exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

School Dormitory Management 1.0 SQL Injection
Posted May 9, 2022
Authored by nu11secur1ty

School Dormitory Management version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d5de6e90441b347a90dcfbbe5aa109c73945042d00234b05626402f8ca6fabd9

Related Files

Secunia Security Advisory 50241
Posted Aug 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM Hardware Management Console (HMC) and IBM Systems Director Management Console (SDMC), which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
SHA-256 | ad291daf2f590e8e133fc0ae3133eb5a7bee2aea4dfa2c0a92ce907b62295500
Ubuntu Security Notice USN-1539-1
Posted Aug 15, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1539-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400, CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400
SHA-256 | 5f1ac3455cca303b5f6aca689847449cc9dd5b0bb1082518a0a561ff16855b85
Red Hat Security Advisory 2012-1169-01
Posted Aug 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1169-01 - Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. Condor installations that rely solely upon host-based authentication were vulnerable to an attacker who controls an IP, its reverse-DNS entry and has knowledge of a target site's security configuration. With this control and knowledge, the attacker could bypass the target site's host-based authentication and be authorized to perform privileged actions. Condor deployments using host-based authentication that contain no hostnames or use authentication stronger than host-based are not vulnerable.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-3416
SHA-256 | 7d5b013b987ff091dd7a23fc5f576eb318a9b088700f78e918b6ba97b41e66c5
Red Hat Security Advisory 2012-1168-01
Posted Aug 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1168-01 - Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. Condor installations that rely solely upon host-based authentication were vulnerable to an attacker who controls an IP, its reverse-DNS entry and has knowledge of a target site's security configuration. With this control and knowledge, the attacker could bypass the target site's host-based authentication and be authorized to perform privileged actions. Condor deployments using host-based authentication that contain no hostnames or use authentication stronger than host-based are not vulnerable.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-3416
SHA-256 | d2ced5174e3b3e5aa23d5bb70fe45a1a71a1a33cadc9611bc0fa7bc2e78e8c66
Novell ZENworks Asset Management Remote Execution
Posted Aug 14, 2012
Authored by juan vazquez | Site metasploit.com

This Metasploit module exploits a path traversal flaw in Novell ZENworks Asset Management 7.5. By exploiting the CatchFileServlet, an attacker can upload a malicious file outside of the MalibuUploadDirectory and then make a secondary request that allows for arbitrary code execution.

tags | exploit, arbitrary, code execution
advisories | CVE-2011-2653, OSVDB-77583
SHA-256 | 0b8fb5d16df4fc969d43e3061660de06ffdf0cfc0581883a9f80e8a04b40a600
Red Hat Security Advisory 2012-1165-01
Posted Aug 14, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1165-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.3.0. It includes various bug fixes. The following security issue is also fixed with this release: It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.

tags | advisory, remote, arbitrary, code execution, csrf
systems | linux, redhat
advisories | CVE-2011-2908
SHA-256 | 60f263a40e9847b3704eea8775ecc38544cbf434846d76a7dc6b54f11d8bced7
Ubuntu Security Notice USN-1533-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1533-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400, CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400
SHA-256 | 5082c7fb8f2daf682cfc7378525c60b86fbdff934daf85b48b38b2fb8e3e9935
Ubuntu Security Notice USN-1532-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1532-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400, CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400
SHA-256 | d3bc5635bb481cc6a0e193e3e7c9e9b74aef3286e675b23aa6d47538518c4356
School Management System 1.0 Password / Backup Disclosure
Posted Aug 9, 2012
Authored by L0n3ly-H34rT

School Management System version 1.0 suffers from credential and backup disclosure vulnerabilities.

tags | exploit, vulnerability, sql injection
SHA-256 | dcd6e7efec0c1c07843a6cda9e11b3a70482acc597fbec31ecdb5d6efaede187
Secunia Security Advisory 50163
Posted Aug 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Hitachi JP1/Integrated Management, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | e1e4fd2b43a7f2ebe7f350917caab52ef7de2545adaef3ac7e021acc73dcf864
Oracle BTM 12.1.0.2.7 Remote File Deletion
Posted Aug 7, 2012
Authored by rgod | Site retrogod.altervista.org

Oracle Business Transaction Management Server version 12.1.0.2.7 suffers from a FlashTunnelService remote file deletion vulnerability.

tags | exploit, remote
SHA-256 | 311f91db815c5072aac47198136e9ee10f620d76d370e8cac2b356c864e2ee5e
Oracle BTM Server 12.1.0.2.7 Remote Code Execution
Posted Aug 7, 2012
Authored by rgod | Site retrogod.altervista.org

Oracle Business Transaction Management Server version 12.1.0.2.7 suffers from a remote code execution vulnerability in the FlashTunnelService WriteToFile message. Proof of concept included.

tags | exploit, remote, code execution, proof of concept
SHA-256 | acb8d1760f5f38380a8cfd44a94ad8e001b2abf766fc39b9cc5f2f92f8d61758
Secunia Security Advisory 50166
Posted Aug 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in the WP Lead Management plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | 621e4d11e8f52beb3c8001b1ec8daf4dad03ba1d03e991be2502975091df60c9
Microsoft Office SharePoint Server 2007 Remote Code Execution
Posted Jul 30, 2012
Authored by James Burton, juan, Oleksandr Mirosh | Site metasploit.com

This Metasploit module exploits a vulnerability found in SharePoint Server 2007 SP2. The software contains a directory traversal, that allows a remote attacker to write arbitrary files to the filesystem, sending a specially crafted SOAP ConvertFile request to the Office Document Conversions Launcher Service, which results in code execution under the context of 'SYSTEM'. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of SharePoint on Windows 2003 Servers. It has been successfully tested on Office SharePoint Server 2007 SP2 over Windows 2003 SP2.

tags | exploit, remote, arbitrary, code execution
systems | windows
advisories | CVE-2010-3964, OSVDB-69817
SHA-256 | 7ad8e7d26bc7d8213c68e74fdb77fb2a0f223d16965a4e6425e8d2f9797435cd
Novell ZENworks Configuration Management Preboot Service 0x4c Buffer Overflow
Posted Jul 19, 2012
Authored by Luigi Auriemma, juan | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x4c (PROXY_CMD_PREBOOT_TASK_INFO2) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 / SP3 and Windows Server 2003 SP2 (DEP bypass).

tags | exploit, remote, overflow, tcp
systems | windows
advisories | CVE-2011-3176, OSVDB-80231
SHA-256 | eb8d23c0d1251c7dcb0480044c6de8f7f8d9c2d7e8de5b4a78afffe09b659c78
Novell ZENworks Configuration Management Preboot Service 0x6c Buffer Overflow
Posted Jul 19, 2012
Authored by Luigi Auriemma, juan | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x6c (PROXY_CMD_GET_NEXT_STEP) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 / SP3 and Windows Server 2003 SP2 (DEP bypass).

tags | exploit, remote, overflow, tcp
systems | windows
advisories | CVE-2011-3175, OSVDB-80231
SHA-256 | 7d25707a364b6e8cc80a0819d82a572cf3f8dd0815e6c1b374eaa52379c9f479
Secunia Security Advisory 49943
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Three vulnerabilities have been reported Oracle Transportation Management, which can be exploited by malicious, local users to gain knowledge of sensitive information, malicious users to gain knowledge of sensitive information, and malicious people to manipulate certain data.

tags | advisory, local, vulnerability
SHA-256 | f48eb11ff44ba98cac0416ff2c3856f9ea90b7295fd426ee08f34832ca1115e2
Secunia Security Advisory 49950
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle PeopleSoft Enterprise Human Resource Management System (HRMS), which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.

tags | advisory, vulnerability
SHA-256 | ab608f7d66c5d5b9d7bec4dec013873d5115b23e78489b9ff5d33b1bbaa74a49
Novell ZENworks Configuration Management Preboot Service 0x06 Buffer Overflow
Posted Jul 19, 2012
Authored by Stephen Fewer, juan | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management 10 SP2. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x06 (PROXY_CMD_CLEAR_WS) to the 998/TCP port. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and Windows Server 2003 SP2 (DEP bypass).

tags | exploit, remote, overflow, tcp
systems | windows
advisories | OSVDB-65361
SHA-256 | d8e51661349a2d58c55ebba98e0aab7bf40252bcd11e9570670dbb09e98a4244
Novell ZENworks Configuration Management Preboot Service 0x21 Buffer Overflow
Posted Jul 19, 2012
Authored by Stephen Fewer, juan | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management 10 SP2. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x21 (PROXY_CMD_FTP_FILE) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and Windows Server 2003 SP2 (DEP bypass).

tags | exploit, remote, overflow, tcp
systems | windows
advisories | OSVDB-65361
SHA-256 | 10965ccc1d7f3bdfb1cdc1edf6199b5eb01250bbec68ab0ee4cf54ba20262a61
Secunia Security Advisory 49959
Posted Jul 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged a weakness and a vulnerability in IBM WebSphere ILOG JRules and IBM WebSphere Operational Decision Management, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.

tags | advisory, spoof, xss
SHA-256 | 1349af9b3db91e5412a39adcc9c736bebb7d2ae51269305b29e1312a61708e76
Debian Security Advisory 2511-1
Posted Jul 13, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2511-1 - Several security vulnerabilities have been found in Puppet, a centralized configuration management.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-3864, CVE-2012-3865, CVE-2012-3866, CVE-2012-3867
SHA-256 | e25085e2d398a35b784003943d6504c9cd06efb0e6a0fb325d9e06e7bbd9a937
AdminStudio LaunchHelp.dll ActiveX Arbitrary Code Execution
Posted Jul 9, 2012
Authored by rgod, juan | Site metasploit.com

This Metasploit module exploits a vulnerability in AdminStudio LaunchHelp.dll ActiveX control. The LaunchProcess function found in LaunchHelp.HelpLauncher.1 allows remote attackers to run arbitrary commands on the victim machine. This Metasploit module has been successfully tested with the ActiveX installed with AdminStudio 9.5, which also comes with Novell ZENworks Configuration Management 10 SP2, on IE 6 and IE 8 over Windows XP SP 3.

tags | exploit, remote, arbitrary, activex
systems | windows
advisories | CVE-2011-2657, OSVDB-76700
SHA-256 | 56cf9879c132897ee3261274e09284b0d6081bb9dd195db9cee39698cd90dbba
Red Hat Security Advisory 2012-1060-01
Posted Jul 9, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1060-01 - Cobbler is a network install server. Cobbler supports PXE, virtualized installs, and re-installing existing Linux machines. A command injection flaw was found in Cobbler's power management XML-RPC method. A remote, authenticated user who is permitted to perform Cobbler configuration changes via the Cobbler XML-RPC API, could use this flaw to execute arbitrary code with root privileges on the Red Hat Network Satellite server. Note: Red Hat Network Satellite uses a special user account to configure Cobbler. By default, only this account is permitted to perform Cobbler configuration changes, and the credentials for the account are only accessible to the Satellite host's administrator. As such, this issue only affected environments where the administrator allowed other users to make Cobbler configuration changes.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2012-2395
SHA-256 | a117798edbaaae98d35e372b2a965c0e26a3e98bfd81b95555118ca270a44f0b
Debian Security Advisory 2503-1
Posted Jun 29, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2503-1 - It was discovered that malicious clients can trick the server component of the Bcfg2 configuration management system to execute commands with root privileges.

tags | advisory, root
systems | linux, debian
advisories | CVE-2012-3366
SHA-256 | 19d7f0f9846f89668422d5fdf7058fd6f90271b7c49727c1bdde4a5772ba56a5
Page 1 of 4
Back1234Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close