exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Brava! Enterprise / Server 16.4 Information Disclosure
Posted Nov 1, 2018
Authored by Luke Bailiff

Brava! Enterprise and Server components versions 7.5 through 16.4 suffer from a sensitive data exposure vulnerability due to weak permissions.

tags | exploit, info disclosure
SHA-256 | 22ddcecdf678369fce4fd0eec120348fb5cd6c405de17d297ede0c2e352fb5d9

Related Files

Zero Day Initiative Advisory 12-131
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-131 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Microsoft .NET handling of XAML Browser Applications (XBAP) graphics components. It is possible to cause an undersized allocation for a buffer which is populated with user-supplied glyph data, resulting in memory corruption which can be leveraged to remotely execute code.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0162
SHA-256 | 2ba150accd380124e735108b1edaea64553b981dcdfde6e7789e26f7a74b150f
Red Hat Security Advisory 2012-1109-01
Posted Jul 23, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1109-01 - JBoss Application Server is the base package for JBoss Enterprise Portal Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
SHA-256 | 78dd41f8b5b34025ec971ccb9596f9551cde8d2534b3816a8c8e07e50a8da9ef
Metasploit Framework 4.4
Posted Jul 17, 2012
Authored by H D Moore | Site metasploit.com

The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

Changes: 101 modules have been added. Meterpreter has been modernized. Various other improvements.
tags | tool, ruby
systems | unix
SHA-256 | ddcc7890a394d8154120a163c90b11119a0322b62d937ad1a3a14ef3fe6cf74e
Joomla Web Scanner 1.4
Posted Jul 16, 2012
Authored by Pepelux | Site enye-sec.org

Joomla web scanning perl script that gets the version, components and shows possible bugs.

Changes: Version 1.4 of JoomlaScan recognizes Joomla! versions 1.x, 1.5.x, 1.7.x, and 2.5.x and shows possible bugs in core and components.
tags | tool, web, scanner, perl
systems | unix
SHA-256 | 0ab018e39405e6084e40c17103e2371d3366a4af2159ce098bae85b710b3f1ab
IBM Edge Components Caching Proxy Cross Site Scripting
Posted Jun 30, 2012
Authored by BugsNotHugs

IBM Edge Components Caching Proxy suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 68d588eb54e653728e1f9f5cccf167d8113243b81dee38b4e767517c4b58bce8
OpenLimit Reader Vulnerable Components
Posted Jun 26, 2012
Authored by Stefan Kanthak

OpenLimit reader, an application aimed to provide security by validating X.509 signatures and signing PDFs inside Adobe Reader, contains completely outdated, superfluous and vulnerable components, which comprise 40% of the whole installation package.

tags | advisory
SHA-256 | 4cc2e247a5f3aaa21b4f53170afeda08847ab6f3934f5cbbdf9af600f6da8c02
Red Hat Security Advisory 2012-1024-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1024-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
SHA-256 | 8cc9c3945525422b04633921dec6bd1564cbb738676ec11d5e3d8b5b39714c3e
Red Hat Security Advisory 2012-1027-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1027-01 - JBoss Application Server is the base package for JBoss Enterprise Web Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-4605, CVE-2012-1167
SHA-256 | 1578bf172d8363fc992779d77d8a4145fd48215f84c717867f2aff0ef979d171
Red Hat Security Advisory 2012-1025-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1025-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
SHA-256 | 438ecd3704f472ac339ff1c305b869175056410b1f32535578f2aaf8cef02993
Red Hat Security Advisory 2012-1026-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1026-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605, CVE-2012-1167
SHA-256 | 4168e8b5dde8d8685ff22bfc83da9f6eacabfa3c71ef704249f1b017705b45a7
Red Hat Security Advisory 2012-1023-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1023-01 - JBoss Application Server is the base package for JBoss Enterprise Web Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-4605
SHA-256 | af4b1c4d6857f6b733bd13ef19814d9228ac4ff24bec6d9d9171c97b4150362e
Red Hat Security Advisory 2012-1022-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1022-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
SHA-256 | af9bdf7c93929aa109a8674418359aeec8a8c9c8ff4dcb42a6ff52118a155d22
Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary code on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service. The service is exploitable even when RDS is configured to deny remote connections (handsafe.reg). The service is vulnerable to a heap overflow where the RDS DataStub 'Content-Type' string is overly long. Microsoft Data Access Components (MDAC) 2.1 through 2.6 are known to be vulnerable.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2002-1142, OSVDB-14502
SHA-256 | 5b8f51f6304db9028ffb31a8630bc9126a8b59e8dff7370fae1e12b8fd591199
Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary commands on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service using VbBusObj or AdvancedDataFactory to inject shell commands into Microsoft Access databases (MDBs), MSSQL databases and ODBC/JET Data Source Name (DSN). Based on the msadcs.pl v2 exploit by Rain.Forest.Puppy, which was actively used in the wild in the late Ninties. MDAC versions affected include MDAC 1.5, 2.0, 2.0 SDK, 2.1 and systems with the MDAC Sample Pages for RDS installed, and NT4 Servers with the NT Option Pack installed or upgraded 2000 systems often running IIS3/4/5 however some vulnerable installations can still be found on newer Windows operating systems. Note that newer releases of msadcs.dll can still be abused however by default remote connections to the RDS is denied. Consider using VERBOSE if you're unable to successfully execute a command, as the error messages are detailed and useful for debugging. Also set NAME to obtain the remote hostname, and METHOD to use the alternative VbBusObj technique.

tags | exploit, remote, arbitrary, shell
systems | windows
advisories | CVE-1999-1011
SHA-256 | 382234f494b3e6be1ceaa9dc39e8b06bf8faad703997a8f0eec9259b5d187113
Access Road 0.7.2
Posted Jun 6, 2012
Authored by Patrick Thazard

Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added.

Changes: This release is mainly to fix a critical bug on the NoMore-NoLess views on Windows, and to allow use of the ORACLE JRE 7 with the previous bases from an old JRE.
tags | tool
systems | linux, unix
SHA-256 | 66fb5636308651b4c30914ee68b3d1dd0bb8281f93ba0f3b8d86229d271ee731
Access Road (Source Release) 0.7.2
Posted Jun 6, 2012
Authored by Patrick Thazard

Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added. This is the source release.

Changes: This release is mainly to fix a critical bug on the NoMore-NoLess views on Windows, and to allow use of the ORACLE JRE 7 with the previous bases from an old JRE.
tags | tool
systems | linux, unix
SHA-256 | 4887943b5dfe0cd8a8727842cf0bd736b62983162e36e137d3fa1390c6741a9b
Red Hat Security Advisory 2012-0519-01
Posted Apr 25, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0519-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.1 serves as a replacement for JBoss Enterprise Portal Platform 5.2.0, and includes bug fixes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4314, CVE-2012-0818
SHA-256 | 4c2d7e867f2236c82154ad3fdca5b623e021c311c49562d7e1ef097fb83249f5
Oracle GlassFish Server 3.1.1 Build 12 Cross Site Scripting
Posted Apr 21, 2012
Authored by Roberto Suggi Liverani | Site security-assessment.com

Security-Assessment.com has discovered that components of the Oracle GlassFish Server administrative web interface are vulnerable to both reflected and stored cross site scripting attacks. All pages where cross site scripting vulnerabilities were discovered require authentication. Oracle GlassFish Server version 3.1.1 build 12 is affected.

tags | exploit, web, vulnerability, xss
advisories | CVE-2012-0551
SHA-256 | 483308f8a564fa501d764b451f997bd57808a2fe9a67f2ce80beea114ee97f8c
HP Security Bulletin HPSBUX02755 SSRT100667
Posted Mar 29, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02755 SSRT100667 - A potential security vulnerability has been identified with certain HP-UX WBEM components. The vulnerability could be exploited remotely in HP-UX 11.11 and HP-UX 11.23 to gain unauthorized access to diagnostic data. The vulnerability could be exploited locally in HP-UX 11.31 to gain unauthorized access to diagnostic data. Revision 1 of this advisory.

tags | advisory
systems | hpux
advisories | CVE-2012-0125, CVE-2012-0126
SHA-256 | 9fd07bfa8869f71cca9fb93250c1b9fbc51d1386af49bf4fc333d3853b6b9890
OpenOffice.org Data Leakage
Posted Mar 23, 2012
Authored by Timothy D. Morgan | Site apache.org

An XML External Entity (XXE) attack is possible in OpenOffice.org versions 3.3 and 3.4 Beta. This vulnerability exploits the way in which external entities are processed in certain XML components of ODF documents.

tags | advisory, xxe
advisories | CVE-2012-0037
SHA-256 | 8eebd992aa35f4faf62775e9bf55d28de394b1f4f67b8928b0375d38ba17a838
Red Hat Security Advisory 2012-0345-02
Posted Mar 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0345-02 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that JBoss Web did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make JBoss Web use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-0022
SHA-256 | 5f8ed354af7f93aae635f0011391c698a68ac7e5da46495e45b1d1b424d2b453
1337 Multiple CMS Scanner Online
Posted Feb 18, 2012
Authored by KedAns-Dz

This tool is a php script that assists in finding vulnerable components in multiple CMS systems.

tags | tool, scanner, php
systems | unix
SHA-256 | 4d2492d8c0103eb62eed2ed37137e6e97badf00162448c9f8015bfeea67e820e
Red Hat Security Advisory 2012-0091-01
Posted Feb 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0091-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This JBoss Enterprise Portal Platform 4.3 CP07 release serves as a replacement for JBoss Enterprise Portal Platform 4.3 CP06.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-1484, CVE-2011-2526, CVE-2011-4085, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064
SHA-256 | 8d477b129cade9168945756f320e10f89d8e0cf7bba8bf7336e147cc0e23f36a
Red Hat Security Advisory 2012-0040-01
Posted Jan 18, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0040-01 - Part of the Native components for JBoss Enterprise Web Platform is mod_cluster, an Apache HTTP Server based load balancer. Like mod_jk, it uses a communication channel to forward requests from httpd to an application server node. It was found that mod_cluster allowed worker nodes to register on any virtual host, regardless of the security constraints applied to other vhosts. In a typical environment, there will be one vhost configured internally for worker nodes, and another configured externally for serving content. A remote attacker could use this flaw to register an attacker-controlled worker node via an external vhost that is not configured to apply security constraints, then use that worker node to serve malicious content, intercept credentials, and hijack user sessions.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-4608
SHA-256 | e6fd1ec0b530f75a6b6daecd23446724c8c8a60c299a2a0342c8b22d15a706d5
Red Hat Security Advisory 2012-0038-01
Posted Jan 18, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0038-01 - Part of the Native components for JBoss Enterprise Application Platform is mod_cluster, an Apache HTTP Server based load balancer. Like mod_jk, it uses a communication channel to forward requests from httpd to an application server node. It was found that mod_cluster allowed worker nodes to register on any virtual host, regardless of the security constraints applied to other vhosts. In a typical environment, there will be one vhost configured internally for worker nodes, and another configured externally for serving content. A remote attacker could use this flaw to register an attacker-controlled worker node via an external vhost that is not configured to apply security constraints, then use that worker node to serve malicious content, intercept credentials, and hijack user sessions.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-4608
SHA-256 | 352ae078c379313c63ebf26b9ead6063c5b8d06b03bc8fc08b62faeadd3ee32e
Page 1 of 4
Back1234Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close