Online Shopping System Advanced version 1.0 suffers from multiple remote SQL injection vulnerabilities.
414cc67f4209b57356f9ca16624a2e64af6e26d684e648648322df2fd6099299
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
ddcc7890a394d8154120a163c90b11119a0322b62d937ad1a3a14ef3fe6cf74e
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
1a7ed98015df32e7412caf37391105af25a9dc66a0e357a1c92ccd5a9f180298
Advanced MP3 Player Infusion version 2.01 suffers from a remote shell upload vulnerability.
0d53259e616b4161775a0b9272f7b7ef1d1569e48797e4a3ba27a9c8136edeff
Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Advanced MP3 Player module for PHP-Fusion, which can be exploited by malicious people to compromise a vulnerable system.
e3872883589e948f5ab26057b52953a554ab7a2a836bb9741a27a3301a8003d6
Secunia Security Advisory - A vulnerability has been reported in WebEx Advanced Recording Format Player, which can be exploited by malicious people to compromise a user's system.
2ffdb1b79f6350a6b1c59f73fc4db5995a244069b27644ae7fa8ed71ce83bd10
Cisco Security Advisory - The Cisco WebEx Recording Format (WRF) player contains four buffer overflow vulnerabilities and the Cisco Advanced Recording Format (ARF) player contains one buffer overflow vulnerability. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. Cisco has updated affected versions of the WebEx meeting sites and WRF and ARF players to address these vulnerabilities.
49478116b2c8fce99cb338023910fed9c83a1ea261b069618c93a071ffc72472
Red Hat Security Advisory 2012-1037-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources.
43dd84d900e99c3f1b88175c8d6cb0d767071c6eb772b1ec31adf8ed1f003585
Red Hat Security Advisory 2012-1036-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources.
91db521987a8f25ecabb7834e60cc56577345d64eb97ff886fb0176153721100
Advanced Admin Page Finder searches a site for over 800 possible administrative interfaces. Written in Python.
579b03498bcce05149a5c42de2dd6d0b6c95d1437440609f8d48da616759e034
This Metasploit module can be used to execute arbitrary commands on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service using VbBusObj or AdvancedDataFactory to inject shell commands into Microsoft Access databases (MDBs), MSSQL databases and ODBC/JET Data Source Name (DSN). Based on the msadcs.pl v2 exploit by Rain.Forest.Puppy, which was actively used in the wild in the late Ninties. MDAC versions affected include MDAC 1.5, 2.0, 2.0 SDK, 2.1 and systems with the MDAC Sample Pages for RDS installed, and NT4 Servers with the NT Option Pack installed or upgraded 2000 systems often running IIS3/4/5 however some vulnerable installations can still be found on newer Windows operating systems. Note that newer releases of msadcs.dll can still be abused however by default remote connections to the RDS is denied. Consider using VERBOSE if you're unable to successfully execute a command, as the error messages are detailed and useful for debugging. Also set NAME to obtain the remote hostname, and METHOD to use the alternative VbBusObj technique.
382234f494b3e6be1ceaa9dc39e8b06bf8faad703997a8f0eec9259b5d187113
MyBB version 1.6.8 with AdvancedProfile version 3.1 suffers from a remote SQL injection vulnerability.
01e778b0a02d17d71a5dd3bb617a7f133b48d0e905266433e04f2d1924c4abd3
The purpose of this paper is to make the reader aware of various Hash Cracking Techniques ranging from Basic to Advanced. The intended audience for this paper is those who have a basic understanding of hash cracking and password hashing algorithms.
6c41eb42dce76b95d64a452addb5a968a83f179dde367f0854ad7f166b86b909
This is a presentation called Uncovering ZeroDays and Advanced Fuzzing. It has one PDF of the presentation and one of the full script used during the presentation. This was presented at AthCon 2012.
ed4e76db85a1968d96d0b168a230dcf62722f0fc8e23574007b3bcc95e50099c
Red Hat Security Advisory 2012-0677-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. CREATE TRIGGER did not do a permissions check on the trigger function to be called. This could possibly allow an authenticated database user to call a privileged trigger function on data of their choosing.
99eb758e26ad01db7e3e088f497dd8ec98005e8f4fdef7cb43e51787e609733a
Red Hat Security Advisory 2012-0678-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. When configured to do SSL certificate verification, PostgreSQL only checked the first 31 characters of the certificate's Common Name field. Depending on the configuration, this could allow an attacker to impersonate a server or a client using a certificate from a trusted Certificate Authority issued for a different name.
a11a5493acd610cf7f4bfdc27b2eba1d9d44ea753011012d38733b38292f077e
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
62dd46bdfa66e997cd07479c448ce5a5cb3748cb495d58074a7a737dbbe93fc4
oclHashcat+ Advanced GPU hash cracking utility that includes the World's fastest md5crypt and phpass crackers and has the first GPGPU-based rule engine. Focuses on highly iterated modern hashes, single dictionary-based attacks, and more. 32-bit version.
619a15cfcb80ab0c595c05dd9771cef8edb986716110df6007e589fb9313db05
oclHashcat+ Advanced GPU hash cracking utility that includes the World's fastest md5crypt and phpass crackers and has the first GPGPU-based rule engine. Focuses on highly iterated modern hashes, single dictionary-based attacks, and more. 64-bit version.
216e918ae767ffdc89f9582d7d8b22672195a20158c9d05a9d674edb52ea5325
Multiple PacketVideo products contain a directory traversal vulnerability within the web server that is running on port 9000. These products are vulnerable to the attack regardless of having configured the "Secured Server Settings" which are available on the Advanced configuration page. Susceptible products include the Twonky 7.0 Special and the TwonkyManager 3.0.
d7cc75961c0a51603edd705eddc5a0af411e1503f0174c5d5cefe48addcd4c14
Advanced POWER Web Hosting suffers from a cross site request forgery vulnerability.
c2814e0ca3386e21b6c433e84d1548e7642966e71437848547b00d76a505fff5
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
8ab2371ba0c70cd010f0736839a0737dec95b197325b98505c1c69dd55e6964f
trixd00r is an advanced and invisible userland backdoor based on TCP/IP for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP. The client is used to send magic packets to trigger the server and get a shell.
a0eed62b5c320cfd39c32774d90d6628aacc7c98a02dc18bb3533d4641887a47
Secunia Security Advisory - Multiple vulnerabilities have been reported in GForge Advanced Server, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting and SQL injection attacks.
2b44a31e171a7620018a6de3001643d1fb91e9dba5b7af909e636526f0e557f5
Secunia Security Advisory - Sony has discovered multiple vulnerabilities in GForge Community Edition and Advanced Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
66c0191881ce3cb472b05864f7e2874cb3be231ecd421bcf18faab16858f0139