exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

PESCMS TEAM 2.3.2 Cross Site Scripting
Posted Nov 19, 2020
Authored by icekam

PESCMS TEAM version 2.3.2 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-28092
MD5 | 6a30b850cb736abb614e9c8813bb1ca9

Related Files

Secunia Security Advisory 50169
Posted Aug 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Wsecurity Team has discovered a vulnerability in Islam Forum Script, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 7ac9714773d810fcfb9e649c4a73165c
Secunia Security Advisory 50015
Posted Jul 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability with an unknown impact has been reported in TeamViewer.

tags | advisory
MD5 | cb3e762e026801dc5f64845d9b6bc6b2
Microsoft Internet Explorer Col Element Remote Heap Overflow
Posted Jun 20, 2012
Authored by Alexandre Pelletier, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a heap overflow error in the mshtml.dll module when processing "Col" elements, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2012-1876
MD5 | d6f32f221551f0216f61f02dec616d81
Microsoft Internet Explorer GetAtomTable Remote Use-After-Free
Posted Jun 20, 2012
Authored by VUPEN, Jordan Gruskovnjak | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll module when processing GetAtomTable objects, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.

tags | advisory, remote, arbitrary
advisories | CVE-2012-1875
MD5 | 5d685afe090b871b105dae365a1de47b
Microsoft Internet Explorer CollectionCache Remote Use-After-Free
Posted Jun 20, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll module when processing CollectionCache objects, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.

tags | advisory, remote, arbitrary
MD5 | beff56c5b350a41521763a35c83c6ac2
seoPLUSteam SQL Injection
Posted Jun 14, 2012
Authored by Iranian_Dark_Coders_Team

seoPLUSteam suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a2810a0ff749c2aa8d283ec76262e294
Mandriva Linux Security Advisory 2012-081
Posted May 24, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed.

tags | advisory
systems | linux, windows, mandriva, vista, 7
advisories | CVE-2012-0468, CVE-2012-0467, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0472, CVE-2012-0473, CVE-2012-0474, CVE-2012-0477, CVE-2012-0478, CVE-2011-3062, CVE-2012-0479
MD5 | 1b834a8034e8e9eb2a5c612ce032d3ce
Breakpoint 2012 Call For Papers
Posted May 10, 2012
Authored by bpx | Site ruxconbreakpoint.com

The Breakpoint 2012 Call For Papers has been announced. It will take place at the Intercontinental Rialto in Melbourne, Australia on October 17th through the 18th, 2012. Breakpoint is organized by the Ruxcon conference team and will offer a specialized and more professional security conference to complement and lead into the larger and more casual Ruxcon weekend conference. Breakpoint will cater towards security researchers and industry professionals alike, with a focus on cutting edge security research.

tags | paper, conference
MD5 | f4310b90befaea776fd4a2cc13680591
Secunia Security Advisory 48931
Posted May 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - RedTeam Pentesting has discovered a vulnerability in Decoda, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
MD5 | 6cbf720824df9e201c7ccec58f9882e8
php-decoda 3.x Cross Site Scripting
Posted May 2, 2012
Site redteam-pentesting.de

RedTeam Pentesting discovered a cross site scripting vulnerability in the PHP markup parser Decoda. This allows attackers that should be restricted to the markup supported by Decoda to specify a JavaScript event handler for an iframe tag. Depending on the usage of Decoda, this allows attackers to execute JavaScript code in the context of other users in a web application that uses Decoda. php-decoda versions 3.x prior to 3.3.3 are affected.

tags | exploit, web, php, javascript, xss
MD5 | 9fed0a3a99c0ef05a51231bbdbb6ed36
GO Infoteam Solution CMS SQL Injection
Posted Apr 27, 2012
Authored by Farbod Mahini

GO Infoteam Solution CMS suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f6f8008e124cbab36d24df41dc2f3ed0
Debian Security Advisory 2455-1
Posted Apr 20, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2455-1 - Helmut Hummel of the typo3 security team discovered that typo3, a web content management system, is not properly sanitizing output of the exception handler. This allows an attacker to conduct cross-site scripting attacks if either third-party extensions are installed that do not sanitize this output on their own or in the presence of extensions using the extbase MVC framework which accept objects to controller actions.

tags | advisory, web, xss
systems | linux, debian
advisories | CVE-2012-2112
MD5 | 5f9d9d8e05c845911b4758c7c3903684
Debian Security Advisory 2454-1
Posted Apr 20, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2454-1 - Multiple vulnerabilities have been found in OpenSSL. Ivan Nestlerode discovered a weakness in the CMS and PKCS #7 implementations that could allow an attacker to decrypt data via a Million Message Attack (MMA). It was discovered that a NULL pointer could be dereferenced when parsing certain S/MIME messages, leading to denial of service. Tavis Ormandy, Google Security Team, discovered a vulnerability in the way DER-encoded ASN.1 data is parsed that can result in a heap overflow.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, debian
advisories | CVE-2012-0884, CVE-2012-1165, CVE-2012-2110
MD5 | b2f1f7c3eaeb890008741c9423318737
Oracle Database Server Password Hash Leak
Posted Apr 20, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Server versions 10gR1, 10gR2 (10.2.0.4 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) suffer from a password hash information leak in the OCIPasswordChange API.

tags | advisory
advisories | CVE-2012-0511
MD5 | 02873b18304774a652a3303cdbe3fc5f
Oracle Enterprise Manager Session Fixation
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 10.2.0.5 and 11.1.0.7 (and previous patchsets) suffer from a session fixation vulnerability.

tags | advisory
advisories | CVE-2012-0528
MD5 | 1894a14b5bb37c8ff3d21f788c6469a5
Oracle Enterprise Manager prevPage HTTP Response Splitting
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 10.2.0.5, 11.1.0.7 and 11.2.0.3 (and previous patchsets) along with Oracle Enterprise Manager Grid Control version 10.2.0.5 (and previous patchsets) suffer from an HTTP response splitting vulnerability in the prevPage parameter.

tags | advisory, web
advisories | CVE-2012-0526
MD5 | 6baf46cb9232452978e7352e72863bfa
Oracle Data Lock Account Protection
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Data Server versions 10gR1, 10gR2 (10.2.0.5 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) suffer from incomplete protection of locked accounts.

tags | advisory
advisories | CVE-2012-0510
MD5 | c118e002b2a768709a7363f5b2344509
Oracle Enterprise Manager pageName HTTP Response Splitting
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 10.2.0.5, 11.1.0.7, and 11.2.0.3 (and previous patchsets) along with Oracle Enterprise Manager Grid Control version 10.2.0.5 (and previous patchsets) suffer from an HTTP response splitting vulnerability in the pageName parameter.

tags | advisory, web
advisories | CVE-2012-0527
MD5 | 27a76fc7e6bb37728dc021ee5a147638
Oracle Failed Logging On Password Attempts
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Server versions 10gR1, 10gR2 (10.2.0.4 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) have an issue where failed authentication attempts using the OCIPasswordChange API are not recorded.

tags | advisory
advisories | CVE-2012-0511
MD5 | 3e25a4e65d6288bc5e58d726eeb0edd9
Oracle Enterprise Manager searchPage SQL Injection
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 11.1.0.7 and 11.2.0.3 (and previous patchsets) along with Oracle Enterprise Manager Grid Control versions 10.2.0.5 and 11.1.0.1 (and previous patchsets) suffer from a remote SQL injection vulnerability in the searchPage web page.

tags | exploit, remote, web, sql injection
advisories | CVE-2012-0525
MD5 | ce03999aad65483f39fedf75e230595a
Oracle Enterprise Manager compareWizFirstConfig SQL injection
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 11.1.0.7 and 11.2.0.2 (and previous patchsets) along with Oracle Enterprise Manager Grid Control version 10.2.0.4 (and previous patchsets) suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2012-0512
MD5 | 5503861e0f353e5fd095bc0d01b2cc49
Adobe Flash Player NetStream Remote Code Execution
Posted Apr 19, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. The vulnerability is caused by an invalid object being used when parsing a malformed video via "NetStream.appendBytes", which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP enabled.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0773
MD5 | 1b4870f5f879eec739f728121975c5c5
Microsoft Internet Explorer VML Remote Code Execution
Posted Apr 18, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the "vgx.dll" component when processing certain VML behaviors, which could be exploited by attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.

tags | advisory, web
advisories | CVE-2012-0172
MD5 | 430a418df374f4f687210e3faa479f35
ETeamPass 2.1.5 Cross Site Scripting
Posted Apr 17, 2012
Authored by Marcos Garcia

ETeamPass version 2.1.5 suffers from a persistent cross site scripting vulnerability in users.queries.php.

tags | exploit, php, xss
advisories | CVE-2012-2234
MD5 | ba25e668a223f0c1642b47ccd325c072
Microsoft SQL Server Privilege Escalation / SQL Injection
Posted Apr 12, 2012
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - Microsoft SQL Server versions 2005, 2008, and 2008 R2 suffer from a SQL injection vulnerability in the RESTORE DATABASE command that can lead to privilege escalation.

tags | advisory, sql injection
MD5 | 649496660753cbb0f1e8ffa0315af12c
Page 1 of 4
Back1234Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close