exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

Fibaro Home Center MITM / Missing Authentication / Code Execution
Posted Apr 20, 2021
Authored by Marton Illes, USER | Site iot-inspector.com

Fibaro Home Center Light and Fibaro Home Center 2 versions 4.600 and below suffer from man-in-the-middle, missing authentication, remote command execution, and missing encryption vulnerabilities.

tags | exploit, remote, vulnerability
advisories | CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992
SHA-256 | 61fbf8e898e5647475b75b14d238a14e644554ce2d678e64107b734ed94f6275

Related Files

ShopperPress WordPress Theme 2.7 Cross Site Scripting
Posted Aug 17, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

ShopperPress WordPress theme version 2.7 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 491c4ea2642b413280ac3851a6e53813f20e256059abdc11931d3d115eea5543
Mandriva Linux Security Advisory 2012-134
Posted Aug 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-134 - The DCP ETSI dissector could trigger a zero division. The MongoDB dissector could go into a large loop. The XTP dissector could go into an infinite loop. The AFP dissector could go into a large loop. The RTPS2 dissector could overflow a buffer. The GSM RLC MAC dissector could overflow a buffer. The CIP dissector could exhaust system memory. The STUN dissector could crash. The EtherCAT Mailbox dissector could abort. The CTDB dissector could go into a large loop. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4296, CVE-2012-4297, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4290
SHA-256 | e7a2ce0735205d049fc69106cd58cf7bc1f4cbae6e55ed2fc256e52ad05d4759
ProQuiz 2.0.2 Cross Site Request Forgery
Posted Aug 17, 2012
Authored by DaOne

ProQuiz version 2.0.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 1d3692f82eccc72015fdd11936a3d8a2526c9cdc5a3e7bfa34d939d1a50b1171
Slackware Security Advisory - t1lib Updates
Posted Aug 17, 2012
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New t1lib packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. These fixes include overflows, crashes, and pointer bugs.

tags | advisory, overflow
systems | linux, slackware
advisories | CVE-2010-2642, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554
SHA-256 | aca91d3d6ff3435ba1461c911ecfeabf51d810fd120a10d94a1a06a0d8a10e46
E-Mail Security Virtual Appliance (EVSA) Remote Command Execution
Posted Aug 17, 2012
Authored by iJoo

E-Mail Security Virtual Appliance (EVSA) suffers from a remote command execution vulnerability. Versions prior to 2.0.6 are affected.

tags | exploit, remote
SHA-256 | 6e4b74507cc0d89132a2039f65a75dcfe8903fdc24f6e4e066324b6bdfab2cac
Mandriva Linux Security Advisory 2012-133
Posted Aug 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-133 - It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the usbmux user. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0065
SHA-256 | 3ae2eaf49a9bfc802e659cf70f95a8ee4095350027b507c59c3be723c46cae97
ShopperPress WordPress Theme 2.7 SQL Injection
Posted Aug 17, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

The ShopperPress WordPress theme version 2.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ed35edb8650c19623a01a17b915ca31339739c6d58d3e1a859b296896830b99d
Social Engine 4.2.5 Cross Site Scripting
Posted Aug 17, 2012
Authored by X-Cisadane, Vulnerability Laboratory | Site vulnerability-lab.com

Social Engine version 4.2.5 suffers from input validation and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 9cccc1f1afba3410682d642eec4bfad1139cc84cd5e5a5d4b0b60db0352e87f2
Samsung Galaxy S2 World Writeable Directories
Posted Aug 17, 2012
Authored by Alexander R. Pruss

Some system directories on the Samsung Galaxy S2 for Sprint-US (Epic 4G Touch) are world-writable and allow for information disclosure, modification, and may lead to local root compromise of the device.

tags | exploit, local, root, info disclosure
SHA-256 | 9f06ef12f388247b4f5396e78958861f0d2d299cd6eda363dcfb33d724706997
Ubuntu Security Notice USN-1482-3
Posted Aug 17, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1482-3 - USN-1482-1 fixed vulnerabilities in ClamAV. The updated package could fail to properly scan files in some situations. This update fixes the problem. It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a specially-crafted TAR file containing malware that could escape being detected. It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a specially-crafted CHM file containing malware that could escape being detected. Various other issues were also addressed.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-1459, CVE-2012-1458
SHA-256 | f6eafdf05eddc06cc3f5e1210fb3edc481985bad585d980219e95024ddabd0ae
xt:Commerce 3.04 SP2.1 Blind SQL Injection
Posted Aug 16, 2012
Authored by Ralf Zimmermann

xt:Commerce versions 3.04 SP2.1 and below suffer from a time based blind SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | c6fc4e326622c64cb56eb75837b4e870d1054eaba686f9a23662aa1511bf887e
Drupal Hotblocks 6.x Cross Site Scripting
Posted Aug 15, 2012
Authored by Justin C. Klein Keane

Drupal version 6.22 with Hotblocks 6.x suffers from cross site scripting and denial of service vulnerabilities. Proof of concept information included.

tags | exploit, denial of service, vulnerability, xss, proof of concept
SHA-256 | 17fd7caf06fdac8c5a9e14bc764b6c00c9303d84f1395974dc92767ed9a8a7f2
Drupal Custom Publishing Options 6.x XSS
Posted Aug 15, 2012
Authored by Justin C. Klein Keane

Drupal version 6.22 with Custom Publishing Options version 6.x-1.4 suffers from a cross site scripting vulnerability. Proof of concept information included.

tags | exploit, xss, proof of concept
SHA-256 | 48dd91f8b89ca979ca8e11af83723a4ee087f9e15fcaa581b8d6f6470708cf67
Mandriva Linux Security Advisory 2012-132
Posted Aug 15, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-132 - Multiple cross-site request forgery and cross-site scripting flaws has been found and corrected in GLPI. This advisory provides the latest version of GLPI which are not vulnerable to these issues. Additionally the latest versions of the corresponding plugins are also being provided.

tags | advisory, xss, csrf
systems | linux, mandriva
advisories | CVE-2012-4002, CVE-2012-4003
SHA-256 | 278fcab2d1ab2e4d4ef8819f221aff25448777d5df0d2fe452abe0b3a7049fea
ZeroNights 2012 Call For Papers
Posted Aug 15, 2012
Authored by ZeroNights CFP | Site zeronights.org

The ZeroNights 2012 Call For Papers has been announced. It will be held in Moscow, Russia November 19th through the 20th, 2012.

tags | paper, conference
SHA-256 | edba79f5df7aeaf759abda55a8568cb43e0427755b1fe12827b65931c2dd9375
Debian Security Advisory 2530-1
Posted Aug 15, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2530-1 - Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access.

tags | advisory, shell
systems | linux, debian
advisories | CVE-2012-3478
SHA-256 | 0d9bc3525aeb950d987b4c43ac3fdffeb95324914c2925e4c0a684a30e340450
Red Hat Security Advisory 2012-1173-01
Posted Aug 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1173-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-18, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.238.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2012-1535
SHA-256 | c10d85f5137cb075e49ec0b6380b902d41df64cf1042cece8b3a15b524552b6a
Technical Cyber Security Alert 2012-227A
Posted Aug 15, 2012
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2012-227A - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

tags | advisory, vulnerability
SHA-256 | f958461db70406ee608b92e86c5778602a68ddda74e3f148b3396ee851c6cd7c
Debian Security Advisory 2529-1
Posted Aug 15, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2529-1 - Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework.

tags | advisory, web, vulnerability, python
systems | linux, debian
advisories | CVE-2012-3442, CVE-2012-3443, CVE-2012-3444
SHA-256 | e72295d670e7e8b3f6c6c48e0ae95f800f20359a421a53e4c43f767c101a0216
Windows Service Trusted Path Privilege Escalation
Posted Aug 15, 2012
Authored by sinn3r | Site metasploit.com

This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths: C:\program.exe, and C:\program files\hello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some softwares such as OpenVPN 2.1.1, or OpenSSH Server 5, etc... all have the same problem.

tags | exploit
systems | windows
SHA-256 | 13ee2928c651d3a5639e180e5f2cafa4d077977aeeeb2da9a34de919ec969a8e
globalSCAPE CuteZIP Stack Buffer Overflow
Posted Aug 15, 2012
Authored by C4SS!0 G0M3S, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in version 2.1 of CuteZIP. In order for the command to be executed, an attacker must convince the target user to open a specially crafted zip file with CuteZIP. By doing so, an attacker can execute arbitrary code as the target user.

tags | exploit, overflow, arbitrary
SHA-256 | 0eb1f8858ec5246ac33385d821777542b928e2d0bb98e4789b086a62b732d909
HP Security Bulletin HPSBUX02805 SSRT100919
Posted Aug 15, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02805 SSRT100919 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2012-0508, CVE-2012-0551, CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1718, CVE-2012-1719, CVE-2012-1720, CVE-2012-1721, CVE-2012-1722, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725, CVE-2012-1726
SHA-256 | 849562f0237617b7508b5218fea45645aedcf54cee94899fb36a71e7fbb6f633
HP Security Bulletin HPSBMU02803 SSRT100926
Posted Aug 15, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02803 SSRT100926 - A potential security vulnerability has been identified with HP Service Manager and HP Service Center Web Tier. The vulnerability could be remotely exploited resulting in cross site scripting (XSS). Revision 1 of this advisory.

tags | advisory, web, xss
advisories | CVE-2012-3251
SHA-256 | 5f967abf36b11a1450d1bdc34b2e2587d19f67465191db23eaa1aed4ed25dbfe
Microsoft Security Bulletin Re-Release For August, 2012
Posted Aug 15, 2012
Site microsoft.com

This bulletin summary lists a re-released Microsoft security bulletin for August, 2012.

tags | advisory
SHA-256 | 1de350bb2520b75dfa3ec3bc239ded133ecd09b6c1f6410fc4e873262d1a6427
Microsoft Security Bulletin Summary For August 2012
Posted Aug 15, 2012
Site microsoft.com

This bulletin summary lists 9 released Microsoft security bulletins for August, 2012.

tags | advisory
SHA-256 | 1cd148fc9498f008662f4f946c98e9a7eed901cb0eb7aa4b7f0871457c406b3d
Page 2 of 4
Back1234Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close