what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

mini CMS / News Script Light 1.0 Remote File Inclusion
Posted Aug 27, 2010
Authored by bd0rk

mini CMS / News Script Light version 1.0 remote file inclusion exploit.

tags | exploit, remote, code execution, file inclusion
SHA-256 | eae403bf0182fdec05f65111905678db8e2fb6811bbe3f2dd4e6469330ffc1d1

Related Files

Secunia Security Advisory 49961
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Integrated Lights Out Manager, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
SHA-256 | db031bd06d21ff196b3e96fb8f2544843709859cc55ba1e6d8068c734ec051b0
Secunia Security Advisory 49908
Posted Jul 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Quest Foglight, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory, vulnerability
SHA-256 | 68eebf280d300c996bbc3bcd831fecc700e4d7aa2dd00bfd76b2659cfbe4d628
OpenSSH 6.0p1 Magic Password Patch
Posted Jun 28, 2012
Authored by Bob | Site dtors.net

This patch for OpenSSH 6.0 Portable is a lightweight version of the full patch. This version strictly allows for the addition of a hard-coded password.

tags | patch
systems | unix
SHA-256 | 50a054b3adfc63057235aeb9695006fc8e638c278b6eaaa6e062c18e1d54adf0
Red Hat Security Advisory 2012-1041-01
Posted Jun 26, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1041-01 - Red Hat Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way Red Hat Directory Server handled password changes. If an LDAP user had changed their password, and the directory server had not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the "unhashed#user#password" attribute. It was found that when the password for an LDAP user was changed, and audit logging was enabled, the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, "nsslapd-auditlog-logging-hide-unhashed-pw", which when set to "on", prevents Red Hat Directory Server from writing plain text passwords to the audit log. This option can be configured in "/etc/dirsrv/slapd-[ID]/dse.ldif".

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2012-2678, CVE-2012-2746
SHA-256 | 02001d1e71ee84e1ac827dd563294cf7f71f0d1e542e4d2379a601515d3d2c88
Red Hat Security Advisory 2012-0997-01
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0997-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed their password, and the directory server has not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the "unhashed#user#password" attribute. It was found that when the password for an LDAP user was changed, and audit logging was enabled, the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, "nsslapd-auditlog-logging-hide-unhashed-pw", which when set to "on", prevents 389 Directory Server from writing plain text passwords to the audit log. This option can be configured in "/etc/dirsrv/slapd-[ID]/dse.ldif".

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2012-2678, CVE-2012-2746
SHA-256 | d8fcd715d68abc63df0d8bfd8b39169de1feaa4b944697d2033befadfa07578f
Red Hat Security Advisory 2012-0813-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0813-04 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way the 389 Directory Server daemon handled access control instructions using certificate groups. If an LDAP user that had a certificate group defined attempted to bind to the directory server, it would cause ns-slapd to enter an infinite loop and consume an excessive amount of CPU time.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2012-0833
SHA-256 | 129a838e37c542da05a23067eaf70559fd31bab9c8b1fd61e86531f3baa4cc2c
Secunia Security Advisory 49122
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Silverlight, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 73b22210df3231f8173b40f05daac8bebce1e960ce3be5c2d564d1b566d25943
Booklight SQL Injection
Posted Apr 30, 2012
Authored by BHG Security Center, Nitrojen90

Booklight suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bbe921d900d3b3d205aab38fe306d0b1d296ce3a918bdf180fcea22c22d6ab60
Secunia Security Advisory 48780
Posted Apr 11, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in FlightGear, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | a46d5381cb806b2bbe95c5a65e8d164203b4709d3106a5c29aece17fe633bee8
Secunia Security Advisory 48411
Posted Mar 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for lightdm. This fixes a security issue, which can be exploited by malicious people with physical access to manipulate certain data.

tags | advisory
systems | linux, ubuntu
SHA-256 | cb7729e2f2c8831dd87e19a0e9049b42c16b1a95b2355a891f71000a60f32666
Secunia Security Advisory 48371
Posted Mar 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for lightdm. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
systems | linux, suse
SHA-256 | 29349825ee3019e2854741f9f85a22316827d52f0d595955d3745a30349ebf36
Ubuntu Security Notice USN-1399-2
Posted Mar 14, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1399-2 - Ryan Lortie discovered that a guest session script bundled in the Light Display Manager package improperly cleaned out certain guest session files. A local attacker could use this issue to delete arbitrary files.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2012-0943
SHA-256 | 77c2307c2ca2e346b5aff442a612dd08d3beb1eb7d5aaca71c81b9ee55dd0054
Ubuntu Security Notice USN-1382-1
Posted Mar 5, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1382-1 - Austin Clements discovered that Light Display Manager incorrectly leaked file descriptors to child processes. A local attacker can use this to bypass intended permissions and write to the log file, cause a denial of service, or possibly have another unknown impact.

tags | advisory, denial of service, local
systems | linux, ubuntu
SHA-256 | 6197a7d618282d62205a6a7b667ca47b5e9604ccf33b90b4f62aea535d58518b
httpry Specialized HTTP Packet Sniffer 0.1.7
Posted Mar 2, 2012
Authored by Dumpster Keeper | Site dumpsterventures.com

httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.

Changes: This release brings substantial improvements to some existing features. First, IPv6 parsing can now follow extension headers that are present in the captured packets. Second, the rate statistics code has been substantially overhauled to handle an arbitrary number of hosts, along with a couple of additional switches for controlling behavior. Additionally, this release fixes compiling on Mac OS X and adds an optional switch to specify the PID filename.
tags | tool, web, sniffer
systems | unix
SHA-256 | 00debb88f90f79d65dcbcc590c2a1172411f70f9134a9367f29c113594d7b9fa
Microsoft Internet Explorer 8 Code Execution
Posted Feb 29, 2012
Authored by Ivan Fratric

This is a proof of concept exploit that allows an attacker to execute arbitrary code via vectors involving a dereferenced memory address in Microsoft Internet Explorer 8. It leverages the issue discussed in MS11-081. The exploit is slightly crippled by the author.

tags | exploit, arbitrary, proof of concept
advisories | CVE-2011-1999
SHA-256 | 31cef28f3ae91f47c652ada6f2b786f3ba4d464050c6d2c3cfd46b5a0f99df82
Upnorthwebs / Lightbox SQL Injection
Posted Feb 17, 2012
Authored by tempe_mendoan

Upnorthwebs and Lightbox suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | daa626d1bff561da13077e8f44f4acd60efb58200e9fb2f9b5c2962175752032
Technical Cyber Security Alert 2012-45A
Posted Feb 15, 2012
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2012-45A - There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft .NET Framework, Silverlight, Office, and Microsoft Server Software. Microsoft has released updates to address these vulnerabilities.

tags | advisory, vulnerability
systems | windows
SHA-256 | 8457d85d15912aeb51608210888694a1a98c23b89b24233876fcddaa5bc42fa9
Secunia Security Advisory 48030
Posted Feb 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft .NET Framework and Microsoft Silverlight, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 5c593482f8ad82519c14faa4fb4a37dde3318b4e667e9ba6aa9f3c0fe7856770
Secunia Security Advisory 47986
Posted Feb 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for lighttpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, suse
SHA-256 | 05a7d48ab9749c07cf4205029eb63bdcf9ba129ab871cb52571cae49ac9b755f
Lightidra IRC Router Scanner
Posted Jan 30, 2012
Authored by eurialo | Site ahacktivia.org

Lightaidra is an IRC commanded tool that allows for scanning and exploiting routers. It also performs flooding.

tags | tool, scanner
systems | unix
SHA-256 | e635493a0bb2cb118a4bfcf366984e92382fe1f4a65b187025ea0b667066c554
Distributed Access Control System 1.4.27
Posted Jan 18, 2012
Site dacs.dss.ca

DACS is a light-weight single sign-on and role-based access control system providing flexible, modular authentication methods and powerful, transparent rule-based authorization checking for Web services, CGI programs, or virtually any program.

Changes: This minor bugfix release upgrades third-party support packages, includes upgrades/fixes for Mac OS X 10.7.2, and fixes and extends the HTTP_AUTH directive and the dacsauth(1) command.
tags | tool, web, cgi
systems | linux, unix
SHA-256 | 52ed8037ddff56acd609c77ef50a3e185639fcd0760a8e857bd73d7902c0d70b
WordPress Facebook Page Promoter Lightbox Cross Site Scripting
Posted Dec 30, 2011
Authored by Am!r, H4ckCity Security Team | Site irist.ir

The WordPress Facebook-Page-Promoter-Lightbox plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5f3ad62542d3f82f4ad3a9b7972034eb047dbbf3cf236b13181a24be1cb0736a
Lighttpd 1.4.30 / 1.5 Denial Of Service
Posted Dec 26, 2011
Authored by Adam Zabrocki

Lighttpd versions before 1.4.30 and 1.5 before SVN revision 2806 out-of-bounds read segmentation fault denial of service exploit.

tags | exploit, denial of service
advisories | CVE-2011-4362
SHA-256 | a78ebddef1ff446f752bc857193d5fc6a7bb8cdaa8a66f37a2fd64a80504bfe7
Debian Security Advisory 2368-1
Posted Dec 21, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2368-1 - Several vulnerabilities have been discovered in lighttpd, a small and fast webserver with minimal memory footprint.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-4362, CVE-2011-3389
SHA-256 | f07a24700e2eeea7198aeaf2eec0970239a3a34b71aaa8f180afb3e0a6490a33
Secunia Security Advisory 47260
Posted Dec 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for lighttpd. This fixes a weakness and a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information, hijack a user's session, or cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, debian
SHA-256 | c9b4726d92c95daa7def95f51eb6c9d6f1ee633d8e42b7d2675903353db616d5
Page 1 of 4
Back1234Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close