what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

ClaSS 0.8.6.0 File Disclosure
Posted Dec 30, 2008
Authored by fuzion

ClaSS version 0.8.60 and below suffer from remote file disclosure vulnerabilities.

tags | exploit, remote, vulnerability
SHA-256 | b683ab75909850a28062d3d8bdff5366b432ca3f7905be79bd6fec3807e784dc

Related Files

Zero Day Initiative Advisory 12-140
Posted Aug 17, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-140 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee SmartFilter Administration Server. Authentication is not required to exploit this vulnerability. The flaw exists within the Remote Method Invocation (RMI) component which is exposed by SFAdminSrv.exe process. This process exposes various RMI services to TCP ports 4444 (JBoss RMI HTTPInvoker), 1098 (rmiactivation), 1099 (rmiregistry). Requests to these services are not authenticated and can be used to instantiate arbitrary classes or to upload and execute arbitrary archives. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
SHA-256 | 6d44dbf9f816ae47b69459fc6a3ae55af8b47454af0c493a2b31bcdd640effcb
Secunia Security Advisory 50211
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Vulnerability Lab has reported multiple vulnerabilities in Flynax General Classified, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | ea2046e54cbc1fcf2a1df252d1785cdeff47ba79e26a5ef605e9aebef7a9ee60
Flynax General Classifieds 4.0 XSS / SQL Injection
Posted Aug 11, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Flynax General Classifieds version 4.0 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | db1f2f313b482036bc130944faf4a29255e2a709435bf33a8280a2f78217792f
Liferay JSON Server API Authentication
Posted Aug 3, 2012
Authored by Danilo Massa, Enrico Cinquini

The Liferay JSON implementation does not check if a user calling a method on a serviceClass is disabled. Usually the default administrator user, test@liferay.com, is used to create a new administrator and disabled without a change to the default password, so it is possible to use it to execute JSON API calls. Versions 6.0.5 and 6.0.6 are vulnerable.

tags | exploit, bypass
SHA-256 | 840d89136b0bbd34dcc7fbaa674c8f425af2c5bab7ef9bb1fac81338af82ef39
Magento eCommerce Platform XXE Injection
Posted Jul 13, 2012
Authored by Kestutis Gudinavicius | Site sec-consult.com

Magento eCommerce platform uses a vulnerable version of Zend framework which is prone to XML eXternal Entity Injection attacks. The SimpleXMLElement class of Zend framework (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections.

tags | exploit, arbitrary, php, tcp, xxe
SHA-256 | 89d448f5823f6c330e5a4b53e23014a5b1fe003dd4087081ff3c078b9e4d3271
Java Applet Field Bytecode Verifier Cache Remote Code Execution
Posted Jul 10, 2012
Authored by Stefan Cornelius, sinn3r, juan vazquez, littlelightlittlefire, mihi | Site metasploit.com

This Metasploit module exploits a vulnerability in HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checks. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.

tags | exploit
advisories | CVE-2012-1723, OSVDB-82877
SHA-256 | d0f87e2217146b16aef1f52fdc1199e419212c967c36b2332599cb9bbc44e022
Tiki Wiki <= 8.3 unserialize() PHP Code Execution
Posted Jul 6, 2012
Authored by EgiX, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in Tiki Wiki <= 8.3 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the 'tiki-print_multi_pages.php' script, which is called with user controlled data from the 'printpages' parameter. The exploit abuses the __destruct() method from the Zend_Pdf_ElementFactory_Proxy class to write arbitrary PHP code to a file on the Tiki Wiki web directory. In order to run successfully three conditions must be satisfied (1) display_errors php setting must be On to disclose the filesystem path of Tiki Wiki, (2) The Tiki Wiki Multiprint feature must be enabled to exploit the unserialize() and (3) a php version older than 5.3.4 must be used to allow poison null bytes in filesystem related functions. The exploit has been tested successfully on Ubuntu 9.10 and Tiki Wiki 8.3.

tags | exploit, web, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2012-0911
SHA-256 | 04e6daabf6b6a5dba1b8fa576bc4f910b4df1c7b90652847142a832796744523
Classifieds Ads Script PHP 1.1 SQL Injection
Posted Jul 5, 2012
Authored by Hubert Wojciechowski, Vulnerability Laboratory | Site vulnerability-lab.com

Classifieds Ads Script PHP version 1.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, sql injection
SHA-256 | 031f8444dc9bb3fb64965abde0479ba420c5792fb922e32d4cc4692a9efc8683
CLscript Classified Script 3.0 SQL Injection
Posted Jul 3, 2012
Authored by Daniel Godoy

CLscript Classified Script version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c2fd644e3ef800cf4226f1d0a0bdab9109b18171934e553c49c53c74ad7068da
Buffer Overflow Explanation
Posted Jul 1, 2012
Authored by Dr-Freak

This is a whitepaper discussing how to perform very classical text book buffer overflow attacks.

tags | paper, overflow
SHA-256 | 98e30fbc2b7a72173ba7125801d0b0d8e29f954eecc18c97cd0f09b4b5a96465
SugarCRM 6.3.1 unserialize() PHP Code Execution
Posted Jun 27, 2012
Authored by EgiX, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in SugarCRM versions 6.3.1 and below which could be abused to allow authenticated SugarCRM users to execute arbitrary code with the permissions of the webserver. The dangerous unserialize() exists in the 'include/MVC/View/views/view.list.php' script, which is called with user controlled data from the 'current_query_by_page' parameter. The exploit abuses the __destruct() method from the SugarTheme class to write arbitrary PHP code to a 'pathCache.php' on the web root.

tags | exploit, web, arbitrary, root, php
advisories | CVE-2012-0694
SHA-256 | 1e73a4a4f9bf312d43feeea95213bce49f5dcf97660320b96cca53b8c0f4ba3d
Red Hat Security Advisory 2012-1027-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1027-01 - JBoss Application Server is the base package for JBoss Enterprise Web Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-4605, CVE-2012-1167
SHA-256 | 1578bf172d8363fc992779d77d8a4145fd48215f84c717867f2aff0ef979d171
Red Hat Security Advisory 2012-1026-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1026-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605, CVE-2012-1167
SHA-256 | 4168e8b5dde8d8685ff22bfc83da9f6eacabfa3c71ef704249f1b017705b45a7
Red Hat Security Advisory 2012-1009-01
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1009-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725, CVE-2012-1726
SHA-256 | 99830cdb701cb4aacf23d03be256ab6de994c9db6a37ccfd17ca394f12c296a5
Red Hat Security Advisory 2012-0987-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0987-04 - The SBLIM CIM Client is a class library for Java applications that provides access to CIM servers using the CIM Operations over HTTP protocol defined by the DMTF standards. It was found that the Java HashMap implementation was susceptible to predictable hash collisions. SBLIM uses HashMap when parsing XML inputs. A specially-crafted CIM-XML message from a WBEM server could cause a SBLIM client to use an excessive amount of CPU. Randomization has been added to help avoid collisions.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2012-2328
SHA-256 | 6a48b1d7c0f576664e0023632b7561dea4d49dd024cd9600a79c9516154bf593
Red Hat Security Advisory 2012-1013-01
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1013-01 - The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. When a JBoss server is configured to use JaccAuthorizationRealm, the WebPermissionMapping class creates permissions that are not checked and can permit access to users without checking their roles. If the ignoreBaseDecision property is set to true on JBossWebRealm, the web authorization process is handled exclusively by JBossAuthorizationEngine, without any input from JBoss Web. This allows any valid user to access an application, without needing to be assigned the role specified in the application's web.xml "security-constraint" tag.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-1167
SHA-256 | 00999837f17b1b0b26b7d6c7ae3e33974a469610cd0c968e5f9c9ec652967eac
Red Hat Security Advisory 2012-1014-01
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1014-01 - The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. When a JBoss server is configured to use JaccAuthorizationRealm, the WebPermissionMapping class creates permissions that are not checked and can permit access to users without checking their roles. If the ignoreBaseDecision property is set to true on JBossWebRealm, the web authorization process is handled exclusively by JBossAuthorizationEngine, without any input from JBoss Web. This allows any valid user to access an application, without needing to be assigned the role specified in the application's web.xml "security-constraint" tag.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-1167
SHA-256 | 67e1ea08d93cbca3238c670e8d691aa83c9a371df16c09c9749c576859ba213e
Red Hat Security Advisory 2012-0730-01
Posted Jun 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0730-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725
SHA-256 | b1a91d78f3f538784041ecd54d8b6862c3de9a7c686315edf5269ed789f47a27
Red Hat Security Advisory 2012-0729-01
Posted Jun 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0729-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725
SHA-256 | 10180e92bfe85dc94ea653b2b50445f887cdcb28ef932cca455d37b4ecfc9396
Asterisk Project Security Advisory - AST-2012-007
Posted May 29, 2012
Authored by Richard Mudgett | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the IAX2 channel driver if an established call is placed on hold without a suggested music class.

tags | advisory
advisories | CVE-2012-2947
SHA-256 | 58df312830538efb7064340b0ec5a2811f9dbc943e1ac2e4e461efa35a6bc391
Secunia Security Advisory 48739
Posted May 16, 2012
Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in ispLEVER Classic, which can be exploited by malicious people to compromise a user's system.

SHA-256 | 48c802d298509fcda8f15ef36b0b3b6c2ef7f668c8d07b800c62d59e30fa0bfb
Secunia Security Advisory 48739
Posted May 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in ispLEVER Classic, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 48c802d298509fcda8f15ef36b0b3b6c2ef7f668c8d07b800c62d59e30fa0bfb
McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability
Posted May 3, 2012
Authored by rgod, sinn3r | Site metasploit.com

This Metasploit modules exploits a vulnerability found in McAfee Virtual Technician's MVTControl. This ActiveX control can be abused by using the GetObject() function to load additional unsafe classes such as WScript.Shell, therefore allowing remote code execution under the context of the user.

tags | exploit, remote, shell, code execution, activex
SHA-256 | ec86fdc2f4cc78d676680abb952cb10427dad174e2bed743fc0d8633dd49510a
Asterisk Project Security Advisory - AST-2012-004
Posted Apr 23, 2012
Authored by Jonathan Rose | Site asterisk.org

Asterisk Project Security Advisory - A user of the Asterisk Manager Interface can bypass a security check and execute shell commands when they lack permission to do so. Under normal conditions, a user should only be able to run shell commands if that user has System class authorization. Users could bypass this restriction by using the MixMonitor application with the originate action or by using either the GetVar or Status manager actions in combination with the SHELL and EVAL functions. The patch adds checks in each affected action to verify if a user has System class authorization. If the user does not have those authorizations, Asterisk rejects the action if it detects the use of any functions or applications that run system commands.

tags | advisory, shell
SHA-256 | 98ea67fda37608ee4b744ee6c51c819b2fd3cdd1838c33bc4c08c48b26462701
.NET Framework EncoderParameter Integer Overflow
Posted Apr 23, 2012
Authored by Yorick Koster | Site akitasecurity.nl

An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, one or more user-supplied buffers are copied in the new buffer, resulting in a corruption of the heap.

tags | exploit, overflow
SHA-256 | 9f691c33118729de8b1118c45e101699844a3903353809ae5aaae2e5abda61ad
Page 1 of 4
Back1234Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close