exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

n.runs-SA-2007.025.txt
Posted Aug 25, 2007
Authored by Nikolaos Rangos | Site nruns.com

A remote exploitable vulnerability exists in clamav-milter when used with sendmail due to an insecure call to popen(). ClamAV versions prior to 0.91.2 are affected.

tags | advisory, remote
SHA-256 | 88430f439474ceb833877640e5ef738a4bb02bb470e976a6ef541d0b83c2d84c

Related Files

BENIGNCERTAIN Cisco VPN Private Key Extraction
Posted Aug 22, 2016

BENIGNCERTAIN is a remote exploit to extract Cisco VPN private keys. Note that this exploit is part of the recent public disclosure from the "Shadow Brokers" who claim to have compromised data from a team known as the "Equation Group", however, there is no author data available in this content. The tool references Cisco PIX versions 5.2(9) to 6.3(4), which were released in 2004.

tags | exploit, remote
systems | cisco
SHA-256 | f1cc0ef523db5ceca559ff6245e673e90a6309eaeaf13d63e575e3e9b70a5ea8
n2cms 2.2.1 Path Disclosure
Posted May 7, 2015
Authored by Provensec

n2cms version 2.2.1 suffers from a path disclosure vulnerability.

tags | exploit
SHA-256 | 3999ea7bf894cbb36512a747568273dd9e6751f2d406d253df2dbab8f24da389
Microsoft CryptoAPI / Outlook 2007-2013 Design Bug
Posted Nov 12, 2013
Authored by Alexander Klink

A design bug in X.509 certificate chain validation (RFC 3280) allows attackers to trigger (blind) HTTP requests for both external as well as internal IPs if a specially-crafted, S/MIME-signed email is opened in Microsoft Outlook. This issue, which has been originally reported in 2008, has been revisited and timing differences make it possible to identify open and closed ports on internal networks.

tags | advisory, web
advisories | CVE-2013-3870
SHA-256 | 9365e6ebb217675995930a39307adaa0068c69e67328ec203f67fb4ba9ac8f00
IBM Lotus Notes 8.5.3 Code Execution
Posted Apr 30, 2013
Authored by Alexander Klink | Site nruns.com

The Lotus Notes mail client accepts applet tags inside HTML emails, making it possible to load Java applets from a remote location. Combined with known Java sandbox escape vulnerabilities, it can be used to fully compromise the user reading the email.

tags | advisory, java, remote, vulnerability
advisories | CVE-2013-0127
SHA-256 | 72507df8ce813a6baed8ae1404ff3467f4a3d09f17024073ea1c0b531c0f08c6
Polycom H.323 Format String
Posted Mar 15, 2013
Authored by Moritz Jodeit | Site nruns.com

Polycom systems suffer from a format string vulnerability when creating a CDR entry. Polycom HDX series versions prior to 3.1.1.2 are affected.

tags | exploit
SHA-256 | 8998433b0bea32dde00acd6d3311c61443b062424f5faeac20c6cdfee2adbe3b
Polycom H.323 CDR Database SQL Injection
Posted Mar 15, 2013
Authored by Moritz Jodeit | Site nruns.com

A simple H.323 SETUP packet can be used to commit a remote SQL injection attack against Polycom systems. Polycom HDX series versions prior to 3.1.1.2 are affected.

tags | exploit, remote, sql injection
SHA-256 | c8ef16e32d79b56646936f40819360d5231808c030efb457b8afed16f3c94923
Polycom Firmware Update Command Injection
Posted Mar 15, 2013
Authored by Moritz Jodeit | Site nruns.com

The firmware update functionality in the Polycom web interface is vulnerable to a simple command injection vulnerability which allows an attacker with access to the web interface to execute arbitrary commands on the underlying embedded Linux system. Polycom HDX series versions prior to 3.1.1.2 are affected.

tags | exploit, web, arbitrary
systems | linux
SHA-256 | eaeed66e6e35211d5de8494085612d6cabc696df21d84244931e4cb825cb4492
Polycom HDX Privilege Escalation
Posted Mar 15, 2013
Authored by Moritz Jodeit | Site nruns.com

The Polycom Command Shell can be used to view and also change several settings of the system. However it can also be used to get system-level access (i.e. root access) to the HDX system. The "printenv" and "setenv" commands can be used to read and write variables respectively which are stored in flash memory. Polycom HDX series versions prior to 3.1.1.2 are affected.

tags | exploit, shell, root
SHA-256 | 162aad6a25e60bab68f51ec49f90cbda2650407c9f0ac15d752cc71dba4606be
Splunk 4.x Denial Of Service
Posted Nov 19, 2012
Authored by Alexander Klink | Site nruns.com

Splunk versions 4.0 through 4.3.4 suffer from an unauthenticated remote denial of service vulnerability against splunkd.

tags | advisory, remote, denial of service
SHA-256 | 712c0f2ebc8a92c6651117dcb6b048dd30c332c12100a46fccd41ffa48f1183d
Splunk 4.3.x Denial Of Service
Posted Nov 2, 2012
Authored by Alexander Klink | Site nruns.com

Splunk version 4.3.x suffers from a denial of service hash table vulnerability.

tags | advisory, denial of service
advisories | CVE-2012-1150
SHA-256 | d5cbcf654bede60e73b046c746c6d6c0a805b9e9a6f72f4af8548cd3f36fa296
Hash Table Collisions
Posted Dec 28, 2011
Authored by Alexander Klink, Julian Walde | Site nruns.com

Most hash functions used in hash table implementations can be broken faster than by using brute-force techniques (which is feasible for hash functions with 32 bit output, but very expensive for 64 bit functions) by using one of two "tricks": equivalent substrings or a meet-in-the-middle attack.

tags | advisory
advisories | CVE-2011-4815
SHA-256 | 5ba7d905a60a09b9e51b4bfc83a4c27718fe15666e0535630b7937cc69f6152f
XenApp / XenDesktop Heap Corruption
Posted Jul 29, 2011
Authored by Moritz Jodeit, Alexios Fakos | Site nruns.com

A heap corruption vulnerability has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.

tags | exploit, arbitrary, code execution
SHA-256 | a967d2b7f8fefd73301e6eaf2dfb4c514e1473ca7edba87c15475fe6dc0abe7e
XenApp / XenDesktop Buffer Overflow
Posted Jul 29, 2011
Authored by Moritz Jodeit | Site nruns.com

A stack-based buffer overflow has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.

tags | exploit, overflow, arbitrary, code execution
SHA-256 | 8c2aad516fccebdeefca7b40556e1cfb18e6b22108f839a744c124db43130d39
N-13 News 4.0.1 Cross Site Scripting
Posted Jun 19, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

N-13 News version 4.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c17aa361bfc2f6a23221bee79bc39454c793bad9b8908c13976f67d8307cf15b
N-13 News 4.0 Cross Site Request Forgery
Posted Mar 6, 2011
Authored by AtT4CKxT3rR0r1ST

N-13 News version 4.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 4d93d1d22757b4ac50a52537f8435fe2190a38e489fd2b3afd52abe79b7b4c30
N-13 News 3.4 Cross Site Request Forgery
Posted Jan 19, 2011
Authored by anT!-Tr0J4n

N-13 News version 3.4 suffers from a remote administrator addition cross site request forgery vulnerability.

tags | exploit, remote, csrf
SHA-256 | db9750e361a493b4e2180b3eb9df353cb1dc6c1560955919e0046197e71b8f8e
HP LaserJet PJL Interface Directory Traversal
Posted Nov 30, 2010
Authored by Moritz Jodeit | Site nruns.com

A directory traversal vulnerability has been found in the PJL file system access interface of various HP LaserJet MFP devices. File system access through PJL is usually restricted to a specific part of the file system. Using a pathname such as 0:\..\..\..\ it is possible to get access to the complete file system of the device.

tags | exploit
advisories | CVE-2010-4107
SHA-256 | 3046f35f738f91dd1414a725b79b838acb34d0bb5e416218ca7e0fbb11a194c5
Alcatel Omnivista 4760 Overwrite
Posted Sep 21, 2010
Authored by Axel Rengstorf, Florian Walther, Dirk Breiden | Site nruns.com

Part of the Alcatel Omnivista 4760 administration software of the Alcatel 4400 PBX is an HTTP proxy. It is used to tunnel ssh-connections to the ssh-ports of the PBX within the internal network. This proxy is vulnerable to a remote buffer overflow.

tags | advisory, remote, web, overflow
advisories | CVE-2010-3281
SHA-256 | 5cd45b1c09ebec546267dae931c9ff29744617b38e2df6f7e0ab905d89d90e04
Alcatel CTI Solution Client Side Authentication
Posted Sep 21, 2010
Authored by Axel Rengstorf, Florian Walther | Site nruns.com

The Alcatel CTI Solution is completely broken by design and performs authentication validation client-side.

tags | advisory
advisories | CVE-2010-3279, CVE-2010-3280
SHA-256 | 7e2e7e0578b17ca41d5ca1c3b86de59225fa2219cbd660340684ccbe44384690
N-13 News File Disclosure
Posted Mar 28, 2010
Authored by jiko

N-13 News suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 078d10aafb3dc4666f8dc5ad3d88b135363e8a401324eb404891abddbb72021a
Adobe Acrobat Code Execution
Posted Oct 17, 2009
Authored by Alexios Fakos | Site nruns.com

A remotely exploitable vulnerability has been found in Adobe Acrobat Reader/Acrobat Firefox plugin. Versions 8.1.3 through 8.1.6 are affected.

tags | advisory
advisories | CVE-2009-2991
SHA-256 | 02dfa8f527d8d6db4d18a0236b10c85a02cc3272c626c753553d001851062481
Safari 3.2.3 Information Disclosure
Posted Jun 24, 2009
Authored by Alexios Fakos | Site nruns.com

Safari fails to sanitize the file protocol handler thus leading to an information disclosure, e.g. local file theft. Dynamically creating a certain HTML tag and using a valid file path to an executable may lead to a denial of service condition. Apple's Safari browser version 3.2.3 is vulnerable.

tags | advisory, denial of service, local, protocol, info disclosure
systems | apple
SHA-256 | cacf872f1106fc6da55a3d56af72a3d3d6d797892f96aa06e4ee001b4fa30ae6
Safari 3.2.3 Denial Of Service
Posted Jun 24, 2009
Authored by Alexios Fakos | Site nruns.com

A Null Class Pointer Dereference in CoreFoundation.dll has been found while parsing a URL fragment with a high-bit character in a common protocol handler. Apple's Safari browser version 3.2.3 is vulnerable.

tags | advisory, protocol
systems | apple
SHA-256 | 43353339aed37a33039bbc97039fb9b5ec525ae76af3ae86fbb10ebfa0788760
CFNetwork Heap Buffer Overflow
Posted May 15, 2009
Authored by Moritz Jodeit | Site nruns.com

A remotely exploitable vulnerability has been found in the HTTP header parsing code of the CFNetwork framework.

tags | advisory, web
advisories | CVE-2009-0157
SHA-256 | 3cd844ab4b16ffea30d4bf56950667b6ccf6b6b2a12354c933cb59ebebbbebe9
Opera Browser Code Execution
Posted Dec 17, 2008
Authored by Alexios Fakos | Site nruns.com

The Opera browser suffers from a HTML parsing flaw that allows for remote code execution. This affects the browser on all platforms.

tags | advisory, remote, code execution
SHA-256 | febf5df96d484a8dc165f206b1224c5465d7ce08b01af90bdeeac54a08cce767
Page 1 of 4
Back1234Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close