Twenty Year Anniversary
Showing 1 - 25 of 100 RSS Feed

Files

OpenBiz Cubi Lite 3.0.8 SQL Injection
Posted Nov 7, 2018
Authored by Ozkan Mustafa Akkus

OpenBiz Cubi Lite version 3.0.8 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 17e3d4a019fd764657bd670de45a9b2a

Related Files

Mandriva Linux Security Advisory 2012-108
Posted Jul 23, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-108 - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow. The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. The updated packages have been upgraded to the 5.3.15 version which is not vulnerable to these issues. Additionally the php-timezonedb packages has been upgraded to the latest version as well.

tags | advisory, remote, overflow, php
systems | linux, mandriva
advisories | CVE-2012-2688, CVE-2012-3365
MD5 | cb6339f2ab0f23b465ebf42626304b47
Secunia Security Advisory 49933
Posted Jul 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been discovered in easyCMSlite, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | 3b4427cd59ea24ba4a506d5626f337db
easyCMSlite 1.0.9 Database Information Disclosure
Posted Jul 17, 2012
Authored by mr.pr0n

easyCMSlite version 1.0.9 suffers from a remote database information disclosure vulnerability.

tags | exploit, remote, info disclosure
MD5 | 69bc0185623324bc9c61b90a862e633e
Elite Bulletin Board 2.1.19 SQL Injection
Posted Jul 15, 2012
Authored by T0xic

Elite Bulletin Board version 2.1.19 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 1fe325bd94a9f8a01f0d190e500db777
Red Hat Security Advisory 2012-1060-01
Posted Jul 9, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1060-01 - Cobbler is a network install server. Cobbler supports PXE, virtualized installs, and re-installing existing Linux machines. A command injection flaw was found in Cobbler's power management XML-RPC method. A remote, authenticated user who is permitted to perform Cobbler configuration changes via the Cobbler XML-RPC API, could use this flaw to execute arbitrary code with root privileges on the Red Hat Network Satellite server. Note: Red Hat Network Satellite uses a special user account to configure Cobbler. By default, only this account is permitted to perform Cobbler configuration changes, and the credentials for the account are only accessible to the Satellite host's administrator. As such, this issue only affected environments where the administrator allowed other users to make Cobbler configuration changes.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2012-2395
MD5 | fe9045b8f0d6abd85965decfc6a0906c
Security Threats In Digital Satellite Television
Posted May 28, 2012
Authored by Adam Gowdiak | Site security-explorations.com

This is a presentation called Security Threats in the World of Digital Satellite Television. It is from a talk given at the Hack In The Box security conference in Amsterdam in 2012.

tags | paper
MD5 | c329e10c9160ddc3319aeb438ee32185
Red Hat Security Advisory 2012-0677-01
Posted May 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0677-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. CREATE TRIGGER did not do a permissions check on the trigger function to be called. This could possibly allow an authenticated database user to call a privileged trigger function on data of their choosing.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0866, CVE-2012-0868
MD5 | 5589be2ef5de15f4c20bd819d5669875
Red Hat Security Advisory 2012-0678-01
Posted May 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0678-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. When configured to do SSL certificate verification, PostgreSQL only checked the first 31 characters of the certificate's Common Name field. Depending on the configuration, this could allow an attacker to impersonate a server or a client using a certificate from a trusted Certificate Authority issued for a different name.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0866, CVE-2012-0867, CVE-2012-0868
MD5 | e1a961e6fbae0168e6ab55161d04fc13
Android 2.3.7 SQLite Disclosure
Posted May 3, 2012
Authored by Roee Hay

SQLite databases stored on Android suffer from an insecure permission vulnerability. Version 2.3.7 is affected.

tags | advisory, info disclosure
MD5 | 64654c20829d05716e2aff1208cffd22
Joomla nBill Lite Cross Site Scripting
Posted Apr 26, 2012
Authored by HauntIT

The Joomla nBill Lite component suffers from cross site scripting and html injection vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 44eef9a1d640057be6f0f13da0aa7323
Havalite CMS 1.0.4 Cross Site Scripting
Posted Apr 23, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Havalite CMS version 1.0.4 suffers from persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 03e5ab45ff72cb6b5195d6bec489cf59
Secunia Security Advisory 48646
Posted Mar 30, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Havalite, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
MD5 | e17fdc00129e48f44bc7d3790576d5af
Secunia Security Advisory 48646
Posted Mar 30, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Havalite, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
MD5 | e17fdc00129e48f44bc7d3790576d5af
Secunia Security Advisory 48664
Posted Mar 30, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Red Hat Network Satellite, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | linux, redhat
MD5 | 87512db6b9ba0b02f8c296a3c77b18a2
Havalite CMS Shell Upload / SQL Injection / Disclosure
Posted Mar 30, 2012
Authored by KedAns-Dz

Havalite CMS suffers from database disclosure, shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection, info disclosure
MD5 | 95348caad568aa110e8a188446038792
Red Hat Security Advisory 2012-0436-01
Posted Mar 29, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0436-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. It was found that a remote attacker could upload packages to an RHN Satellite server's NULL organization without any authorization or authentication. Although an attacker cannot put packages into an arbitrary channel and have client systems download them, they could use the flaw to consume all the free space in the partition used to store synced packages. With no free space, Satellite would be unable to download updates and new packages, preventing client systems from obtaining them.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2012-1145
MD5 | 7bc2c38df6bd4b0e21e1eb8854ab2072
EasyPHP SQLite SQL Injection
Posted Mar 29, 2012
Authored by Skote Vahshat

EasyPHP SQLite suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 42d09c3d38970b1eab0d3f2a7f676d13
Secunia Security Advisory 48400
Posted Mar 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - K1P0D has discovered a vulnerability in LiteSpeed Web Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, web, xss
MD5 | 98eece6509d5d03e9e925adb19665e9d
LiteSpeed 4.1.11 Cross Site Scripting
Posted Mar 19, 2012
Authored by K1P0D

LiteSpeed versions 4.1.11 and below suffer from a cross site scripting vulnerability in the admin panel.

tags | exploit, xss
MD5 | cb262a31c03a7f7f3d46981dc687af77
Elite Gaming Ladder 3.7 SQL Injection
Posted Mar 17, 2012

Elite Gaming Ladders version 3.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7c39691de6b0a0ba49701b8706f59607
Simple Fuzzing Utility 0.7.0
Posted Mar 4, 2012
Authored by aaron conole | Site aconole.brad-x.com

Simple Fuzz is a simple fuzzer. It has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences. It is built to fill a need - the need for a quickly configurable black box testing utility that does not require intimate knowledge of the inner workings of C or require specialized software rigs. The aim is to just provide a simple interface, clear inputs/outputs, and reusability.

Changes: Fixed a long standing bug in the memory block replacement code. Added the ability to fuzz via blocks (ala spike/sulley fuzz frameworks). Added the ability to trap crashes via a harness program.
tags | fuzzer
MD5 | e6a3e9a8269831aa4ef90b9cc1652d4c
Skype 5.x.x Information Disclosure
Posted Feb 13, 2012

Even if a user has their security settings with no history enabled, Skype 5.x.x fails to securely remove chat messages stored in the sqlite3 database.

tags | exploit, info disclosure
MD5 | c4d32e6a422eb5b37e409613e6b14f8e
Secunia Security Advisory 47905
Posted Feb 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for Red Hat Network Satellite Server. This fixes a weakness, which can be exploited by malicious users to disclose certain sensitive information.

tags | advisory
systems | linux, redhat
MD5 | 5a31ac4efd27e69096372ca64c23941a
Red Hat Security Advisory 2012-0101-01
Posted Feb 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0101-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. If a user submitted a system registration XML-RPC call to an RHN Satellite server and that call failed, their RHN user password was included in plain text in the error messages both stored in the server log and mailed to the server administrator. With this update, user passwords are excluded from these error messages to avoid the exposure of authentication credentials.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-0059
MD5 | 3abfe178b3d51135b846e6674592c501
Mandriva Linux Security Advisory 2012-013
Posted Feb 4, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-013 - Security issues were identified and fixed in mozilla firefox and thunderbird. Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2011-3659, CVE-2011-3670, CVE-2012-0442, CVE-2012-0443, CVE-2012-0444, CVE-2012-0445, CVE-2012-0446, CVE-2012-0447, CVE-2012-0449, CVE-2012-0450
MD5 | 8440ddc6266c7f42154730c51559597b
Page 1 of 4
Back1234Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close