exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed

Files

mod_ntlm.txt
Posted Apr 21, 2003
Authored by Matthew Murphy

mod_ntlm is the Apache module for versions 1.3 and 2.0 which gives Apache the ability to authenticate users via the NTLM authentication technology that is largely specific to Microsoft IIS. The log() function contains two remotely exploitable vulnerabilities. Both a heap overflow and an incorrect call to ap_log_rerror() allow for arbitrary code execution.

tags | exploit, overflow, arbitrary, vulnerability, code execution
SHA-256 | 802cd05c619e98126a7d5192a17c55f423eeb343fb55248fd94b28417e566c3d

Related Files

Novell ZENworks Asset Management Remote Execution
Posted Aug 14, 2012
Authored by juan vazquez | Site metasploit.com

This Metasploit module exploits a path traversal flaw in Novell ZENworks Asset Management 7.5. By exploiting the CatchFileServlet, an attacker can upload a malicious file outside of the MalibuUploadDirectory and then make a secondary request that allows for arbitrary code execution.

tags | exploit, arbitrary, code execution
advisories | CVE-2011-2653, OSVDB-77583
SHA-256 | 0b8fb5d16df4fc969d43e3061660de06ffdf0cfc0581883a9f80e8a04b40a600
Entropy Broker RNG 1.0.1
Posted Aug 14, 2012
Authored by Folkert van Heusden | Site vanheusden.com

Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.

Changes: This is an important bugfix release. This version replaces the ivec initializer code with something more sensible.
tags | encryption
systems | linux
SHA-256 | e505291a3ada9f1ba3928113fa70f9f79bfc771b2fe8e20560d612d5c64beb5b
Mandriva Linux Security Advisory 2012-131
Posted Aug 14, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-131 - Just Ferguson discovered that libotr, an off-the-record messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code. The updated packages have been patched to correct this issue.

tags | advisory, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2012-3461
SHA-256 | d2dfc5f2426fd1d0773603a84cfba004ef4a99ccaa10eaee9b7fdd6c41ecb855
nullcon Goa 2013 Call For Papers
Posted Aug 14, 2012
Site nullcon.net

The Call For Papers for nullcon Goa 2013 is now open. It's the time of the year when they welcome research done by the community as paper submissions for nullcon. So, sip your coffee, dust your debuggers, fire your tools, challenge your grey cells and shoot them an email.

tags | paper, conference
SHA-256 | 1a6082463e38b8465a0cf348d013c75a5c1276abd719ab4e2d1aec4ffee01c92
Mandriva Linux Security Advisory 2012-130
Posted Aug 14, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-130 - slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-1164
SHA-256 | 15e682bf17192a767c067672be6251b9e0fad5a2b5601ea063b950e8a67a46ae
Red Hat Security Advisory 2012-1166-01
Posted Aug 14, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1166-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0035 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.

tags | advisory, remote, web, root, protocol
systems | linux, redhat
advisories | CVE-2012-1154
SHA-256 | f780b0c2beb4f13cd5fd92b554dd4ba5fbcdbbc13f13e931837e863861773d32
Red Hat Security Advisory 2012-1165-01
Posted Aug 14, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1165-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.3.0. It includes various bug fixes. The following security issue is also fixed with this release: It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.

tags | advisory, remote, arbitrary, code execution, csrf
systems | linux, redhat
advisories | CVE-2011-2908
SHA-256 | 60f263a40e9847b3704eea8775ecc38544cbf434846d76a7dc6b54f11d8bced7
Debian Security Advisory 2526-1
Posted Aug 13, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2526-1 - Just Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2012-3461
SHA-256 | 7c01fb86e171c48aa3e6e49b606b9a1e9e94d6901619b80a625f9b7c0c78d71d
Ubuntu Security Notice USN-1530-1
Posted Aug 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1530-1 - Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4131, CVE-2012-2123, CVE-2012-2136, CVE-2012-2313, CVE-2012-2319, CVE-2012-2372, CVE-2012-2375, CVE-2011-4131, CVE-2012-2123, CVE-2012-2136, CVE-2012-2313, CVE-2012-2319, CVE-2012-2372, CVE-2012-2375
SHA-256 | 1182d44ab2f37a093d4b3adc952b3b7cbf5002be8d366863ba89dea8ab42ea57
Viscosity OpenVPN OS X Local Root
Posted Aug 13, 2012
Authored by zx2c4

Viscosity OpenVPN client for Mac OS X suffers from a local root command execution vulnerability due to a suid binary executing site.py.

tags | exploit, local, root
systems | apple, osx
SHA-256 | bbed2f8bef6e98f9f906db21866f9556901fd2af1233ad2af5fa7f69e3f8af21
Passwords^12 Call For Presentations
Posted Aug 13, 2012
Authored by Per Thorsheim

The Passwords^12 Call For Presentations has been announced. It will be held at the University of Oslo (Norway) December 3rd through the 5th, 2012.

tags | paper, conference
SHA-256 | b22177219b2df9e74a0cd122fe1ebfc286c7578564e0f26ab3dbfd71aab4ac78
IBM WebSphere MQ File Transfer Edition Web Gateway CSRF
Posted Aug 13, 2012
Authored by Nir Valtman

IBM WebSphere MQ File Transfer Edition Web Gateway suffers from a cross site request forgery vulnerability.

tags | exploit, web, csrf
advisories | CVE-2012-3294
SHA-256 | 06b2bda21b62241e495908f7f89cca912345a066fc02b98fb7be62e23b3b7da5
Secunia Security Advisory 50262
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
SHA-256 | 809644f0f830b68f9237de0ad03ab3dd5c1b4a989c954f365fc500269850a12b
Secunia Security Advisory 50160
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for rubygem-actionpack/activerecord. This fixes two vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
systems | linux, suse
SHA-256 | 4d86cc764da7edf3e8042b1cd70cf0c7242a758af6117463f97e8f7085b27d85
Secunia Security Advisory 50250
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes some vulnerabilities which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to cause a DoS.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
SHA-256 | f1ecf41c6e2a847d0b70345e8fd3da28decef182067a5178dcd6b429813c192c
Secunia Security Advisory 50224
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
SHA-256 | 6af15fb98af354fc3e404a4195657b05bf45218a61824d8f729ec3d3d1a3c8d7
Secunia Security Advisory 50258
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for icedtea-web. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the plugin.

tags | advisory, web, vulnerability
systems | linux, suse
SHA-256 | d2498827fbc60ac4f93763aa590a4f48b39ae08094bcfc93dd5231c7f75f3820
Secunia Security Advisory 50187
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
SHA-256 | 8a431d96a802cf2068b2c58962a1b6878d1e98db5081bc2f73eba64cc8eac542
Secunia Security Advisory 50217
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Mz-jajak plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | ce183014f7a7034ef08b820c44de5dba4b085aa24a0e0ecc694575a83631fcac
Secunia Security Advisory 50225
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in IBM WebSphere MQ, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site request forgery attacks.

tags | advisory, vulnerability, csrf
SHA-256 | f04a10eafc782080142278ddd413b42a576d3f2c5c03228d74d84e8850bf0da6
Secunia Security Advisory 50242
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to potentially compromise a vulnerable system.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
SHA-256 | d020c513596d0ba89d8483ab21957f60a887308cc990e153ab278cfd7d9603e5
Tunnel Blick Race Condition Local Root
Posted Aug 12, 2012
Authored by zx2c4

Tunnel Blick suffers from a race condition that allows for local root execution.

tags | exploit, local, root
SHA-256 | c1a060ee41fd2155da5b10c23e65df5727224db3293427daaed6fb1e2ec03027
Tunnel Blick Local Root Exploit Version 2
Posted Aug 11, 2012
Authored by zx2c4

Pwnnel-Blicker is a second local root exploit for Tunnel Blick OS X OpenVPN manager.

tags | exploit, local, root
systems | apple, osx
SHA-256 | 469187a05e24af6ff54301dc1ce224c0d812f436efa24c7f9245c5385e416fb9
Mandriva Linux Security Advisory 2012-129-1
Posted Aug 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-129 - The decompress function in ncompress allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted. Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory. The updated packages have been patched to correct these issues. The wrong set of packages was sent out with the MDVSA-2012:129 advisory that lacked the fix for CVE-2006-1168. This advisory provides the correct packages.

tags | advisory, remote, denial of service, arbitrary, shell, code execution
systems | linux, mandriva
advisories | CVE-2006-1168, CVE-2011-2716
SHA-256 | c7875eb533c9d6beb3425c1a97fe6ed841b9a1c6086b68f13fd555c85ebb7760
Mandriva Linux Security Advisory 2012-129
Posted Aug 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-129 - The decompress function in ncompress allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted. Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, arbitrary, shell, code execution
systems | linux, mandriva
advisories | CVE-2006-1168, CVE-2011-2716
SHA-256 | 741a2545d765d1e9854cdcbf178dc20b6ca0f8fc1357ad76b6a268fa5cadabc4
Page 4 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close