Twenty Year Anniversary
Showing 1 - 25 of 100 RSS Feed

Files

Vastal I-Tech Dating Zone 0.9.9 SQL Injection
Posted Sep 29, 2017
Authored by Ihsan Sencan

Vastal I-Tech Dating Zone version 0.9.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-15975
MD5 | 6910632a505486f32464a0cf02a1bfe2

Related Files

Mandriva Linux Security Advisory 2012-108
Posted Jul 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-108 - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow. The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. The updated packages have been upgraded to the 5.3.15 version which is not vulnerable to these issues. Additionally the php-timezonedb packages has been upgraded to the latest version as well.

tags | advisory, remote, overflow, php
systems | linux, mandriva
advisories | CVE-2012-2688, CVE-2012-3365
MD5 | cb6339f2ab0f23b465ebf42626304b47
FreeBSD Security Advisory - BIND 9 Incorrect Handling
Posted Jun 12, 2012
Authored by Dan Luther, Jeffrey A. Spain | Site security.freebsd.org

FreeBSD Security Advisory - The named(8) server does not properly handle DNS resource records where the RDATA field is zero length, which may cause various issues for the servers handling them. Resolving servers may crash or disclose some portion of memory to the client. Authoritative servers may crash on restart after transferring a zone containing records with zero-length RDATA fields. These would result in a denial of service, or leak of sensitive information.

tags | advisory, denial of service
systems | freebsd
advisories | CVE-2012-1667
MD5 | 1675828df069117e998188dd43be8f3b
Zone-H Multithreaded Poster
Posted May 21, 2012
Authored by miyachung

Zone-H posting utility that is multi-threaded.

tags | tool
systems | unix
MD5 | 0e1367f4f6675aee37f1123cdba8a424
Cisco Security Advisory 20120328-zbfw
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS Software contains four vulnerabilities related to Cisco IOS Zone-Based Firewall features. These vulnerabilities are as follows: Memory Leak Associated with Crafted IP Packets. Memory Leak in HTTP Inspection. Memory Leak in H.323 Inspection. Memory Leak in SIP Inspection Workarounds that mitigate these vulnerabilities are not available. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, web, vulnerability, memory leak
systems | cisco
advisories | CVE-2012-0387, CVE-2012-0388, CVE-2012-1310, CVE-2012-1315
MD5 | d01649c54dfd485810387931863753a1
Ubuntu Security Notice USN-1396-1
Posted Mar 10, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1396-1 - It was discovered that the GNU C Library did not properly handle integer overflows in the timezone handling code. An attacker could use this to possibly execute arbitrary code by convincing an application to load a maliciously constructed tzfile. It was discovered that the GNU C Library did not properly handle passwd.adjunct.byname map entries in the Network Information Service (NIS) code in the name service caching daemon (nscd). An attacker could use this to obtain the encrypted passwords of NIS accounts. This issue only affected Ubuntu 8.04 LTS. Various other issues were also addressed.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-5029, CVE-2010-0015, CVE-2011-1071, CVE-2011-1659, CVE-2011-1089, CVE-2011-1095, CVE-2011-1658, CVE-2011-2702, CVE-2011-4609, CVE-2012-0864, CVE-2009-5029, CVE-2010-0015, CVE-2011-1071, CVE-2011-1089, CVE-2011-1095, CVE-2011-1658, CVE-2011-1659, CVE-2011-2702, CVE-2011-4609, CVE-2012-0864
MD5 | 5950543e928ce553c23c248714697990
Red Hat Security Advisory 2012-0126-01
Posted Feb 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0126-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609
MD5 | 04aac618203b70bf0f18fb8d24c46efc
Red Hat Security Advisory 2012-0125-01
Posted Feb 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0125-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2009-5029, CVE-2009-5064, CVE-2010-0296, CVE-2010-0830, CVE-2011-1071, CVE-2011-1089, CVE-2011-1095, CVE-2011-1659, CVE-2011-4609
MD5 | 864ed57afca2c884fc017d61f81beecf
Agent Zone Vastal I-Tech Real Estate SQL Injection
Posted Jan 31, 2012
Authored by Muhammet Cagri Tepebasili

Agent Zone Vastal I-Tech Real Estate script suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | de7ecf5e1bfc46f8cf8f488f5b7ea9de
Red Hat Security Advisory 2012-0058-01
Posted Jan 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0058-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2009-5029, CVE-2011-4609
MD5 | ae46ab93e5692fdf420a71e5fd8b7b5f
Zone Rouge CMS 2012 SQL Injection
Posted Jan 23, 2012
Authored by snup | Site vulnerability-lab.com

Zone Rouge CMS 2012 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8f3837afbf8c097af764e8dae15b4877
Mandriva Linux Security Advisory 2011-166
Posted Nov 3, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-166 - A vulnerability has been identified and fixed in php. The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. The php-ini-5.3.8 package was missing with the MDVSA-2011:165 advisory and is now being provided, the php-timezonedb package was upgraded to the latest version for 2011. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary, php
systems | linux, mandriva
advisories | CVE-2011-3379
MD5 | 2f9fd1ed46b662fc92a212163565a853
Secunia Security Advisory 46382
Posted Oct 17, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in BlueZone Desktop, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | e73d7c1f0240ac7be4d1f7a1e4b362fb
BlueZone Desktop Denial Of Service
Posted Oct 16, 2011
Authored by Silent_Dream

BlueZone Desktop suffers from a denial of service vulnerability when handling a malformed .zap file.

tags | exploit, denial of service
MD5 | c87654fce113e620cf3685a6d71b1499
Cisco Security Advisory 20110928-zbfw
Posted Sep 28, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS Software contains two vulnerabilities related to Cisco IOS Intrusion Prevention System (IPS) and Cisco IOS Zone-Based Firewall features.

tags | advisory, vulnerability
systems | cisco
advisories | CVE-2011-3273, CVE-2011-3281
MD5 | 66f438d4a26109026168d18f7cbd958f
Novell GroupWise Calendar TZNAME Remote Buffer Overflow
Posted Sep 28, 2011
Authored by Sebastien Renaud, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "NgwiCalVTimeZoneBody::ParseSelf()" function within the "GWWWW1.dll" component when processing an overly long "TZNAME" variable in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. Versions 8.0.2 SP2 Hot Patch 2 and below are affected.

tags | advisory, remote, overflow
MD5 | a966cb6e337828e6ff725f92f86f5cc4
iDefense Security Advisory 09.26.11 - Novell Heap Overflow
Posted Sep 28, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 09.26.11 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed time zone description field (TZNAME). A heap based buffer overflow can be triggered by supplying an excessively long string when copying the time zone name. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2011-0333
MD5 | 3961bfbc991f62a779aa048cfff1fa30
Novell GroupWise Internet Agent TZNAME Parsing
Posted Sep 27, 2011
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by an integer truncation error in NgwiCalVTimeZoneBody::ParseSelf() within gwwww1.dll when GroupWise Internet Agent parses "TZNAME" variables in VCALENDAR data. This can be exploited to cause a heap-based buffer overflow via a specially crafted e-mail containing an overly long "TZNAME" property value. Successful exploitation may allow execution of arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2011-0333
MD5 | 8577c3bf385c08cc68b0d6332631fde5
BroadWin WebAccess Client Format String / Memory Corruption
Posted Sep 2, 2011
Authored by Luigi Auriemma | Site aluigi.org

BroadWin WebAccess Client with bwocxrun.ocx versions 1.0.0.10 and below suffer from format string and memory corruption vulnerabilities. The OcxSpool function is affected by a format string vulnerability caused by the usage of the Msg string provided by the attacker directly with vsprintf() without the required format argument. WriteTextData and CloseFile allow to corrupt arbitrary zones of the memory through a fully controllable stream identifier in fclose() and fwrite().

tags | exploit, arbitrary, vulnerability
systems | linux
MD5 | d938955baaf2638ba8313699f173b625
ZoneMinder Video Camera Security Tool 1.25.0
Posted Sep 2, 2011
Authored by Philip Coombes | Site zoneminder.com

ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.

Changes: This release is mainly focused around a complete rewrite of the logging and debug functionality, which now includes a Web log viewer and fully consolidated logging. Support has also been added for SFTP in event uploads. There are also a small number of other useful new features and fixes.
tags | web
systems | linux, unix
MD5 | eaefa14befd482154970541252aa1a39
QuickRecon 0.3.2
Posted Aug 22, 2011
Authored by Filip Szymanski | Site code.google.com

QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.

Changes: Improved code. Shodan DB integration.
tags | tool, scanner, python
systems | unix
MD5 | 41f48dd2ee33988d2bf42342a497c1ee
Secunia Security Advisory 45380
Posted Aug 2, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in ZoneMinder, which can be exploited by malicious users to disclose sensitive information.

tags | advisory
MD5 | d99806633694b6077eb91f30c112b1ef
ZoneMinder 1.24.3 Remote File Inclusion
Posted Aug 2, 2011
Authored by Iye

ZoneMinder version 1.24.3 suffers from local and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
MD5 | 20ca0e459daa9fdbbaf7c95053767daf
Zones Web Solution SQL Injection
Posted Jul 26, 2011
Authored by Ehsan_Hp200

Zones Web Solution suffers from a remote SQL injection vulnerability in index.php.

tags | exploit, remote, web, php, sql injection
MD5 | 3d69b8af4904ad87895ecf56107e9b57
Zones Web Solution Cross Site Scripting / SQL Injection
Posted Jul 25, 2011
Authored by Ehsan_Hp200

Zones Web Solution suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, xss, sql injection
MD5 | c0c30192ab36dce451f86520de4c0de3
ISC BIND 9 RPZ Configuration Remote Crash
Posted Jul 6, 2011
Site isc.org

Two defects were discovered in ISC's BIND 9 code. These defects only affect BIND 9 servers which have recursion enabled and which use a specific feature of the software known as Response Policy Zones (RPZ) and where the RPZ zone contains a specific rule/action pattern. Versions affected include 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1.

tags | advisory, denial of service
advisories | CVE-2011-2465
MD5 | 32207cd269f81001ea5e18f1a263a01a
Page 1 of 4
Back1234Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    5 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close