all things security
Showing 1 - 25 of 100 RSS Feed

Files

JuniperNSM.txt
Posted Dec 29, 2005
Authored by David Maciejak

A Malicious user can cause a remote denial of service in Juniper NSM (NetScreen-Security Manager) by sending specially crafted and long strings to guiSrv(port 7800) and devSrv(port 7801).

tags | advisory, remote, denial of service
systems | juniper
MD5 | 680f74d21d1a351f37673fcf3805d73b

Related Files

Cyclope Employee Surveillance Solution 6 SQL Injection
Posted Aug 14, 2012
Authored by loneferret, sinn3r | Site metasploit.com

This Metasploit module exploits a SQL injection found in Cyclope Employee Surveillance Solution. Because the login script does not properly handle the user-supplied username parameter, a malicious user can manipulate the SQL query, and allows arbitrary code execution under the context of 'SYSTEM'.

tags | exploit, arbitrary, code execution, sql injection
advisories | OSVDB-84517
MD5 | 837146f8a3b99b3c8dfc3c6b60f22822
LedgerSMB 1.3 Denial Of Service
Posted Jul 31, 2012
Authored by Chris Travers

A security oversight has been discovered in LedgerSMB 1.3 which could allow a malicious user to cause a denial of service against LedgerSMB or otherwise affect the way in which certain forms of data would get entered.

tags | advisory, denial of service
MD5 | cb66e6f2346d3301da55e95082a1e4d3
EGallery PHP File Upload Vulnerability
Posted Jul 23, 2012
Authored by Sammy FORGIT, juan | Site metasploit.com

This Metasploit module exploits a vulnerability found in EGallery 1.2 By abusing the uploadify.php file, a malicious user can upload a file to the egallery/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 10.04.

tags | exploit, arbitrary, php, code execution
systems | linux, ubuntu
advisories | OSVDB-83891
MD5 | 95885aafd89fb4191f4ba1c513063adf
RSA Access Manager Session Replay
Posted Jul 4, 2012
Site emc.com

RSA Access Manager contains a vulnerability that can be potentially exploited by a malicious user to replay the session with compromised session tokens. This is due to improper invalidation of session tokens after a user logs out from a protected resource.

tags | advisory
advisories | CVE-2012-2281
MD5 | 4a936311a38cf6e3f180aeb7ac251ad3
EZHomeTech EzServer 6.4.017 Stack Buffer Overflow
Posted Jun 19, 2012
Authored by modpr0be | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the EZHomeTech EZServer. If a malicious user sends packets containing an overly long string, it may be possible to execute a payload remotely. Due to size constraints, this module uses the Egghunter technique.

tags | exploit, overflow
MD5 | 9c0e617228c2281179aad5fb2284756a
WeBid converter.php Remote PHP Code Injection
Posted May 25, 2012
Authored by EgiX, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution.

tags | exploit, arbitrary, php, code execution
advisories | OSVDB-73609
MD5 | 8dc19f398388284a81cf2ecae5005436
appRain CMF Arbitrary PHP File Upload Vulnerability
Posted May 24, 2012
Authored by EgiX, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in appRain's Content Management Framework (CMF), version 0.1.5 or less. By abusing the uploadify.php file, a malicious user can upload a file to the uploads/ directory without any authentication, which results in arbitrary code execution.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2012-1153, OSVDB-78473
MD5 | 326c66024ed2135e3da4e6dab3059464
Red Hat Security Advisory 2012-0676-01
Posted May 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0676-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way the KVM_CREATE_IRQCHIP ioctl was handled. Calling this ioctl when at least one virtual CPU already existed could lead to a NULL pointer dereference later when the VCPU is scheduled to run. A malicious user in the kvm group on the host could use this flaw to crash the host. A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user in the kvm group on the host who has the ability to assign a device to a guest could use this flaw to crash the host.

tags | advisory, kernel, memory leak
systems | linux, redhat
advisories | CVE-2012-1601, CVE-2012-2121
MD5 | 75bbd88324ddd95cff9e55be111b3594
Drupal Fivestar 6.x Input Validation
Posted Apr 12, 2012
Authored by Ezra Barnett Gildesgame | Site drupal.org

The Drupal Fivestar module version 6.x suffers from an input validation vulnerability that allows a malicious user to improperly modify voting averages.

tags | advisory
MD5 | 5f4b7e2e1b30de0ebd209fbe0c410dbb
Drupal UC PayDutchGroup / WeDeal Payment / Multisite Search Disclosure
Posted Mar 7, 2012
Authored by Justin C. Klein Keane, Rolf Meijer | Site drupal.org

UC PayDutchGroup / WeDeal payment integrates the PayDutchGroup / WeDeal payment gateway with Ubercart. The module exposes account credentials for the store's PayDutchGroup account under certain circumstances allowing a malicious user to login to the PayDutchGroup site as the store owner and manage the store owner's account. The vulnerability is mitigated by an attacker needing to gain an account with the ability to checkout of the store. Multisite Search allows you to index and search content from all sites in a Multisite configuration. The module doesn't sufficiently escape user input when constructing queries. The vulnerability is mitigated by the fact that in order to execute arbitrary sql injection malicious users must have the ability to administer multisite search.

tags | advisory, arbitrary, sql injection
MD5 | f4ba0336fff0cf8347f4d9492ceebf9d
RSA SecurID Software Token Converter Buffer Overflow
Posted Mar 7, 2012
Site emc.com

RSA SecurID Software Token Converter contains a buffer overflow vulnerability that could allow a malicious user to cause a denial of service or, possibly, execute arbitrary code on a system running the Token Converter.

tags | advisory, denial of service, overflow, arbitrary
advisories | CVE-2012-0397
MD5 | bb7d6350f47d0fbf0dc3b9ccf397f1ef
Red Hat Security Advisory 2012-0051-01
Posted Jan 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0051-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. A flaw was found in the way the KVM subsystem of a Linux kernel handled PIT IRQs when there was no virtual interrupt controller set up. A malicious user in the kvm group on the host could force this situation to occur, resulting in the host crashing.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2011-4622, CVE-2012-0029
MD5 | eb412e012fdeeec9674c1901233256b0
CA SiteMinder Cross Site Scripting
Posted Dec 9, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk in CA SiteMinder. A vulnerability exists that can allow a malicious user to execute a reflected cross site scripting (XSS) attack. CA Technologies has issued patches to address the vulnerability. The vulnerability occurs due to insufficient validation of postpreservationdata parameter input utilized in the login.fcc form. A malicious user can submit a specially crafted request to effectively hijack a victim’s browser.

tags | advisory, xss
advisories | CVE-2011-4054
MD5 | 9435d2cbd0b2a3a7c849068263dac9ff
Red Hat Security Advisory 2011-1163-01
Posted Aug 16, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1163-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update includes backported fixes for two security issues. These issues only affected users of Red Hat Enterprise Linux 5.6 Extended Update Support, as they have already been addressed for users of Red Hat Enterprise Linux 5 in the 5.7 update, RHSA-2011:1065. A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization extensions enabled.

tags | advisory, x86, kernel
systems | linux, redhat
advisories | CVE-2011-1780, CVE-2011-2525
MD5 | e1090d70f9e546a2757bc368d7ac5e78
Red Hat Security Advisory 2011-1065-01
Posted Jul 21, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1065-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization extensions enabled.

tags | advisory, x86, kernel
systems | linux, redhat
advisories | CVE-2011-1780, CVE-2011-2525, CVE-2011-2689
MD5 | e6d294254105f97ce001fb30751bc425
CA SiteMinder R6 / R12 Improper Handling
Posted Apr 21, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies support is alerting customers to a security risk associated with CA SiteMinder. A vulnerability exists that can allow a malicious user to impersonate another user. CA Technologies has issued patches to address the vulnerability. The vulnerability is due to improper handling of multi-line headers. A malicious user can send specially crafted data to impersonate another user.

tags | advisory
advisories | CVE-2011-1718
MD5 | ffd364135869f1132e22568378f1318e
iDEFENSE Security Advisory 2011-02-08.3
Posted Feb 9, 2011
Authored by iDefense Labs, Andrzej Dyjak | Site idefense.com

iDefense Security Advisory 02.08.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Shockwave Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability takes place during the processing of a malicious Adobe Director file. A malicious user could cause a memory corruption by including malformed data in a chunk. This condition may lead to arbitrary code execution. iDefense has confirmed the existence of this vulnerability in Shockwave Player version 11.5.8.612 and version 11.5.9.615 (the latest version at the time of testing). A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-01.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4187
MD5 | 9aaa729952ef328b8fa5f6f0f6eeda4b
Zero Day Initiative Advisory 11-034
Posted Feb 1, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-034 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Performance Insight Server. Authentication is not required to exploit this vulnerability. The specific vulnerability is due to a hidden account present within the com.trinagy.security.XMLUserManager Java class. Using this account a malicious user can access the com.trinagy.servlet.HelpManagerServlet class. This is defined within the piweb.jar file installed with Performance Insight. This class exposes a doPost() method which an attacker can use to upload malicious files to the server. Accessing these files can then lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, java, remote, arbitrary, code execution
advisories | CVE-2011-0276
MD5 | b871c69a9d4a486fb0d2db6ba60d7ae7
Mandriva Linux Security Advisory 2011-013
Posted Jan 20, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-013 - A flaw was found in the way certain HPLIP tools discovered devices using the SNMP protocol. If a user ran certain HPLIP tools that search for supported devices using SNMP, and a malicious user is able to send specially-crafted SNMP responses, it could cause those HPLIP tools to crash or, possibly, execute arbitrary code with the privileges of the user running them.

tags | advisory, arbitrary, protocol
systems | linux, mandriva
advisories | CVE-2010-4267
MD5 | be5df50fe6b843af8762522cafc97e58
Oracle Database CREATE_CHANGE_SET SQL Injection
Posted Oct 15, 2010
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database provides the DBMS_CDC_PUBLISH PL/SQL package owned by SYS that is part of the Change Data Capture component. This package has a SQL Injection vulnerability in CREATE_CHANGE_SET procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user.

tags | advisory, sql injection
advisories | CVE-2010-2415
MD5 | e0f92e4c71dae8b0120c2023b6b4d595
Oracle Database SQL Injection In DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE
Posted Apr 27, 2010
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database provides the DBMS_CDC_PUBLISH PL/SQL package owned by SYS that is part of the Change Data Capture component. This package has a SQL Injection vulnerability in DROP_CHANGE_SOURCE procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user.

tags | advisory, sql injection
advisories | CVE-2010-0870
MD5 | fbc0d87ac1e6e8705513c2db028c634e
Mandriva Linux Security Advisory 2010-004
Posted Jan 14, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-004 - A vulnerability have been discovered in Mandriva bash package, which could allow a malicious user to hide files from the ls command, or garble its output by crafting files or directories which contain special characters or escape sequences. This update fixes the issue by disabling the display of control characters by default. Additionally, this update fixes the unsafe file creation in bash-doc sample scripts. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

tags | advisory, bash
systems | linux, mandriva
advisories | CVE-2008-5374, CVE-2010-0002
MD5 | 0f04308e7d685c8034baa28de77dda21
Xitami 2.5c2 Web Server If-Modified-Since Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a stack overflow in the iMatix Corporation Xitami Web Server. If a malicious user sends an If-Modified-Since header containing an overly long string, it may be possible to execute a payload remotely. Due to size constraints, this module uses the Egghunter technique. You may wish to adjust WfsDelay appropriately.

tags | exploit, web, overflow
advisories | CVE-2007-5067
MD5 | 48d6579e6e00ef854fbca505ed14d8f4
Zero Day Initiative Advisory 09-085
Posted Nov 20, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-085 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Operations Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists due to a hidden account present within the Tomcat users XML file. Using this account a malicious user can access the org.apache.catalina.manager.HTMLManagerServlet class. This is defined within the catalina-manager.jar file installed with the product. This servlet allows a remote user to upload a file via a POST request to /manager/html/upload. If an attacker uploads malicious content it can then be accessed and executed on the server which leads to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2009-3843
MD5 | 457fd4230dd9490ce104d8153f689e68
TikiWiki jhot Remote Command Execution
Posted Oct 30, 2009
Authored by Matteo Cantoni

TikiWiki contains a flaw that may allow a malicious user to execute arbitrary PHP code. The issue is triggered due to the jhot.php script not correctly verifying uploaded files. It is possible that the flaw may allow arbitrary PHP code execution by uploading a malicious PHP script resulting in a loss of integrity. The vulnerability has been reported in Tikiwiki version 1.9.4.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2006-4602
MD5 | bfe0080ed3f0b35548031d6376c39223
Page 1 of 4
Back1234Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close