exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

RISE 1.9 SQL Injection
Posted Jan 15, 2018
Authored by Ahmad Mahfouz

RISE version 1.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-17999
MD5 | 39419d3a377289824d79429888a056c2

Related Files

Red Hat Security Advisory 2012-1166-01
Posted Aug 14, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1166-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0035 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.

tags | advisory, remote, web, root, protocol
systems | linux, redhat
advisories | CVE-2012-1154
MD5 | c5f34eed9b443e9c3d85d99ed579507e
Red Hat Security Advisory 2012-1165-01
Posted Aug 14, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1165-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.3.0. It includes various bug fixes. The following security issue is also fixed with this release: It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.

tags | advisory, remote, arbitrary, code execution, csrf
systems | linux, redhat
advisories | CVE-2011-2908
MD5 | 5c84e6f534d6af6121783976efbf43be
Secunia Security Advisory 50230
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise SOA Platform. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
systems | linux, redhat
MD5 | e3c8947e9c8fb8bf421ef0af83d1845b
Secunia Security Advisory 50261
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - McAfee has acknowledged two vulnerabilities in McAfee Firewall Enterprise, which can be exploited by malicious people to conduct spoofing attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, spoof, vulnerability
MD5 | a5111d0a7744c6772aeabc1a9b36b811
Mandriva Linux Security Advisory 2012-129-1
Posted Aug 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-129 - The decompress function in ncompress allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted. Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory. The updated packages have been patched to correct these issues. The wrong set of packages was sent out with the MDVSA-2012:129 advisory that lacked the fix for CVE-2006-1168. This advisory provides the correct packages.

tags | advisory, remote, denial of service, arbitrary, shell, code execution
systems | linux, mandriva
advisories | CVE-2006-1168, CVE-2011-2716
MD5 | 629bfadebef039bc82d2de1b31d27b05
Mandriva Linux Security Advisory 2012-129
Posted Aug 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-129 - The decompress function in ncompress allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted. Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, arbitrary, shell, code execution
systems | linux, mandriva
advisories | CVE-2006-1168, CVE-2011-2716
MD5 | ddf296f9e839a96a96f6ed269121b40c
Red Hat Security Advisory 2012-1152-01
Posted Aug 9, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1152-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.

tags | advisory, remote, arbitrary, code execution, csrf
systems | linux, redhat
advisories | CVE-2011-2908
MD5 | 9b79d485d1265a913f65a726b2e9d016
EmailArchitect Enterprise Email Server 10.0 Cross Site Scripting
Posted Aug 8, 2012
Authored by loneferret

EmailArchitect Enterprise Email Server version 10.0 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-2591
MD5 | 67b95527b49ccccefb4ef7fa58256f96
MailEnable Enterprise 6.5 Cross Site Scripting
Posted Aug 8, 2012
Authored by loneferret

MailEnable Enterprise version 6.5 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-2588
MD5 | c23f76da3c75a26be60243216f439d6a
FreeBSD Security Advisory - named Denial Of Service
Posted Aug 8, 2012
Authored by Einar Lonn | Site security.freebsd.org

FreeBSD Security Advisory - BIND 9 stores a cache of query names that are known to be failing due to misconfigured name servers or a broken chain of trust. Under high query loads, when DNSSEC validation is active, it is possible for a condition to arise in which data from this cache of failing queries could be used before it was fully initialized, triggering an assertion failure. A remote attacker that is able to generate high volume of DNSSEC validation enabled queries can trigger the assertion failure that causes it to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | freebsd
advisories | CVE-2012-3817
MD5 | 0ef228d154a335e008640bab911b82dd
Secunia Security Advisory 50084
Posted Aug 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise SOA Platform. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, redhat
MD5 | a39cd18fbf96d180ea0e4bb11d358b4f
Secunia Security Advisory 50082
Posted Aug 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oliver Karow has reported a vulnerability in Dr.Web Enterprise Server, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, web
MD5 | 8d9b37a110ee461ae2c1642f5a399332
Red Hat Security Advisory 2012-1130-01
Posted Jul 31, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1130-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way the pyGrub boot loader handled compressed kernel images. A privileged guest user in a para-virtualized guest could use this flaw to create a crafted kernel image that, when attempting to boot it, could result in an out-of-memory condition in the privileged domain.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2012-2625
MD5 | 10bf57d7a33acd87fbb2df4474f87997
Red Hat Security Advisory 2012-1125-01
Posted Jul 31, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1125-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. This release of JBoss Enterprise SOA Platform 5.3.0 serves as a replacement for JBoss Enterprise SOA Platform 5.2.0. It includes various bug fixes and enhancements which are detailed in the JBoss Enterprise SOA Platform 5.3.0 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-3506, CVE-2011-3517, CVE-2011-4605, CVE-2011-4838, CVE-2012-0079, CVE-2012-0818, CVE-2012-2377
MD5 | 0e1c62579e79665cc4974b757ecb0fa8
Secunia Security Advisory 50048
Posted Jul 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Adaptive Server Enterprise, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and compromise a vulnerable system.

tags | advisory, vulnerability
MD5 | be69dfbd2ac8db81c8d1903c2c7b4d2a
Red Hat Security Advisory 2012-1109-01
Posted Jul 23, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1109-01 - JBoss Application Server is the base package for JBoss Enterprise Portal Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
MD5 | fa06b75565e160f603b4610527cfa308
Red Hat Security Advisory 2012-1103-01
Posted Jul 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1103-01 - Red Hat Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. Multiple cross-site scripting flaws were discovered in the Red Hat Certificate System Agent and End Entity pages. An attacker could use these flaws to perform a cross-site scripting attack against victims using Certificate System's web interface. It was discovered that Red Hat Certificate System's Certificate Manager did not properly check certificate revocation requests performed via its web interface. An agent permitted to perform revocations of end entity certificates could use this flaw to revoke the Certificate Authority certificate.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2012-2662, CVE-2012-3367
MD5 | 6e55fe5fd8f8ba6cb93b9d05ce60d575
Secunia Security Advisory 49951
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle PeopleSoft Enterprise PeopleTools, which can be exploited by malicious users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
MD5 | 629b4dada25586122354884aa7294823
Secunia Security Advisory 49956
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oracle has acknowledged a vulnerability in GlassFish Enterprise Server, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | 61f5f72e0b4b3e873054fccda3129235
Secunia Security Advisory 49937
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle Enterprise Manager Grid Control, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | 4e12c7e4c3d7a2c4620e19d33f352fad
Secunia Security Advisory 49950
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle PeopleSoft Enterprise Human Resource Management System (HRMS), which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.

tags | advisory, vulnerability
MD5 | 9faa813687cb112480e1cffb93d5ab2b
Red Hat Security Advisory 2012-1072-01
Posted Jul 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1072-01 - JBoss Cache is the clustering backbone for data distribution in JBoss Enterprise Web Platform. It provides the backing implementation for web session replication, stateful session bean replication and entity caching. It was found that NonManagedConnectionFactory would log the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform's "jboss-as-web/server/production/lib/jbosscache-core.jar" file.

tags | advisory, web, local
systems | linux, redhat
advisories | CVE-2012-0034
MD5 | c178423f604deba1902dc8bf25141719
Having Fun With VirusScan Enterprise
Posted Jul 12, 2012
Authored by Mert SARICA | Site mertsarica.com

VirusScan Enterprise Antivirus product may have a bug (or a vulnerability) in its parser that can lead to wrong action status messages and reports, malicious file scan bypass, and name spoofing by adding the magic line to the beginning of the file header.

tags | paper, spoof, virus
MD5 | fc6887a3ce24f94a5892bd2857f9dd29
Umbraco CMS Remote Command Execution
Posted Jul 6, 2012
Authored by juan vazquez, Toby Clarke | Site metasploit.com

This Metasploit module can be used to execute a payload on Umbraco CMS 4.7.0.378. The payload is uploaded as an ASPX script by sending a specially crafted SOAP request to codeEditorSave.asmx, which permits unauthorised file upload via the SaveDLRScript operation. SaveDLRScript is also subject to a path traversal vulnerability, allowing code to be placed into the web-accessible /umbraco/ directory. The module writes, executes and then overwrites an ASPX script; note that though the script content is removed, the file remains on the target. Automatic cleanup of the file is intended if a meterpreter payload is used. This Metasploit module has been tested successfully on Umbraco CMS 4.7.0.378 on a Windows 7 32-bit SP1. In this scenario, the "IIS APPPOOL\ASP.NET v4.0" user must have write permissions on the Windows Temp folder.

tags | exploit, web, asp, file upload
systems | windows, 7
MD5 | 55b249c7b416e0039642bb1ad643fe1b
HP Security Bulletin HPSBGN02750 SSRT100795
Posted Jul 6, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02750 SSRT100795 - A potential security vulnerability has been identified with HP ProtectTools Enterprise Device Access Manager (EDAM) running on Windows. The vulnerability can be remotely exploited to cause execution of arbitrary code or Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary
systems | windows
advisories | CVE-2011-4162
MD5 | 19685abb208e925ebb942478877fe7fb
Page 1 of 4
Back1234Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close