exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Loadbalancer.org Enterprise VA MAX 8.3.2 Remote Code Execution
Posted Oct 31, 2018
Authored by Jakub Palaczynski

Loadbalancer.org Enterprise VA MAX version 8.3.2 suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | c1b5933307b825ef281540222a9dd2caae7b662038c0531344d50d6c23d82148

Related Files

MaxForum 1.0.0 Local File Inclusion
Posted Aug 15, 2012
Authored by ahwak2000

MaxForum version 1.0.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 4d2458db553c660de071d51ccccb2c8f7509d219f2b6d8b54eff09baed72708a
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20120622
Posted Jun 23, 2012
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Changes: Tor was updated to 0.2.2.37, BusyBox to 1.20.1, and the kernel to 3.4.2 plus Gentoo's hardened-patches-3.4.2-2.extras. The MIPS port also incorporated these changes, but for this architecture the kernel was kept at vanilla 3.2.5.
tags | tool, x86, kernel, peer2peer
systems | linux
SHA-256 | 9897b37f6a6a7380f2b1a3104f85aedcea9b84b5400594a0944e88925eada2e7
Secunia Security Advisory 49524
Posted Jun 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Edimax IC-3030iWn Network Camera, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | f4cd0de086ff9f40c210133d0848e3f36873522b32307d11c836b710be647608
Edimax IC-3030iWn Authentication Bypass
Posted Jun 12, 2012
Authored by y3dips | Site echo.or.id

Edimax version IC-3030iWn web administrative authentication bypass exploit. Written to use on a Mac. This also affects Edimax IC-3015 and Airlive WN 500.

tags | exploit, web
SHA-256 | 752e66671fbfcb2b8ecd43374b58b4b79148ce19656b38f3936ce93089219033
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20120601
Posted Jun 2, 2012
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Changes: This release incorporates major changes from upstream to all components of tor-ramdisk. Tor was updated to 0.2.2.36, libevent to 2.0.18, OpenSSH to 6.0p1, BusyBox to 1.20.0, and uclibc to 0.9.33.2, and the kernel was updated to 3.2.11 plus Gentoo's hardened-patches-3.2.11-1.extras. The MIPS port also incorporated these changes, but for this architecture libevent was updated to 2.0.19 and the kernel to 3.2.5.
tags | tool, x86, kernel, peer2peer
systems | linux
SHA-256 | 2f1ba76561161a4b1b0a817d76cb62c817dd94f5aeb98806a1a2cb79ca795bb4
FlexNet License Server Manager lmgrd Buffer Overflow
Posted May 22, 2012
Authored by Luigi Auriemma, sinn3r, Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in the FlexNet License Server Manager. The vulnerability is due to the insecure usage of memcpy in the lmgrd service when handling network packets, which results in a stack buffer overflow. In order to improve reliability, this module will make lots of connections to lmgrd during each attempt to maximize its success.

tags | exploit, overflow
advisories | OSVDB-81899
SHA-256 | 2d6d029945aaecc2ac0003cb91c1250f912d627ce695077b2bfbd1919c57f669
WikkaWiki 1.3.2 Spam Logging PHP Injection
Posted May 11, 2012
Authored by EgiX, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in WikkaWiki. When the spam logging feature is enabled, it is possible to inject PHP code into the spam log file via the UserAgent header, and then request it to execute our payload. There are at least three different ways to trigger spam protection, this module does so by generating 10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6). Please note that in order to use the injection, you must manually pick a page first that allows you to add a comment, and then set it as 'PAGE'.

tags | exploit, php
advisories | CVE-2011-4449, OSVDB-77391
SHA-256 | 979dd7941c1071466332c8564dba032aa510362e1fb22f874339cf269936c50e
VMware Backdoor Response Uninitialized Memory Potential VM Break
Posted May 6, 2012
Authored by Derek Soeder

The vulnerability described in this document could hypothetically be exploited by unprivileged code running in a VMware virtual machine (guest) in order to execute code in the host VMX process, thereby breaking out of the virtual machine; however, such exploitation has not been proven. In the event that arbitrary code execution in the VMX process is possible, kernel privileges can be obtained on a Windows host by abusing the VMX process's special access to a VMware driver, meaning the maximum possible impact of this vulnerability is elevation from unprivileged guest code execution to host kernel code execution.

tags | exploit, arbitrary, kernel, code execution
systems | windows
advisories | CVE-2012-1516
SHA-256 | faaa583588ea28e78dd0709b7d226804732abda76965a7dc1e8370600d08440f
Maxxweb CMS Cross Site Scripting
Posted Apr 27, 2012
Authored by Farbod Mahini

Maxxweb CMS suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 38c469861a4a9cf8469dd60047951e878965800747f1740ea27f2c4ac072974c
Red Hat Security Advisory 2012-0475-01
Posted Apr 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0475-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-4858, CVE-2012-0022
SHA-256 | c5af0b87c0d07cfe6780ed6a76d4bce133b1d1406b01562b9076a80e82021b72
Red Hat Security Advisory 2012-0474-01
Posted Apr 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0474-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-4858, CVE-2012-0022
SHA-256 | dbddb067eea6285ae03840af13f5b96e3c76ac98669cc499d09536c755bea07d
osCmax Shop CMS 2.5.1 Cross Site Scripting
Posted Apr 9, 2012
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

osCmax Shop CMS version 2.5.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 6db2dfc3aea6aad608c9987fd8b25aa5ce53e8a49aaaebb40806872a1652c3b1
Secunia Security Advisory 48731
Posted Apr 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in osCMax, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 2fc5aa4aed3eac3a02a8f944be7d59179be0bcacfe216ca374f63e5bc8cb7bf6
osCmax 2.5.0 Cross Site Scripting / SQL Injection
Posted Apr 5, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

osCmax version 2.5.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2012-1664, CVE-2012-1665
SHA-256 | a5e02d0c69dca1d97fea82c33739c01c6d48ffc92847f347e9d1d4283a4ae4b0
Secunia Security Advisory 48678
Posted Apr 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in osCMax, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 1b55b109a29a064c391dbf46a8d69ae280622b85569438a4f7f8a35e16bf9ec3
MailMax 4.6 POP3 Buffer Overflow
Posted Mar 30, 2012
Authored by localh0t

MailMax versions 4.6 and below POP3 USER remote buffer overflow exploit.

tags | exploit, remote, overflow
SHA-256 | 14b8a1f5446fbce8f0033455b422da494838ebd8f710bfefe2e225cd86bde3c9
Debian Security Advisory 2436-1
Posted Mar 19, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2436-1 - It was discovered that the Apache FCGID module, a FastCGI implementation, did not properly enforce the FcgidMaxProcessesPerClass resource limit, rendering this control ineffective and potentially allowing a virtual host to consume excessive resources.

tags | advisory
systems | linux, debian
advisories | CVE-2012-1181
SHA-256 | 7d0ce122aab6b55983ad9b309da39537a16589ba657d163e326d34fa4f7c8abf
Max's Photo Gallery 1.0 Local File Inclusion
Posted Mar 13, 2012
Authored by n0tch

Max's Photo Gallery version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | c29e086711461caf700a0cb9b6614a3127c0a18809e32ce91ef6f67523f514c0
Max's Guestbook 1.0 Local File Inclusion / Path Disclosure
Posted Mar 13, 2012
Authored by n0tch

Max's Guestbook version 1.0 suffers from path disclosure and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | b9b523de9c2261e48feaa347895bf53bf393e2e05b6eb7a951fd4ee84dd02834
Secunia Security Advisory 48299
Posted Mar 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and multiple vulnerabilities have been reported in IBM Maximo Asset Management and IBM Maximo Asset Management Essentials, which can be exploited by malicious users to disclose sensitive information and conduct SQL injection attacks and by malicious people to conduct spoofing attacks, cross-site scripting attacks, cross-site request forgery attacks, and cause a DoS (Denial of Service).

tags | advisory, denial of service, spoof, vulnerability, xss, sql injection, csrf
SHA-256 | 7514f966ff15afa9258bc26ac26809d3363aa22c0c6bbd14217e71db67188af1
Red Hat Security Advisory 2012-0345-02
Posted Mar 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0345-02 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that JBoss Web did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make JBoss Web use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-0022
SHA-256 | 5f8ed354af7f93aae635f0011391c698a68ac7e5da46495e45b1d1b424d2b453
Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution
Posted Feb 23, 2012
Authored by Peter Vreugdenhil | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the MaxInstructionSize from the maxp table to create a heap memory location to store all the Instruction Definition found in the Font Program 'fpgm' table. However, when Java encounters an IDEF opcode (0x89) in the opcode stream it never checks the size of the MaxInstructionSize which can result in a heap buffer overflow. This can lead to remote code execution under the context of the current process.

tags | advisory, java, remote, overflow, arbitrary, code execution
SHA-256 | 7d7c2f550994a2e5cd5e28b925d468c48c1d40628d005eac85f1b8d0d1c73513
Ubuntu Security Notice USN-1358-1
Posted Feb 10, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1358-1 - It was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. ATTENTION: this update changes previous PHP behavior by limiting the number of external input variables to 1000. This may be increased by adding a "max_input_vars" directive to the php.ini configuration file. See http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars for more information. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, php
systems | linux, ubuntu
advisories | CVE-2011-4885, CVE-2012-0830, CVE-2011-4153, CVE-2012-0057, CVE-2012-0788, CVE-2012-0831, CVE-2011-0441, CVE-2011-0441, CVE-2011-4153, CVE-2011-4885, CVE-2012-0057, CVE-2012-0788, CVE-2012-0830, CVE-2012-0831
SHA-256 | 4e7832bc4af2f7480c0583d5776cc3ff599367f5f6f7376c2832f74a7230342c
Debian Security Advisory 2403-2
Posted Feb 7, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2403-2 - Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.

tags | advisory, remote, php
systems | linux, debian
advisories | CVE-2012-0830
SHA-256 | 0a43317dba937253385b54d3b26aa2f4ebcd6897c1a37b0fba9b5f3f67463d3c
Debian Security Advisory 2403-1
Posted Feb 3, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2403-1 - Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.

tags | advisory, remote, php
systems | linux, debian
advisories | CVE-2012-0830
SHA-256 | bbcaf9bacde93e6ba6e9cb4dfce9298a5d4f4801092f02f18b73ed6239c2c48d
Page 1 of 4
Back1234Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close