what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

Hard-coded, system-level credentials exist on the Ruckus IoT Controller OVA image, and are exposed to attackers who mount the filesystem.

tags | exploit
advisories | CVE-2021-33218
SHA-256 | df1716ceee1afc4991054f7d3e009a901d7b28289e89a2bebb461c0a64b3b1d9

Related Files

ICS-CERT Advisory - Tridium Niagara Issues
Posted Aug 17, 2012
Authored by ICS-CERT | Site ics-cert.org

ICS-CERT Advisory ICSA-12-228-01 - Independent security researchers Billy Rios and Terry McCorkle have identified multiple vulnerabilities in the Tridium Niagara AX Framework software. The vulnerabilities include directory traversal, weak credential storage, session cookie weaknesses, and predictable session IDs, all of which can be exploited remotely. All known versions of the Tridium Niagara AX Framework software products are susceptible to these vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2012-4027, CVE-2012-4028, CVE-2012-3025, CVE-2012-3024
SHA-256 | a321597efe4a62df5a3a2266cf1f16eb392c55adffe8c8fa35b7747b79ea649b
Secunia Security Advisory 50274
Posted Aug 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Justin C. Klein Keane has reported two vulnerabilities in the HotBlocks module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | fd66d289c29962cfb58bf6dff524d5a580cb93c94046532983e4247cd4e04963
Secunia Security Advisory 50256
Posted Aug 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Justin C. Klein Keane has reported a vulnerability in the Custom Publishing Options module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | cc35b5266f1d0b8ceb2030857739c796b62542e3b08fdf9ae6beacedabc27687
Red Hat Security Advisory 2012-1169-01
Posted Aug 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1169-01 - Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. Condor installations that rely solely upon host-based authentication were vulnerable to an attacker who controls an IP, its reverse-DNS entry and has knowledge of a target site's security configuration. With this control and knowledge, the attacker could bypass the target site's host-based authentication and be authorized to perform privileged actions. Condor deployments using host-based authentication that contain no hostnames or use authentication stronger than host-based are not vulnerable.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-3416
SHA-256 | 7d5b013b987ff091dd7a23fc5f576eb318a9b088700f78e918b6ba97b41e66c5
Red Hat Security Advisory 2012-1168-01
Posted Aug 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1168-01 - Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. Condor installations that rely solely upon host-based authentication were vulnerable to an attacker who controls an IP, its reverse-DNS entry and has knowledge of a target site's security configuration. With this control and knowledge, the attacker could bypass the target site's host-based authentication and be authorized to perform privileged actions. Condor deployments using host-based authentication that contain no hostnames or use authentication stronger than host-based are not vulnerable.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-3416
SHA-256 | d2ced5174e3b3e5aa23d5bb70fe45a1a71a1a33cadc9611bc0fa7bc2e78e8c66
Secunia Security Advisory 50027
Posted Jul 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Justin C. Klein Keane has discovered two vulnerabilities in Transmission, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | 4b6d6aee454fd0db779a266bd84d34add725b93908d2d349708b61274a626faf
Secunia Security Advisory 49515
Posted Jun 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Vulnerability Laboratory Research has discovered a vulnerability in Nuked-Klan, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 3511e3ab44e9f2e57f3aba27d77da69c91e4cbae9bd2f5c725c60cc699783481
Nuked Klan SP CMS 4.5 SQL Injection
Posted Jun 14, 2012
Authored by Karim H.B., Vulnerability Laboratory | Site vulnerability-lab.com

Nuked Klan SP CMS version 4.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ebe08aea613afd901a49b1426f4352b085f990ac993f702cda6d8c06256333e2
WordPress Auctions 2.0.1.3 Shell Upload
Posted Jun 12, 2012
Authored by Sammy FORGIT

WordPress Auctions plugin version 2.0.1.3 suffers from a remote shell upload vulnerability. The author of the plugin has quickly released version 2.0.2 to address this issue.

tags | exploit, remote, shell
SHA-256 | b07e476f45e0bbb516965528fe2a38f2945dbc825a2edd80cf86ae1c4e8f55fc
Booklight SQL Injection
Posted Apr 30, 2012
Authored by BHG Security Center, Nitrojen90

Booklight suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bbe921d900d3b3d205aab38fe306d0b1d296ce3a918bdf180fcea22c22d6ab60
LANDesk Lenovo ThinkManagement Console Remote Command Execution
Posted Apr 10, 2012
Authored by Andrea Micalizzi, juan vazquez | Site metasploit.com

This Metasploit module can be used to execute a payload on LANDesk Lenovo ThinkManagement Suite 9.0.2 and 9.0.3. The payload is uploaded as an ASP script by sending a specially crafted SOAP request to "/landesk/managementsuite/core/core.anonymous/ServerSetup.asmx" , via a "RunAMTCommand" operation with the command '-PutUpdateFileCore' as the argument. After execution, the ASP script with the payload is deleted by sending another specially crafted SOAP request to "WSVulnerabilityCore/VulCore.asmx" via a "SetTaskLogByFile" operation.

tags | exploit, asp
advisories | CVE-2012-1195, CVE-2012-1196, OSVDB-79276, OSVDB-79277
SHA-256 | 0f339f9c1af48dbfe9bfacaefebfc2b71162b36ed475e3bea07c0a38fda09f1b
Geeklog 1.8.1 SQL Injection
Posted Mar 25, 2012
Authored by HELLBOY

Geeklog version 1.8.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9be3e7153df67b33b254726a14a901951aaaba4751f8049fd80f5b1eb6da025f
Secunia Security Advisory 48425
Posted Mar 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - AppSec has reported a vulnerability in Blacklist for Android, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 37f498485bee7f9284db3fe4c60d5aa5715a8ae37320b41668ab694a8a3d3e64
Secunia Security Advisory 45758
Posted Mar 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Krystian Kloskowski has discovered a vulnerability in Safari, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | c54e4da1e7b08f80587bc88bc5632578b833387b8956ebb1ab8b0c2c2de06083
Secunia Security Advisory 44976
Posted Mar 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Krystian Kloskowski has discovered a vulnerability in Apple Safari, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | apple
SHA-256 | 6a150a968fd0a0510ccc64271206ee5d25166b732b95563ce275250c40cb6ebd
Simple Fuzzing Utility 0.7.0
Posted Mar 4, 2012
Authored by aaron conole | Site aconole.brad-x.com

Simple Fuzz is a simple fuzzer. It has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences. It is built to fill a need - the need for a quickly configurable black box testing utility that does not require intimate knowledge of the inner workings of C or require specialized software rigs. The aim is to just provide a simple interface, clear inputs/outputs, and reusability.

Changes: Fixed a long standing bug in the memory block replacement code. Added the ability to fuzz via blocks (ala spike/sulley fuzz frameworks). Added the ability to trap crashes via a harness program.
tags | fuzzer
SHA-256 | a65bb4d048c713dd9ecc4b42b98cc124516fd5c1df19deddfc664476aad7caac
AdSuck DNS Server 2.4.2
Posted Feb 14, 2012
Authored by Marco Peereboom | Site peereboom.us

Adsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers, etc. It can be used locally, for the road warrior, or on the network perimeter in order to protect local machines from malicious sites.

Changes: This release updates all hosts files (the previous hosts.yoyo was in the wrong format). It adds install targets to makefiles.
tags | tool, local, spoof
systems | linux, unix
SHA-256 | 595f7b9ab3b055170bcdfc0cee03c49f559cde4e2a3910de1d8daf1161cee3f0
Kloxo LxCenter CP 6.1.10 Cross Site Scripting
Posted Feb 13, 2012
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

Kloxo LxCenter CP version 6.1.10 suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 514411be575c95c1a05c3894ceca60cd98fce1d8c98e02d9fdfe26c5eaf760f7
Kloxo LxCenter Server CP 6.1.10 Cross Site Scripting
Posted Feb 11, 2012
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

Kloxo LxCenter Server CP version 6.1.10 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | a33d451cb7193212b19f52ef71ea0a69584fc6f9bc06e942ff9162339e22559c
Mandriva Linux Security Advisory 2012-014
Posted Feb 7, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-014 - The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request. This advisory provides the latest version of GLPI which are not vulnerable to this issue. Additionally the latest versions of the corresponding plugins are also being provided.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2011-2720
SHA-256 | f4875e63cc28c3d7e1d8921a612952ad0ff1970d34cc76aaf7e34342f3c7f682
IP-Link 0.2
Posted Feb 6, 2012
Authored by Cedric Bonhomme, Jerome Hussenet | Site ip-link.wikidot.com

The goal of IP-Link is to show the relationships between different IP addresses from network traffic capture, thus quickly determining for a given address the IP address with which it communicates the most.

Changes: This version introduces the generation of Bezier curves. It is now possible to see the relations between IP and ports. The tutorial has been updated.
tags | tool
systems | unix
SHA-256 | 57b2023ef24ee6bf516d8fc98e8b2585756a54e46aa0be40ef0bff566c6fe2b0
Secunia Security Advisory 47583
Posted Jan 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in MarkLogic Server, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 79894a3e7fc295a62a29eebeccb5c93cddf244aae1790747e86de5395336ef20
AdSuck DNS Server 2.4.1
Posted Jan 11, 2012
Authored by Marco Peereboom | Site peereboom.us

adsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers, etc. It can be used locally, for the road warrior, or on the network perimeter in order to protect local machines from malicious sites.

Changes: This release updates hosts files. It has switched to git from cvs. It add additional stats. It fixes the dhclient script for OpenBSD where sometimes resolv.conf did not get updated.
tags | tool, local, spoof
systems | unix
SHA-256 | 494f4e31c23b6682f4df4b2146cd8a5076c09846f4b6e8d2192681d2bcac7ce9
Red Hat Security Advisory 2011-1806-01
Posted Dec 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1806-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Web Platform 5.1.2 release serves as a replacement for JBoss Enterprise Web Platform 5.1.1. This update includes bug fixes and enhancements. JBoss Enterprise Web Platform is a subset of JBoss Enterprise Application Platform. Users are directed to the JBoss Enterprise Application Platform 5.1.2 Release Notes for information on the most significant of these changes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2011-4314
SHA-256 | 5ca01c329904623d5e6111a68d50e428968b80fc0f8c56147b0a944df451d761
Red Hat Security Advisory 2011-1804-01
Posted Dec 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1804-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Web Platform 5.1.2 release for Red Hat Enterprise Linux 4 serves as a replacement for JBoss Enterprise Web Platform 5.1.1. These updated packages include bug fixes and enhancements. JBoss Enterprise Web Platform is a subset of JBoss Enterprise Application Platform. Users are directed to the JBoss Enterprise Application Platform 5.1.2 Release Notes for information on the most significant of these changes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2011-4314
SHA-256 | 54d07d561f5eabfe6ad950776b8c4f7c99712d1935a323e9cf80816afadac3d8
Page 1 of 4
Back1234Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close