what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed

Files

Online Book Store 1.0 SQL Injection
Posted Aug 29, 2020
Authored by Moaaz Taha

Online Book Store version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 889485056ea0278e03e33c2e37637e47e02417c5c9ffd5e84492bdf987f9cc93

Related Files

Ubuntu Security Notice USN-1419-1
Posted Apr 11, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1419-1 - It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, apple, osx, ubuntu
advisories | CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-1989, CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-1989
SHA-256 | b321c92d30665135abf19544c4c759a8dc26d73f6d998793727b56e0115999ac
RealNetworks Helix Server Credentials Disclosure
Posted Apr 10, 2012
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a security issue in RealNetworks Helix Server, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the user and administrative credentials being insecurely stored in the flat file database (\Program Files\Real\Helix Server\adm_b_db\users\). This can be exploited by local users to disclose the clear text passwords. RealNetworks Helix Server version 14.2.0.212 is affected.

tags | advisory, local, info disclosure
advisories | CVE-2012-1923
SHA-256 | aca90a6e399548c638f4a6941e59231976b3ab8e08ca00038b88e7f290140d47
Java AtomicReferenceArray Type Violation
Posted Mar 30, 2012
Authored by egypt, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability due to the fact that AtomicReferenceArray uses the Unsafe class to store a reference in an array directly, which may violate type safety if not used properly. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.

tags | exploit
advisories | CVE-2012-0507, OSVDB-80724
SHA-256 | f3f101f5489c7554b50702229d0f0d209cf48a2f373093551088f3e07904f138
Red Hat Security Advisory 2012-0436-01
Posted Mar 29, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0436-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. It was found that a remote attacker could upload packages to an RHN Satellite server's NULL organization without any authorization or authentication. Although an attacker cannot put packages into an arbitrary channel and have client systems download them, they could use the flaw to consume all the free space in the partition used to store synced packages. With no free space, Satellite would be unable to download updates and new packages, preventing client systems from obtaining them.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2012-1145
SHA-256 | 45234674ce4a82856e27d9dd7d625e6bdb84280955a4e87847c7e1313febcba4
Samhain File Integrity Checker 3.0.3
Posted Mar 28, 2012
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Some bugs that could lead to deadlocks have been fixed, as well as the missing support for O_NOATIME on 64-bit Linux.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | c8c3069e78dcb8b749a066c7c3bfcea1168243f75afe69a91a6330c99efd9ae4
GreenBrowser 6.1.x Cross Site Scripting
Posted Mar 28, 2012
Authored by Lostmon | Site lostmon.blogspot.com

GreenBrowser suffers from dialog and stored cross site scripting vulnerabilities. Versions 6.1.0117 and 6.1.0216 are affected.

tags | exploit, vulnerability, xss
SHA-256 | 52011797f6cf6b3020e9528439fbb81b5f61d8b3df82e16e190aca42efcb4e80
Ubuntu Security Notice USN-1401-2
Posted Mar 23, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1401-2 - USN-1401-1 fixed vulnerabilities in Xulrunner. This update provides the corresponding fixes for Thunderbird. It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash. Atte Kettunen discovered a use-after-free vulnerability in the Gecko Rendering Engine's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the Xulrunner based application. Atte Kettunen discovered an out of bounds read vulnerability in the Gecko Rendering Engine's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Soroush Dalili discovered that the Gecko Rendering Engine did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents of the frame or steal confidential data. Mariusz Mlynski discovered that the Home button accepted JavaScript links to set the browser Home page. An attacker could use this vulnerability to get the script URL loaded in the privileged about:sessionrestore context. Bob Clary, Vincenzo Iozzo, and Willem Pinckaers discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2011-3658, CVE-2012-0457, CVE-2012-0456, CVE-2012-0455, CVE-2012-0458, CVE-2011-3658, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0461, CVE-2012-0464
SHA-256 | 18ff4554ba8f49486a34fb7d8714a434cb13cd31e28f8877c79af56223cd9ced
MS10-002 Internet Explorer Object Memory Use-After-Free
Posted Mar 22, 2012
Authored by Peter Vreugdenhil, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Internet Explorer's mshtml component. Due to the way IE handles objects in memory, it is possible to cause a pointer in CTableRowCellsCollectionCacheItem::GetNext to be used even after it gets freed, therefore allowing remote code execution under the context of the user. This particular vulnerability was also one of 2012's Pwn2Own challenges, and was later explained by Peter Vreugdenhil with exploitation details. Instead of Peter's method, this module uses heap spraying like the 99% to store a specially crafted memory layout before re-using the freed memory.

tags | exploit, remote, code execution
advisories | CVE-2010-0248, OSVDB-61914
SHA-256 | 80aa8fe12f19503ea93e85f9cbe5047a17dec97794103ad2756b25cd88a949ee
Drupal UC PayDutchGroup / WeDeal Payment / Multisite Search Disclosure
Posted Mar 7, 2012
Authored by Justin C. Klein Keane, Rolf Meijer | Site drupal.org

UC PayDutchGroup / WeDeal payment integrates the PayDutchGroup / WeDeal payment gateway with Ubercart. The module exposes account credentials for the store's PayDutchGroup account under certain circumstances allowing a malicious user to login to the PayDutchGroup site as the store owner and manage the store owner's account. The vulnerability is mitigated by an attacker needing to gain an account with the ability to checkout of the store. Multisite Search allows you to index and search content from all sites in a Multisite configuration. The module doesn't sufficiently escape user input when constructing queries. The vulnerability is mitigated by the fact that in order to execute arbitrary sql injection malicious users must have the ability to administer multisite search.

tags | advisory, arbitrary, sql injection
SHA-256 | 821d0c201eeac6fac0f5db639e8b855cdeb11ae6a13a35cc6a819fb54a37c7ce
Iciniti Store 4.3.3683.31484 SQL Injection
Posted Mar 7, 2012
Site senseofsecurity.com.au

Iciniti Store version 4.3.3683.31484 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 468555f310e3babc2bec1e782bf7364b99eadd7c132f25fc01ef86f9aef13b79
Samhain File Integrity Checker 3.0.2a
Posted Feb 24, 2012
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: This release fixes a regression that could cause a segfault at startup on systems that do not have inotify.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 4547cdadbae075b9106eead876d49fe5ad3ce417882f0447b7f7181590f95a4e
Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution
Posted Feb 23, 2012
Authored by Peter Vreugdenhil | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the MaxInstructionSize from the maxp table to create a heap memory location to store all the Instruction Definition found in the Font Program 'fpgm' table. However, when Java encounters an IDEF opcode (0x89) in the opcode stream it never checks the size of the MaxInstructionSize which can result in a heap buffer overflow. This can lead to remote code execution under the context of the current process.

tags | advisory, java, remote, overflow, arbitrary, code execution
SHA-256 | 7d7c2f550994a2e5cd5e28b925d468c48c1d40628d005eac85f1b8d0d1c73513
Java MixerSequencer Object GM_Song Structure Handling
Posted Feb 17, 2012
Authored by Peter Vreugdenhil, juan vazquez | Site metasploit.com

This Metasploit module exploits a flaw within the handling of MixerSequencer objects in Java 6u18 and before. Exploitation id done by supplying a specially crafted MIDI file within an RMF File. When the MixerSequencer objects is used to play the file, the GM_Song structure is populated with a function pointer provided by a SONG block in the RMF. A Midi block that contains a MIDI with a specially crafted controller event is used to trigger the vulnerability. When triggering the vulnerability "ebx" points to a fake event in the MIDI file which stores the shellcode. A "jmp ebx" from msvcr71.dll is used to make the exploit reliable over java updates.

tags | exploit, java, shellcode
advisories | CVE-2010-0842, OSVDB-63493
SHA-256 | 4bfc86d5bc0fc319751b4a58608edff9318f0cb3cc5c83f4040fa6a97b6f8907
Skype 5.x.x Information Disclosure
Posted Feb 13, 2012

Even if a user has their security settings with no history enabled, Skype 5.x.x fails to securely remove chat messages stored in the sqlite3 database.

tags | exploit, info disclosure
SHA-256 | 71d5feb9cc956c726042c458e08a52e135cac25deae5200ce474ea31c5489a36
Zero Day Initiative Advisory 12-024
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-024 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uncsp_ViewReportsHomepage stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the uncsp_ViewReportsHomepage stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request--which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
SHA-256 | 38c96fbd0758de3d47d24f2cd78a96e8dd8121809197ed09d568532c067566ad
Zero Day Initiative Advisory 12-022
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-022 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ExportReport stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the ExportReport stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request--which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
SHA-256 | 0e8f7ca268f389e2b1876c29d7b402d6145d28a3f54451240d6162b5bbe3dc50
Red Hat Security Advisory 2012-0101-01
Posted Feb 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0101-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. If a user submitted a system registration XML-RPC call to an RHN Satellite server and that call failed, their RHN user password was included in plain text in the error messages both stored in the server log and mailed to the server administrator. With this update, user passwords are excluded from these error messages to avoid the exposure of authentication credentials.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-0059
SHA-256 | 0e357eb02cf1bd13d067a393447a97f98a191c81e71ec325288e3e621237287a
Red Hat Security Advisory 2012-0102-01
Posted Feb 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0102-01 - Red Hat Network Proxy provides a mechanism for caching content, such as package updates from Red Hat or custom content created for an organization on an internal, centrally-located server. If a user submitted a system registration XML-RPC call to an RHN Proxy server and that call failed, their RHN user password was included in plain text in the error messages both stored in the server log and mailed to the server administrator. With this update, user passwords are excluded from these error messages to avoid the exposure of authentication credentials.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0059
SHA-256 | 37f7e303099d5969d003d6e0c8fbd2ff0aa151afe8c4376919c05979495ea3d8
Facebook Game Store SQL Injection
Posted Feb 6, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Facebook Game Store suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 68ea3f1972fc1cac8a244a55a6b07a93eff8bfb37c7124179f737b022d238f07
802.1X HTC Android Credential Exposure
Posted Feb 2, 2012
Authored by Chris Hessing

There is an issue in certain HTC builds of Android that can expose the user's 802.1X Wi-Fi credentials to any program with basic WI-FI permissions.  When this is paired with the Internet access permissions, which most applications have, an application could easily send all stored Wi-Fi network credentials (user names, passwords, and SSID information) to a remote server.  This exploit exposes enterprise-privileged credentials in a manner that allows targeted exploitation.

tags | advisory, remote
advisories | CVE-2011-4872
SHA-256 | 0f1f884293be7c157dae7524d07b52f3e98942abbb190033ad8347e26153addc
WordPress Shortcode Redirect 1.0.01 Stored Cross Site Scripting
Posted Jan 21, 2012
Authored by Gianluca Brindisi

WordPress Shortcode Redirect plugin versions 1.0.01 and below suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 11ec55d0ba7a200916917b207a8c5e1e61dff79ac510ee32877945901af7b016
WordPress uCan Post 1.0.09 Cross Site Scripting
Posted Jan 19, 2012
Authored by Gianluca Brindisi

WordPress uCan Post plugin versions 1.0.09 and below suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8fb475a0d2e5e4779f36ff9b345d1258634708bb89aa4a29d9182794886fa1f2
SoftHSM 1.3.1
Posted Jan 18, 2012
Authored by Rickard Bellgrim | Site wiki.opendnssec.org

SoftHSM is an implementation of a cryptographic store accessible through a PKCS#11 interface. You can use it to explore PKCS#11 without having a Hardware Security Module. It is being developed as a part of the OpenDNSSEC project. SoftHSM uses Botan for its cryptographic operations.

Changes: The library is now installed in $libdir/softhsm/. This release does not give a warning about the schema version if the token has not been initialized yet. The tools now return the correct exit code.
tags | library
systems | unix
SHA-256 | 828f90bd4ff883d903d1fb7051d2c4969ee8ab2c7f11fac25ce9d963d9efacc9
Claroline CMS Stored Cross Site Scripting
Posted Jan 13, 2012
Authored by S.Azadi

Claroline CMS suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 184a813ebf6effe0e7b33cf5cf885898222b33d2e8eca7e1cdb5e00201ce0b9c
MyStore Tienda Virtual 2.0 SQL Injection
Posted Jan 3, 2012
Authored by Easy Laster

MyStore Tienda Virtual version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 949ed40da77608c540d9db566aa82e5ad4314c7d5ea667c7b855a897a831a89a
Page 3 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close