what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Dell SonicWALL Secure Mobile Access SMA 8.1 CSRF / XSS
Posted Dec 30, 2016
Authored by LiquidWorm | Site zeroscience.mk

Dell SonicWALL Secure Mobile Access SMA version 8.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 9c6e1e62011dc14636b4f5849d5f84a87d42f3acec586620f4296ac473fb6a89

Related Files

Secunia Security Advisory 50304
Posted Aug 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in McAfee SmartFilter Administration, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | a703b1a95357d6c56e78153fecfe2423f047d759e2a36648b9be443b22464153
Zero Day Initiative Advisory 12-140
Posted Aug 17, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-140 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee SmartFilter Administration Server. Authentication is not required to exploit this vulnerability. The flaw exists within the Remote Method Invocation (RMI) component which is exposed by SFAdminSrv.exe process. This process exposes various RMI services to TCP ports 4444 (JBoss RMI HTTPInvoker), 1098 (rmiactivation), 1099 (rmiregistry). Requests to these services are not authenticated and can be used to instantiate arbitrary classes or to upload and execute arbitrary archives. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
SHA-256 | 6d44dbf9f816ae47b69459fc6a3ae55af8b47454af0c493a2b31bcdd640effcb
Secunia Security Advisory 50209
Posted Aug 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in SmarterMail, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | 3f5608ec4dbfea645beb2b22ad9b62864b4c15427459039d6d1f2e563caba091
Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow
Posted Aug 7, 2012
Authored by juan vazquez, Brian Gorenc | Site metasploit.com

This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).

tags | exploit, java, web, overflow, code execution, activex
advisories | CVE-2012-0549, OSVDB-81439
SHA-256 | d858c8b6d6fe0d0ffc9d06afc12e482599a5ca2b027ef372734fa46886a66c4d
ISMA Online Translator 1.2 / ISMA Agnet 1.1 Cross Site Scripting
Posted Aug 6, 2012
Authored by Avatar Fearless

ISMA Online Translator version 1.2 and ISMA Agnet version 1.1 suffers from cross site scripting and html injection vulnerabilities. ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ suffers from cross site scripting, and html injection vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 411f5617606b2ca82327c9da33b7ff101c4d6c3fedc64438adc9cbc62ef01b87
Packet Fence 3.5.0
Posted Aug 2, 2012
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This major release focuses on new features and enhancements. It adds a remediation module for SourceFire 3D, the ability to have different captive portals depending on the SSID you connect to, a new Web-based configuration tool which eases the installation and configuration process of a new PacketFence installation, and complete Suricata support.
tags | tool, remote
systems | unix
SHA-256 | 04d68118540aa72d1079d73c6cbd5d757435496db0dd4e260130a127a8844be7
Secunia Security Advisory 50090
Posted Jul 30, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in GraphicsMagick, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | ce2d96febab9d285a0c7b8898d763fbe22798cc34f246e7ea8c4d5c34500afe6
Linux x86 ASLR Deactivation Shellcode
Posted Jul 26, 2012
Authored by Jean Pascal Pereira

83 bytes small Linux/x86 ASLR deactivation shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 3c4799dd92e003e39ce50560912dd05104d6cce8bc4f1ce4a42be3063c322af2
Linux x86 chmod 666 /etc/passwd And /etc/shadow Shellcode
Posted Jul 25, 2012
Authored by Jean Pascal Pereira

57 bytes small Linux x86 chmod 666 /etc/passwd and /etc/shadow shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 590e152e8000ac65c31808f69843049356045877a386919811bea3db71213bd4
Linux x86 execve("/bin/sh") Shellcode
Posted Jul 25, 2012
Authored by Jean Pascal Pereira

28 bytes small Linux x86 execve("/bin/sh") shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | e76c6cfce6e63e2e04ebe2418e31f5cc54c5925f41db12525c88204ca0278b05
Termineter 0.1.0
Posted Jul 24, 2012
Authored by Spencer McIntyre | Site code.google.com

Termineter is a framework written in python to provide a platform for the security testing of smart meters. It implements the C12.18 and C12.19 protocols for communication. Currently supported are Meters using C12.19 with 7-bit character sets. Termineter communicates with Smart Meters via a connection using an ANSI type-2 optical probe with a serial interface.

tags | tool, protocol, python
systems | unix
SHA-256 | 8c72b50832476f3e05267e7d4f72848ea822e3c27a9f383258782999f96bcc12
Multithreaded Proxy Checker
Posted Jul 22, 2012
Authored by miyachung

This php script is a small tool for performing proxy checks.

tags | web, php
SHA-256 | 335c6bc3f7508bd7388fd3b9f2a8c061fae18e1b4e0260668b4a1b074b9587a3
Reverse Shell Shellcode
Posted Jul 13, 2012
Authored by KedAns-Dz

61 bytes small Unix/x86 reverse shell TCP port 30 shellcode.

tags | shell, x86, tcp, shellcode
systems | unix
SHA-256 | a9c4dce2bac819a7c3727dbb9373b2ad7d3a42ec3a4b4326b3d68c91e79d8c9d
U3-Pwn Sandisk Executable Injection Tool
Posted Jul 6, 2012
Authored by Zy0d0x | Site nullsecurity.net

U3-Pwn is a tool designed to automate injecting executables to Sandisk smart usb devices with default U3 software install. This is performed by removing the original iso file from the device and creating a new iso with autorun features.

tags | tool
systems | unix
SHA-256 | 51498ab2e7ba0c102e682ae6e8f6fca0fcc3c25cbe6926456c2c6aeb1049c326
IBM Rational ClearQuest CQOle Remote Code Execution
Posted Jul 3, 2012
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a function prototype mismatch on the CQOle ActiveX control in IBM Rational ClearQuest versions prior to 7.1.1.9, 7.1.2.6 or 8.0.0.2 which allows reliable remote code execution when DEP is not enabled.

tags | exploit, remote, code execution, activex
advisories | CVE-2012-0708, OSVDB-81443
SHA-256 | 387ecb02a357ac85525e1e50243fe56012c1987ea3f8ba4a3ee336ab0fb98ed5
strongSwan IPsec Implementation 5.0.0
Posted Jul 3, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The IKEv1 protocol was re-implemented from scratch by extending the successful IKEv2 code. The charon keying daemon now supports both protocols, which allowed the old IKEv1 pluto daemon to be removed. Support for the IKEv1 Aggressive and Hybrid Modes has been added.
tags | tool, encryption, protocol
systems | linux, freebsd, apple, osx
SHA-256 | 1a7ed98015df32e7412caf37391105af25a9dc66a0e357a1c92ccd5a9f180298
Linux x86 rm -fr / Shellcode
Posted Jul 2, 2012
Authored by nitr0us

58 bytes small Linux/x86 rm -fr / shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | f97ca9b35911145e544f8f2c9253eb7646968fcbab53346ae763b8c0513a2b5a
Zero Day Initiative Advisory 12-113
Posted Jun 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-113 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational ClearQuest. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CQOle ActiveX control. A function prototype mismatch in an ActiveX wrapper results in an extra argument to be pushed onto the stack, thereby misaligning the stack offset. When the function returns, it can be made to jump to a memory address provided via the ActiveX method call. This can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2012-0708
SHA-256 | ee2420a705a26ed773b1354114c6612b6c63f17469cb4b7177fbc350de395af5
HP Security Bulletin HPSBPI02794 SSRT100542
Posted Jun 29, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02794 SSRT100542 - A potential security vulnerability has been identified with certain HP Photosmart printers. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2012-2017
SHA-256 | f39d009e7e352d2b9f93664bf49c7618a7dae15b4a79bf85fdcb5948f6e58f93
Secunia Security Advisory 49739
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in multiple HP Photosmart printers, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 8b99dfe771fa4444681df851b7362066df6524e6b0b1f3df12e81b47ca3b85f1
Smart-Info Limited SQL Injection
Posted Jun 23, 2012
Authored by Taurus Omar

Smart-Info Limited suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | fd8d900d1d9226ba67668c5ebc99aa5973e1e8553b048072a11e2817bfb018bc
Secunia Security Advisory 49590
Posted Jun 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in SmallPICT, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 523389ffbb38c3d758f1e75c1afcf2012ff4ccbb9b67b988c10c0dd0429e1af9
Mandos Encrypted File System Unattended Reboot Utility 1.6.0
Posted Jun 19, 2012
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: The client now uses all available interfaces, not just the first usable one. The server takes a new "--foreground" option.
tags | remote, root
systems | linux, unix
SHA-256 | 36ea3627ca945f7c7e5d36e2cf2f4151341760f14dc63b2acc36e37c0b639bc0
Smallbiz SQL Injection
Posted Jun 17, 2012
Authored by Taurus Omar

Smallbiz suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0fcfc4f0b435df6d2a9d946a9c55177e726adcb25df3baec36c7d0e40cdd54c0
Packet Fence 3.4.0
Posted Jun 14, 2012
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This major release focuses on new features and enhancements, including Brocade and H3C hardware support, Debian Squeeze support, more custom VLAN support, node bulk importation improvements, new bandwidth graphs, performance tweaks, stability improvements, and a security fix.
tags | tool, remote
systems | unix
SHA-256 | 74b9505aefce9b9b5e02bc6eb31e0b44de771b4a3fd5c73edbb8c4870f56a7d2
Page 1 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close