exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

SAP Download Manager 2.1.142 Weak Encryption
Posted Mar 11, 2016
Authored by Core Security Technologies, Martin Gallo | Site coresecurity.com

SAP Download Manager is a Java application offered by SAP that allows downloading software packages and support notes. This program stores the user's settings in a configuration file. Sensitive values, such as the proxy username and password if set, are stored encrypted using a fixed static key. Versions up to 2.1.142.

tags | exploit, java
MD5 | 229590470a8be1c064d928eb9d902bc6

Related Files

Core Security Technologies Advisory 2009.0912
Posted Nov 5, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Blender embeds a python interpreter to extend its functionality. Blender .blend project files can be modified to execute arbitrary commands without user intervention by design. An attacker can take full control of the machine where Blender is installed by sending a specially crafted .blend file and enticing the user to open it.

tags | exploit, arbitrary, python
advisories | CVE-2009-3850
MD5 | 3f35540862c9c7a87d3aca95c31184c7
Xion Audio Player Local Buffer Overflow
Posted Nov 3, 2009
Authored by corelanc0d3r

Xion Audio Player version 1.0 build 121 local buffer overflow exploit.

tags | exploit, overflow, local
MD5 | 23e8837a0bd388f45a51407c82508d0f
Core Security Technologies Advisory 2009.0922
Posted Oct 6, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Jetty includes several sample web applications for the developer to learn from. One of them sets cookies with user supplied data, and then dumps them as html. This application does not filter the user supplied data when outputting it to the visitor. This constitutes a persistent XSS vulnerability.

tags | advisory, web
MD5 | 50c2d4a40343778121540d2f58b4805d
Core Security Technologies Advisory 2009.0812
Posted Oct 5, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Multiple cross-site scripting vulnerabilities (both stored and reflected) have been found in the web interface of Hyperic HQ, which can be exploited by an attacker to execute arbitrary JavaScript code in the context of the browser of a legitimate logged in user.

tags | exploit, web, arbitrary, javascript, vulnerability, xss
advisories | CVE-2009-2897, CVE-2009-2898
MD5 | c84787eba30a9d9b9513c1d252ec6232
Core FTP Server 1.0 Denial Of Service
Posted Sep 29, 2009
Authored by Dr_IDE

Core FTP Server version 1.0 build 304 remote denial of service exploit.

tags | exploit, remote, denial of service
MD5 | 771913e74d9fe751af31d5b860117c9f
Core FTP LE 2.1 Buffer Overflow
Posted Sep 26, 2009
Authored by Dr_IDE

Core FTP LE version 2.1 build 1612 local buffer overflow proof of concept exploit.

tags | exploit, overflow, local, proof of concept
MD5 | a528962313b589f441958f1b5772e712
War FTP Daemon Format String Denial Of Service
Posted Sep 10, 2009
Authored by corelanc0d3r

War FTPd version 1.82 RC 12 format string denial of service exploit that makes use of the LIST command.

tags | exploit, denial of service
MD5 | 018da780888dc3140284257bb892ba0a
Core Security Technologies Advisory 2009.0820
Posted Sep 2, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - A vulnerability has been found in Dnsmasq that may allow an attacker to execute arbitrary code on servers or home routers running dnsmasq with the TFTP service enabled.

tags | exploit, arbitrary
advisories | CVE-2009-2957, CVE-2009-2958
MD5 | d8dcb6b97e9b9158877c7826cf07171c
Core Security Technologies Advisory 2009.0727
Posted Aug 18, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - A remote arbitrary-code-execution vulnerability has been found in Libpurple (used by Pidgin and Adium instant messaging clients, among others), which can be triggered by a remote attacker by sending a specially crafted MSNSLP packet with invalid data to the client through the MSN server. No victim interaction is required, and the attacker is not required to be in the victim's buddy list (under default configuration). Libpurple versions 2.5.8 and below are affected.

tags | advisory, remote, arbitrary
advisories | CVE-2009-2694
MD5 | 2fde839930feef8f1f74e04404076031
Core Security Technologies Advisory 2009.0707
Posted Jul 28, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - A remote denial of service vulnerability has been found in Firebird SQL, which can be exploited by a remote attacker to force the server to close the socket where it is listening for incoming connections and to enter an infinite loop, by sending an unexpected 'op_connect_request' message with invalid data to the server. Proof of concept code included.

tags | exploit, remote, denial of service, proof of concept
advisories | CVE-2009-2620
MD5 | a3a1b73706a9f3a5051b67b289be9ea2
Core Security Technologies Advisory 2009.0227
Posted Jul 17, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - The Real Helix DNA RTSP and SETUP request handler suffers from multiple denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
advisories | CVE-2009-2533, CVE-2009-2534
MD5 | 44e61ae85f92f53b38683678331d7080
Core Security Technologies Advisory 2009.0515
Posted Jul 8, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - A vulnerability was found in the way that WordPress handles some URL requests. This results in unprivileged users viewing the content of plugins configuration pages, and also in some plugins modifying plugin options and injecting JavaScript code. Arbitrary native code may be run by a malicious attacker if the blog administrator runs injected JavasScript code that edits blog PHP code.

tags | exploit, arbitrary, php, javascript
advisories | CVE-2009-2334, CVE-2009-2335, CVE-2009-2336
MD5 | 33e7dc69441396610a6945868f030b1f
Core Security Technologies Advisory 2009.0519
Posted Jul 8, 2009
Authored by Core Security Technologies, Diego Juarez | Site coresecurity.com

Core Security Technologies Advisory - Awakening's Winds3D Viewer, which runs as a plugin within most popular web browsers, is vulnerable to a remotely exploitable arbitrary command execution vulnerability which can be triggered by making the user visit a malicious link/website. Versions 3.5.0.0 and 3.0.0.5 are vulnerable.

tags | exploit, web, arbitrary
advisories | CVE-2009-2386
MD5 | dd8314606e5d9fe5e80ed6775b92d050
Core Security Technologies Advisory 2008.0826
Posted Jun 10, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Internet Explorer suffers from a security zone restrictions bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2009-1140
MD5 | fb541a366e36b787b29d3f3393385599
Core Security Technologies Advisory 2009.0521
Posted Jun 10, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - The DX Studio Player Firefox plug-in suffers from a command injection vulnerability.

tags | exploit
advisories | CVE-2009-2011
MD5 | ebc716b00c90866d06777927368a3ed9
Core Security Technologies Advisory 2009.0420
Posted Jun 3, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - CUPS versions 1.3.9 and below suffer from a handling flaw of the IPP_TAG_UNSUPPORTED tag that allows attackers to cause a remote pre-authentication denial of service.

tags | exploit, remote, denial of service
advisories | CVE-2009-0949
MD5 | cc18be3e13ce7caeb18e3b8ee2636ce8
Core Security Technologies Advisory 2009.0401
Posted May 29, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Ston3D StandalonePlayer and WebPlayer are vulnerable to a command injection vulnerability, which can be exploited by malicious remote attackers. The vulnerability is due to the Ston3D scripting language. It provides the function 'system.openURL()' which does not properly sanitize the input before using it. This can be exploited to execute arbitrary commands with the privileges of the Stone3D player by opening a specially crafted file.

tags | advisory, remote, arbitrary
advisories | CVE-2009-1792
MD5 | 8cfc66146f5a00b7309bd90d85d38dff
Core Security Technologies Advisory 2009.0109
Posted May 21, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Several cross site scripting vulnerabilities were found in the following files/urls of the Sun Java System Communications Express system.

tags | exploit, java, vulnerability, xss
advisories | CVE-2009-1729
MD5 | 66cba81d15ed53317ac0960af46eaf8b
Core Security Technologies Advisory 2009.0114
Posted Apr 22, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - An HTTP Response Splitting vulnerability has been discovered in Sun Java System Delegated Administrator.

tags | exploit, java, web
advisories | CVE-2009-1357
MD5 | 95a9fd72bf28fb787b4caf10cec8cccf
Core Security Technologies Advisory 2009.0108
Posted Apr 1, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - The Sun Calendar Express Web Server suffers from remote denial of service and cross site scripting vulnerabilities.

tags | exploit, remote, web, denial of service, vulnerability, xss
MD5 | 8637e3be53c6f69f9ebb8d051e7eda79
Core Security Technologies Advisory 2009.0122
Posted Mar 24, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Several buffer overflows have been found in HP OpenView Network Node Manager, which can be exploited to remotely compromise a user's system.

tags | advisory, overflow
advisories | CVE-2009-0920, CVE-2009-0921
MD5 | b176bcd48a477e558a3cea4da4a1615c
Core Security Technologies Advisory 2009.0218
Posted Mar 9, 2009
Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Foxit Reader versions 3.0 build 1120 and build 1301 suffer from authorization bypass and buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2009-0836, CVE-2009-0837
MD5 | e3819ef2f892e318f47ff55dff405400
Core Security Technologies Advisory 2008.1009
Posted Feb 3, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Multiple integer overflow vulnerabilities have been discovered in UltraVNC and TightVNC, two (open source) remote control applications derived from the popular VNC software. The vulnerabilities cause a miscalculation of a buffer size on the heap, allowing an attacker to corrupt a VNC client heap and can probably allow code execution (exploitation is very likely). Affected packages include UltraVNC versions 1.0.2, 1.0.5, and TightVNC version 1.3.9.

tags | advisory, remote, overflow, vulnerability, code execution
advisories | CVE-2009-0388
MD5 | 65b9167f89ec00f966f5742d0c5bb8fd
Core Security Technologies Advisory 2008.1211
Posted Jan 28, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Multiple stack buffer overflow vulnerabilities have been discovered in Amaya, which can be exploited by unauthorized people using crafted web pages to compromise a user's system. Versions 11.0 and below are affected.

tags | advisory, web, overflow, vulnerability
MD5 | e1975a8747e8d634bb1af8465094332d
Core Security Technologies Advisory 2008.1128
Posted Jan 8, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Openfire is a real time collaboration (RTC) server licensed under the Open Source GPL. It uses the widely adopted open protocol for instant messaging XMPP, also called Jabber. Multiple cross-site scripting vulnerabilities have been found, which may lead to arbitrary remote code execution on the server running the application due to unauthorized upload of Java plugin code. Openfire version 3.6.2 is affected.

tags | exploit, java, remote, arbitrary, vulnerability, code execution, protocol, xss
MD5 | b9fd4563590b32ef7388cb4cfc403cf8
Page 1 of 4
Back1234Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    1 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close