Exploit the possiblities
Showing 26 - 50 of 100 RSS Feed

Files

ManageEngine ServiceDesk Plus 9.1 Build 9110 Path Traversal
Posted Oct 6, 2015
Authored by xistence

ManageEngine ServiceDesk Plus versions 9.1 build 9110 and below suffer from a path traversal vulnerability.

tags | exploit, file inclusion
MD5 | dacb14eb812464766d3272d40a123e3c

Related Files

Infoproject Biznis Heroj Authentication Bypass
Posted Dec 21, 2011
Authored by LiquidWorm | Site zeroscience.mk

Infoproject Biznis Heroj versions Plus, Pro and Extra all suffer from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | f5e5b3baebf418b4f5e490d9e399b1f9
Infoproject Biznis Heroj Cross Site Scripting / SQL Injection
Posted Dec 21, 2011
Authored by LiquidWorm | Site zeroscience.mk

Infoproject Biznis Heroj versions Plus, Pro and Extra all suffer from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 5e7d3cbc7a4cebc3d81c2a5815a583e2
Zoho ManageEngine ADSelfService Plus 4.5 Cross Site Scripting
Posted Nov 17, 2011
Authored by James Webb | Site jameswebb.me

Zoho ManageEngine ADSelfService Plus version 4.5 build 4521 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | db3cddbb1332306bf836eea42dc2af51
Mandriva Linux Security Advisory 2011-167
Posted Nov 4, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-167 - A vulnerability has been discovered and corrected in gimp. The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream. The updated packages have been patched to correct these issues.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2006-1168, CVE-2011-2895, CVE-2011-2896
MD5 | 43d3a601620ea4acfe538f60f23b6e9a
Oracle Database Account Management Protection Bypass
Posted Oct 21, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Vault provides additional protections from malicious privileged users. The protections include separation of duty for some tasks like user account management. Any user with SYSDBA privilege or DV_ACCTMGR role can bypass these protections and change any user's password (including Oracle Database Vault Owner user password) calling the OCIPasswordChange client API (the 'password' command in SqlPLUS uses this API).

tags | advisory, bypass
advisories | CVE-2011-2322, CVE-2011-3511
MD5 | 0d678abb8951e4e5b33a39a30bb28be7
Secunia Security Advisory 46467
Posted Oct 19, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the WP Photo Album Plus plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 112eded6f710a16b5f8c00c8064ae69c
WordPress Photo Album Plus 4.1.1 SQL Injection
Posted Oct 15, 2011
Authored by Skraps

WordPress Photo Album Plus versions 4.1.1 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e02df0adb9bcdb53537d5938250efe27
Secunia Security Advisory 46381
Posted Oct 12, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Roberto Paleari has reported a vulnerability in ManageEngine ADSelfService Plus, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
MD5 | c3e21b4bc96c671dca9fe4b8e5619c6c
ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 Administrative Access
Posted Oct 12, 2011
Authored by Roberto Paleari

ZOHO ManageEngine ADSelfService Plus version 4.5 Build 4521 suffers from an authentication bypass vulnerability.

tags | exploit, add administrator, bypass
advisories | CVE-2011-3485
MD5 | abcd383152e6364b34f539834b8b96b6
Mandriva Linux Security Advisory 2011-146
Posted Oct 10, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-146 - The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service via HTTP_UNAUTHORIZED responses. The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to and CVE-2011-2895. The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2010-2432, CVE-2011-2896, CVE-2011-3170
MD5 | c3297e2dac2c629c7f9f0bccbf1676d3
DivX Plus Web Player 2.1.2.265 Buffer Overflow
Posted Oct 5, 2011
Authored by Snake

DivX Plus Web Player versions 2.1.2.265 and below file:// buffer overflow proof of concept exploit.

tags | exploit, web, overflow, proof of concept
MD5 | 4b1be038c32dbc8797dd3309dd57e278
Secunia Security Advisory 45550
Posted Sep 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Krystian Kloskowski (h07) has discovered a vulnerability in DivX Plus Web Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory, web
MD5 | 6b942da5f162668b6b93ef917a808311
Core Security Technologies Advisory 2011.0506
Posted Sep 14, 2011
Authored by Core Security Technologies, Matias Blanco | Site coresecurity.com

ManageEngine ServiceDesk Plus is a complete web based and ITIL ready service desk software with integrated asset management developed by ManageEngine, the Enterprise IT Management Software division of Zoho Corporation. The authentication process of ServiceDesk Plus obfuscates user passwords using a trivial and symmetrical algorithm in Javascript code with no secret. Given that user passwords are locally stored in user cookies and having the Javascript code to encrypt and decrypt passwords in a .js file, the authentication process of ServiceDesk Plus can be bypassed allowing an attacker to get usernames+passwords of registered users. Additionally, a cross site scripting vulnerability related to search functions was found.

tags | exploit, web, javascript, xss
advisories | CVE-2011-1509, CVE-2011-1510
MD5 | a481466a4ade49890b607f01b0e050dd
Secunia Security Advisory 45923
Posted Sep 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the MailformPlus extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | ba816aa6e42fcfcf57a347ad7f173307
Secunia Security Advisory 45675
Posted Aug 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in ManageEngine ServiceDesk Plus, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 23883f7986a10502b9064200534ea114
AdventNet ManageEngine ServiceDesk Plus Cross Site Scripting
Posted Aug 24, 2011
Authored by Juan Manuel Garcia | Site cybsec.com

CYBSEC Security Advisory - AdventNet ManageEngine ServiceDesk Plus version 8 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | b98fe2b2244b3cae55db695cc0c2d49d
ManageEngine ServiceDesk Plus 8.0 Cross Site Scripting
Posted Aug 23, 2011
Authored by LiquidWorm | Site zeroscience.mk

ManageEngine ServiceDesk Plus version 8.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 1e00cc8ab3d183d83551ed37a8a419e5
Zero Day Initiative Advisory 11-264
Posted Aug 17, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-264 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within vxsvc.exe process. The problem affecting the part of the server running on tcp port 2148 is an integer overflow in the function vxveautil.kv_binary_unpack where a 32-bit field is used to allocate an amount of memory equal to its value plus 1. This can be made to miscalculate a heap buffer which can be subsequently overflowed allowing an attacker to execute arbitrary code under the context of SYSTEM.

tags | advisory, remote, overflow, arbitrary, tcp
advisories | CVE-2011-0547
MD5 | 482b8af14ac4b5c1055138e6924511bd
Calisto Light / Light Plus / Full SQL Injection
Posted Aug 12, 2011
Authored by Lostmon | Site lostmon.blogspot.com

Calisto Light, Light Plus, and Full suffers from administrative bypass and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 1ee3721bbff1eb1687feade746dfe274
Secunia Security Advisory 45503
Posted Aug 8, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - MustLive has discovered multiple vulnerabilities in the Register Plus Redux plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 1f439e1509ad909ec45836b9358b3011
Register Plus Redux For WordPress 3.7.3 Cross Site Scripting
Posted Aug 7, 2011
Authored by MustLive

Register Plus Redux versions 3.7.3 and below for WordPress suffer from persistent cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
MD5 | aa108c36c8868fe8e2ac798b295004de
ManageEngine ServiceDesk Plus 8.0 Cross Site Scripting
Posted Jul 29, 2011
Authored by Narendra Shinde

ManageEngine ServiceDesk Plus version 8.0 build 8013 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | badf8b14aea76a0dc1fa3211797f4f9f
Secunia Security Advisory 45390
Posted Jul 26, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in ManageEngine ServiceDesk Plus, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
MD5 | 6c6e7b82aa4e0c6549e1b28fa4ce8eb7
ManageEngine ServiceDesk Plus 8.0 Improper User Privileges
Posted Jul 25, 2011
Authored by Narendra Shinde

ManageEngine ServiceDesk Plus version 8.0 allows a user with limited privileges access to certain functionality that should only be available to administrative users. Proof of concept included.

tags | exploit, proof of concept
MD5 | bd380fc550b4aa775ff95ab5264d33be
Secunia Security Advisory 45281
Posted Jul 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Quick View Plus, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | ee11ec944bf2d7af3ec264ee1ee95777
Page 2 of 4
Back1234Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    14 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close