exploit the possibilities
Showing 51 - 75 of 100 RSS Feed

Files

ADB Authorization Bypass
Posted Jul 4, 2018
Authored by Johannes Greil | Site sec-consult.com

Depending on the firmware version/feature-set of the ISP deploying the ADB device, a standard user account may not have all settings enabled within the web GUI. An authenticated attacker is able to bypass those restrictions by adding a second slash in front of the forbidden entry of the path in the URL. It is possible to access forbidden entries within the first layer of the web GUI, any further subsequent layers/paths (sub menus) were not possible to access during testing but further exploitation can't be ruled out entirely. Versions affected include ADB P.RG AV4202N, DV2210, VV2220, and VV5522.

tags | exploit, web
advisories | CVE-2018-13109
MD5 | e41c2384f02b6cc08acf7b55cfe6e66e

Related Files

Mandriva Linux Security Advisory 2012-122
Posted Aug 3, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-122 - Multiple vulnerabilities has been discovered and corrected in icedtea-web. An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code. It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface. When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution. The updated packages have been upgraded to the 1.1.6 version which is not affected by these issues.

tags | advisory, web, arbitrary, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2012-3422, CVE-2012-3423
MD5 | 3cc27f97068a6b9857d9f6b7e626b6c0
Red Hat Security Advisory 2012-0678-01
Posted May 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0678-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. When configured to do SSL certificate verification, PostgreSQL only checked the first 31 characters of the certificate's Common Name field. Depending on the configuration, this could allow an attacker to impersonate a server or a client using a certificate from a trusted Certificate Authority issued for a different name.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0866, CVE-2012-0867, CVE-2012-0868
MD5 | e1a961e6fbae0168e6ab55161d04fc13
php-decoda 3.x Cross Site Scripting
Posted May 2, 2012
Site redteam-pentesting.de

RedTeam Pentesting discovered a cross site scripting vulnerability in the PHP markup parser Decoda. This allows attackers that should be restricted to the markup supported by Decoda to specify a JavaScript event handler for an iframe tag. Depending on the usage of Decoda, this allows attackers to execute JavaScript code in the context of other users in a web application that uses Decoda. php-decoda versions 3.x prior to 3.3.3 are affected.

tags | exploit, web, php, javascript, xss
MD5 | 9fed0a3a99c0ef05a51231bbdbb6ed36
Debian Security Advisory 2413-1
Posted Feb 21, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2413-1 - Two buffer overflows have been discovered in libarchive, a library providing a flexible interface for reading and writing archives in various formats. The possible buffer overflows while reading is9660 or tar streams allow remote attackers to execute arbitrary code depending on the application that makes use of this functionality.

tags | advisory, remote, overflow, arbitrary
systems | linux, debian
advisories | CVE-2011-1777, CVE-2011-1778
MD5 | 4e53fdefa0c2bafde7b3cae7a95f6f18
Reaver-WPS 1.1
Posted Dec 30, 2011
Authored by Craig Heffner | Site code.google.com

Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases. Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations. On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.

Changes: Fixed getopt bug in x64. Fixed association failure bug.
tags | tool, wireless
systems | unix
MD5 | e073021df56b2e6499f8c894564805eb
Reaver-WPS 1.0
Posted Dec 29, 2011
Authored by Craig Heffner | Site code.google.com

Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases. Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations. On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.

tags | tool, wireless
systems | unix
MD5 | 7c22180fac128f898c68a8c6b18796f1
Red Hat Security Advisory 2011-1324-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1324-01 - Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting attack. A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially-crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

tags | advisory, web, overflow, arbitrary, xss
systems | linux, redhat
advisories | CVE-2007-0242, CVE-2011-3193
MD5 | e34b4a17cb099c4d856fe493a4a00b60
Debian Security Advisory 2198-1
Posted Mar 23, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2198-1 - Mathias Svensson discovered that tex-common, a package shipping a number of scripts and configuration files necessary for TeX, contains insecure settings for the "shell_escape_commands" directive. Depending on the scenario, this may result in arbitrary code execution when a victim is tricked into processing a malicious tex-file or this is done in an automated fashion.

tags | advisory, arbitrary, code execution
systems | linux, debian
advisories | CVE-2011-1400
MD5 | 7af5b064425e69b92050c026ecbc661e
TFTP GUI 1.4.5 Denial Of Service
Posted Dec 5, 2010
Authored by musashi42

The TFTPUtil GUI server version 1.4.5 can be denial of serviced by sending a specially crafted read request. Depending on the setup, sending write request "\x00\x02" may also work. This is written as a Metasploit module.

tags | exploit, denial of service
MD5 | 8e1b248c7aa84a7879fac12a62f58f66
UA-Tester (User-Agent Tester) 1.03
Posted Sep 28, 2010
Authored by Chris John Riley | Site blog.c22.cc

UA-Tester (User-Agent Tester) is a Python script that enables penetration testers to compare response headers from a remote server based on a list of User-Agent strings. The script allows testers to isolate differences in response depending on the browser used to access a site. This can be important as a growing number of sites are catering for mobile devices by forwarding them to alternative (browser friendly) pages, or redirecting them to alternative servers entirely.

tags | tool, remote, scanner, python
systems | unix
MD5 | fbe05e7b70833b07ddf5e5fbe28bb588
Rekonq 0.5 Cross Site Scripting
Posted Aug 19, 2010
Authored by Tim Brown | Site nth-dimension.org.uk

The Rekonq web browser is vulnerable to Javascript injection in a number of components of the user interface. Depending on the exact component affected this can lead to Javascript being executed in a number of contexts which in the worst case could allow an arbitrary web site to be spoofed or even for the Javascript to be executed in the context of an arbitrary context.

tags | exploit, web, arbitrary, spoof, javascript
MD5 | f826575d696a6820199c0f8c21c9625a
Adobe InDesign CS3 INDD File Handling Buffer Overflow
Posted Jun 14, 2010
Authored by LiquidWorm

When parsing .indd files to the application, Adobe InDesign CS3 version 10.0 crashes instantly overwriting memory registers. Depending on the offset, EBP, EDI, EDX and ESI gets overwritten. This allows for arbitrary code execution and denial of service.

tags | exploit, denial of service, arbitrary, code execution
MD5 | 0f1470dffbb0c3feba4ade63bf647a79
Asterisk Project Security Advisory - AST-2010-003
Posted Feb 26, 2010
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Host access rules using permit= and deny= configurations behave unpredictably if the CIDR notation /0 is used. Depending on the system's behavior, this may act as desired, but in other cases it might not, thereby allowing access from hosts that should be denied.

tags | advisory
MD5 | 96b5d56898cb42ff746d93184ad1b2cd
Windows SMB NTLM Authentication Weak Nonce
Posted Feb 10, 2010
Authored by Hernan Ochoa, Agustin Azubel | Site hexale.org

Flaws in Microsoft's implementation of the NTLM challenge-response authentication protocol causing the server to generate duplicate challenges/nonces and an information leak allow an unauthenticated remote attacker without any kind of credentials to access the SMB service of the target system under the credentials of an authorized user. Depending on the privileges of the user, the attacker will be able to obtain and modify files on the target system and execute arbitrary code. Proof of concept exploit included.

tags | exploit, remote, arbitrary, protocol, proof of concept
advisories | CVE-2010-0231
MD5 | bda076f3b77016ef22d44fd963cc382f
Mandriva Linux Security Advisory 2009-080
Posted Mar 27, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-080 - Multiple integer overflows in GLib's Base64 encoding and decoding functions enable attackers (possibly remote ones, depending on the applications glib2 is linked against with - mostly GNOME ones) either to cause denial of service and to execute arbitrary code via an untrusted input. This update provide the fix for that security issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2008-4316
MD5 | 77f8bf77c41ac9352761906b685650a5
Debian Linux Security Advisory 1738-1
Posted Mar 12, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1738-1 - David Kierznowski discovered that libcurl, a multi-protocol file transfer library, when configured to follow URL redirects automatically, does not question the new target location. As libcurl also supports file:// and scp:// URLs - depending on the setup - an untrusted server could use that to expose local files, overwrite local files or even execute arbitrary code via a malicious URL redirect.

tags | advisory, arbitrary, local, protocol
systems | linux, debian
advisories | CVE-2009-0037
MD5 | 14f0381721b95ce049cb608e5a5f54fa
SEC Consult Security Advisory SA-20081109-0
Posted Dec 9, 2008
Authored by Bernhard Mueller | Site sec-consult.com

SEC Consult Security Advisory 20081209-0 - Microsoft SQL Server suffers from a limited memory overwrite vulnerability.By calling the extended stored procedure sp_replwritetovarbin, and supplying several uninitialized variables as parameters, it is possible to trigger a memory write to a controlled location. Depending on the underlying Windows version, it is / may be possible to use this vulnerability to execute arbitrary code in the context of the vulnerable SQL server process. In a default configuration, the sp_replwritetovarbin stored procedure is accessible by anyone. The vulnerability can be exploited by an authenticated user with a direct database connection, or via SQL injection in a vulnerable web application. Versions 8.00.2039 and below are affected.

tags | advisory, web, arbitrary, sql injection
systems | windows
MD5 | 40dcb1354e0bf37319f474c7057b717d
AKADV2008-001-v1.0.txt
Posted Nov 8, 2008
Authored by Andreas Kurtz | Site andreas-kurtz.de

The jabber server Openfire versions 3.6.0a and below contain several serious vulnerabilities. Depending on the particular runtime environment these issues can potentially even be used by an attacker to execute code on operating system level. Full exploitation details provided.

tags | exploit, vulnerability
MD5 | 61aa53a9f122dce123100b68c4bee9f7
TPTI-08-06.txt
Posted Sep 16, 2008
Authored by Aaron Portnoy | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LANDesk Management Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the QIP Server Service (qipsrvr.exe) which listens by default on TCP port 12175. The process makes a vulnerable call to MultiByteToWideChar using values obtained from packet data. A malicious 'heal' request can allow an attacker to control both the pointer to the StringToMap and the StringSize arguments. The destination buffer is either allocated on the stack or heap depending on the specified sizes. In both cases it can be overflown leading to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary, tcp, code execution
advisories | CVE-2008-2468
MD5 | bbacd0bb61f7b22820af780249de43c7
Gentoo Linux Security Advisory 200808-12
Posted Aug 15, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200808-12 - Sebastian Krahmer of SuSE has found that Postfix allows to deliver mail to root-owned symlinks in an insecure manner under certain conditions. Normally, Postfix does not deliver mail to symlinks, except to root-owned symlinks, for compatibility with the systems using symlinks in /dev like Solaris. Furthermore, some systems like Linux allow to hardlink a symlink, while the POSIX.1-2001 standard requires that the symlink is followed. Depending on the write permissions and the delivery agent being used, this can lead to an arbitrary local file overwriting vulnerability (CVE-2008-2936). Furthermore, the Postfix delivery agent does not properly verify the ownership of a mailbox before delivering mail (CVE-2008-2937). Versions less than 2.5.3-r1 are affected.

tags | advisory, arbitrary, local, root
systems | linux, solaris, suse, osx, gentoo
advisories | CVE-2008-2936, CVE-2008-2937
MD5 | 3d10d7b22f9734485a3dd000961d1cf5
iDEFENSE Security Advisory 2008-07-09.1
Posted Jul 10, 2008
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 07.09.08 - Remote exploitation of a heap buffer overflow vulnerability in Novell Inc.'s eDirectory could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability exists due to an incorrect calculation when allocating a heap buffer to store the search parameters. By passing NULL search parameters, it is possible to overflow a heap based buffer with the string "(null)". This can result in the corruption of heap management structures, and depending on the layout of the heap, possibly function pointers. iDefense has confirmed the existence of this vulnerability in eDirectory version 8.8 SP2 for Linux. Other versions may also be affected.

tags | advisory, remote, overflow, arbitrary
systems | linux
advisories | CVE-2008-1809
MD5 | 394dfb4afcb412feb3f9e7d2d0495f4e
iDEFENSE Security Advisory 2007-04-03.5
Posted Apr 5, 2007
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 04.03.07 - Local exploitation of a memory corruption vulnerability in the multiple vendor's X server implementations could allow an attacker to execute arbitrary code with elevated privileges. The XC-MISC extension is used by the X Server to manage resource IDs. It is built in to the X server by default. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. Inside this function, the ALLOCATE_LOCAL() macro is used. This macro allocates memory on the stack or heap depending on the availability of the alloca() function. If alloca() is available, the stack is used, other wise the heap is used. Due to insufficient input validation, it is possible to cause memory corruption by passing specially crafted values to the ProcXCMiscGetXIDList() handler function. iDefense has confirmed the existence of this vulnerability in the X.org server version 7.1-1.1.0. Previous versions may also be affected.

tags | advisory, arbitrary, local
advisories | CVE-2007-1003
MD5 | 8a1ce6c14dc43b109074fba25227ac61
Ubuntu Security Notice 424-1
Posted Feb 24, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 424-1 - Multiple buffer overflows have been discovered in various PHP modules. If a PHP application processes untrusted data with functions of the session or zip module, or various string functions, a remote attacker could exploit this to execute arbitrary code with the privileges of the web server. The sapi_header_op() function had a buffer underflow that could be exploited to crash the PHP interpreter. The wddx unserialization handler did not correctly check for some buffer boundaries and had an uninitialized variable. By unserializing untrusted data, this could be exploited to expose memory regions that were not meant to be accessible. Depending on the PHP application this could lead to disclosure of potentially sensitive information. On 64 bit systems (the amd64 and sparc platforms), various print functions and the odbc_result_all() were susceptible to a format string vulnerability. A remote attacker could exploit this to execute arbitrary code with the privileges of the web server. Under certain circumstances it was possible to overwrite superglobal variables (like the HTTP GET/POST arrays) with crafted session data. When unserializing untrusted data on 64-bit platforms the zend_hash_init() function could be forced to enter an infinite loop, consuming CPU resources, for a limited length of time, until the script timeout alarm aborts the script.

tags | advisory, remote, web, overflow, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988
MD5 | c167c44b2f1ce8a0e863337ae113fd61
iDEFENSE Security Advisory 2007-02-13.2
Posted Feb 14, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 02.13.07 - Remote exploitation of a design error within Hewlett-Packard's "SLSd" daemon could allow an attacker to execute privileges as the superuser. The problem specifically exists due to a design error within the "SLSd_daemon" RPC daemon that provides connectivity between the distributed systems. This daemon registers itself under the RPC PROGID of 536870913 or 351456, depending on the HP-UX version. By sending a specially crafted request, the daemon will write attacker supplied data to an arbitrary file as the superuser. iDefense has confirmed the existence of this vulnerability within the "SLSd_daemon" binary as shipped with HP-UX 11.11i and 10.20. All versions are suspected to be vulnerable.

tags | advisory, remote, arbitrary
systems | hpux
MD5 | 941e1f5e13db359a50c195fe44b121cf
SYMSA-2007-002.txt
Posted Feb 14, 2007
Authored by J.R. Wikes, Matt Cooley, Scott King | Site symantec.com

Symantec Vulnerability Research SYMSA-2007-002 - Palm OS Treo smartphones are equipped with a system password lock to secure contents of handheld data from unauthorized access. When this lock is engaged, Treo's built-in Find feature is still accessible and can be used to perform searches on text in Treo applications and databases (e.g. SMS Messages, Memos, Calendar, Tasks, etc). Search results are accessible, and depending on their size, may be truncated. An attacker may use this vulnerability to retrieve information from a locked device.

tags | advisory
advisories | CVE-2007-0859
MD5 | 245f920185e5a29e93c6666977ff1d45
Page 3 of 4
Back1234Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    10 Files
  • 23
    Apr 23rd
    22 Files
  • 24
    Apr 24th
    11 Files
  • 25
    Apr 25th
    15 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close