debian Security Advisory 2517-1
Posted Jul 31, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2517-1 - Einar Lonn discovered that under certain conditions bind9, a DNS server, may use cached data before initialization. As a result, an attacker can trigger and assertion failure on servers under high query load that do DNSSEC validation.

tags | advisory
systems | linux, debian
advisories | CVE-2012-3817
SHA-256 | 1264cbf6ebe6d856f52045f33b4880823f6d6637579867ab6419f12fcd0c8aa0
Mandriva Linux Security Advisory 2012-119
Posted Jul 30, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-119 - High numbers of queries with DNSSEC validation enabled can cause an assertion failure in named, caused by using a bad cache data structure before it has been initialized. The updated packages have been upgraded to bind 9.7.6-P2 and 9.8.3-P2 which is not vulnerable to this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-3817
SHA-256 | 13ac256eb5b1283087978ae8aac5de7235f982e7fb811a2395d8e53457110415
Mandriva Linux Security Advisory 2012-118
Posted Jul 28, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-118 - A vulnerability has been discovered and corrected in ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. The updated packages have been patched to correct this issue.

tags | advisory, remote, php, xss
systems | linux, mandriva
advisories | CVE-2009-5031, CVE-2012-2751
SHA-256 | 5d1ed50858951c79497ef1650fc6a7b1c640f77f054e6d9d388ab3d95f9188eb
Mandriva Linux Security Advisory 2012-117
Posted Jul 28, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-117 - PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-2417
SHA-256 | a257bef09bc054b9c2ddf00af72cb709c6daf86ed9863e285ba7b71a0ed7c536
Symantec Web Gateway 5.0.2.18 pbcontrol.php Command Injection
Posted Jul 27, 2012
Authored by muts, sinn3r | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service. While handling the filename parameter, the Spywall API does not do any filtering before passing it to an exec() call in proxy_file(), thus results in remote code execution under the context of the web server. Please note authentication is NOT needed to gain access.

tags | exploit, remote, web, code execution
advisories | CVE-2012-2953
SHA-256 | 0cd8a8da3d231693715d4e8b287a75415523666ac53647e469041b791662ac0b
Mandriva Linux Security Advisory 2012-114
Posted Jul 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-114 - A vulnerability has been discovered and corrected in mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids. The updated packages have been upgraded to the latest version which is not affected by this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2012-2760
SHA-256 | 852743b91a6fc19a2da608cfbc287d316b2388514eed739efdd5105fe90c10d4
Mandriva Linux Security Advisory 2012-108
Posted Jul 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-108 - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow. The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. The updated packages have been upgraded to the 5.3.15 version which is not vulnerable to these issues. Additionally the php-timezonedb packages has been upgraded to the latest version as well.

tags | advisory, remote, overflow, php
systems | linux, mandriva
advisories | CVE-2012-2688, CVE-2012-3365
SHA-256 | 8c8bb030e17e5411417b68b186f12f4c547e4fe82b46c174807e0d6a29db2919
Red Hat Security Advisory 2012-1087-01
Posted Jul 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1087-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their privileges. Note that unprivileged users cannot access TUN/TAP devices until the root user grants them access.

tags | advisory, kernel, local, root
systems | linux, redhat
advisories | CVE-2012-2136
SHA-256 | 7e8f5f94bf72960a538fad4d42725e9aea5da69c5f9846af245aac6310ae2bd3
Red Hat Security Advisory 2012-1072-01
Posted Jul 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1072-01 - JBoss Cache is the clustering backbone for data distribution in JBoss Enterprise Web Platform. It provides the backing implementation for web session replication, stateful session bean replication and entity caching. It was found that NonManagedConnectionFactory would log the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform's "jboss-as-web/server/production/lib/jbosscache-core.jar" file.

tags | advisory, web, local
systems | linux, redhat
advisories | CVE-2012-0034
SHA-256 | 93bea0be82c69ad3873bede014261e6a38de6d2554a91c52656507e218e00584
Zero Day Initiative Advisory 12-108
Posted Jun 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the sampleData element the code within QuickTime3GPP.qtx does not properly validate the length of the data within a color sub-field before copying it into a fixed-length buffer on the stack. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code under the context of the user running Quicktime.

tags | advisory, remote, arbitrary
systems | apple
SHA-256 | 67df3b8ec25a60a634a3128373f2eafefadf0c72627a2cc6d57389c101714488
Zero Day Initiative Advisory 12-102
Posted Jun 28, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-102 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within the exposed GetDriverSettings method in the nipplib component imported by ienipp and npnipp. When encountering a realm parameter this user supplied value's length is not properly verified before copying into a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary
advisories | CVE-2011-4187
SHA-256 | dad2278a888a8b86768114f8246f8e419ae73d969cf93902e9da0f392a230cc8
Zero Day Initiative Advisory 12-101
Posted Jun 28, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-101 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Cognos. Authentication is not required to exploit this vulnerability. The flaw exists within the tm1admsd.exe component. This process listens on TCP port 5498 by default. Requests to the service include a request type field, a data length field, and a data field. Multiple request types (opcodes) fail to validate user supplied length and data fields before copying their contents to a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2012-0202
SHA-256 | 948d1a63f76e7397259aaddc98b7c87f1d5c6ecaaaaa72a571270335007c2ac7
Mandriva Linux Security Advisory 2012-088-1
Posted Jun 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-088 - Security issues were identified and fixed in mozilla firefox and thunderbird. Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. Various other issues have also been addressed.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1947, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1945, CVE-2012-1944, CVE-2012-1938, CVE-2012-1939, CVE-2012-1937, CVE-2011-3101, CVE-2012-0441
SHA-256 | 1603e02157910f2d331b08402bdd06ee196b6de4cff5207982f9aa86d63b323f
Adobe Flash Player Object Type Confusion
Posted Jun 23, 2012
Authored by sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Adobe Flash Player. By supplying a corrupt AMF0 "_error" response, it is possible to gain arbitrary remote code execution under the context of the user. This vulnerability has been exploited in the wild as part of the "World Uyghur Congress Invitation.doc" e-mail attack. According to the advisory, 10.3.183.19 and 11.x before 11.2.202.235 are affected.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2012-0779, OSVDB-81656
SHA-256 | 278d32f3bc7f3344e48d9ed25bcb65be25041499b78ba981e26d568f755202ee
Zero Day Initiative Advisory 12-095
Posted Jun 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-095 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the transform attribute the code within QuickTime3GPP.qtx does not properly validate the length of the data within a translate or matrix object before copying it into a fixed-length buffer on the stack. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code under the context of the user running Quicktime.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2012-0663
SHA-256 | a690137e64bef8ffcb153214bdb9c44ed446d4114da83d08686a0c31ffe78477
Red Hat Security Advisory 2012-0958-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0958-04 - The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file, but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually only contains a hash of the password, not the plain text password.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2012-2664
SHA-256 | 03ed5dafab5d4b2b65c9f7dda0dbbc677dca70ad262f3abffdc9d6c85f4d2ea2
PHP apache_request_headers Function Buffer Overflow
Posted Jun 17, 2012
Authored by juan vazquez, Vincent Danen | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in the CGI version of PHP 5.4.x before 5.4.3. The vulnerability is due to the insecure handling of the HTTP headers. This Metasploit module has been tested against the thread safe version of PHP 5.4.2, from "windows.php.net", running with Apache 2.2.22 from "apachelounge.com".

tags | exploit, web, overflow, cgi, php
systems | windows
advisories | CVE-2012-2329, OSVDB-82215
SHA-256 | 9911ce27bffaa90bdbd0d7a764559440c9b73d2a107c14d2ddcf46c3708a6749
Page 1 of 4
Back1234Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    9 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close