exploit the possibilities
Showing 51 - 75 of 100 RSS Feed

Files

Sphider Search Engine 1.3.6 Remote Code Execution
Posted Oct 27, 2020
Authored by Gurkirat Singh

Sphider Search Engine version 1.3.6 remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2014-5194
SHA-256 | 12d453d48a78bb7d7a0b6ff07688be488721af5843b001df66e28674efaec9ab

Related Files

Introduction To Reverse Engineering x86
Posted Mar 7, 2012
Authored by Daniel Romero Perez

This whitepaper is titled Introduction to Reverse Engineering x86. Written in Spanish.

tags | paper, x86
SHA-256 | f1735b4979de2ce0b4794b58f0d141925c28cf0d9dca9af3785c4fbe40dabb99
Mobile MP3 Search Engine 2.0 HTTP Response Splitting
Posted Feb 24, 2012
Authored by CorryL

Mobile MP3 Search Engine version 2.0 suffers from a HTTP response splitting vulnerability.

tags | exploit, web
SHA-256 | 4a234a62d9055e4a817636cab81811ebdcb76770efd193cc42471310e95ae02f
Search Engine Builder Cross Site Scripting
Posted Feb 20, 2012
Authored by ITTIHACK

Search Engine Builder suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1eed9ea2b522911914ca6606098819eec7f2f6866c3333a6a6935da75682fcad
Red Hat Security Advisory 2012-0143-01
Posted Feb 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0143-01 - XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A heap-based buffer overflow flaw was found in the way XULRunner handled PNG images. A web page containing a malicious PNG image could cause an application linked against XULRunner to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect.

tags | advisory, web, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3026
SHA-256 | 6a4b096326db08d8c2fcd440cbca979c1098ca6e720bb0bcd536477dcceab229
Mandriva Linux Security Advisory 2012-020
Posted Feb 16, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-020 - Cross-site scripting vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php. The updated packages have been patched to correct this issue.

tags | advisory, remote, web, arbitrary, php, xss
systems | linux, mandriva
advisories | CVE-2012-0834
SHA-256 | fc18383c444f0e98e5338fd2381568e3cdd1de6806ac1ac555dc336f0a02fe3f
Ubuntu Security Notice USN-1353-1
Posted Feb 8, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1353-1 - Jesse Ruderman and Bob Clary discovered memory safety issues affecting the Gecko Browser engine. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Xulrunner. It was discovered that the Gecko Browser engine did not properly handle node removal in the DOM. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Xulrunner. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0442, CVE-2011-3659, CVE-2012-0444, CVE-2012-0449, CVE-2011-3670, CVE-2011-3659, CVE-2011-3659, CVE-2011-3670, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449
SHA-256 | f7a6b949074bf0235212ff0d3703dbf9cbeb0609ef5ab85127770d38e309ed10
HP Security Bulletin HPSBUX02741 SSRT100728
Posted Feb 8, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02741 SSRT100728 - Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass. The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2006-7243, CVE-2011-4858, CVE-2011-4885, CVE-2012-0022
SHA-256 | 4a4c267d9d541a369ea92c687c9df43f531dfb40dcc39d4aae8a349d0e276192
Secunia Security Advisory 47887
Posted Feb 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gjoko Krstic has discovered two vulnerabilities in ManageEngine ADManager Plus, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 5b093d431574ee301d9ca93ea8012a41453502077bde39e24da1c0e790a9bbbd
ManageEngine ADManager Plus 5.2 Cross Site Scripting
Posted Feb 7, 2012
Authored by LiquidWorm | Site zeroscience.mk

ManageEngine ADManager Plus version 5.2 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | b0a7776712965ad82934634aa82214e128b7fb5bd571425c4a5e24d1a8a04ad8
Secunia Security Advisory 47857
Posted Feb 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Basic Analysis And Security Engine, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 550a2542fda5d59b96e381bb5baa431ccbe0f552c314db827e107bcc7f5116a1
Cryptanalysis Of INCrypt32 In HID's iCLASS Systems
Posted Feb 7, 2012
Authored by Daewan Han, Dong Hoon Lee, ChangKyun Kim, Chang-Ho Jung, Eun-Gu Jung

The cryptographic algorithm called INCrypt32 is a MAC algorithm to authenticate participants, RFID cards and readers, in HID Global's iCLASS systems. HID's iCLASS cards are widely used contactless smart cards for physical access control. Although INCrypt32 is a heart of the security of HID's iCLASS systems, its security has not been evaluated yet since the specification has not been open to public. In this paper, they reveal the specification of INCrypt32 by reverse engineering an iCLASS card and investigate the security of INCrypt32. As a result, we show that the secret key of size 64 bits can be recovered using only 218 MAC queries if the attacker can request MAC for chosen messages of arbitrary length. If the length of messages is limited to pre-determined values by the authentication protocol, the required number of MAC queries grows to 242 to recover the secret key.

tags | paper, arbitrary, crypto, protocol
SHA-256 | cb8784c8a30a60fd5be4ccee3a92361bbb9b0c25e831d60269f418117ec0e6b6
Conduit Image Search Engine Cross Site Scripting
Posted Feb 4, 2012
Authored by r007k17-w

Conduit Image Search Engine suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f52fbd36d3f1eec17af3fc52414ac907fd64fc4313d3337d13f93d1068f97e46
Red Hat Security Advisory 2012-0094-01
Posted Feb 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0094-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2011-3256, CVE-2011-3439
SHA-256 | 033b8524d452d87287c2295177910aa84708de0727ca556cefeebeec8c3a92f8
Debian Security Advisory 2401-1
Posted Feb 2, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2401-1 - Several vulnerabilities have been found in Tomcat, a servlet and JSP engine.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-3190, CVE-2011-3375, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064, CVE-2012-0022
SHA-256 | fd0c86bea564b0c59c9ad7ec2cb55320fe1b0189ef7552749d858a50adad96a8
Secunia Security Advisory 47724
Posted Feb 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in ManageEngine Applications Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 12be8eb4d3727e68101c18af19633c67bc115b1fb1c55ae6a5c38dfd19ae55ac
Engine By Avatarus Simple CMS SQL Injection
Posted Jan 21, 2012
Authored by Hubert Wojciechowski, Vulnerability Laboratory | Site vulnerability-lab.com

Engine By Avatarus Simple CMS suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
SHA-256 | ae0f60d38563e3475e51ac8fca9dfa5dde3d850fb1058a8d0655747c45409bb4
Suricata IDPE 1.2.1
Posted Jan 21, 2012
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Writing of malformed unified2 log records was fixed. TCP timeout handling was improved.
tags | tool, intrusion detection
systems | unix
SHA-256 | 169ac90c0d9c14387532ae5f2d14b14ee33feed7db97f14ee7cb54f2612945a8
Suricata IDPE 1.2
Posted Jan 19, 2012
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: PCAP live runmodes were fixed. CPU affinity settings for live runmodes were fixed. Windows/Cygwin path handling was improved.
tags | tool, intrusion detection
systems | unix
SHA-256 | 7915f5ba4ff02af2da4e132cc03472d674c4633ae0e4c0bacad2a58daad5e262
Malware Reverse Engineering Part 1 - Static Analysis
Posted Jan 18, 2012
Authored by Rick Flores

This malware report is part 1 of 2. This report is an effort to track, categorize, contain, understand root cause and infection vector of said user account/s, networked equipment or computer/s. This report pertains to all incidents reported by TIER II help desk, TIER III engineers, customer complaints or random IT Security audit/finding/pen test.

tags | paper, root, virus
SHA-256 | 8ace29513474b3ae5ebf23335d1c8782b885f19d4f5db31bcf348fcb6e7db1b8
Mandriva Linux Security Advisory 2012-007
Posted Jan 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-007 - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. The Server Gated Cryptography implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors. The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service via crafted data from a TLS client. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0027
SHA-256 | 33297fff20727775628ebfb8e80a51c11d2cb085c4af9ee958c7cbcbd758dc6e
Reverse Engineering SEHOP Chain Validation
Posted Jan 11, 2012
Authored by x90c

This proof of concept reverse engineering code demonstrates SEHOP chain validation.

tags | exploit, proof of concept
SHA-256 | e333c142682d7f51d57c80a04d7397a465c342670021b893a2ad3c2f1ef6da5b
Microsoft ASP.NET Forms Authentication Bypass
Posted Dec 30, 2011
Authored by K. Gudinavicius | Site sec-consult.com

Microsoft ASP.NET Forms suffers from a null byte termination authentication bypass vulnerability that exists in the CopyStringToUnAlingnedBuffer() function of the webengine4.dll library used by the .NET framework. The unicode string length is determined using the lstrlenW function. The lstrlenW function returns the length of the string, in characters not including the terminating null character. If the unicode string containing a null byte is passed, its length is incorrectly calculated, so only characters before the null byte are copied into the buffer.

tags | advisory, asp, bypass
advisories | CVE-2011-3416
SHA-256 | 294ae2596a2c31be82519bf63b2272b2e6a249e186db2e1ca5fab9dfb9f605e6
Mandriva Linux Security Advisory 2011-192
Posted Dec 24, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-192 - Security issues were identified and fixed in mozilla firefox and thunderbird. The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving removal of SVG elements. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-3658, CVE-2011-3660, CVE-2011-3661, CVE-2011-3663, CVE-2011-3665
SHA-256 | 74b1c50fa04b0741fdb76a94c0c90b30b2e95ec9554f1e5264d61525601acb44
Ubuntu Security Notice USN-1254-1
Posted Dec 22, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1254-1 - It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Thunderbird 3.1. An attacker could potentially exploit a user who had installed an add-on that used loadSubscript in vulnerable ways. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2011-3647, CVE-2011-3648, CVE-2011-3650
SHA-256 | 7380de76d3f7ae9d28ad3d7ebd18e2d1d0c2c421ee05e83463651e5d8cf20229
Debian Security Advisory 2366-1
Posted Dec 19, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2366-1 - Several problems have been discovered in mediawiki, a website engine for collaborative work.

tags | advisory
systems | linux, debian
advisories | CVE-2011-1578, CVE-2011-1579, CVE-2011-1580, CVE-2011-1587, CVE-2011-4360, CVE-2011-4361
SHA-256 | ccb031f863a8654a0610e5409cb9c19e529fd52f0871028b9a316b81212caeb2
Page 3 of 4
Back1234Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close