exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 137 RSS Feed

Files Date: 2008-12-30

Bloofox CMS 0.3.4 Local File Inclusion
Posted Dec 30, 2008
Authored by fuzion

Bloofox CMS version 0.3.4 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | ec96bdd0d2f195001b14b57582416e8046fafc3c386ff4c637127bb8e4c78fc9
ClaSS 0.8.6.0 File Disclosure
Posted Dec 30, 2008
Authored by fuzion

ClaSS version 0.8.60 and below suffer from remote file disclosure vulnerabilities.

tags | exploit, remote, vulnerability
SHA-256 | b683ab75909850a28062d3d8bdff5366b432ca3f7905be79bd6fec3807e784dc
Ubuntu Security Notice 700-1
Posted Dec 30, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-700-1 - Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives. If a user or automated system were tricked into opening a specially crafted tar file, a remote attacker could over-write arbitrary files. Tavis Ormandy and Will Drewry discovered that Perl did not correctly handle certain utf8 characters in regular expressions. If a user or automated system were tricked into using a specially crafted expression, a remote attacker could crash the application, leading to a denial of service. Ubuntu 8.10 was not affected by this issue. A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06 and 8.10 were not affected by this issue. A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected by this issue.

tags | advisory, remote, denial of service, arbitrary, local, perl
systems | linux, ubuntu
advisories | CVE-2007-4829, CVE-2008-1927, CVE-2008-5302, CVE-2008-5303
SHA-256 | 4cd9f58b06577565cb8d0f6645a1ecaf732d9f924f3c0b72bfd28ab955c3a7a4
Gentoo Linux Security Advisory 200812-24
Posted Dec 30, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-24 - Multiple vulnerabilities in VLC may lead to the remote execution of arbitrary code. Versions less than 0.9.8a are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5032, CVE-2008-5036, CVE-2008-5276
SHA-256 | ff1ca98bd0aaf2698929a17f1552ed1d294f532e680c752f8d686e4b8a1b1b94
Gentoo Linux Security Advisory 200812-23
Posted Dec 30, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-23 - A buffer overflow vulnerability has been discovered in Imlib2. Julien Danjou reported a pointer arithmetic error and a heap-based buffer overflow within the load() function of the XPM image loader. Versions less than 1.4.2-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2008-5187
SHA-256 | 9c667d42978565d5060c3031ccc7886a1193cf8b45348d1a901ca94946954eae
Gentoo Linux Security Advisory 200812-22
Posted Dec 30, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-22 - An insecure temporary file usage has been reported in Ampache, allowing for symlink attacks. Dmitry E. Oboukhov reported an insecure temporary file usage within the gather-messages.sh script. Versions less than 3.4.3 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2008-3929
SHA-256 | b9685e98bc1c0819b0892c8b190e91b40b574012a19e865314a805fc6a6aa84b
Gentoo Linux Security Advisory 200812-21
Posted Dec 30, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-21 - Two vulnerabilities in ClamAV may allow for the remote execution of arbitrary code or a Denial of Service. Moritz Jodeit reported an off-by-one error within the get_unicode_name() function in libclamav/vba_extract.c when processing VBA project files (CVE-2008-5050). Ilja van Sprundel reported an infinite recursion error within the cli_check_jpeg_exploit() function in libclamav/special.c when processing JPEG files (CVE-2008-5314). Versions less than 0.94.2 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5050, CVE-2008-5314
SHA-256 | e266277192a4a3af7c8e228304c79935f78c8defb315c8375f029ee56165f438
STARS - A RATS Front-End Written In Python
Posted Dec 30, 2008
Authored by Benjamin Lull

STAR is a front-end written in Python for the Rough Auditing Tool for Security (RATS). This is the source release. Simply run "python setup.py install" and then run "star".

tags | python
systems | unix
SHA-256 | 849f14e43d1170461b82f0622cf45d5ac9cd81c5601c6f8d28be45d3569f25fd
Getleft 1.2 Buffer Overflow
Posted Dec 30, 2008
Authored by koshi

Getleft version 1.2 proof of concept buffer overflow exploit that causes a denial of service condition.

tags | exploit, denial of service, overflow, proof of concept
SHA-256 | 5519139bcfb084e1b5afe1d514b6af3c2bb23bae05e899b6954e99cec7a4bfc2
CMS NetCat 3.12 SQL Injection / XSS / LFI
Posted Dec 30, 2008
Authored by s4avrd0w

CMS NetCat versions 3.12 and below suffer from local file inclusion, blind SQL injection, cross site scripting, HTTP response splitting, and CRLF injection vulnerabilities.

tags | exploit, web, local, vulnerability, xss, sql injection, file inclusion
SHA-256 | 730aeb7570a48954a80207737f1bafe5fe9d40926123fed41669691d5ed7d6f7
CMS NetCat 3.12 Blind SQL Injection Exploit
Posted Dec 30, 2008
Authored by s4avrd0w

CMS NetCat version 3.12 blind SQL injection exploit that makes use of password_recovery.php.

tags | exploit, php, sql injection
SHA-256 | 8670779a58356d6382a73efdb1904f94e7222c22d900b64b0f128e7c51350d9a
Ubuntu Security Notice 677-2
Posted Dec 30, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-677-2 - USN-677-1 fixed vulnerabilities in OpenOffice.org. The changes required that openoffice.org-l10n also be updated for the new version in Ubuntu 8.04 LTS. Multiple memory overflow flaws were discovered in OpenOffice.org's handling of WMF and EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. Dmitry E. Oboukhov discovered that senddoc, as included in OpenOffice.org, created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS.

tags | advisory, remote, overflow, arbitrary, local, vulnerability
systems | linux, ubuntu
SHA-256 | a7b0af4c0bf188b76f64e0e78386aa1167e756d6f4da6666c8841528f2bb2943
Digital Defense VRT Advisory 2008.16
Posted Dec 30, 2008
Authored by Digital Defense, Corey LeBleu, r@b13$ | Site digitaldefense.net

The Citrix Broadcast Server administrative login page is vulnerable to trivial SQL injections via the txtUID HTTP POST parameter. An attacker could leverage this flaw to obtain unauthorized access to the web interface or to extract data from the database via blind SQL injection.

tags | advisory, web, sql injection
SHA-256 | 3d5db43c4aa4093db243a62d6926f5bcb8ee486ff32706192155dc2b1ed03ea2
Ubuntu Security Notice 698-3
Posted Dec 30, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-698-3 - It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.

tags | advisory, web, arbitrary, csrf
systems | linux, ubuntu
advisories | CVE-2008-5027, CVE-2008-5028
SHA-256 | 4130a0a5287319a13ee95d2404c6c96183d3992fe351e772736db192651c5d89
PHPmotion 2.1 Cross Site Request Forgery
Posted Dec 30, 2008
Authored by Ausome1 | Site enigmagroup.org

PHPmotion versions 2.1 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | e728d74c666eeab8a215704c453a3d89d86a21c455a6420afcb953dc66140acb
StormBoard 1.0.1 SQL Injection
Posted Dec 30, 2008
Authored by Samir-M

StormBoard version 1.0.1 suffers from a remote SQL injection vulnerability in thread.php.

tags | exploit, remote, php, sql injection
SHA-256 | 1bede81ce9b22727f3d3541e52986feee94b81b1976536e3db3530179e0c91a5
Psi Jabber Client Denial Of Service
Posted Dec 30, 2008
Authored by sha0

Psi Jabber Client remote denial of service exploit that targets tcp port 8010.

tags | exploit, remote, denial of service, tcp
SHA-256 | 2d1c6fd2e95869eca7339c82f38eb8d9ca2f66a1fbc98b8843d8e0077031b356
PHP Desktop 9.0.6 Denial Of Service
Posted Dec 30, 2008
Authored by Evilcry | Site evilcry.altervista.org

PGP Desktop version 9.0.6 local denial of service exploit that uses PGPwded.sys.

tags | exploit, denial of service, local
SHA-256 | c96092f65087c0f1d3fccbc4f3fdb6e7ca87e79c536ed76178c5978d2dfd5c2a
phpEmployment Arbitrary File Upload
Posted Dec 30, 2008
Authored by ahmadbady

phpEmployment suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 330b86e2bd0fb4b5e5e08e9e7427c82465f6b6494a437a81b46ad41b3d70c4e2
phpAdBoard Arbitrary File Upload
Posted Dec 30, 2008
Authored by ahmadbady

phpAdBoard suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | a5a06e4856657e881465ecfbdcc5373c2d32f6d4e6cbde86a8023b26b4dbade4
phpGreetCards XSS / File Upload
Posted Dec 30, 2008
Authored by ahmadbady

phpGreetCards suffers from cross site scripting and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload
SHA-256 | a2be1b3387841df12e259f185ccde1b1055faa3a8c4feb5fa10070b2e87519c7
PSI Integer Overflow Denial Of Service
Posted Dec 30, 2008
Authored by Jesus Olmos Gonzalez

PSI suffers from a remote integer overflow denial of service vulnerability. Proof of concept code is included.

tags | exploit, remote, denial of service, overflow, proof of concept
SHA-256 | de69b659adeceb5045e248bf603c15268a1229a6571f12bd70969d4db0132621
Password Ganking By Modifying PHP Code
Posted Dec 30, 2008
Authored by Rohit Bansal

Brief login form password theft tutorial showing how to backdoor php code once access has been gained to a system in order to not have to crack hashes.

tags | paper, php
SHA-256 | efa9a5d70d121d1cd4ee5fd03891f3e0b9ec2ada0da46b4dc78a39dbc6a542b5
Google Chrome Parameter Injection
Posted Dec 30, 2008
Authored by Nine:Situations:Group | Site retrogod.altervista.org

The Google Chrome Browser suffers from a remote parameter injection vulnerability in relation to ChromeHTML://.

tags | exploit, remote
SHA-256 | f40217d78c145ffa1bcfff8ac4ab8ca24e5ae04829d919ada582b82d130cfc4c
PowerStrip 3.84 Privilege Escalation Exploit
Posted Dec 30, 2008
Authored by Alex from NT Internals | Site ntinternals.org

PowerStrip versions 3.84 and below privilege escalation exploit that leverages pstrip.sys.

tags | exploit
SHA-256 | 1a380de0fa98a713190a384dc93a734625b9b5bf99a22f9c8ebd7332c2e6b3cf
Page 1 of 6
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close