exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

IBM Bigfix Platform 9.5.9.62 Arbitary File Upload / Code Execution
Posted Oct 7, 2019
Authored by Jakub Palaczynski

IBM Bigfix Platform version 9.5.9.62 suffers from an arbitrary file upload vulnerability as root that can achieve remote code execution.

tags | exploit, remote, arbitrary, root, code execution, file upload
advisories | CVE-2019-4013
SHA-256 | 678846b330bb25aef207cbc3ab7747185ce598f22867e982d5957674140dcefe

Related Files

Hashes Generation And Injection Tool
Posted Aug 17, 2012
Authored by Pedro Ribeiro | Site github.com

Hashes is a cross-platform tool that generates and injects different keys with the same hash code in order to test web applications against hash collision attacks. Written in Java. Has support for Java, PHP, ASP, and V8.

tags | tool, java, web, php, asp
systems | unix
SHA-256 | 6bedf1fbba1ca220222bc6be3b897176d50aac02f53df2ed5328792dd158289c
Red Hat Security Advisory 2012-1165-01
Posted Aug 14, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1165-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.3.0. It includes various bug fixes. The following security issue is also fixed with this release: It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.

tags | advisory, remote, arbitrary, code execution, csrf
systems | linux, redhat
advisories | CVE-2011-2908
SHA-256 | 60f263a40e9847b3704eea8775ecc38544cbf434846d76a7dc6b54f11d8bced7
Secunia Security Advisory 50230
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise SOA Platform. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
systems | linux, redhat
SHA-256 | 7cb92e717aabbd61ab9ef2fd11503b990d815ba8ad87257cf957ee7641b15720
Red Hat Security Advisory 2012-1152-01
Posted Aug 9, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1152-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.

tags | advisory, remote, arbitrary, code execution, csrf
systems | linux, redhat
advisories | CVE-2011-2908
SHA-256 | 541ebbf92a7b69b98f4d8f15cc4138c7a7f8c74ac83e8b5ebf8bc57eb5032ebc
Mandriva Linux Security Advisory 2012-126
Posted Aug 8, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-126 - Multiple integer overflows in libxml2, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2012-2807
SHA-256 | 6a3ce55329031068584d5c7d764a0eaa56d8918f2f86f153cbcf8edeee863c66
Secunia Security Advisory 50084
Posted Aug 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise SOA Platform. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, redhat
SHA-256 | 0b8185dd9007da0da65f2831d65d1f08f5e146db7dccb14083cf8198240ddf3b
Red Hat Security Advisory 2012-1125-01
Posted Jul 31, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1125-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. This release of JBoss Enterprise SOA Platform 5.3.0 serves as a replacement for JBoss Enterprise SOA Platform 5.2.0. It includes various bug fixes and enhancements which are detailed in the JBoss Enterprise SOA Platform 5.3.0 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-3506, CVE-2011-3517, CVE-2011-4605, CVE-2011-4838, CVE-2012-0079, CVE-2012-0818, CVE-2012-2377
SHA-256 | b8d763d67a55bbd9739b6389ec7a18b563c208224d53204c1a9cca5f0d61037e
Another File Integrity Checker 3.1
Posted Jul 26, 2012
Authored by Eric Gerbier | Site afick.sourceforge.net

afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.

Changes: This is the first public (stable) release of new 3.x branch. It is a rewrite (partial for now) of afick in object oriented programming, to allow better code and better support. It matches the 2.21 release for features. The two afick branches (2.x and 3.x) will be maintained in parallel for a few versions, to allow users to migrate when they want.
tags | tool, integrity
systems | linux, windows, unix
SHA-256 | 933d4fffd3ddffb6eeb8972b47caf3bce6a24d709209a488ab2ddec8e716842c
Termineter 0.1.0
Posted Jul 24, 2012
Authored by Spencer McIntyre | Site code.google.com

Termineter is a framework written in python to provide a platform for the security testing of smart meters. It implements the C12.18 and C12.19 protocols for communication. Currently supported are Meters using C12.19 with 7-bit character sets. Termineter communicates with Smart Meters via a connection using an ANSI type-2 optical probe with a serial interface.

tags | tool, protocol, python
systems | unix
SHA-256 | 8c72b50832476f3e05267e7d4f72848ea822e3c27a9f383258782999f96bcc12
Red Hat Security Advisory 2012-1109-01
Posted Jul 23, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1109-01 - JBoss Application Server is the base package for JBoss Enterprise Portal Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
SHA-256 | 78dd41f8b5b34025ec971ccb9596f9551cde8d2534b3816a8c8e07e50a8da9ef
Metasploit Framework 4.4
Posted Jul 17, 2012
Authored by H D Moore | Site metasploit.com

The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

Changes: 101 modules have been added. Meterpreter has been modernized. Various other improvements.
tags | tool, ruby
systems | unix
SHA-256 | ddcc7890a394d8154120a163c90b11119a0322b62d937ad1a3a14ef3fe6cf74e
Red Hat Security Advisory 2012-1090-01
Posted Jul 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1090-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP response.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0441
SHA-256 | 39c19044934dc07eaf2ccda4a7067b0b643c2cc6a9cc89a40b7f6f5157c495f1
Red Hat Security Advisory 2012-1091-01
Posted Jul 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1091-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP response.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0441
SHA-256 | d72857c706afe58af56ef92496d0bf05c85429eac1b79962ede93b64b9d8c56a
Another File Integrity Checker 2.21
Posted Jul 17, 2012
Authored by Eric Gerbier | Site afick.sourceforge.net

afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.

Changes: On Unix/Linux systems, the cron job can now notify nagios monitoring, using the nsca tool.
tags | tool, integrity
systems | linux, windows, unix
SHA-256 | a3e1d27385876c05c08eb1166b11ec93813315173953b748a1e2149f47a31761
Magento eCommerce Platform XXE Injection
Posted Jul 13, 2012
Authored by Kestutis Gudinavicius | Site sec-consult.com

Magento eCommerce platform uses a vulnerable version of Zend framework which is prone to XML eXternal Entity Injection attacks. The SimpleXMLElement class of Zend framework (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections.

tags | exploit, arbitrary, php, tcp, xxe
SHA-256 | 89d448f5823f6c330e5a4b53e23014a5b1fe003dd4087081ff3c078b9e4d3271
Red Hat Security Advisory 2012-1072-01
Posted Jul 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1072-01 - JBoss Cache is the clustering backbone for data distribution in JBoss Enterprise Web Platform. It provides the backing implementation for web session replication, stateful session bean replication and entity caching. It was found that NonManagedConnectionFactory would log the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform's "jboss-as-web/server/production/lib/jbosscache-core.jar" file.

tags | advisory, web, local
systems | linux, redhat
advisories | CVE-2012-0034
SHA-256 | 93bea0be82c69ad3873bede014261e6a38de6d2554a91c52656507e218e00584
Debian Security Advisory 2507-1
Posted Jul 5, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2507-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform.

tags | advisory, java, vulnerability
systems | linux, debian
advisories | CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725
SHA-256 | b0244e3fc8a1587ecc002656ff83e52a4aae4842334ff06a0187de6bedf0d996
Red Hat Security Advisory 2012-1053-01
Posted Jul 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1053-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Web Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.

tags | advisory, remote, web, root, protocol
systems | linux, redhat
advisories | CVE-2012-1154
SHA-256 | be342307962d2a0aba931e86cb2c6c1accf14360770bfcdedc4165480978b07d
Red Hat Security Advisory 2012-1052-01
Posted Jul 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1052-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Application Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.

tags | advisory, remote, web, root, protocol
systems | linux, redhat
advisories | CVE-2012-1154
SHA-256 | ee17c0226e885f70c197193cd8587c7e1e7303d76510efafd7f64a7c8aa78b8b
Secunia Security Advisory 49728
Posted Jun 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in multiple GE Intelligent Platforms products, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 5870c4b090d1b64963f717703d1a860db29f53d55726c7ab401f8bf06ebcc549
Secunia Security Advisory 49669
Posted Jun 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise BRMS Platform. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory, vulnerability
systems | linux, redhat
SHA-256 | 0614ac432ddc65377752454a0ebca4337ea8392d3bc5bdaf3def44cb626adef4
Red Hat Security Advisory 2012-1028-01
Posted Jun 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1028-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. This release of JBoss Enterprise BRMS Platform 5.3.0 serves as a replacement for JBoss Enterprise BRMS Platform 5.2.0. It includes various bug fixes and enhancements which are detailed in the JBoss Enterprise BRMS Platform 5.3.0 Release Notes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4605, CVE-2012-2377
SHA-256 | f5a6eab4adeb9bde444f861593d0766d2577f80b17b7949872cefc121c3995e8
Red Hat Security Advisory 2012-1024-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1024-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
SHA-256 | 8cc9c3945525422b04633921dec6bd1564cbb738676ec11d5e3d8b5b39714c3e
Red Hat Security Advisory 2012-1027-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1027-01 - JBoss Application Server is the base package for JBoss Enterprise Web Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-4605, CVE-2012-1167
SHA-256 | 1578bf172d8363fc992779d77d8a4145fd48215f84c717867f2aff0ef979d171
Red Hat Security Advisory 2012-1025-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1025-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
SHA-256 | 438ecd3704f472ac339ff1c305b869175056410b1f32535578f2aaf8cef02993
Page 1 of 4
Back1234Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close