exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 34 RSS Feed

Files Date: 2011-06-21

Zero Day Initiative Advisory 11-225
Posted Jun 21, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-225 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the nsXULCommandDispatcher.cpp source code. During a NS_XUL_COMMAND_UPDATE event dispatch, the user is able to force command dispatcher to remove all the updaters in the mUpdaters chain including the one that is currently in use. As a result, the local variable updater becomes a stale pointer and updater->mNext refers to memory previously freed. Successful exploitation can lead to code execution in the context of the browser.

tags | advisory, remote, arbitrary, local, code execution
advisories | CVE-2011-0085
SHA-256 | 7863f617a6f44ef8bf90e7543ea93c2246ad911302f2326be55b6031f03e0ecb
Zero Day Initiative Advisory 11-224
Posted Jun 21, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-224 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG polygon objects. The code within nsSVGPointList::AppendElement() does not account for user defined getter methods modifying or destroying the parent object during a repaint. An attacker can abuse this flaw to create a dangling pointer which is referenced during the traversal of the SVG container hierarchy. This can be leveraged to execute arbitrary code within the context of the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2363
SHA-256 | a82536d4f4f1ff9da734433f61f9747354275bf65dee5fc17e6eb93f275febce
IBM Web Application Firewall Bypass
Posted Jun 21, 2011
Authored by Trustwave | Site trustwave.com

The IBM Web Application Firewall can be evaded, allowing an attacker to exploit web vulnerabilities that the product intends to protect. The issue occurs when an attacker submits repeated occurrences of the same parameter.

tags | exploit, web, vulnerability
SHA-256 | dd1e9c94795aba4ffecf00c4d23acf69a25e54a0a279d3b90a3b780c202eb617
Zero Day Initiative Advisory 11-223
Posted Jun 21, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-223 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG path segment objects. The function nsSVGPathSegList::ReplaceItem() does not account for deletion of the segment object list within a user defined DOMAttrModified EventListener. Code within nsSVGPathSegList::ReplaceItem() references the segment list without verifying that it was not deleted in the aforementioned callback. This can be abused to create a dangling reference which can be leveraged to execute arbitrary code within the context of the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0083
SHA-256 | 82ac5b76e47dd9bb4e8d57a655fd2f96f4bc256c8bf573a722d82424bbebb367
Penetration Testing With Metasploit
Posted Jun 21, 2011
Authored by Dinesh Shetty

This brief whitepaper gives an overview of the functional uses of the Metasploit Framework.

tags | paper
SHA-256 | a868069269ba7f9be7fe3e3764a207b4557d7120f654c3cf5b507537f29c3208
Ubuntu Security Notice USN-1156-1
Posted Jun 21, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1156-1 - It was discovered that tgt incorrectly handled long iSCSI name strings, and invalid PDUs. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 10.10. Emmanuel Bouillon discovered that tgt incorrectly handled certain iSCSI logins. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-2221, CVE-2011-0001
SHA-256 | ba1826fb855135b0d2f8008bbddbf61f5e8cfb8c9332cbf066bc74d8ac8342db
Ubuntu Security Notice USN-1155-1
Posted Jun 21, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1155-1 - It was discovered that NBD incorrectly handled certain long requests. A remote attacker could use this flaw to cause NBD to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-0530
SHA-256 | 20e18a4b4c5d1ca6912f57f2ba40b62da3ca3152aff5b4b0849321690eed0f1c
AthCon 2011 Capture The Flag Reversing Solution
Posted Jun 21, 2011
Authored by Glafkos Charalambous, George Nicolaou

This is the Athcon 2011 Capture The Flag solution paper.

tags | paper, conference
SHA-256 | fd730b3a1e648f9ee412307c5e026b859f602446cf26a6eb56a9f8ae24c309f2
Plesk Panel Brute Forcer 1.0
Posted Jun 21, 2011
Authored by Burtay

This php script is a Plesk Panel brute forcing utility.

tags | cracker, php
SHA-256 | 4f39c5c3c1f0bbfea67df3fa70f94dc5fdaef76f6e58e93fca95bb2e26d320b9
Sitemagic CMS 2010.04.17 Cross Site Scripting
Posted Jun 21, 2011
Authored by LiquidWorm | Site zeroscience.mk

Sitemagic CMS suffers from a XSS vulnerability when parsing user input to the 'SMExt' parameter via GET method in 'index.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

tags | exploit, arbitrary, php
SHA-256 | 8e9bd0f1156742f2d83faa0606fca5304a8e3b055624c9077f24c1a8e274c310
Slackware Security Advisory - Fetchmail STARTTLS
Posted Jun 21, 2011
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - fetchmail packages have been updated to fix a denial of service vulnerability in the STARTTLS protocol phases.

tags | advisory, denial of service, protocol
systems | linux, slackware
advisories | CVE-2011-1947
SHA-256 | e105c721442a8baa6254dc4effec15470371d9e6558d8ceb8b547b3371e8cddb
FactoryLink vrn.exe Opcode 9 Buffer Overflow
Posted Jun 21, 2011
Authored by Luigi Auriemma, hal | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in FactoryLink 7.5, 7.5 SP2, and 8.0.1.703. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by Luigi Auriemma.

tags | exploit, overflow, arbitrary
advisories | OSVDB-72815
SHA-256 | 180a8907d61d69a4ded59759afdcd03ea9f1757008b99fd69ef2a1c78f4f6f23
Black Ice Cover Page ActiveX Control Arbitrary File Download
Posted Jun 21, 2011
Authored by shinnai, mr_me, sinn3r | Site metasploit.com

This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0). Code execution can be achieved by first uploading the payload to the remote machine, and then upload another mof file, which enables Windows Management Instrumentation service to execute the binary. Please note that this module currently only works for Windows before Vista. Also, a similar issue is reported in BIDIB.ocx (10.9.3.0) within the Barcode SDK.

tags | exploit, remote, arbitrary, code execution, activex
systems | windows
advisories | CVE-2008-2683, OSVDB-46007
SHA-256 | c654011b0b3147d7a6b19b80df3e17b7fd597bafa54d127293006bedf2615b9d
Secunia Security Advisory 45009
Posted Jun 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in DokuWiki, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | 5733f827338e5a871d62236abcad8971d21401c0b59d85a0e08791ba23ca5892
Secunia Security Advisory 44982
Posted Jun 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 4c6d20bb726c60059291294fad494a7b4b1b2dd786dbad56275350b4d15baecc
Secunia Security Advisory 44728
Posted Jun 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gjoko Krstic has discovered a vulnerability in Sitemagic CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 74d561568cb2fb3f8ede37a1074b6bbfe3c49571f9cdc945b10c6729b4dfc55a
Blue Bison Script SQL Injection
Posted Jun 21, 2011
Authored by HeRoTuRK

Blue Bison Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7880a3ca3557c50dac2f14276792af3c24e1534ae07085756946b9256c400508
EA Sports Cross Site Scripting
Posted Jun 21, 2011
Authored by Juan Sacco

EA Sports aka ea.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2de1463eb99e58c2c78410d7068ed00f86ce8bc9e7e49e6c254af72e509df958
If-CMS 2.07 Local File Inclusion
Posted Jun 21, 2011
Authored by TecR0c

If-CMS version 2.07 pre-authentication local file inclusion exploit that leverages the newlang parameter.

tags | exploit, local, file inclusion
SHA-256 | 54e0d5a2b5475f09684e3d5e161e928ef2258de0b02c152c7f1fffea225f343d
DreamBox DM800 Arbitrary File Download
Posted Jun 21, 2011
Authored by ShellVision

DreamBox DM800 versions 1.6rc3 and below suffer from a remote arbitrary file download vulnerability.

tags | exploit, remote, arbitrary, info disclosure
SHA-256 | 9903b5996d825cd58d3ca550b02438e32094e98f800883c5f8767a40223d9173
Secunia Security Advisory 45003
Posted Jun 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Piwik, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 8c5c090209e382290931fe64848e6ea1e831a977609c3f78d637c42146bfc97f
Secunia Security Advisory 44701
Posted Jun 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered a security issue in NNT Change Tracker and Remote Angel, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, remote, local
SHA-256 | 015a7fb682705d0816da847b19abc46ac8a6233e948b42e2d1dbcb6642f06c86
Secunia Security Advisory 45004
Posted Jun 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in BlackBerry Tablet OS, which can be exploited by malicious people to disclose potentially sensitive information and compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 6134712f18921b5bf3174918b3f19926a1d6407e7c497d560e317397c6539153
Secunia Security Advisory 44983
Posted Jun 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for perl. This fixes a weakness, which can be exploited by malicious people to bypass certain security features.

tags | advisory, perl
systems | linux, debian
SHA-256 | 2a3ade82df916b2d08adfbcdba55d7bf636de2d01346d73d4e6d0868c7cff924
Secunia Security Advisory 45016
Posted Jun 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in SAP NetWeaver, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and bypass certain security restrictions.

tags | advisory, vulnerability, xss
SHA-256 | 80c7e3a3f0b82036f7b2979ed11098e0914d2b3e2a2bb83a573076fe473d18ac
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close