what you don't know can hurt you
Showing 1 - 25 of 57 RSS Feed

Files

Gold Movies 1.0.4 Cross Site Scripting
Posted Jan 1, 2019
Authored by Deyaa Muhammad

Gold Movies version 1.0.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | ad162c27111af7270e671704ba6cdccd

Related Files

Gold Movies 1.0.2 SQL Injection
Posted Feb 15, 2016
Authored by indoushka

Gold Movies version 1.0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 4ef040480b285307d8f3542a4cf5646f
Yahoo mode Cross Site Scripting
Posted Mar 9, 2013
Authored by Stefan Schurtz

The mode parameter on celebrity.yahoo.com, movies.yahoo.com, and music.yahoo.com suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a82f6962b1c26c5687c1f6c7873f2e8f
Zero Day Initiative Advisory 12-135
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-135 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Apple QuickTime handles movies with the jpeg2k codec. When the size for a sample defined in the stsz atom is too big the QuickTime player fails to allocate the required memory for that sample. A pointer to the previous sample data still exists after the previous sample got freed. This pointer normally gets updated to point to the current sample data, but this does not happen when the allocation fails. The QuickTime player then re-uses the stale pointer and a use-after-free situation occurs. This can lead to remote code execution under that context of the current process.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2012-0661
MD5 | a3c9630afd77f3911b82c081120f46a0
ZoneMinder Video Camera Security Tool 1.25.0
Posted Sep 2, 2011
Authored by Philip Coombes | Site zoneminder.com

ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.

Changes: This release is mainly focused around a complete rewrite of the logging and debug functionality, which now includes a Web log viewer and fully consolidated logging. Support has also been added for SFTP in event uploads. There are also a small number of other useful new features and fixes.
tags | web
systems | linux, unix
MD5 | eaefa14befd482154970541252aa1a39
Zero Day Initiative Advisory 11-217
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-217 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Font Asset.x32 module responsible for parsing font-related structures within Director movies (.dir). The code within this module extracts and copies strings without any bounds checking. Several calls to strcpy can be abused to overwrite stack buffers and subsequently execute remote code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2109
MD5 | e26b188155a2cf8f0e64696b7abcbc7b
ZoneMinder Video Camera Security Tool 1.24.4
Posted May 31, 2011
Authored by Philip Coombes | Site zoneminder.com

ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.

Changes: This release primarily addresses a number of system and configuration issues that arose from 1.24.3, but also includes significant improvements to version management and upgrades.
tags | web
systems | linux, unix
MD5 | f34331325c5efd47197eca902976c93d
ZoneMinder Video Camera Security Tool 1.24.3
Posted May 18, 2011
Authored by Philip Coombes | Site zoneminder.com

ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.

Changes: This long awaited release brings improved compatibility with a number of updated third party packages. There were many reliability and performance updates plus a number of new features and fixes. A contributed iPhone interface was included.
tags | web
systems | linux, unix
MD5 | 6dad313df893995375a14532bc78379d
Allomani Movies Library 2.0 Cross Site Request Forgery
Posted Apr 2, 2011
Authored by AtT4CKxT3rR0r1ST

Allomani Movies Library version 2.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | eda2fbd1ab9e3c5daf17f20768898271
Adobe Flash Player "Button" Remote Code Execution
Posted Nov 3, 2010
Authored by Haifei Li, jduck | Site metasploit.com

This Metasploit module exploits a vulnerability in the handling of certain SWF movies within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This Metasploit module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2010-3654
MD5 | f0cf4b00a86b0a9f05563d4df27cb10e
Zero Day Initiative Advisory 10-227
Posted Nov 1, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-227 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for parsing Director movies. The .dir format is RIFF-based and is parsed mainly by the dirapi.dll module distributed with Shockwave. While parsing the Lnam chunk within a DIR file, the process attempts to extract a string into a fixed-length buffer located on the stack. The string is prefixed with a one byte size value. If the value is 0xFF the process blindly copies the following string until a NULL byte is found. This can be abused by an attacker to overflow the stack buffer and consequently execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-3655
MD5 | bf0bca60a5e024c918a65816351a9ac9
Adobe Shockwave rcsL Memory Corruption
Posted Oct 25, 2010
Authored by David Kennedy | Site metasploit.com

This Metasploit module exploits a weakness in the Adobe Shockwave player's handling of Director movies (.DIR). A memory corruption vulnerability occurs through an undocumented rcsL chunk. This vulnerability was discovered by http://www.abysssec.com.

tags | exploit, web
advisories | CVE-2010-3653
MD5 | e1353828019e262cd8c405659a8396d2
Adobe Shockwave tSAC Chunk Pointer Offset Memory Corruption Remote Code Execution
Posted Aug 26, 2010
Authored by Aaron Portnoy, Logan Brown, Team lollersk8erz | Site dvlabs.tippingpoint.com

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DIRAPIX.dll which is responsible for parsing the Director movies, a RIFF-based file format. The code sign-extends a value from the input file and uses it as an offset to seek into a heap buffer before performing a write operation. By crafting particular values for this field, an attacker can force the process to seek beyond the allocated bounds of the buffer. This can be leveraged by an attacker to execute arbitrary code under the context of the user running the web browser.

tags | advisory, remote, web, arbitrary
advisories | CVE-2010-2874
MD5 | ef9a3e7281ca06a5f1329b9f96d30dcb
Adobe Shockwave tSAC Chunk Invalid Seek Memory Corruption Remote Code Execution
Posted Aug 26, 2010
Authored by Aaron Portnoy, Logan Brown, Team lollersk8erz | Site dvlabs.tippingpoint.com

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DIRAPIX.dll which is responsible for parsing the Director movies, a RIFF-based file format. The code directly uses a value from the file while seeking into a heap buffer. The process then attempts to write a NULL byte to the seeked address. By specifying a large enough value for this field, an attacker can force the process to seek beyond the allocated bounds of the buffer. This can be leveraged by an attacker to execute arbitrary code under the context of the user running the web browser.

tags | advisory, remote, web, arbitrary
advisories | CVE-2010-2878
MD5 | 31a319c3e399b39147ef752cad8810f4
Adobe Shockwave CSWV Chunk Memory Corruption Remote Code Execution
Posted Aug 26, 2010
Authored by Aaron Portnoy, Logan Brown, Team lollersk8erz | Site dvlabs.tippingpoint.com

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within IML32X.dll and DIRAPIX.dll which are responsible for parsing the Director movies, a RIFF-based file format. The code trusts a value from the file as a count and performs an endian-flipping loop on data in heap memory. If the value is large enough the process can be made to seek outside the bounds of the allocation and thus corrupt memory in a controlled fashion. This can be leveraged by an attacker to execute arbitrary code under the context of the user running the web browser.

tags | advisory, remote, web, arbitrary
advisories | CVE-2010-2877
MD5 | 6ecda7d93cb6fbf864cbd79cfd4c01fe
Allomani Movies And Clips 2.7.0 SQL Injection
Posted Jul 28, 2009
Authored by Qabandi

Allomani Movies and Clips version 2.7.0 remote blind SQL injection exploit.

tags | exploit, remote, sql injection
MD5 | c5afcbb805a7c432d6d6dde62938a4a5
ZoneMinder Video Camera Security Tool
Posted Feb 28, 2009
Authored by Philip Coombes | Site zoneminder.com

ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.

Changes: Release addressing some issues discovered in 1.24.0 plus a small number of useful features.
tags | web
systems | linux
MD5 | 1e4ce392d645cbb28037ecebc5a56584
joomlajmovies-sql.txt
Posted Dec 4, 2008
Authored by StAkeR

Joomla Jmovies component version 1.1 remote SQL injection exploit.

tags | exploit, remote, sql injection
MD5 | 7e5beb358a1b6d65f2f8bb4027efb9f0
ZoneMinder-1.23.3.tar.gz
Posted Apr 30, 2008
Authored by Philip Coombes | Site zoneminder.com

ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.

Changes: Fixed a number of potential vulnerabilities in remote script execution that could allow an authenticated ZoneMinder user to create and run arbitrary code on your system as the web user. Various other updates made as well.
tags | web
systems | linux
MD5 | ee803f0f71d6e67adf602c3557fb6bc9
ZoneMinder-1.23.2.tar.gz
Posted Feb 26, 2008
Authored by Philip Coombes | Site zoneminder.com

ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.

Changes: Mostly bug fixes with some feature additions.
tags | web
systems | linux
MD5 | 8f203786bbe14d3e31a18f9dace98113
Gentoo Linux Security Advisory 200801-10
Posted Jan 24, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200801-10 - Jesus Olmos Gonzalez from isecauditors reported insufficient sanitization of the movies parameter in file tiki-listmovies.php. Mesut Timur from H-Labs discovered that the input passed to the "area_name" parameter in file tiki-special_chars.php is not properly sanitised before being returned to the user. redflo reported multiple unspecified vulnerabilities in files tiki-edit_css.php, tiki-list_games.php, and tiki-g-admin_shared_source.php. Versions less than 1.9.9 are affected.

tags | advisory, php, vulnerability
systems | linux, gentoo
advisories | CVE-2007-6526, CVE-2007-6528, CVE-2007-6529
MD5 | 25103debfa92866d5cbd7645429937f0
ZoneMinder-1.23.1.tar.gz
Posted Jan 22, 2008
Authored by Philip Coombes | Site zoneminder.com

ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.

Changes: Mostly bug fixes with a minor feature addition.
tags | web
systems | linux
MD5 | 2a70f4708a414be37187700823e87fb4
iDEFENSE Security Advisory 2008-01-15.5
Posted Jan 16, 2008
Authored by iDefense Labs, Jun Mao | Site idefense.com

iDefense Security Advisory 01.15.08 - Remote exploitation of a heap corruption vulnerability in Apple Computer Inc.'s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in the handling of Macintosh Resources embedded in QuickTime movies. When processing these records, a length value stored in the resource header is not properly validated. When a length value larger than the actual buffer size is supplied, potentially exploitable memory corruption occurs. iDefense Labs confirmed this vulnerability exists in QuickTime Player version 7.3.1. Previous versions are suspected to be vulnerable.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2008-0032
MD5 | 9e6e90cfa4d64a44ebf691fac2f1f239
tikiwiki-traverse.txt
Posted Dec 24, 2007
Authored by Jesus Olmos Gonzalez

The Tikiwiki CMS has a vulnerability that allows an attacker to get the first 1000 bytes from an arbitrary file through the tiki-listmovies.php script.

tags | exploit, arbitrary, php, file inclusion
MD5 | 5eee6c20979ac907f14a5250773f0b54
qt_pdat_heapbof.pdf
Posted Nov 13, 2007
Authored by Mario Ballano | Site 48Bits.com

QuickTime is prone to a heap overflow vulnerability when parsing malformed Panorama Sample Atoms, which are used in QuickTime Virtual Reality Movies.

tags | advisory, overflow
MD5 | c3be020bca030b61f2924275b9def402
as3socket.txt
Posted Aug 10, 2007
Authored by David Neu, fukami | Site sektioneins.de

Due to a design flaw in ActionScript 3 socket handling, compiled Flash movies are able to scan for open TCP ports on any host reachable from the host running the SWF, bypassing the Flash Player Security Sandbox Model and without the need to rebind DNS.

tags | advisory, tcp
MD5 | df08ea5923024e057f69b27d240723ee
Page 1 of 3
Back123Next

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    1 Files
  • 24
    May 24th
    1 Files
  • 25
    May 25th
    2 Files
  • 26
    May 26th
    23 Files
  • 27
    May 27th
    13 Files
  • 28
    May 28th
    18 Files
  • 29
    May 29th
    17 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close