exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

Tzumi Electronics Klic Lock Authentication Bypass
Posted Jun 14, 2019
Authored by Kerry Enfinger

Tzumi Electronics Klic Lock version 1.0.9 allows for attackers to access resources via capture-replay.

tags | exploit
advisories | CVE-2019-11334
MD5 | 90a59931dc009b7842e44be11b45bf5e

Related Files

Secunia Security Advisory 50274
Posted Aug 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Justin C. Klein Keane has reported two vulnerabilities in the HotBlocks module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
MD5 | 37563c39d2a304fca7ccf0815ac304d7
Drupal Hotblocks 6.x Cross Site Scripting
Posted Aug 15, 2012
Authored by Justin C. Klein Keane

Drupal version 6.22 with Hotblocks 6.x suffers from cross site scripting and denial of service vulnerabilities. Proof of concept information included.

tags | exploit, denial of service, vulnerability, xss, proof of concept
MD5 | 5da693999cb3569b91a2694457c2ef6d
Drupal HotBlocks 6.x XSS / Denial Of Service
Posted Aug 15, 2012
Authored by Justin C. Klein Keane | Site drupal.org

Drupal Hotblocks third party module version 6.x suffers from cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
MD5 | 719b8de21e5b148dd54c9d579c03b197
Secunia Security Advisory 50100
Posted Aug 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in the G-Lock Double Opt-in Manager plugin for WordPress, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory, vulnerability
MD5 | 4a85b959e8691c2e7207bb8b68578848
WordPress G-Lock Double Opt-in Manager 2.6.2 SQL Injection
Posted Aug 1, 2012
Authored by BEASTIAN

WordPress G-Lock Double Opt-in Manager plugin versions 2.6.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f0f9d0672603192eda88598cc6166338
Secunia Security Advisory 49854
Posted Jul 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Charlie Eriksen has discovered multiple vulnerabilities in the Global Content Blocks plugin for WordPress, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose potentially sensitive information.

tags | advisory, vulnerability
MD5 | 843e63e12f1653de4aefabb132c2ef9e
Drupal Book Block 6.x-1.0-beta1 Cross Site Scripting
Posted Jul 11, 2012
Authored by Zach Alexander

Drupal version 6.26 with Book Block version 6.x-1.0-beta1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 51b0bcbca16885d211c2f0efd957f0f5
IOSEC HTTP Anti Flood/DoS Security Gateway Module 1.7
Posted Jul 11, 2012
Authored by Gokhan Muharremoglu | Site sourceforge.net

This module provides security enhancements against (HTTP) Flood and Brute Force Attacks for native PHP or .NET scripts at the web application level. Scanning, crawling, and floor tools can be detected and blocked by this module via htaccess or iptables, etc.

Changes: Improved Implicit Deny Mode. Admin GUI Removed. Various other additions.
tags | web, php
MD5 | 9f857e37445fbb6fc5de047f2670646b
Apache Hadoop HDFS Information Disclosure
Posted Jul 10, 2012
Authored by Aaron T. Myers

Apache Hadoop version 2.0.0-alpha suffers from an HDFS information disclosure vulnerability. Malicious clients may gain write access to data for which they have read-only permission, or gain read access to any data blocks whose IDs they can determine.

tags | advisory, info disclosure
advisories | CVE-2012-3376
MD5 | fcf04d3a187fc9f834a69d450e6b7149
ImmediateCrypt 1.0
Posted Jul 8, 2012
Authored by Giacomo Drago | Site code.google.com

ImmediateCrypt can easily encrypt and decrypt plain text messages with the AES-256 algorithm (CBC block chaining, PKCS5 padding).

Changes: This release trims Ciphertext and Plaintext before encryption, adds an "about" window, creates a portable build.xml file, adds a program icon, and adds small fixes and improvements.
tags | tool, java, encryption
MD5 | 755de7208307196164bf12050e749ae3
Red Hat Security Advisory 2012-0939-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0939-04 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2011-4028, CVE-2011-4029
MD5 | 960725476cdf6e186b95b06971ce3b4e
Airlock WAF 4.2.4 Bypass
Posted Jun 19, 2012
Authored by G. Wagner | Site sec-consult.com

The Airlock WAF protection can be completely bypassed by using overlong UTF-8character representations of the NUL character such as C0 80, E0 80 80 and F080 80 80. During the tests no internal knowledge of the WAF was known, but it is suspected that the UTF-8 decoder fails to reject the overlong NUL byte character representations and they get decoded as U+0000 later on. Further the WAF would not perform any checks for attack patterns after the NUL byte. Versions 4.2.4 and below are affected.

tags | exploit
MD5 | 91e21e7c63b0df2af93a914b379baa26
Mandos Encrypted File System Unattended Reboot Utility 1.6.0
Posted Jun 19, 2012
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: The client now uses all available interfaces, not just the first usable one. The server takes a new "--foreground" option.
tags | remote, root
systems | linux, unix
MD5 | ba60d0d87231b7fac7efe1828f734506
TOR Virtual Network Tunneling Tool 0.2.2.37
Posted Jun 14, 2012
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This release introduces a workaround for a critical renegotiation bug in OpenSSL 1.0.1 (20% of the Tor network can't talk to itself currently).
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 5aafdca4fb6af6e12b503d32b03f14a7
Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload Vulnerability
Posted Jun 11, 2012
Authored by Tenable Network Security, juan vazquez | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in Symantec Web Gateway's HTTP service. Due to the incorrect use of file extensions in the upload_file() function, this allows us to abuse the spywall/blocked_file.php file in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution.

tags | exploit, web, arbitrary, php, code execution, file upload
advisories | CVE-2012-0299, OSVDB-82025
MD5 | be446e25ec745719bc33f2dda2461791
Zero Day Initiative Advisory 12-092
Posted Jun 9, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-092 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles audio encoded with the QCELP codec. The codec allows you to specify the 'block_size' that is used. This size is used to create an allocation to hold the data, but a hardcoded blocksize is later used to copy data into that allocation. This could lead to remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4247
MD5 | e33996508ffbd2fd1af025bd0eda6ba5
TOR Virtual Network Tunneling Tool 0.2.2.36
Posted Jun 7, 2012
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This release updates the addresses for two of the eight directory authorities, fixes some potential anonymity and security issues, and fixes several crash bugs. Tor 0.2.1.x has reached its end-of-life. Those Tor versions have many known flaws, and nobody should be using them. You should upgrade. If you're using a Linux or BSD distribution and its packages are obsolete, stop using those packages and upgrade anyway.
tags | tool, remote, local, peer2peer
systems | unix
advisories | CVE-2011-4576
MD5 | 620b2110086aba01236b57f1d5aba416
Mandos Encrypted File System Unattended Reboot Utility 1.5.5
Posted Jun 2, 2012
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: The server now has a --socket option.
tags | remote, root
systems | linux, unix
MD5 | 511b73b260427c595227efcb6a39bada
Red Hat Security Advisory 2012-0699-01
Posted May 29, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0699-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS application data record lengths when using a block cipher in CBC mode. A malicious DTLS client or server could use this flaw to crash its DTLS connection peer.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2012-2333
MD5 | b5042fff90ca1be47e86def5eb3f6a5c
Mandriva Linux Security Advisory 2012-084
Posted May 29, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-084 - ncpfs 2.2.6 and earlier attempts to use ncpmount to append to the /etc/mtab file and ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2011-1679, CVE-2011-1680
MD5 | 0d86316871228077dc9f06fac7f939ae
Mandriva Linux Security Advisory 2012-083
Posted May 29, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-083 - Multiple vulnerabilities have been discovered and corrected in util-linux. mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. The updated packages have been patched to correct this issue.

tags | advisory, local, vulnerability
systems | linux, mandriva
advisories | CVE-2011-1675, CVE-2011-1677
MD5 | 807f5eabab62268adf6dce47aa1fb275
PHPCollab 2.5 Unauthenticated Access
Posted May 23, 2012
Authored by team ' and 1=1--

PHPCollab version 2.5 fails to properly block access to data on the system.

tags | exploit, bypass
MD5 | bc86a1653dea13519ffa3cf29b1445e8
Mandos Encrypted File System Unattended Reboot Utility 1.5.4
Posted May 20, 2012
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Bugfixes (some for regression bugs) for the server and related utilities.
tags | remote, root
systems | linux, unix
MD5 | 38b0f49d62243d301a132685d7f70ab3
Quarks PwDump 0.1b
Posted May 20, 2012
Authored by Kaczmarek Sebastien | Site code.google.com

Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems. It currently extracts local accounts NT/LM hashes and history, domain accounts NT/LM hashes and history, cached domain password, and Bitlocker recovery information.

tags | local, cracker
systems | windows, 32
MD5 | 8f2cf3805445690010dece3116715100
Mandriva Linux Security Advisory 2012-076
Posted May 15, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-076 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues have also been addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-3362, CVE-2011-3504, CVE-2011-3892, CVE-2011-3893, CVE-2011-3895, CVE-2011-3929, CVE-2011-3936, CVE-2011-3937, CVE-2011-3940, CVE-2011-3945, CVE-2011-3947, CVE-2011-3973, CVE-2011-3974, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353, CVE-2011-4364, CVE-2011-4579, CVE-2012-0853, CVE-2012-0858
MD5 | a0a820ff84a7a248cfefc432cc727cf8
Page 1 of 4
Back1234Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    17 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close