exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

Intel(R) Management Engine Components 8.0.1.1399 Privilege Escalation
Posted Oct 20, 2016
Authored by Joey Lane

Intel(R) Management Engine Components version 8.0.1.1399 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
MD5 | 9f04dda018595f7375008b9d77e584db

Related Files

Zero Day Initiative Advisory 12-131
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-131 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Microsoft .NET handling of XAML Browser Applications (XBAP) graphics components. It is possible to cause an undersized allocation for a buffer which is populated with user-supplied glyph data, resulting in memory corruption which can be leveraged to remotely execute code.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0162
MD5 | fa28d73142451f1eab4aa6b9a737d9ec
Red Hat Security Advisory 2012-1109-01
Posted Jul 23, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1109-01 - JBoss Application Server is the base package for JBoss Enterprise Portal Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
MD5 | fa06b75565e160f603b4610527cfa308
Metasploit Framework 4.4
Posted Jul 17, 2012
Authored by H D Moore | Site metasploit.com

The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

Changes: 101 modules have been added. Meterpreter has been modernized. Various other improvements.
tags | tool, ruby
systems | unix
MD5 | 674b6bf22606298c98e7735b994dec25
Joomla Web Scanner 1.4
Posted Jul 16, 2012
Authored by Pepelux | Site enye-sec.org

Joomla web scanning perl script that gets the version, components and shows possible bugs.

Changes: Version 1.4 of JoomlaScan recognizes Joomla! versions 1.x, 1.5.x, 1.7.x, and 2.5.x and shows possible bugs in core and components.
tags | tool, web, scanner, perl
systems | unix
MD5 | c6cde9954f1120b9695532553128ba47
IBM Edge Components Caching Proxy Cross Site Scripting
Posted Jun 30, 2012
Authored by BugsNotHugs

IBM Edge Components Caching Proxy suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4a9c6a54aa4b355c27df5b3ffad9ca9d
OpenLimit Reader Vulnerable Components
Posted Jun 26, 2012
Authored by Stefan Kanthak

OpenLimit reader, an application aimed to provide security by validating X.509 signatures and signing PDFs inside Adobe Reader, contains completely outdated, superfluous and vulnerable components, which comprise 40% of the whole installation package.

tags | advisory
MD5 | cba35307c4a79af3a60bc1a77bfe05e4
Red Hat Security Advisory 2012-1024-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1024-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
MD5 | 78e63b592efd73d399efa20ffb0c7a6e
Red Hat Security Advisory 2012-1027-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1027-01 - JBoss Application Server is the base package for JBoss Enterprise Web Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-4605, CVE-2012-1167
MD5 | e02fd6239028ba7e4804f72b4eb8feb9
Red Hat Security Advisory 2012-1025-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1025-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
MD5 | adc2ae83e704247ed043d7de2c8c005e
Red Hat Security Advisory 2012-1026-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1026-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605, CVE-2012-1167
MD5 | b7005440cedca3fd3ccc4fe726b5c923
Red Hat Security Advisory 2012-1023-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1023-01 - JBoss Application Server is the base package for JBoss Enterprise Web Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-4605
MD5 | e679adc1a28f7ed1be754c13cdc1cdea
Red Hat Security Advisory 2012-1022-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1022-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
MD5 | 866815c965136537d3c2205173c3a171
Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary code on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service. The service is exploitable even when RDS is configured to deny remote connections (handsafe.reg). The service is vulnerable to a heap overflow where the RDS DataStub 'Content-Type' string is overly long. Microsoft Data Access Components (MDAC) 2.1 through 2.6 are known to be vulnerable.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2002-1142, OSVDB-14502
MD5 | ef1be5ec0b7f188d6fc9c5a7adde18d7
Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary commands on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service using VbBusObj or AdvancedDataFactory to inject shell commands into Microsoft Access databases (MDBs), MSSQL databases and ODBC/JET Data Source Name (DSN). Based on the msadcs.pl v2 exploit by Rain.Forest.Puppy, which was actively used in the wild in the late Ninties. MDAC versions affected include MDAC 1.5, 2.0, 2.0 SDK, 2.1 and systems with the MDAC Sample Pages for RDS installed, and NT4 Servers with the NT Option Pack installed or upgraded 2000 systems often running IIS3/4/5 however some vulnerable installations can still be found on newer Windows operating systems. Note that newer releases of msadcs.dll can still be abused however by default remote connections to the RDS is denied. Consider using VERBOSE if you're unable to successfully execute a command, as the error messages are detailed and useful for debugging. Also set NAME to obtain the remote hostname, and METHOD to use the alternative VbBusObj technique.

tags | exploit, remote, arbitrary, shell
systems | windows
advisories | CVE-1999-1011
MD5 | 9439cf75ff414672e154affb4b0b0e49
Access Road 0.7.2
Posted Jun 6, 2012
Authored by Patrick Thazard

Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added.

Changes: This release is mainly to fix a critical bug on the NoMore-NoLess views on Windows, and to allow use of the ORACLE JRE 7 with the previous bases from an old JRE.
tags | tool
systems | linux, unix
MD5 | 63c1fbd269de8b08d84e63c9c67198ce
Access Road (Source Release) 0.7.2
Posted Jun 6, 2012
Authored by Patrick Thazard

Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added. This is the source release.

Changes: This release is mainly to fix a critical bug on the NoMore-NoLess views on Windows, and to allow use of the ORACLE JRE 7 with the previous bases from an old JRE.
tags | tool
systems | linux, unix
MD5 | 00410214d083996808966ea102320809
Red Hat Security Advisory 2012-0519-01
Posted Apr 25, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0519-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.1 serves as a replacement for JBoss Enterprise Portal Platform 5.2.0, and includes bug fixes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4314, CVE-2012-0818
MD5 | 189d8ae1b672374f456cbd82bbd8e382
Oracle GlassFish Server 3.1.1 Build 12 Cross Site Scripting
Posted Apr 21, 2012
Authored by Roberto Suggi Liverani | Site security-assessment.com

Security-Assessment.com has discovered that components of the Oracle GlassFish Server administrative web interface are vulnerable to both reflected and stored cross site scripting attacks. All pages where cross site scripting vulnerabilities were discovered require authentication. Oracle GlassFish Server version 3.1.1 build 12 is affected.

tags | exploit, web, vulnerability, xss
advisories | CVE-2012-0551
MD5 | d42aa48b8702ef3a45dd6fa235e9cd4b
HP Security Bulletin HPSBUX02755 SSRT100667
Posted Mar 29, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02755 SSRT100667 - A potential security vulnerability has been identified with certain HP-UX WBEM components. The vulnerability could be exploited remotely in HP-UX 11.11 and HP-UX 11.23 to gain unauthorized access to diagnostic data. The vulnerability could be exploited locally in HP-UX 11.31 to gain unauthorized access to diagnostic data. Revision 1 of this advisory.

tags | advisory
systems | hpux
advisories | CVE-2012-0125, CVE-2012-0126
MD5 | e98d069cdd0674db19d6011eb0eeb49d
OpenOffice.org Data Leakage
Posted Mar 23, 2012
Authored by Timothy D. Morgan | Site apache.org

An XML External Entity (XXE) attack is possible in OpenOffice.org versions 3.3 and 3.4 Beta. This vulnerability exploits the way in which external entities are processed in certain XML components of ODF documents.

tags | advisory, xxe
advisories | CVE-2012-0037
MD5 | 151237e4e5475ac81f0b89e30fba0e55
Red Hat Security Advisory 2012-0345-02
Posted Mar 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0345-02 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that JBoss Web did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make JBoss Web use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-0022
MD5 | 12c0d0eedbc5e7f69fb65870542445dd
1337 Multiple CMS Scanner Online
Posted Feb 18, 2012
Authored by KedAns-Dz

This tool is a php script that assists in finding vulnerable components in multiple CMS systems.

tags | tool, scanner, php
systems | unix
MD5 | 096d96fea34495eb84b25150313ed1b3
Red Hat Security Advisory 2012-0091-01
Posted Feb 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0091-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This JBoss Enterprise Portal Platform 4.3 CP07 release serves as a replacement for JBoss Enterprise Portal Platform 4.3 CP06.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-1484, CVE-2011-2526, CVE-2011-4085, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064
MD5 | bf5f51c283d9d06bc3d3f263b6added9
Red Hat Security Advisory 2012-0040-01
Posted Jan 18, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0040-01 - Part of the Native components for JBoss Enterprise Web Platform is mod_cluster, an Apache HTTP Server based load balancer. Like mod_jk, it uses a communication channel to forward requests from httpd to an application server node. It was found that mod_cluster allowed worker nodes to register on any virtual host, regardless of the security constraints applied to other vhosts. In a typical environment, there will be one vhost configured internally for worker nodes, and another configured externally for serving content. A remote attacker could use this flaw to register an attacker-controlled worker node via an external vhost that is not configured to apply security constraints, then use that worker node to serve malicious content, intercept credentials, and hijack user sessions.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-4608
MD5 | 2148987a3dde726dc8e17283675218c4
Red Hat Security Advisory 2012-0038-01
Posted Jan 18, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0038-01 - Part of the Native components for JBoss Enterprise Application Platform is mod_cluster, an Apache HTTP Server based load balancer. Like mod_jk, it uses a communication channel to forward requests from httpd to an application server node. It was found that mod_cluster allowed worker nodes to register on any virtual host, regardless of the security constraints applied to other vhosts. In a typical environment, there will be one vhost configured internally for worker nodes, and another configured externally for serving content. A remote attacker could use this flaw to register an attacker-controlled worker node via an external vhost that is not configured to apply security constraints, then use that worker node to serve malicious content, intercept credentials, and hijack user sessions.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-4608
MD5 | 6e144acc711ff16fc64f7bd5133e426d
Page 1 of 4
Back1234Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    14 Files
  • 23
    Oct 23rd
    3 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    33 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close