exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed

Files

Silver Peak VX Command Injection / Shell Upload / File Read
Posted Sep 14, 2015
Authored by Daniel Jensen | Site security-assessment.com

Silver Peak VX virtual appliance running VXOA before version 6.2.11 contains a number of security vulnerabilities, including command injection, unauthenticated file read, mass assignment, shell upload, and hardcoded credentials. By combining these vulnerabilities, an attacker may remotely obtain root privileges on the underlying host.

tags | exploit, shell, root, vulnerability
SHA-256 | 36799a3c7e2af82faa6d01908af9360ddba720c30151c46a004891b6be136f05

Related Files

Mandriva Linux Security Advisory 2012-008
Posted Jan 18, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-008 - Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service via a crafted Unicode string, which triggers a heap-based buffer overflow. Eval injection in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, overflow, arbitrary, perl
systems | linux, mandriva
advisories | CVE-2011-2939, CVE-2011-3597
SHA-256 | 31921fc8f107ce4afda30bef36a4fdcf306d5051fd01ee828a54c2b3c8eba137
HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution
Posted Jan 18, 2012
Authored by Andrea Micalizzi, juan vazquez | Site metasploit.com

This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "CacheDocumentXMLWithId" method from the "XMLCacheMgr" class in the HP Easy Printer HPTicketMgr.dll ActiveX Control (HPTicketMgr.dll 2.7.2.0). Code execution can be achieved by first uploading the payload to the remote machine embedding a vbs file, and then upload another mof file, which enables Windows Management Instrumentation service to execute the vbs. Please note that this module currently only works for Windows before Vista.

tags | exploit, remote, arbitrary, code execution, activex
systems | windows
advisories | CVE-2011-4786
SHA-256 | c66cbdd79894baf457dc97ef60cf3e98f8679bc1cdd968b80f389d4705ee544f
Apache Tomcat Request Information Disclosure
Posted Jan 18, 2012
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 7.0.0 through 7.0.21 and 6.0.30 through 6.0.33 suffer from an information disclosure vulnerability. For performance reasons, information parsed from a request is often cached in two places: the internal request object and the internal processor object. These objects are not recycled at exactly the same time. When certain errors occur that needed to be added to the access log, the access logging process triggers the re-population of the request object after it has been recycled. However, the request object was not recycled before being used for the next request. That lead to information leakage (e.g. remote IP address, HTTP headers) from the previous request to the next request.

tags | advisory, remote, web, info disclosure
advisories | CVE-2011-3375
SHA-256 | 695b51d032225ec928c8519f49f22751af65d121b0245e9711e796b1c5d80457
Mandriva Linux Security Advisory 2012-007
Posted Jan 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-007 - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. The Server Gated Cryptography implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors. The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service via crafted data from a TLS client. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0027
SHA-256 | 33297fff20727775628ebfb8e80a51c11d2cb085c4af9ee958c7cbcbd758dc6e
Mandriva Linux Security Advisory 2012-006
Posted Jan 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-006 - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. The Server Gated Cryptography implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4619
SHA-256 | 8546d8cc7082077b12848e834cf179f04e50bc8754ce2f0344bad607506f77b0
Zero Day Initiative Advisory 12-010
Posted Jan 11, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-010 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020006 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.

tags | advisory, remote, arbitrary, local, udp
SHA-256 | 6639c55c3938be7dce15b82072912ddf54486e00c1edb624e9e193ff0395441b
Zero Day Initiative Advisory 12-009
Posted Jan 11, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-09 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020000 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.

tags | advisory, remote, arbitrary, local, udp
SHA-256 | 0255a4f2ef8b6316653251eeaf16b8b505a0a21c681598db533064319b5b09bd
Zero Day Initiative Advisory 12-004
Posted Jan 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-04 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the JP2Deco component which is used when handling an mjp2 sample. This sample format (JPEG2000) has a required COD marker segment (0xff52) followed by a COD length value. When extracting the contents of this section the application subtracts from this length before passing it into a call to memcpy. A remote attacker can exploit this error to execute arbitrary code under the context of the user.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2011-3250
SHA-256 | 2edc88329e923b8a93d308b0138bc35600e08ff9cac81a54aeadcab08232019f
Zero Day Initiative Advisory 12-003
Posted Jan 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-03 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within webappmon.exe CGI program. When processing crafted parameters, there exists an insufficient boundary check before supplying a format string with the values, causing a stack overflow. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the target service.

tags | advisory, remote, overflow, arbitrary, cgi
advisories | CVE-2011-3166
SHA-256 | 7280ee72fc8a2afbe65725493fa36e91a74ef66d4970ce823327f1cd22626da6
Zero Day Initiative Advisory 12-002
Posted Jan 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-02 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ov.dll. When processing a user supplied file name for the textFile option, there exists an insufficient boundary check before supplying the value to a format string within _OVBuildPath, causing a stack overflow. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the target service.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2011-3167
SHA-256 | f1580177567598e05d0e1d3eea87033ef77ed54ddde4cf3181022c29695f5d11
Textpattern CMS 4.4.1 Cross Site Scripting
Posted Jan 4, 2012
Authored by Jonathan Claudius | Site trustwave.com

Textpattern CMS version 4.4.1 before change set 3612 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2011-5019
SHA-256 | caf423b9229fdd97872243c81b9025070f2924eb3658589f6e7bc52ca6f8921c
Microsoft ASP.NET Forms Authentication Bypass
Posted Dec 30, 2011
Authored by K. Gudinavicius | Site sec-consult.com

Microsoft ASP.NET Forms suffers from a null byte termination authentication bypass vulnerability that exists in the CopyStringToUnAlingnedBuffer() function of the webengine4.dll library used by the .NET framework. The unicode string length is determined using the lstrlenW function. The lstrlenW function returns the length of the string, in characters not including the terminating null character. If the unicode string containing a null byte is passed, its length is incorrectly calculated, so only characters before the null byte are copied into the buffer.

tags | advisory, asp, bypass
advisories | CVE-2011-3416
SHA-256 | 294ae2596a2c31be82519bf63b2272b2e6a249e186db2e1ca5fab9dfb9f605e6
Mandriva Linux Security Advisory 2011-197
Posted Dec 30, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-197 - Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service by sending many crafted parameters. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary, php
systems | linux, mandriva
advisories | CVE-2011-4566, CVE-2011-4885
SHA-256 | 65c4b018cdfd49592c9f7dbcf34ecabd28e6273c44adf4c53cd71a54905612c5
FreeBSD Security Advisory - telnetd Code Execution
Posted Dec 27, 2011
Site security.freebsd.org

FreeBSD Security Advisory - When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. An attacker who can connect to the telnetd daemon can execute arbitrary code with the privileges of the daemon (which is usually the "root" superuser).

tags | advisory, arbitrary, root, protocol
systems | freebsd
advisories | CVE-2011-4862
SHA-256 | c92e3537ea4a9d4333d9b238da051a9f86ab6782c92ea9627150610dbec5e756
Mandriva Linux Security Advisory 2011-193
Posted Dec 27, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-193 - The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-4096
SHA-256 | 7cc994dd5dc1c1d61d6b7854d62ddbed4330325a505629aa1262a3dfcded25f0
Lighttpd 1.4.30 / 1.5 Denial Of Service
Posted Dec 26, 2011
Authored by Adam Zabrocki

Lighttpd versions before 1.4.30 and 1.5 before SVN revision 2806 out-of-bounds read segmentation fault denial of service exploit.

tags | exploit, denial of service
advisories | CVE-2011-4362
SHA-256 | a78ebddef1ff446f752bc857193d5fc6a7bb8cdaa8a66f37a2fd64a80504bfe7
Mandriva Linux Security Advisory 2011-192
Posted Dec 24, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-192 - Security issues were identified and fixed in mozilla firefox and thunderbird. The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving removal of SVG elements. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-3658, CVE-2011-3660, CVE-2011-3661, CVE-2011-3663, CVE-2011-3665
SHA-256 | 74b1c50fa04b0741fdb76a94c0c90b30b2e95ec9554f1e5264d61525601acb44
Mandriva Linux Security Advisory 2011-187
Posted Dec 15, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-187 - The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the tmp_dir, and pear-build-download directories, a different vulnerability than CVE-2007-2519. This advisory provides PEAR 1.9.4 which is not vulnerable to this issue. Additionally for Mandriva Enterprise Server 5 many new or updated PEAR packages is being provided with the latest versions of respective packages as well as mitigating various dependency issues.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2011-1072
SHA-256 | cb1ec81377338e4d042683fd5e314efe8b576da3950d28b5b1cd9f721948c5c9
FRHACK Africa 2012 Call For Papers
Posted Dec 10, 2011
Site frhack.org

The FRHACK Africa 2012 call for papers has been announced. It will be held June 1st through the 2nd, 2012 in Casablanca, Morocco, Africa. The FRHACK Team (TFT) encourages speakers to present new and interesting projects for FRHACK and will give preferential treatment to submissions that have not been presented at other conferences. Further, TFT invites any individual who has not spoken at a conference before to submit a talk and attempt to make FRHACK their inaugural event!

tags | paper, conference
SHA-256 | 039adfd53fbe0b65ce5ac74fe3b8d5d9177cc829a632e00f28cf81df71b837a3
Mandriva Linux Security Advisory 2011-182
Posted Dec 9, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-182 - dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service via a crafted request packet. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-4539
SHA-256 | 51d4bd08b8453697bf7e58b071c313b90596cecaa635d600e40527886bc8cdf9
Mandriva Linux Security Advisory 2011-181
Posted Dec 8, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-181 - Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer. The updated packages have been upgraded to the latest version 1.3.3g which is not vulnerable to this issue.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2011-4130
SHA-256 | 0be1d40f8f3b58111ad1f44517b3cd8c334da98ee590aaee94305394e4d7a9d6
Mandriva Linux Security Advisory 2011-180
Posted Nov 29, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-180 - crypt_blowfish before 1.1, as used in suhosin does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-2483
SHA-256 | 85ae71cce8d402b96351cb33db9d042151aea8e4589468011395fc30dc5cfb4d
Ubuntu Security Notice USN-1284-1
Posted Nov 29, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1284-1 - David Black discovered that Update Manager incorrectly extracted the downloaded upgrade tarball before verifying its GPG signature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to replace arbitrary files. David Black discovered that Update Manager created a temporary directory in an insecure fashion. A local attacker could possibly use this flaw to read the XAUTHORITY file of the user performing the upgrade. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2011-3152, CVE-2011-3154
SHA-256 | 3a1f12a70bce649dae30f56f951837892b1f9b26277b3050dbb126a532be042a
Mandriva Linux Security Advisory 2011-179
Posted Nov 27, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-179 - The addmntent function in the GNU C Library 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, overflow, local
systems | linux, osx, mandriva
advisories | CVE-2011-1089, CVE-2011-1659, CVE-2011-2483
SHA-256 | 28900655297d1ea4816e5de8820317856a37994a5877afdb6697329afc3ec425
WordPress Alert Before Your Post Cross Site Scripting
Posted Nov 22, 2011
Authored by Am!r | Site irist.ir

The WordPress Alert Before Your Post plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 08d3fc67166b7a5dde8938e54d9f6abaac63669cda608264ae6bfc46e498a285
Page 4 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close