exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

forumpayperpost-sql.txt
Posted Jun 16, 2008
Authored by Stack | Site v4-team.com

Forum Pay Per Post Exchange version 2.0 and below suffer from a SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | c51fcf1185c27e3581de94f28aa67e920dc52584c9b9e1e7ce4debf99ca43e44

Related Files

Secunia Security Advisory 50275
Posted Aug 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in McAfee Security for Microsoft SharePoint and McAfee Security for Microsoft Exchange, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 1b96f725cd09e98614ef2fed1a60e7ca3ccba63efe4b7157ef2246e75849b23d
Secunia Security Advisory 50019
Posted Jul 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Microsoft has acknowledged multiple vulnerabilities in Microsoft Exchange Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
SHA-256 | bd31dc70d533644f0848ab4b088f1675d08eda1e8131bc507b615ba237a878b2
strongSwan IPsec Implementation 5.0.0
Posted Jul 3, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The IKEv1 protocol was re-implemented from scratch by extending the successful IKEv2 code. The charon keying daemon now supports both protocols, which allowed the old IKEv1 pluto daemon to be removed. Support for the IKEv1 Aggressive and Hybrid Modes has been added.
tags | tool, encryption, protocol
systems | linux, freebsd, apple, osx
SHA-256 | 1a7ed98015df32e7412caf37391105af25a9dc66a0e357a1c92ccd5a9f180298
Mandriva Linux Security Advisory 2012-078
Posted May 18, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-078 - Multiple vulnerabilities has been found and corrected in imagemagick. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2012-0247, CVE-2012-0248, CVE-2012-1185, CVE-2012-0259, CVE-2012-0260, CVE-2012-1798
SHA-256 | 16755f115af78f1d3c621b96b65aa171706dd1323233fef010e83b6fe9fe11bb
Mandriva Linux Security Advisory 2012-077
Posted May 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-077 - Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.

tags | advisory, denial of service, arbitrary, local, trojan
systems | linux, mandriva
advisories | CVE-2010-4167, CVE-2012-0247, CVE-2012-0248, CVE-2012-1185, CVE-2012-0259, CVE-2012-0260, CVE-2012-1798
SHA-256 | d7de3f7e0b80f09045f1b2c5f542725b115d3f5c08f7a893d8351dc7200e188a
Red Hat Security Advisory 2012-0544-01
Posted May 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0544-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop.

tags | advisory, denial of service, arbitrary
systems | linux, redhat
advisories | CVE-2010-4167, CVE-2012-0247, CVE-2012-0248, CVE-2012-0259, CVE-2012-0260, CVE-2012-1798
SHA-256 | 8de65be2fccd90aeb21230e00496bc38147f8f63da19d99fc78529caa13f8c0a
Red Hat Security Advisory 2012-0545-01
Posted May 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0545-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop.

tags | advisory, denial of service, arbitrary
systems | linux, redhat
advisories | CVE-2012-0247, CVE-2012-0248, CVE-2012-0260
SHA-256 | 486fac7c70f5900ea4b2003350cc49df5a6f5ae8814ef2b537c4e6f0534d688d
strongSwan IPsec Implementation 4.6.3
Posted May 3, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: An extended EAP-RADIUS interfaces allows one to enforce Session-Timeout attributes using RFC4478 repeated authentication, and acts upon RADIUS Dynamic Authorization extensions (RFC 5176). Currently supported are disconnect requests and CoA messages containing a Session-Timeout. The tnc-pdp plugin implements a RADIUS server interface allowing a strongSwan TNC server to act as a Policy Decision Point.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
SHA-256 | 62dd46bdfa66e997cd07479c448ce5a5cb3748cb495d58074a7a737dbbe93fc4
ToorCamp 2012 Call For Participation
Posted Apr 26, 2012
Site toorcamp.org

ToorCamp is a five-day open-air event for hackers, makers, breakers, and shakers. ToorCamp is where you get together with the rest of the best in a relaxing, beautiful atmosphere, and exchange ideas with the brightest technology experts from around the world. The camp has everything you need: power, internet, food and fun. Bring your tent, bring a friend ? and get ready to reunite and reignite with really smart people, just like you. It will take place at the Hobuck Beach Resort in Neah Bay, Washington August 8th through the 12th, 2012.

tags | paper, conference
SHA-256 | 3ab8ae04cdb392e8cde6a855fe0321cfdb2744923dd3c58966ac7e044efc4d60
Cisco Security Advisory 20120328-ike
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software Internet Key Exchange (IKE) feature contains a denial of service (DoS) vulnerability. Cisco has released free software updates that address this vulnerability.

tags | advisory, denial of service
systems | cisco
advisories | CVE-2012-0381
SHA-256 | fa3fff97691020951e5f7756ce74f71c8b311fbe51096d2d5765371fb8a6d8ed
strongSwan IPsec Implementation 4.6.2
Posted Feb 22, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The Trusted Computing Group Attestation Platform Trust Service (PTS) protocol was implemented. TPM-based remote attestation of Linux IMA (Integrity Measurement Architecture) is now possible. Measurement reference values are automatically stored in a SQLite database. A RADIUS accounting interface was provided along with support for PKCS#8 encoded private keys.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
SHA-256 | 8ab2371ba0c70cd010f0736839a0737dec95b197325b98505c1c69dd55e6964f
F*EX 20111129-2 Cross Site Scripting
Posted Feb 21, 2012
Authored by muuratsalo

F*EX (Frams's Fast File EXchange) version 20111129-2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | cb285fb76a7dcf44b2d6dd9c29b92b43cf1424e6aa8869e18d2926e8fb0b549e
Secunia Security Advisory 47971
Posted Feb 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in F*EX (Frams's Fast File EXchange), which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | dbe6bafdbefb592a891523d2155cb3ab18410e7bb869b173993e40bc204de0d1
F*EX 20100208 Cross Site Scripting
Posted Feb 20, 2012
Authored by muuratsalo

F*EX (Frams's Fast File EXchange) versions 20100208 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | e3ed0a0621b24125c69ddce3a7b05238d8dc1314fb2956b7a0d361bd056e388d
Technical Cyber Security Alert 2012-6A
Posted Jan 7, 2012
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2012-6A - Wi-Fi Protected Setup (WPS) provides simplified mechanisms to configure secure wireless networks. The external registrar PIN exchange mechanism is susceptible to brute force attacks that could allow an attacker to gain access to an encrypted Wi-Fi network.

tags | advisory
SHA-256 | b37c21ad33cd8507ebeea5cd4b34829a2fda35d92dc3ebc05875fc4c7aa0c110
strongSwan IPsec Implementation 4.6.1
Posted Nov 12, 2011
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: Because Ubuntu 11.10 activated the --as-needed ld option that discards included links to dynamic libraries that are not actually used by the charon daemon itself, the loading of plugins depending on external symbols provided by the libsimaka, libtls, or libtnccs libraries failed. As a fix, the plugins include the required libraries directly, and due to relinking during the installation, the approach of computing integrity checksums for plugins had to be changed radically by moving the hash generation from the compilation to the post-installation phase.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
SHA-256 | d750ec16bc32c3d7f41fdbc7ac376defb1acde9f4d95d32052cdb15488ca3c34
strongSwan IPsec Implementation 4.6.0
Posted Nov 8, 2011
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The libstrongswan plugin system now supports detailed plugin dependencies. Many plugins have been extended to export their capabilities and requirements. This allows the plugin loader to resolve the plugin loading order automatically, The pkcs11 plugin has been extended to handle Elliptic Curve Cryptography smartcards. The tnc-ifmap plugin implements a TNC IF-MAP 2.0 client which can deliver metadata about IKE_SAs via a SOAP interface to a Trusted Network Connect MAP server.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
SHA-256 | a602d73869f6d31e7e39021d3ac0b4d659de65348c0b42292785a6497ce28edc
Red Hat Security Advisory 2011-1422-01
Posted Nov 3, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1422-01 - Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. This issue only affected SMP systems that have the cryptographic helpers enabled. The helpers are disabled by default on Red Hat Enterprise Linux 5, but enabled by default on Red Hat Enterprise Linux 6.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-4073
SHA-256 | 385e1137aca7e64a21434b3467ac61b60de918f2c5abde3150b94a252c15598d
Red Hat Security Advisory 2011-1356-01
Posted Oct 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1356-01 - Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was found in the way Openswan's pluto IKE daemon handled certain error conditions. A remote, unauthenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-3380
SHA-256 | 9d7e7f60077f5b171101250cab4f008e2065fc9ea534b4125d43baccd450f221
BlueSoft Banner Exchange SQL Injection
Posted Aug 8, 2011
Authored by darkTR

BlueSoft Banner Exchange suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 78aaf005499db5eaada938de24e157b2bd6f4c1d6635247831786cdeb38a8541
strongSwan IPsec Implementation 4.5.3
Posted Aug 4, 2011
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The IKEv2 charon daemon allows one to define PASS and DROP shunt policies that, for example, prevent local traffic from going through IPsec connections or except certain protocols from IPsec encryption. A new IMC/IMV Scanner pair implements the RFC 5792 PA-TNC protocol. The Integrity Measurement Collector uses netstat to scan for open listening ports on the TNC client and sends a port list to the Integrity Measurement Verifier attached to the TNC Server, which decides whether the client is admitted to the network based on a configurable port policy.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
SHA-256 | e151188674981249da844460cb2aaeff81dc83646efea32e24eb85a0f4d4c1db
Mandriva Linux Security Advisory 2011-110
Posted Jun 18, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-110 - Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2011-1178
SHA-256 | 2fdbbf771f216ac57653ff70385e0996b57fbad35d9dd3b2bb53e51bd41d7159
Red Hat Security Advisory 2011-0838-01
Posted Jun 1, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0838-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap and Personal Computer eXchange image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. Various other issues were also addressed.

tags | advisory, overflow, arbitrary
systems | linux, redhat, windows
advisories | CVE-2009-1570, CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543, CVE-2011-1178
SHA-256 | bcebaf7eecce22dfae82e4c81db212616345165a850f2049b859bb2f8f85043e
Red Hat Security Advisory 2011-0837-01
Posted Jun 1, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0837-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap and Personal Computer eXchange image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. Various other issues were also addressed.

tags | advisory, overflow, arbitrary
systems | linux, redhat, windows
advisories | CVE-2009-1570, CVE-2010-4541, CVE-2010-4543, CVE-2011-1178
SHA-256 | bc734d04701963c119db99658f1e8c5db3d1bb7653d5c791749605209f890f90
Remote Timing Attacks Are Still Practical
Posted May 25, 2011
Authored by Nicola Tuveri, Billy Bob Brumley

This whitepaper describes a timing attack vulnerability in OpenSSL's ladder implementation for curves over binary fields. They use this vulnerability to steal the private key of a TLS server where the server authenticates with ECDSA signatures. Using the timing of the exchanged messages, the messages themselves, and the signatures, they mount a lattice attack that recovers the private key. Finally, they describe and implement an effective countermeasure.

tags | exploit, paper, crypto, vulnerability
SHA-256 | a639445448cf4d50a71d847a0554fa7ab0640e8c63cc63998bd97f803f5b3b40
Page 1 of 4
Back1234Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close