what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

H2 Database 1.4.199 JNI Code Execution
Posted Jan 7, 2021
Authored by Markus Wulftange, 1F98D

H2 Database version 1.4.199 JNI code execution exploit. This exploit utilizes the Java Native Interface to load a a Java class without needing to use the Java Compiler.

tags | exploit, java, code execution
MD5 | 7ea784920011613c761867cc57ddb434

Related Files

Mandriva Linux Security Advisory 2012-136
Posted Aug 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-136 - Multiple cross-site scripting vulnerabilities was discovered by using the Database structure page with a crafted table name. This upgrade provides the latest phpmyadmin version to address this vulnerability.

tags | advisory, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2012-4345
MD5 | 4839c06b99241b09e6a7c6deb114fc98
TestLink 1.9.3 Arbitrary File Upload
Posted Aug 14, 2012
Authored by Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in TestLink versions 1.9.3 and prior. This application has an upload feature that allows any authenticated user to upload arbitrary files to the '/upload_area/nodes_hierarchy/' directory with a randomized file name. The file name can be retrieved from the database using SQL injection.

tags | exploit, arbitrary, sql injection
MD5 | 5d45fc6e2938c21b4e62206f1750ded1
Secunia Security Advisory 50143
Posted Aug 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - David Litchfield has reported a vulnerability in Oracle Database, which can be exploited by malicious users to gain escalated privileges.

tags | advisory
MD5 | 9931aacaec1e89ba349ca2d6234ab35d
Red Hat Security Advisory 2012-1139-01
Posted Aug 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1139-01 - The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap performed the escaping of names from DNS requests for use in LDAP queries. A remote attacker able to send DNS queries to a named server that is configured to use bind-dyndb-ldap could use this flaw to cause named to exit unexpectedly with an assertion failure.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3429
MD5 | db9c2d2d634144030679a7c8df97b4e3
Mandriva Linux Security Advisory 2012-112
Posted Jul 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-112 - Two format string flaws were found in the way perl-DBD-Pg. A rogue server could provide a specially-crafted database warning or specially-crafted DBD statement, which once processed by the perl-DBD-Pg interface would lead to perl-DBD-Pg based process crash. The updated packages have been patched to correct this issue.

tags | advisory, perl
systems | linux, mandriva
advisories | CVE-2012-1151
MD5 | e9cca23e020a063d0d01e81d2672d7fc
Another File Integrity Checker 3.1
Posted Jul 26, 2012
Authored by Eric Gerbier | Site afick.sourceforge.net

afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.

Changes: This is the first public (stable) release of new 3.x branch. It is a rewrite (partial for now) of afick in object oriented programming, to allow better code and better support. It matches the 2.21 release for features. The two afick branches (2.x and 3.x) will be maintained in parallel for a few versions, to allow users to migrate when they want.
tags | tool, integrity
systems | linux, windows, unix
MD5 | 0549d9754b9f0eb22887e4586d07267c
Red Hat Security Advisory 2012-1116-01
Posted Jul 26, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1116-01 - Perl DBI is a database access Application Programming Interface for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains a backported patch to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect.

tags | advisory, arbitrary, perl
systems | linux, redhat
advisories | CVE-2012-1151
MD5 | afa9c610ce344121f6ff1965f1170be3
Secunia Security Advisory 49881
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
MD5 | 59b63b25897f880cb4c83e9a34429ffc
Another File Integrity Checker 2.21
Posted Jul 17, 2012
Authored by Eric Gerbier | Site afick.sourceforge.net

afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.

Changes: On Unix/Linux systems, the cron job can now notify nagios monitoring, using the nsca tool.
tags | tool, integrity
systems | linux, windows, unix
MD5 | 351f7c5784143cc50ec77c10d36a9739
easyCMSlite 1.0.9 Database Information Disclosure
Posted Jul 17, 2012
Authored by mr.pr0n

easyCMSlite version 1.0.9 suffers from a remote database information disclosure vulnerability.

tags | exploit, remote, info disclosure
MD5 | 69bc0185623324bc9c61b90a862e633e
Cura 1.5
Posted Jul 16, 2012
Site github.com

Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).

Changes: The modules screen is now Tabular, providing a much better user experience in which all of Cura's modules are provided as tabs on the top of the screen.
tags | exploit, remote
MD5 | 199eea14b1da9508876ff2a0c72ff8c5
Cura 1.4
Posted Jul 13, 2012
Site github.com

Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).

Changes: This release features a completely new UI for the Home (Login) screen where you are dropped upon launch. This is where you access/create/update/delete your server accounts, and it's had a complete do-over.
tags | tool, remote, wireless
MD5 | 7793c2a4d7768273e8677d80b00b06b6
Ubuntu Security Notice USN-1501-1
Posted Jul 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1501-1 - Dan Prince discovered that the Nova scheduler, when using DifferentHostFilter or SameHostFilter, would make repeated database instance lookup calls based on passed scheduler hints. An authenticated attacker could use this to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-3371
MD5 | be11a537db704bcc63c6a5fda852b9bd
Samhain File Integrity Checker 3.0.5
Posted Jul 11, 2012
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: This release fixes some issues with the Windows registry check.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | 1a88244c35a33becef30e98bfaa6174f
Red Hat Security Advisory 2012-1037-01
Posted Jun 25, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1037-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2143, CVE-2012-2655
MD5 | f5b104ced0f5c135fb4a893b26b39f7e
Red Hat Security Advisory 2012-1036-01
Posted Jun 25, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1036-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2143
MD5 | 2634cdb0d73b11af15ed832e3de9166c
Red Hat Security Advisory 2012-0874-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0874-04 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A flaw was found in the way MySQL processed HANDLER READ NEXT statements after deleting a record. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2012-2102
MD5 | 94cc89d891a30aee3d02bcf79d3a7d26
SolarWinds Network Performance Monitor Blind SQL Injection
Posted Jun 19, 2012
Authored by Digital Defense, r@b13$ | Site digitaldefense.net

The SolarWinds Orion Network Performance Monitor 9.1 and prior contains a blind SQL injection flaw on the 'Login.asp' page. An attacker can leverage this flaw to execute arbitrary SQL commands and extract sensitive information from the backend database using standard blind SQL injection exploitation techniques.

tags | advisory, arbitrary, sql injection, asp
MD5 | 571dcd52ac4c489cb59c9bb28b2b5c46
BlogX Database Disclosure
Posted Jun 19, 2012
Authored by indoushka

BlogX suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | b0edc4acc53666594003892d11d0569d
ASP Content Management Database Disclosure
Posted Jun 19, 2012
Authored by indoushka

ASP Content Management suffers from a remote database disclosure vulnerability.

tags | exploit, remote, asp, info disclosure
MD5 | cd24b7e221cf7c7803412a996e0b1625
Debian Security Advisory 2496-1
Posted Jun 19, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2496-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.63, which includes additional changes, such as performance improvements and corrections for data loss defects.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-0583, CVE-2012-1688, CVE-2012-1690, CVE-2012-1703, CVE-2012-2122
MD5 | 9b782e4cd47e17d0630aab6ca5ab4d12
Debian Security Advisory 2491-1
Posted Jun 11, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2491-1 - Two vulnerabilities were discovered in PostgreSQL, an SQL database server.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-2143, CVE-2012-2655
MD5 | 2eb5f61253d91dcaecbc52a34294fc17
Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary commands on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service using VbBusObj or AdvancedDataFactory to inject shell commands into Microsoft Access databases (MDBs), MSSQL databases and ODBC/JET Data Source Name (DSN). Based on the msadcs.pl v2 exploit by Rain.Forest.Puppy, which was actively used in the wild in the late Ninties. MDAC versions affected include MDAC 1.5, 2.0, 2.0 SDK, 2.1 and systems with the MDAC Sample Pages for RDS installed, and NT4 Servers with the NT Option Pack installed or upgraded 2000 systems often running IIS3/4/5 however some vulnerable installations can still be found on newer Windows operating systems. Note that newer releases of msadcs.dll can still be abused however by default remote connections to the RDS is denied. Consider using VERBOSE if you're unable to successfully execute a command, as the error messages are detailed and useful for debugging. Also set NAME to obtain the remote hostname, and METHOD to use the alternative VbBusObj technique.

tags | exploit, remote, arbitrary, shell
systems | windows
advisories | CVE-1999-1011
MD5 | 9439cf75ff414672e154affb4b0b0e49
Access Road 0.7.2
Posted Jun 6, 2012
Authored by Patrick Thazard

Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added.

Changes: This release is mainly to fix a critical bug on the NoMore-NoLess views on Windows, and to allow use of the ORACLE JRE 7 with the previous bases from an old JRE.
tags | tool
systems | linux, unix
MD5 | 63c1fbd269de8b08d84e63c9c67198ce
Access Road (Source Release) 0.7.2
Posted Jun 6, 2012
Authored by Patrick Thazard

Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added. This is the source release.

Changes: This release is mainly to fix a critical bug on the NoMore-NoLess views on Windows, and to allow use of the ORACLE JRE 7 with the previous bases from an old JRE.
tags | tool
systems | linux, unix
MD5 | 00410214d083996808966ea102320809
Page 1 of 4
Back1234Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    30 Files
  • 4
    Mar 4th
    13 Files
  • 5
    Mar 5th
    9 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close