exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

Loadbalancer.org Enterprise VA MAX 8.3.2 Remote Code Execution
Posted Oct 31, 2018
Authored by Jakub Palaczynski

Loadbalancer.org Enterprise VA MAX version 8.3.2 suffers from a code execution vulnerability.

tags | exploit, code execution
MD5 | 3b75b6e41ec6f5f7612096db9d4dd574

Related Files

MaxForum 1.0.0 Local File Inclusion
Posted Aug 15, 2012
Authored by ahwak2000

MaxForum version 1.0.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 5f499b6583cbfc9f0eb90c85158ffc12
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20120622
Posted Jun 23, 2012
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Changes: Tor was updated to 0.2.2.37, BusyBox to 1.20.1, and the kernel to 3.4.2 plus Gentoo's hardened-patches-3.4.2-2.extras. The MIPS port also incorporated these changes, but for this architecture the kernel was kept at vanilla 3.2.5.
tags | tool, x86, kernel, peer2peer
systems | linux
MD5 | 8bca855c501194fb025858c5c786fa1a
Secunia Security Advisory 49524
Posted Jun 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Edimax IC-3030iWn Network Camera, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | 3f5fb708740b7246cca1c25ebcfd1d30
Edimax IC-3030iWn Authentication Bypass
Posted Jun 12, 2012
Authored by y3dips | Site echo.or.id

Edimax version IC-3030iWn web administrative authentication bypass exploit. Written to use on a Mac. This also affects Edimax IC-3015 and Airlive WN 500.

tags | exploit, web
MD5 | ca1e0a46dd075fb1c9837d70bd1664c8
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20120601
Posted Jun 2, 2012
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Changes: This release incorporates major changes from upstream to all components of tor-ramdisk. Tor was updated to 0.2.2.36, libevent to 2.0.18, OpenSSH to 6.0p1, BusyBox to 1.20.0, and uclibc to 0.9.33.2, and the kernel was updated to 3.2.11 plus Gentoo's hardened-patches-3.2.11-1.extras. The MIPS port also incorporated these changes, but for this architecture libevent was updated to 2.0.19 and the kernel to 3.2.5.
tags | tool, x86, kernel, peer2peer
systems | linux
MD5 | b51c8a09cfd83dfb8bf78f9d2819cec7
FlexNet License Server Manager lmgrd Buffer Overflow
Posted May 22, 2012
Authored by Luigi Auriemma, sinn3r, Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in the FlexNet License Server Manager. The vulnerability is due to the insecure usage of memcpy in the lmgrd service when handling network packets, which results in a stack buffer overflow. In order to improve reliability, this module will make lots of connections to lmgrd during each attempt to maximize its success.

tags | exploit, overflow
advisories | OSVDB-81899
MD5 | 19d930127fce9ef37c1be58047232c2e
WikkaWiki 1.3.2 Spam Logging PHP Injection
Posted May 11, 2012
Authored by EgiX, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in WikkaWiki. When the spam logging feature is enabled, it is possible to inject PHP code into the spam log file via the UserAgent header, and then request it to execute our payload. There are at least three different ways to trigger spam protection, this module does so by generating 10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6). Please note that in order to use the injection, you must manually pick a page first that allows you to add a comment, and then set it as 'PAGE'.

tags | exploit, php
advisories | CVE-2011-4449, OSVDB-77391
MD5 | aff0f7b9f5cfd47509018a345f9d31f5
VMware Backdoor Response Uninitialized Memory Potential VM Break
Posted May 6, 2012
Authored by Derek Soeder

The vulnerability described in this document could hypothetically be exploited by unprivileged code running in a VMware virtual machine (guest) in order to execute code in the host VMX process, thereby breaking out of the virtual machine; however, such exploitation has not been proven. In the event that arbitrary code execution in the VMX process is possible, kernel privileges can be obtained on a Windows host by abusing the VMX process's special access to a VMware driver, meaning the maximum possible impact of this vulnerability is elevation from unprivileged guest code execution to host kernel code execution.

tags | exploit, arbitrary, kernel, code execution
systems | windows
advisories | CVE-2012-1516
MD5 | 2ef8f66ab0e238a9620ce20fe03c5f8f
Maxxweb CMS Cross Site Scripting
Posted Apr 27, 2012
Authored by Farbod Mahini

Maxxweb CMS suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 761dccbf9cfa507935b359e89aababee
Red Hat Security Advisory 2012-0475-01
Posted Apr 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0475-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-4858, CVE-2012-0022
MD5 | fcf121c17be50729e55738cd4bbed4db
Red Hat Security Advisory 2012-0474-01
Posted Apr 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0474-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-4858, CVE-2012-0022
MD5 | 48e9e692c6b6e106f2b2b06b7cf75437
osCmax Shop CMS 2.5.1 Cross Site Scripting
Posted Apr 9, 2012
Site vulnerability-lab.com

osCmax Shop CMS version 2.5.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 0bad8cf5399302d40360f3eeb53b83f2
Secunia Security Advisory 48731
Posted Apr 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in osCMax, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.

tags | advisory, vulnerability, sql injection
MD5 | 0c087da57d2e21569bb5acba5d72b8c6
osCmax 2.5.0 Cross Site Scripting / SQL Injection
Posted Apr 5, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

osCmax version 2.5.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2012-1664, CVE-2012-1665
MD5 | 35eb6e181d1adab4939bfae021b9884d
Secunia Security Advisory 48678
Posted Apr 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in osCMax, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
MD5 | 274d2c4e7ab3cef22a97d3a3ff8a9d3c
MailMax 4.6 POP3 Buffer Overflow
Posted Mar 30, 2012
Authored by localh0t

MailMax versions 4.6 and below POP3 USER remote buffer overflow exploit.

tags | exploit, remote, overflow
MD5 | 24ed1d2a3aced115de4bc69efbd82782
Debian Security Advisory 2436-1
Posted Mar 19, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2436-1 - It was discovered that the Apache FCGID module, a FastCGI implementation, did not properly enforce the FcgidMaxProcessesPerClass resource limit, rendering this control ineffective and potentially allowing a virtual host to consume excessive resources.

tags | advisory
systems | linux, debian
advisories | CVE-2012-1181
MD5 | a2d02263360c404d7ab4417987220b4b
Max's Photo Gallery 1.0 Local File Inclusion
Posted Mar 13, 2012
Authored by n0tch

Max's Photo Gallery version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 365a130c16647d619c41d5080a0dc4d5
Max's Guestbook 1.0 Local File Inclusion / Path Disclosure
Posted Mar 13, 2012
Authored by n0tch

Max's Guestbook version 1.0 suffers from path disclosure and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
MD5 | 6007fec7acee86d7c154229ef06a6a16
Secunia Security Advisory 48299
Posted Mar 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and multiple vulnerabilities have been reported in IBM Maximo Asset Management and IBM Maximo Asset Management Essentials, which can be exploited by malicious users to disclose sensitive information and conduct SQL injection attacks and by malicious people to conduct spoofing attacks, cross-site scripting attacks, cross-site request forgery attacks, and cause a DoS (Denial of Service).

tags | advisory, denial of service, spoof, vulnerability, xss, sql injection, csrf
MD5 | f3555efb09260e5185e3f2a4add25826
Red Hat Security Advisory 2012-0345-02
Posted Mar 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0345-02 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that JBoss Web did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make JBoss Web use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-0022
MD5 | 12c0d0eedbc5e7f69fb65870542445dd
Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution
Posted Feb 23, 2012
Authored by Peter Vreugdenhil | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the MaxInstructionSize from the maxp table to create a heap memory location to store all the Instruction Definition found in the Font Program 'fpgm' table. However, when Java encounters an IDEF opcode (0x89) in the opcode stream it never checks the size of the MaxInstructionSize which can result in a heap buffer overflow. This can lead to remote code execution under the context of the current process.

tags | advisory, java, remote, overflow, arbitrary, code execution
MD5 | 6dc4b5f748c872b9f9d63515be17303a
Ubuntu Security Notice USN-1358-1
Posted Feb 10, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1358-1 - It was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. ATTENTION: this update changes previous PHP behavior by limiting the number of external input variables to 1000. This may be increased by adding a "max_input_vars" directive to the php.ini configuration file. See http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars for more information. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, php
systems | linux, ubuntu
advisories | CVE-2011-4885, CVE-2012-0830, CVE-2011-4153, CVE-2012-0057, CVE-2012-0788, CVE-2012-0831, CVE-2011-0441, CVE-2011-0441, CVE-2011-4153, CVE-2011-4885, CVE-2012-0057, CVE-2012-0788, CVE-2012-0830, CVE-2012-0831
MD5 | 283098275d1a7663b375247bc413b584
Debian Security Advisory 2403-2
Posted Feb 7, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2403-2 - Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.

tags | advisory, remote, php
systems | linux, debian
advisories | CVE-2012-0830
MD5 | ac64d2dec1aeb1720402ce0a0f137168
Debian Security Advisory 2403-1
Posted Feb 3, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2403-1 - Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.

tags | advisory, remote, php
systems | linux, debian
advisories | CVE-2012-0830
MD5 | c4d8e3fd768c60e10ba1bfdc3db5bf69
Page 1 of 4
Back1234Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    17 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close