exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed


Wiki Web Help 0.28 SQL Injection
Posted Jul 6, 2010
Authored by ADEO Security

Wiki Web Help version 0.28 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
SHA-256 | f50a808a514db936aad169cb76e09732e523222bc458638481d751b9c5564470

Related Files

Intuit Help System Protocol File Retrieval
Posted Mar 30, 2012
Authored by Derek Soeder

Intuit Help System suffers from protocol file retrieval vulnerability.

tags | exploit, protocol
SHA-256 | 65677d6250ef2ab1e9b970ddb24217950a01b3edbee65118c3e2ebe4ee508a3d
Intuit Help System Heap Corruption / Memory Leak
Posted Mar 30, 2012
Authored by Derek Soeder

Intuit Help System suffers from protocol URL heap corruption and memory leak vulnerabilities.

tags | exploit, vulnerability, protocol, memory leak
SHA-256 | 28c43548d0a76f1624a1a7bef0b4301fe6ec08af383b75c0a01f373d96370407
Firewall Builder With GUI
Posted Mar 29, 2012
Site fwbuilder.org

Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.

Changes: Packages for Windows and Mac OS X are now distributed under the GPL, and the source code includes all files necessary to build on Linux, *BSD, Windows, and Mac OS X. This release also includes a few bugfixes in the policy compiler for iptables and for the build problem on Gentoo.
tags | tool, firewall
systems | cisco, linux, unix, openbsd
SHA-256 | 452514a1ec0be1416bfca93603e6c89deb91d1a3a19671c64b5a8868a3743daf
Kayako Fusion Help Desk Cross Site Scripting
Posted Mar 18, 2012
Authored by Sony

Kayako Fusion Help Desk Software suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 565127ad9b187160e79043dbc0756f9abe1cadd29b782f144822a834134e3377
Oracle Live Help On Demand Webcare Cross Site Scripting
Posted Feb 29, 2012
Authored by Sony

Oracle Live Help On Demand Webcare suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7e4f2111017c66130c9ae165a74c12a728cbd0c8a2ff74c16cbbac908f8ac1a3
Oracle JD Edwards SawKernel SET_INI Configuration Modification
Posted Feb 24, 2012
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - If a specially crafted message is sent to the JDENET service (specifically to the SAW Kernel), a user can remotely change the JDE.INI configuration file. This situation might help the attacker to perform complex attacks that would lead in a full compromise of the system.

tags | advisory, kernel
advisories | CVE-2011-3514
SHA-256 | 828b3a567c457e25def81aed87d84c454dc26926bd2577c4e6994f3c298a3a9d
LiveHelpNow Chat Cross Site Scripting
Posted Feb 22, 2012
Authored by Sony

LiveHelpNow Chat suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c7da3d8a255a228bb5781872e2a24647b4693cab9c65d38e7ff8f7577d6f656e
Secunia Security Advisory 47936
Posted Feb 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Adobe RoboHelp, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 51fbeb602d6c380824bc1dfd4e80bd37295da025559b85fe23e5307197bfcaba
Electronic Arts Cross Site Scripting
Posted Feb 6, 2012
Authored by yak0n, Vulnerability Laboratory | Site vulnerability-lab.com

The help website for Electronic Arts suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c571c8119f124a2eb307b9bff308cb196f5c872e06e60285b26173c00eeaca04
Dradis Information Sharing Tool 2.9.0
Posted Feb 3, 2012
Authored by etd | Site dradis.nomejortu.com

dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts.

Changes: This release added a Retina Network Security Scanner upload plugin and a Zed Attack Proxy upload plugin. The Nessus, Nikto, and Nmap upload plugins are now orders of magnitude faster. A VulnDB import plugin was added to support VulnDB HQ integration. The First Time User's Wizard was updated. Rails was upgraded to version 3.2.
tags | tool, web
systems | unix
SHA-256 | acd6962974b366615d52eda38b9efa9e28463c266a80b88cccc0bfb5f0026dea
FatCat SQL Injector
Posted Jan 28, 2012
Authored by Sandeep K

This is an automatic SQL Injection tool called FatCat. It has features that help you to extract the database information, table information, and column information from a web application.

tags | tool, web, scanner, sql injection
systems | unix
SHA-256 | d6543e663214a8df0076f59ba3d72d5f35619b7a0177b40574cb7a4a1d03b007
Joomla Fundhelp Local File Inclusion
Posted Jan 24, 2012
Authored by the_cyber_nuxbie

The Joomla Fundhelp component suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | b743797e485023b9f7f60e1e61c1353a031d3ff60593699ed0ff7cf1255150d2
Malware Reverse Engineering Part 1 - Static Analysis
Posted Jan 18, 2012
Authored by Rick Flores

This malware report is part 1 of 2. This report is an effort to track, categorize, contain, understand root cause and infection vector of said user account/s, networked equipment or computer/s. This report pertains to all incidents reported by TIER II help desk, TIER III engineers, customer complaints or random IT Security audit/finding/pen test.

tags | paper, root, virus
SHA-256 | 8ace29513474b3ae5ebf23335d1c8782b885f19d4f5db31bcf348fcb6e7db1b8
Debian Security Advisory 2374-1
Posted Dec 26, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2374-1 - The information security group at ETH Zurich discovered a denial of service vulnerability in the crypto helper handler of the IKE daemon pluto.

tags | advisory, denial of service, crypto
systems | linux, debian
advisories | CVE-2011-4073
SHA-256 | 2e3b194b94bdc4f7f0091e298a2cc51c679c239928c746db286a6f2f132d600b
Firewall Builder With GUI
Posted Dec 24, 2011
Site fwbuilder.org

Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.

Changes: This release includes improvements in the design of the installer dialog to let users start in non-batch install mode but continue in batch install mode later; improvements in support for iptables configurations for bridging Linux firewalls; fixes for several GUI crashes; policy compilers now correctly handle /31 subnets.
tags | tool, firewall
systems | cisco, linux, unix, openbsd
SHA-256 | 22120de712844b5d89a3f2924964c16cc86f96f2156ace7c3f551bd0d713c94b
JavaScript Switcharoo Proof Of Concept
Posted Dec 8, 2011
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

It seems that relatively few people realize that holding a JavaScript handle to another window allows the attacker to tamper with the location and history objects at will, largely bypassing the usual SOP controls. With some minimal effort and the help of data: / javascript: URLs or precached pages, this can be leveraged to replace content in a manner that will likely escape even fairly attentive users.

tags | exploit, javascript
SHA-256 | fcf6a2f8bd756f73ae0cea59488d296084adcdadeda5ca6d9e401595b8736f42
Red Hat Security Advisory 2011-1526-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1526-03 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file.

tags | advisory, arbitrary, local, code execution
systems | linux, redhat
advisories | CVE-2009-5064, CVE-2011-1089
SHA-256 | 8fcb821effd2130157bef6f3b9ef23b06ccb0069c78542c7e2046126393556b5
XssScanner 1.1
Posted Dec 1, 2011
Authored by Romain MILLET, VULNIT | Site vulnit.com

XssScanner is a tool designed to help penetration testers find cross site scripting vulnerabilities. It analyzes a webpage to determine which are the payloads that could be used according to the position of the parameter. Then, for each selected payload, XssScanner sends a request using the payload and checks the returned page to find the payload. The major feature of XssScanner is its ability to detect many encodings that do not change the behavior of the payload (eg: double quote encoded into ").

tags | tool, scanner, vulnerability, xss
systems | unix
SHA-256 | beced1c0c47a2a50b77bc4b4d0a52f446464a99e5678cece598afbfae7977461
rtspFUZZ 0.1
Posted Nov 19, 2011
Authored by Debasish Mandal | Site debasish.in

rtspFUZZ is a real time streaming protocol server fuzzer. It uses 6 basic crafting techniques OPTIONS,DESCRIBE,SETUP,PLAY,GET_PARAMETER,TEARDOWN,PAUSE etc rtsp commands and 9 advanced crafting techniques to test any target application. It has the ability to fuzz with Metasploit Pattern (pattern_create.rb) which can be helpful for finding the offset.

tags | tool, protocol, fuzzer
SHA-256 | b3f05d18dd413771887842b4ada5d866099b1674425ad0bca2f4323f6772668f
Ubuntu Security Notice USN-1265-1
Posted Nov 17, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1265-1 - Marc Deslauriers discovered that system-config-printer's cupshelpers scripts used by the Ubuntu automatic printer driver download service queried the OpenPrinting database using an insecure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered packages and repositories.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2011-4405
SHA-256 | 359ddbd8a20109cf0cd0c50fb699368bbf5e8dbb3241a43302e56fbcca6dbd33
Hook Analyser Malware Tool 1.3
Posted Nov 14, 2011
Authored by Beenu Arora | Site hookanalyser.blogspot.com

Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.

Changes: Various updates.
tags | tool
systems | windows
SHA-256 | 1db4bd2ca0c97c9afeaffcb6b692042479d67663172e6fc873ec367da67ecb4e
LFI Fuzzploit Tool 1.1
Posted Nov 12, 2011
Authored by nullbyt3

LFI Fuzzploit is a simple tool to help in the fuzzing for, finding, and exploiting of local file inclusion vulnerabilities in Linux-based PHP applications. Using special encoding and fuzzing techniques, lfi_fuzzploit will scan for some known and some not so known LFI filter bypasses and exploits using some advanced encoding/bypass methods to try to bypass security and achieve its goal which is ultimately, exploiting a local file inclusion.

Changes: A bug in the file descriptor scan function is fixed. A command shell bug is fixed.
tags | tool, local, scanner, php, vulnerability, file inclusion
systems | linux, unix
SHA-256 | 164c07ad86594aa9bfe0936cec79654856d45223f5354927c0eba3f0fca68942
Wormtrack Network IDS 0.1
Posted Nov 10, 2011
Authored by Aleksandr Brodskiy | Site code.google.com

Wormtrack is a network IDS that helps detect scanning worms on a local area network by monitoring anomalous ARP traffic. This allows detection of scanning threats on the network, without having privileged access on a switch to set up a dedicated monitor port, nor does it require a constant updating of the rules engine to address new threats.

tags | tool, worm, local, intrusion detection
systems | unix
SHA-256 | d14c1f13e9ebf372fff1196929b62f243ebe2d1b93e88472662a96e12abd305b
Merethis Centreon 2.3.1 Code Execution
Posted Nov 8, 2011
Authored by Christophe de la Fuente | Site trustwave.com

The Centreon supervision and monitoring tool provided by Merethis permits remote code execution from the command help web page allowing an attacker to execute arbitrary commands in the context of the webserver hosting the application. The system also uses a one-way hash without a salt. Versions 2.3.1 and below are affected.

tags | exploit, remote, web, arbitrary, code execution
SHA-256 | 8baa1a03e20514db0ebdff56296a1f3d2b0ea0473b7d740b7747c685e31fb6df
Zero Day Initiative Advisory 11-318
Posted Nov 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-318 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Software Packaging. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the function LaunchProcess exposed via the LaunchHelp.dll ActiveX Control (ProgID LaunchHelp.HelpLauncher.1). The first argument to LaunchProcess is a path to a command to execute, but the argument is not sanitized and is subject to directory traversal. This can be exploited to execute arbitrary commands on the user's system.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2011-2657
SHA-256 | 414aacdeaade097f375906131317048411d761ffbad30cc32727276540651352
Page 2 of 4

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    16 Files
  • 21
    Mar 21st
    13 Files
  • 22
    Mar 22nd
    5 Files
  • 23
    Mar 23rd
    6 Files
  • 24
    Mar 24th
    47 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    50 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By