exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed

Files

Silver Peak VX Command Injection / Shell Upload / File Read
Posted Sep 14, 2015
Authored by Daniel Jensen | Site security-assessment.com

Silver Peak VX virtual appliance running VXOA before version 6.2.11 contains a number of security vulnerabilities, including command injection, unauthenticated file read, mass assignment, shell upload, and hardcoded credentials. By combining these vulnerabilities, an attacker may remotely obtain root privileges on the underlying host.

tags | exploit, shell, root, vulnerability
SHA-256 | 36799a3c7e2af82faa6d01908af9360ddba720c30151c46a004891b6be136f05

Related Files

Mandriva Linux Security Advisory 2012-036
Posted Mar 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-036 - Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a \%2e\%2e in a URI. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2011-2524
SHA-256 | 26acc85abfe4b0e0b1049ae10788b907f1be455d4875bed9464a7cabe9e748dd
MS10-002 Internet Explorer Object Memory Use-After-Free
Posted Mar 22, 2012
Authored by Peter Vreugdenhil, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Internet Explorer's mshtml component. Due to the way IE handles objects in memory, it is possible to cause a pointer in CTableRowCellsCollectionCacheItem::GetNext to be used even after it gets freed, therefore allowing remote code execution under the context of the user. This particular vulnerability was also one of 2012's Pwn2Own challenges, and was later explained by Peter Vreugdenhil with exploitation details. Instead of Peter's method, this module uses heap spraying like the 99% to store a specially crafted memory layout before re-using the freed memory.

tags | exploit, remote, code execution
advisories | CVE-2010-0248, OSVDB-61914
SHA-256 | 80aa8fe12f19503ea93e85f9cbe5047a17dec97794103ad2756b25cd88a949ee
Mandriva Linux Security Advisory 2012-029
Posted Mar 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-029 - The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service by changing a nickname while in an XMPP chat room. The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service via an OIM message that lacks UTF-8 encoding. This update provides pidgin 2.10.2, which is not vulnerable to these issues.

tags | advisory, remote, denial of service, protocol
systems | linux, mandriva
advisories | CVE-2011-4939, CVE-2012-1178
SHA-256 | 37f419c48c8228cd782abfdb04b3b0eab3d820556f4c26443a5a2a7c6987a8ab
Red Hat Security Advisory 2012-0369-01
Posted Mar 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0369-01 - SQLAlchemy is an Object Relational Mapper that provides a flexible, high-level interface to SQL databases. It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform an SQL injection attack against the application. All users of python-sqlalchemy are advised to upgrade to this updated package, which contains a patch to correct this issue. All running applications using SQLAlchemy must be restarted for this update to take effect.

tags | advisory, sql injection, python
systems | linux, redhat
advisories | CVE-2012-0805
SHA-256 | 170335a11ed1ac32efbb25cd8394268712ed2aa3631e110f327da6a0ba26982f
Sysax 5.53 SSH Username Buffer Overflow
Posted Mar 5, 2012
Authored by sinn3r, Craig Freyman | Site metasploit.com

This Metasploit module exploits a vulnerability found in Sysax's SSH service. By supplying a long username, the SSH server will copy that data on the stack without any proper bounds checking, therefore allowing remote code execution under the context of the user. Please note that previous versions (before 5.53) are also affected by this bug.

tags | exploit, remote, code execution
advisories | OSVDB-79689
SHA-256 | 4c79bc67dd01aa9c6f086a33e5e924a0b8feec60ac0ce68bacb83a81e643b256
DJ Studio Pro 5.1 .pls Stack Buffer Overflow
Posted Mar 2, 2012
Authored by Sebastien Duquette | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in DJ Studio Pro 5.1.6.5.2. When handling a .pls file, DJ Studio will copy the user-supplied data on the stack without any proper bounds checking done beforehand, therefore allowing code execution under the context of the user.

tags | exploit, overflow, code execution
advisories | CVE-2009-4656, OSVDB-58159
SHA-256 | 736d166b489b4e31605e79a4de3a5f53718ad11ade2ceb44edb651fb05d2a8dd
Mandriva Linux Security Advisory 2012-023-1
Posted Feb 28, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-023 - A vulnerability has been found and corrected in libvpx. VP8 Codec SDK before 1.0.0 Duclair allows remote attackers to cause a denial of service unspecified corrupt input or by starting decoding from a P-frame, which triggers an out-of-bounds read, related to the clamping of motion vectors in SPLITMV blocks. The updated packages have been patched to correct this issue. This is a symbolic advisory correction because there was a clash with MDVSA-2012:023 that addressed libxml2.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-0823
SHA-256 | 5760ddad7ab7f5d50d45e9d6d2b01846dcf94ede1f8a9d2ef97fe65d6bc27c3f
Mandriva Linux Security Advisory 2012-024
Posted Feb 28, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-024 - Ruby before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service via crafted input to an application that maintains a hash table. The updated packages have been patched to correct this issue.

tags | advisory, denial of service, ruby
systems | linux, mandriva
advisories | CVE-2011-4815
SHA-256 | 44b5393632217703390da470f7fefc75b8bdaafb0b6e2a9d36de950d30ad3bcd
Movable Type Publishing Platform Cross Site Scripting
Posted Feb 24, 2012
Authored by Jonathan Claudius | Site trustwave.com

Movable Type Publishing Platform versions prior to 5.13, 5.07, and 4.38 are affected by a cross site scripting vulnerability. After extracting the Moveable Type CGI files and source files on to a web server, but before the application is fully installed, cross site scripting vulnerabilities are present in the '/cgi-bin/mt/mt-wizard.cgi' page.

tags | exploit, web, cgi, vulnerability, xss
advisories | CVE-2012-1262
SHA-256 | 8884fca39476f536426dc043e4acf681f4550bb0e135c0d0de6141a9f1920af3
The Uploader 2.0.4 (Eng/Ita) Remote File Upload
Posted Feb 24, 2012
Authored by Danny Moules | Site metasploit.com

This Metasploit module exploits various flaws in The Uploader to upload a PHP payload to target system. When run with defaults it will search possible URIs for the application and exploit it automatically. Works against both English and Italian language versions. Notably it disables pre-emptive email warnings before uploading the payload, though it leaves log cleanup as a post-exploitation task.

tags | exploit, php
advisories | CVE-2011-2944
SHA-256 | d29a260fa19d9695a7f57da48288f4735a750b3a821a5fdf8012ac51ec7892aa
Red Hat Security Advisory 2012-0322-01
Posted Feb 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0322-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-3563, CVE-2011-3571, CVE-2011-5035, CVE-2012-0497, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506
SHA-256 | a47b8edfd1d4bed1bde89335a2a2494f395ff12d9652b721790b470340985519
Red Hat Security Advisory 2012-0309-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0309-03 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to prompt for the user's password before running the specified command with the elevated group privileges. Various other issues have also been addressed in this advisory.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2011-0010
SHA-256 | a827591da4fea2ba8c870bb76c75ed69cda355d31fcd569f1ba1cd76fc27be43
Java MixerSequencer Object GM_Song Structure Handling
Posted Feb 17, 2012
Authored by Peter Vreugdenhil, juan vazquez | Site metasploit.com

This Metasploit module exploits a flaw within the handling of MixerSequencer objects in Java 6u18 and before. Exploitation id done by supplying a specially crafted MIDI file within an RMF File. When the MixerSequencer objects is used to play the file, the GM_Song structure is populated with a function pointer provided by a SONG block in the RMF. A Midi block that contains a MIDI with a specially crafted controller event is used to trigger the vulnerability. When triggering the vulnerability "ebx" points to a fake event in the MIDI file which stores the shellcode. A "jmp ebx" from msvcr71.dll is used to make the exploit reliable over java updates.

tags | exploit, java, shellcode
advisories | CVE-2010-0842, OSVDB-63493
SHA-256 | 4bfc86d5bc0fc319751b4a58608edff9318f0cb3cc5c83f4040fa6a97b6f8907
Ubuntu Security Notice USN-1284-2
Posted Feb 17, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1284-2 - USN-1284-1 fixed vulnerabilities in Update Manager. One of the fixes introduced a regression for Kubuntu users attempting to upgrade to a newer Ubuntu release. This update fixes the problem. David Black discovered that Update Manager incorrectly extracted the downloaded upgrade tarball before verifying its GPG signature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to replace arbitrary files. David Black discovered that Update Manager created a temporary directory in an insecure fashion. A local attacker could possibly use this flaw to read the XAUTHORITY file of the user performing the upgrade. This update also adds a hotfix to Update Notifier to handle cases where the upgrade is being performed from CD media. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-3152, CVE-2011-3154
SHA-256 | e9e11dd64ad1bff59728da381b259a743f19dbb3662e7ca724ff936e7d46991e
Red Hat Security Advisory 2012-0135-01
Posted Feb 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0135-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-3563, CVE-2011-3571, CVE-2011-5035, CVE-2012-0497, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506
SHA-256 | 03a52258048d18b15e6ac5ca0a3669a39f7dda305c6e46f2a57b7e2a22041bd8
Mandriva Linux Security Advisory 2012-018
Posted Feb 14, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-018 - Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0452
SHA-256 | fee32370db3cb22bf05df24c9f737c814793b45ef520854d52975686eaa63177
Mandriva Linux Security Advisory 2012-017
Posted Feb 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-017 - Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0452
SHA-256 | 9fe544e356f96313c121a8d13bc803fdabc2d4c3a59ea4e35819f7ad75a8adbe
Red Hat Security Advisory 2012-0108-01
Posted Feb 10, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0108-01 - JBoss Cache is the clustering backbone for data distribution in JBoss Enterprise Application Platform. It provides the backing implementation for web session replication, stateful session bean replication and entity caching. It was found that NonManagedConnectionFactory would log the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform's "jboss-as/server/[PROFILE]/lib/jbosscache-core.jar" file.

tags | advisory, web, local
systems | linux, redhat
advisories | CVE-2012-0034
SHA-256 | d227121dcf7f790e49aced4a493d3ca7c879925c5a0c967c8967022516509935
Mandriva Linux Security Advisory 2012-014
Posted Feb 7, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-014 - The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request. This advisory provides the latest version of GLPI which are not vulnerable to this issue. Additionally the latest versions of the corresponding plugins are also being provided.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2011-2720
SHA-256 | f4875e63cc28c3d7e1d8921a612952ad0ff1970d34cc76aaf7e34342f3c7f682
Mandriva Linux Security Advisory 2012-013
Posted Feb 4, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-013 - Security issues were identified and fixed in mozilla firefox and thunderbird. Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2011-3659, CVE-2011-3670, CVE-2012-0442, CVE-2012-0443, CVE-2012-0444, CVE-2012-0445, CVE-2012-0446, CVE-2012-0447, CVE-2012-0449, CVE-2012-0450
SHA-256 | 5c13b7ef97165e75959f465d2ce9e3b748e6c52f37c5fb1421c22c9982237007
Red Hat Security Advisory 2012-0095-01
Posted Feb 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0095-01 - Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. An integer overflow flaw was found in Ghostscript's TrueType bytecode interpreter. An attacker could create a specially-crafted PostScript or PDF file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. It was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the current working directory was specified with the "-I" option, or the "-P-" option was used. If a user ran Ghostscript in an attacker-controlled directory containing a system initialization file, it could cause Ghostscript to execute arbitrary PostScript code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2009-3743, CVE-2010-2055, CVE-2010-4054, CVE-2010-4820
SHA-256 | e6888517744a038247ddcec36a31a2483e8893d5f08cc6726fef676d829fd42b
vBSEO 3.6.0 PHP Code Injection
Posted Jan 31, 2012
Authored by EgiX | Site metasploit.com

This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php in vBSEO versions 3.6.0 and below. User input passed through 'char_repl' POST parameter is not properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.

tags | exploit, arbitrary, php
SHA-256 | b234422868d75376b871ce3713cf474fa00f5083853c55303eeb65ebd679721a
Linux 64-Bit Stack Pointer Underflow
Posted Jan 24, 2012
Authored by teach

Local root exploit for Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms that leverages a flaw in the compat_alloc_user_space functions.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2010-3081
SHA-256 | 52fc8b565f2f099df29e7cd463956b7151a8c113162ee3862f5988242751213f
Mandriva Linux Security Advisory 2012-010
Posted Jan 21, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-010 - SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter. Various vulnerabilities were discovered and fixed in the 0.8.7i version. The updated packages provide the latest 0.8.7i version which is not affected by these issues.

tags | advisory, remote, arbitrary, php, vulnerability, sql injection
systems | linux, mandriva
advisories | CVE-2011-4824
SHA-256 | ca005370434a3ce2a2f63974ceafe2b1f737775c275eb674e89cd20ea2c2c927
Mandriva Linux Security Advisory 2012-009
Posted Jan 18, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-009 - Eval injection in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, perl
systems | linux, mandriva
advisories | CVE-2011-3597
SHA-256 | 1ed9b98070f25427b9137f8a911e285f4f63d3447e23151f7c77cfbfd67e5d60
Page 3 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close