exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Thru Managed File Transfer Portal 9.0.2 Missing Security Check
Posted Feb 22, 2016
Authored by Dr. Erlijn van Genuchten | Site syss.de

The Thru Managed File Transfer application version 9.0.2 allows both unauthenticated and authenticated users to upload files, including viruses.

tags | advisory
SHA-256 | 178fc60f24aa280af3d976a9ac3ef913d89f1c7872bc906e522d80c60a97306b

Related Files

Secunia Security Advisory 50316
Posted Aug 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for nss. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.

tags | advisory, denial of service
systems | linux, ubuntu
SHA-256 | a22ea235370e731b0b3d70da6236fbddeeb7d1c26ee36b8ee1fb96de0c26e4b5
Secunia Security Advisory 50277
Posted Aug 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for perl-YAML-LibYAML. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the module.

tags | advisory, perl, vulnerability
systems | linux, suse
SHA-256 | c2591fd4454e96e7eccbd78fb20fae7cb9cd4ac857ef225bf7920faeb3c9f059
Zero Day Initiative Advisory 12-141
Posted Aug 17, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-141 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within Microsoft .NET XAML Browser Application (XBAP) handling of Clipboard object data. It is possible to cause unsafe memory access within System.Windows.Forms.Clipboard, allowing an attacker to control the memory used by an object's native code. This unsafe access allows for control of a function pointer, which can be exploited to remotely execute code. In the case of Internet Explorer, execution of attacker code occurs outside of the Protected Mode sandbox.

tags | advisory, remote, arbitrary
systems | windows
advisories | CVE-2012-1855
SHA-256 | 8a9c280b793fd5689ee6d1eab372451da1a6ddfa522f51fffe5b3eeaf469a90f
Zero Day Initiative Advisory 12-136
Posted Aug 17, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-136 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within how the application handles a malformed atom type when playing a movie encoded with uncompressed audio. When decoding the audio sample the application will use a 16-bit length for allocating a buffer, and a different one for initializing it. This can cause memory corruption which can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3220
SHA-256 | 279769476bb55b52fb4a1cfea0a3fa4d6c15f5a797a70b8f549cd186ec7efd2d
GNU Transport Layer Security Library 3.1.0
Posted Aug 17, 2012
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: This release adds support for using and storing cryptographic keys in the system's TPM module and several other improvements.
tags | protocol, library
SHA-256 | 4fdb58572fb91fc0afbdfcd7845d4467d4b13ef2f9141bdaa955b959a319f8cc
Hashes Generation And Injection Tool
Posted Aug 17, 2012
Authored by Pedro Ribeiro | Site github.com

Hashes is a cross-platform tool that generates and injects different keys with the same hash code in order to test web applications against hash collision attacks. Written in Java. Has support for Java, PHP, ASP, and V8.

tags | tool, java, web, php, asp
systems | unix
SHA-256 | 6bedf1fbba1ca220222bc6be3b897176d50aac02f53df2ed5328792dd158289c
Ubuntu Security Notice USN-1541-1
Posted Aug 17, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1541-1 - Justin Ferguson discovered multiple heap overflows in libotr. A remote attacker could use this to craft a malformed OTR message that could cause a denial of service via application crash or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-3461
SHA-256 | 6639415b413329405dd78b3fdeb6c09d08b8b5349b04696101dac765fabf6df4
Ubuntu Security Notice USN-1540-1
Posted Aug 17, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1540-1 - Kaspar Brand discovered a vulnerability in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. If the user were tricked into opening a specially crafted certificate, an attacker could possibly exploit this to cause a denial of service via application crash.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0441
SHA-256 | 5695af953d2ea767f7aa873eb14e3f4ba7fb5521839cbd082379adb239015888
Secunia Security Advisory 50293
Posted Aug 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in xmlsd, which can be exploited by malicious people to compromise an application using the library.

tags | advisory
SHA-256 | 781b7305b56efeb276c43dfbfc3f6f8ce7efb151090f4365ce7bc11adf3c788c
Secunia Security Advisory 50201
Posted Aug 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some weaknesses have been reported in the GNU C Library, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

tags | advisory, denial of service
SHA-256 | 61629f845154a6e447979441515212837aabcd10df6b59526f5f5ad8ae0701e5
Windows Service Trusted Path Privilege Escalation
Posted Aug 15, 2012
Authored by sinn3r | Site metasploit.com

This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths: C:\program.exe, and C:\program files\hello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some softwares such as OpenVPN 2.1.1, or OpenSSH Server 5, etc... all have the same problem.

tags | exploit
systems | windows
SHA-256 | 13ee2928c651d3a5639e180e5f2cafa4d077977aeeeb2da9a34de919ec969a8e
TestLink 1.9.3 Arbitrary File Upload
Posted Aug 14, 2012
Authored by Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in TestLink versions 1.9.3 and prior. This application has an upload feature that allows any authenticated user to upload arbitrary files to the '/upload_area/nodes_hierarchy/' directory with a randomized file name. The file name can be retrieved from the database using SQL injection.

tags | exploit, arbitrary, sql injection
SHA-256 | d7801d84f2c0b381a4eab2c495d1007bc1e69f64d876b88ff24732a4755a2f71
Mandriva Linux Security Advisory 2012-131
Posted Aug 14, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-131 - Just Ferguson discovered that libotr, an off-the-record messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code. The updated packages have been patched to correct this issue.

tags | advisory, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2012-3461
SHA-256 | d2dfc5f2426fd1d0773603a84cfba004ef4a99ccaa10eaee9b7fdd6c41ecb855
Red Hat Security Advisory 2012-1166-01
Posted Aug 14, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1166-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0035 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.

tags | advisory, remote, web, root, protocol
systems | linux, redhat
advisories | CVE-2012-1154
SHA-256 | f780b0c2beb4f13cd5fd92b554dd4ba5fbcdbbc13f13e931837e863861773d32
Debian Security Advisory 2526-1
Posted Aug 13, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2526-1 - Just Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2012-3461
SHA-256 | 7c01fb86e171c48aa3e6e49b606b9a1e9e94d6901619b80a625f9b7c0c78d71d
Ubuntu Security Notice USN-1530-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1530-1 - Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4131, CVE-2012-2123, CVE-2012-2136, CVE-2012-2313, CVE-2012-2319, CVE-2012-2372, CVE-2012-2375, CVE-2011-4131, CVE-2012-2123, CVE-2012-2136, CVE-2012-2313, CVE-2012-2319, CVE-2012-2372, CVE-2012-2375
SHA-256 | 1182d44ab2f37a093d4b3adc952b3b7cbf5002be8d366863ba89dea8ab42ea57
Ubuntu Security Notice USN-1527-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1527-1 - It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. Tim Boddy discovered that Expat did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0876, CVE-2012-1148, CVE-2012-0876, CVE-2012-1148
SHA-256 | c3584e3aa4d3cbb82dcc486580cc91f457a48e7ca032d71f17b0d2dc8c8edb29
Secunia Security Advisory 50216
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

tags | advisory, denial of service
systems | linux, suse
SHA-256 | c47dbcfbed988fb012fc5678f5bb01004dc25cea272f7fa84fd1fbd2b7b8508d
Secunia Security Advisory 50219
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for webkit. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | 40c5d88cb2b2d055443a887003a7b30764fcdb1cd6d6f31f748ed0174dbb9c27
Secunia Security Advisory 50258
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for icedtea-web. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the plugin.

tags | advisory, web, vulnerability
systems | linux, suse
SHA-256 | d2498827fbc60ac4f93763aa590a4f48b39ae08094bcfc93dd5231c7f75f3820
Red Hat Security Advisory 2012-1151-01
Posted Aug 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1151-01 - OpenLDAP is an open source suite of LDAP applications and development tools. It was found that the OpenLDAP server daemon ignored olcTLSCipherSuite settings. This resulted in the default cipher suite always being used, which could lead to weaker than expected ciphers being accepted during Transport Layer Security negotiation with OpenLDAP clients.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2668
SHA-256 | b5e58ac02a262a4dec401a753af836111759f4a329334fb8c3c1a2a0b7b62159
VMware Vendor Service Cross Site Scripting
Posted Aug 7, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

VMware's vendor website service application suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 97fea96f5c77623458d932b5ee192d04609a250f496344ae5ccebf8f7fa24694
iAuto Mobile Application 2012 Cross Site Scripting
Posted Aug 7, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

iAuto Mobile Application 2012 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 6fcd4bdd4e9f9da4b8ee80d130444bbd608889f7016cdbbe4cd6eac9b18fdc47
Debian Security Advisory 2523-1
Posted Aug 6, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2523-1 - It was discovered that the GridFTP component from the Globus Toolkit, a toolkit used for building Grid systems and applications performed insufficient validation of a name lookup, which could lead to privilege escalation.

tags | advisory
systems | linux, debian
advisories | CVE-2012-3292
SHA-256 | b6337585790cbaa70a41e8a15f2ad98e6536faf0969ee375b41118d80a7b921e
Android HTC Mail Insecure Password Management
Posted Aug 6, 2012
Authored by HexView | Site hexview.com

The HTC Mail application on Android stores passwords base64 encoded after swapping around odd and even characters.

tags | exploit
SHA-256 | 5dbb95f9e5f9adae904123eb9746ffa5bfd499af74e2a90f0e01d0d5d1ae9cf8
Page 1 of 4
Back1234Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close