what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

MyBB Thank You / Like 3.0.0 Cross Site Scripting
Posted Aug 10, 2018
Authored by 0xB9

MyBB Thank You and Like plugins version 3.0.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-14888
SHA-256 | 9f8ed059bdad53cf73659afc51b4db7b6e1308aa78b94aeaba28b79575e80b16

Related Files

Mandriva Linux Security Advisory 2012-132
Posted Aug 15, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-132 - Multiple cross-site request forgery and cross-site scripting flaws has been found and corrected in GLPI. This advisory provides the latest version of GLPI which are not vulnerable to these issues. Additionally the latest versions of the corresponding plugins are also being provided.

tags | advisory, xss, csrf
systems | linux, mandriva
advisories | CVE-2012-4002, CVE-2012-4003
SHA-256 | 278fcab2d1ab2e4d4ef8819f221aff25448777d5df0d2fe452abe0b3a7049fea
Secunia Security Advisory 50063
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in the PoodLL plugins for Moodle, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 7f928e1ef9d46da2dadab131054e85fcc473662c2453689b842054730301fedd
Photodex ProShow Producer 5.0.3256 Buffer Overflow
Posted Jul 26, 2012
Authored by mr.pr0n, Julien Ahrens, juan | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Photodex ProShow Producer version 5.0.3256 in the handling of the plugins load list file. An attacker must send the crafted "load" file to victim, who must store it in the installation directory. The vulnerability will be triggered the next time ProShow is opened. The module has been tested successfully on Windows XP SP3 and Windows 7 SP1.

tags | exploit, overflow
systems | windows
advisories | OSVDB-83745
SHA-256 | bf2514d474a7b08d3b8119c8f11509c92a1414014f2de791e9a5e94b2b9e0c03
Ubuntu Security Notice USN-1512-1
Posted Jul 19, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1512-1 - It was discovered that KDE PIM html renderer incorrectly enabled JavaScript, Java and Plugins. A remote attacker could use this flaw to send an email with embedded JavaScript that possibly executes when opened.

tags | advisory, remote, javascript
systems | linux, ubuntu
advisories | CVE-2012-3413
SHA-256 | 0eb443866af01d8f0bed2a8e0d40c11f7d181c581505d2a58166201be1c354b9
WordPress Generic Plugin Shell Upload
Posted Jul 13, 2012
Authored by KedAns-Dz

This Metasploit module exploits an arbitrary PHP File Upload and Code Execution flaw in some WordPress blog software plugins. The vulnerability allows for arbitrary file upload and remote code execution POST Data to Vulnerable Script/File in the plugin.

tags | exploit, remote, arbitrary, php, code execution, file upload
SHA-256 | b0f467c2f9513aea9fd89d25f94d00be23be09c42cfc54f3bbc14d023bf918cf
strongSwan IPsec Implementation 5.0.0
Posted Jul 3, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The IKEv1 protocol was re-implemented from scratch by extending the successful IKEv2 code. The charon keying daemon now supports both protocols, which allowed the old IKEv1 pluto daemon to be removed. Support for the IKEv1 Aggressive and Hybrid Modes has been added.
tags | tool, encryption, protocol
systems | linux, freebsd, apple, osx
SHA-256 | 1a7ed98015df32e7412caf37391105af25a9dc66a0e357a1c92ccd5a9f180298
Irfanview Plugins 4.33 Overflow
Posted Jun 29, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

IrfanView Formats PlugIn is prone to an overflow condition. The JLS Plugin (jpeg_ls.dll) library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, a context-dependent attacker could potentially execute arbitrary code. Proof of concept included. Irfanview Plugins version 4.33 is affected.

tags | exploit, overflow, arbitrary, proof of concept
systems | linux
advisories | CVE-2012-3585
SHA-256 | cd8bb7da17eb6fd5c44d2f4ceac57a18c44aca435eea690d9247652a97f176d8
Secunia Security Advisory 49166
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Gliffy and Tempo plugins for JIRA, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 960518f7fea3db76660f198f35b9e7021f7b3fc341992676b9d1b0bc71941ac7
strongSwan IPsec Implementation 4.6.3
Posted May 3, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: An extended EAP-RADIUS interfaces allows one to enforce Session-Timeout attributes using RFC4478 repeated authentication, and acts upon RADIUS Dynamic Authorization extensions (RFC 5176). Currently supported are disconnect requests and CoA messages containing a Session-Timeout. The tnc-pdp plugin implements a RADIUS server interface allowing a strongSwan TNC server to act as a Policy Decision Point.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
SHA-256 | 62dd46bdfa66e997cd07479c448ce5a5cb3748cb495d58074a7a737dbbe93fc4
Gentoo Linux Security Advisory 201203-14
Posted Mar 16, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201203-14 - Multiple vulnerabilities in Audacious Plugins could result in execution of arbitrary code or Denial of Service. Versions below 3.1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-2911, CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915
SHA-256 | f6076cf29eba79c3ee0f14372a4e07c2f8ffddd7174f4c76e8c208325347c26c
Secunia Security Advisory 48439
Posted Mar 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for audacious-plugins. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
SHA-256 | c6d765f7a238ec6c731f85c42b64fff31e9b28c7927f80f5fc41c9c8ee71cdf4
Back To The FUZZ'er Toolkit
Posted Mar 12, 2012
Authored by localh0t

This tool is for fuzzing different protocols such as FTP, HTTP, IMAP, and more. It also has no-protocol plugins like a file fuzzer. Written in Python.

tags | tool, web, imap, protocol, python, fuzzer
systems | unix
SHA-256 | 874583a408997ba23522c16d137b1b132dcb40cc56646b50321f388166592a45
strongSwan IPsec Implementation 4.6.2
Posted Feb 22, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The Trusted Computing Group Attestation Platform Trust Service (PTS) protocol was implemented. TPM-based remote attestation of Linux IMA (Integrity Measurement Architecture) is now possible. Measurement reference values are automatically stored in a SQLite database. A RADIUS accounting interface was provided along with support for PKCS#8 encoded private keys.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
SHA-256 | 8ab2371ba0c70cd010f0736839a0737dec95b197325b98505c1c69dd55e6964f
Secunia Security Advisory 47893
Posted Feb 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Carlos Pantelides has discovered a vulnerability in multiple NetBeans plugins, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
SHA-256 | 75e27f8390b861aafa4fdf93a4bed8049e16aacc409f19e1cf885617c59fd004
Mandriva Linux Security Advisory 2012-014
Posted Feb 7, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-014 - The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request. This advisory provides the latest version of GLPI which are not vulnerable to this issue. Additionally the latest versions of the corresponding plugins are also being provided.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2011-2720
SHA-256 | f4875e63cc28c3d7e1d8921a612952ad0ff1970d34cc76aaf7e34342f3c7f682
Secunia Security Advisory 47360
Posted Jan 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in IrfanView PlugIns, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 4be452173132d2488810a10d149c25ba71aa23cc5982353371097ae927f0a0c5
Ettercap Network Sniffer / Interceptor 0.7.4
Posted Dec 6, 2011
Authored by Alberto Ornaghi, Marco Valleri | Site ettercap.sourceforge.net

Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.

Changes: Many long standing bugs were fixed: a resource depletion issue, buffer access out-of-bounds issues, DNS dissector not working on 64-bit systems, multiple buffer overflows, multiple memory leaks, multiple files with obsolete code, SEND L3 errors experienced by some users, and a compilation error under Mac OS X Lion. The build system was updated.
tags | tool, web, sniffer, protocol
systems | unix
SHA-256 | 9b5abd2dad2b6df91658086ceed6962a6b985ac25de8fa38f0195d68639ba55b
Secunia Security Advisory 46043
Posted Nov 13, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for audacious-plugins. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.

tags | advisory, denial of service, vulnerability
systems | linux, fedora
SHA-256 | 7a1d086b9d6e5a5982cee97d376af6bc93002aa8403f3a2f5c2fda2b3941dabe
Secunia Security Advisory 46032
Posted Nov 12, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Audacious has acknowledged some vulnerabilities in Audacious Plugins, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.

tags | advisory, denial of service, vulnerability
SHA-256 | 436bc60bd00465ad97241e59d8bce215a9ae5ff96b168bb4bbe118075c57d8ea
strongSwan IPsec Implementation 4.6.1
Posted Nov 12, 2011
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: Because Ubuntu 11.10 activated the --as-needed ld option that discards included links to dynamic libraries that are not actually used by the charon daemon itself, the loading of plugins depending on external symbols provided by the libsimaka, libtls, or libtnccs libraries failed. As a fix, the plugins include the required libraries directly, and due to relinking during the installation, the approach of computing integrity checksums for plugins had to be changed radically by moving the hash generation from the compilation to the post-installation phase.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
SHA-256 | d750ec16bc32c3d7f41fdbc7ac376defb1acde9f4d95d32052cdb15488ca3c34
Mandriva Linux Security Advisory 2011-171
Posted Nov 12, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-171 - GNOME NetworkManager before version 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2011-2176, CVE-2011-3364
SHA-256 | b0497990b7cd3f0be96a104f99d44c5413f36998cce68cf0d2fd1763c43b2bbc
w3af Web Application Attack and Audit Framework 1.1
Posted Nov 10, 2011
Authored by Andres Riancho | Site w3af.sourceforge.net

w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.

Changes: Increased performance using gzip encoding, hundreds of bugs fixed, enhanced embedded bug report system added and more.
tags | tool, remote, web, local, xss, sql injection, python, file inclusion
SHA-256 | 0bf3cec513931b9bf20e6f753dedeaab57b5cad303489ab9ff365786c04d9444
strongSwan IPsec Implementation 4.6.0
Posted Nov 8, 2011
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The libstrongswan plugin system now supports detailed plugin dependencies. Many plugins have been extended to export their capabilities and requirements. This allows the plugin loader to resolve the plugin loading order automatically, The pkcs11 plugin has been extended to handle Elliptic Curve Cryptography smartcards. The tnc-ifmap plugin implements a TNC IF-MAP 2.0 client which can deliver metadata about IKE_SAs via a SOAP interface to a Trusted Network Connect MAP server.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
SHA-256 | a602d73869f6d31e7e39021d3ac0b4d659de65348c0b42292785a6497ce28edc
SAP DIAG Decompress Plugin For Wireshark 0.1b
Posted Oct 17, 2011
Authored by Alexander Anisimov | Site ptresearch.blogspot.com

SAP DIAG Plugin extends the basic functionality of the WireShark network packet analyzer and provides additional features of SAP DIAG protocol analysis. This extension allows one to collect and decompress SAP DIAG packets in the course of interaction between SAP Front-end client software and SAP application servers. To install you must copy plugin pt_sap_diag_wireshark_plugin.dll in folder %WiresharkInstallDir%/plugins/%version%.

tags | protocol, library
SHA-256 | 71b7091784b0e766fa93438f71e44dfd4531729520e52c51315fc46a5cd26b60
Secunia Security Advisory 46319
Posted Oct 17, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in the A-Form plugins for Movable Type, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.

tags | advisory, vulnerability, xss
SHA-256 | 8c25a039b38ee8df5bb34464877aada52739c121b3c405d51065917f6935a217
Page 1 of 4
Back1234Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close