what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 58 RSS Feed

Files Date: 2012-02-24

Movable Type Publishing Platform Cross Site Scripting
Posted Feb 24, 2012
Authored by Jonathan Claudius | Site trustwave.com

Movable Type Publishing Platform versions prior to 5.13, 5.07, and 4.38 are affected by a cross site scripting vulnerability. After extracting the Moveable Type CGI files and source files on to a web server, but before the application is fully installed, cross site scripting vulnerabilities are present in the '/cgi-bin/mt/mt-wizard.cgi' page.

tags | exploit, web, cgi, vulnerability, xss
advisories | CVE-2012-1262
SHA-256 | 8884fca39476f536426dc043e4acf681f4550bb0e135c0d0de6141a9f1920af3
Bugzilla Cross Site Request Forgery
Posted Feb 24, 2012
Site bugzilla.org

Bugzilla Security Advisory - Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered in Bugzilla versions 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2.

tags | advisory, cgi, csrf
advisories | CVE-2012-0453
SHA-256 | fe9aa9d5a2e0261931ccfa5c0cb9081fcee27f39f8a92d16f3b60fbcf5b9c472
HP Security Bulletin HPSBMU02739 SSRT100280 2
Posted Feb 24, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02739 SSRT100280 2 - A potential security vulnerability has been identified with HP Data Protector Storage Media Operations (SMO). This vulnerability could be remotely exploited to allow execution of arbitrary code. Revision 2 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2011-4791
SHA-256 | 2213eb6dbed6a4069e8b68c5b4ee0fa7345ab74c4c7000c299bfc528640ea31e
CJWSoft ASPGuest Guestbook SQL Injection
Posted Feb 24, 2012
Authored by demonalex

CJWSoft ASPGuest Guestbook suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c72acf6ca595a62fece23658b0eb2507e203e0d75a326fcfbd23ff8d0d5ce465
PHP Gift Registry 1.5.5 SQL Injection
Posted Feb 24, 2012
Authored by G13

PHP Gift Registry version 1.5.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, registry, sql injection
advisories | CVE-2012-2236
SHA-256 | 4ac4aa8616e0e3980f8f8d7134ddd0f3313c957f363637fe93a4bd2f1459d278
Dropbear SSH Server Use-After-Free
Posted Feb 24, 2012
Authored by Danny Fullerton

The Dropbear SSH server suffers from a use-after-free vulnerability that allows for arbitrary code execution.

tags | advisory, arbitrary, code execution
advisories | CVE-2012-0920
SHA-256 | 64265ec1c523533339855204fdc6f2a60efec7010b11b476bb2709c5aaf7b16e
Bontq Cross Site Scripting
Posted Feb 24, 2012
Authored by Sony

Bontq suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 928f7a337589fba598b4218d8ca5419945992040d545e2414e0278c9d941bc20
darkBC Python Connect-Back Script
Posted Feb 24, 2012
Authored by baltazar

This is a small connect-back script written in Python.

tags | tool, rootkit, python
systems | unix
SHA-256 | 835b9dec3575dd1389efc8a4a007dd336a926416a6593e7523caf0ba48d3e976
HP Security Bulletin HPSBUX02737 SSRT100747 2
Posted Feb 24, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02737 SSRT100747 2 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2012-0050
SHA-256 | 19e6114da67ae376ce2cb7ed67e338b31708557b126fcebc375c1599c6fcaa2a
JSRum SQL Injection
Posted Feb 24, 2012
Authored by the_cyber_nuxbie

JSRum suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 84e6bebed0fb71dba779b34611691893839c45fcc3e003bc016bad5301f737ad
HP Data Protector 6.1 EXEC_CMD Remote Code Execution
Posted Feb 24, 2012
Authored by Wireghoul, ch0ks, c4an | Site metasploit.com

This exploit abuses a vulnerability in the HP Data Protector service. This flaw allows an unauthenticated attacker to take advantage of the EXEC_CMD command and traverse back to /bin/sh, this allows arbitrary remote code execution under the context of root.

tags | exploit, remote, arbitrary, root, code execution
advisories | CVE-2011-0923
SHA-256 | 95add5b2ce4d94dcd719eaead5d7369aff78a1ef7a8325a02fc4a43b2369c0b5
WineBiz SQL Injection
Posted Feb 24, 2012
Authored by AtlasTeam

WineBiz suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f354657806fd9ac91926b7b06045ec8b120ef24937f9694cba159b6228418209
Feng Chen SQL Injection
Posted Feb 24, 2012
Authored by AtlasTeam

Feng Chen suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6f7d2dfb912bcc5283b7acb739633426b01756b75e22767dfd3e73b632d2535c
BlackBerry PlayBook Samba Remote Code Execution
Posted Feb 24, 2012
Authored by Andy Davis | Site ngssecure.com

BlackBerry PlayBook suffers from a samba related code execution vulnerability. Tablet versions prior to 2.0.0.7971 are affected.

tags | advisory, code execution
SHA-256 | 1afc8a7ff4c33e0b84d61b7fd3ad9ea453b1ab6f4c8645898025d843d0ecb99c
Ubuntu Security Notice USN-1374-1
Posted Feb 24, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1374-1 - Andy Davis discovered that Samba incorrectly handled certain AndX offsets. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-0870
SHA-256 | 81d485c10b572461eea91dd42a3a6dd59c4c9ad6c3e1aa0157a31e42055bb3ab
Ubuntu Security Notice USN-1373-1
Posted Feb 24, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1373-1 - It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. Various other issues were also addressed.

tags | advisory, java, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2011-5035, CVE-2011-3563, CVE-2012-0497, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507
SHA-256 | f5d1680ea07c3d083ccb24ffe7ffae199ba83aed9e742267a6ecfcda91111e3c
Debian Security Advisory 2416-1
Posted Feb 24, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2416-1 - It was discovered that Notmuch, an email indexer, did not sufficiently escape Emacs MML tags. When using the Emacs interface, a user could be tricked into replying to a maliciously formatted message which could lead to files from the local machine being attached to the outgoing message.

tags | advisory, local
systems | linux, debian
SHA-256 | 65bcdf42c527a426b64804a3384e6b2466fe1ff2c05aca4bdd06d8c34f037db4
darkb0t IRC Python Bot 0.1
Posted Feb 24, 2012
Authored by baltazar

darkb0t is an IRC bot written in Python that is capable of doing reverse DNS lookups, google dork searching, performing link checking on SQL injection, and more.

tags | sql injection, python
SHA-256 | bd0dc25d87992414149a403dc549ded89a0f0fb3561c895a931c8324a9a959cf
PHPFox Cross Site Scripting
Posted Feb 24, 2012
Authored by tRipLeZiX

PHPFox suffers from a base64 encoded cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 020f8d963ea8be04ea929544d5ac9cca10507c062abc3c1859af3691616856c2
Zerecords SQL Injection
Posted Feb 24, 2012
Authored by Th4 MasK

Zerecords suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2baa5e3406166ac5ec1ec3afffd4624b7cb22dd9dfa8e30ee80137c77c5acc4d
Samhain File Integrity Checker 3.0.2a
Posted Feb 24, 2012
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: This release fixes a regression that could cause a segfault at startup on systems that do not have inotify.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 4547cdadbae075b9106eead876d49fe5ad3ce417882f0447b7f7181590f95a4e
Oracle JD Edwards Security Kernel Information Disclosure
Posted Feb 24, 2012
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - If a specially crafted packet is sent to the JDENet Service (6015 TCP by default), then it would be possible to validate arbitrary (USER, ROLE, ENVIRONMENT) tuples, in order to detect valid ones.

tags | advisory, arbitrary, tcp
advisories | CVE-2011-2326
SHA-256 | bd2dcc460f9817265732bc0808e8543eaac886463c0594e24bd5fce15ec0bc80
Oracle JD Edwards SawKernel SET_INI Configuration Modification
Posted Feb 24, 2012
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - If a specially crafted message is sent to the JDENET service (specifically to the SAW Kernel), a user can remotely change the JDE.INI configuration file. This situation might help the attacker to perform complex attacks that would lead in a full compromise of the system.

tags | advisory, kernel
advisories | CVE-2011-3514
SHA-256 | 828b3a567c457e25def81aed87d84c454dc26926bd2577c4e6994f3c298a3a9d
The Uploader 2.0.4 (Eng/Ita) Remote File Upload
Posted Feb 24, 2012
Authored by Danny Moules | Site metasploit.com

This Metasploit module exploits various flaws in The Uploader to upload a PHP payload to target system. When run with defaults it will search possible URIs for the application and exploit it automatically. Works against both English and Italian language versions. Notably it disables pre-emptive email warnings before uploading the payload, though it leaves log cleanup as a post-exploitation task.

tags | exploit, php
advisories | CVE-2011-2944
SHA-256 | d29a260fa19d9695a7f57da48288f4735a750b3a821a5fdf8012ac51ec7892aa
TrendMicro Control Manager 5.5 Buffer Overflow
Posted Feb 24, 2012
Authored by blue, Luigi Auriemma | Site metasploit.com

This Metasploit module exploits a vulnerability in the CmdProcessor.exe component of Trend Micro Control Manager up to version 5.5. The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet, controlled data is copied into a 256-byte stack buffer. This can be exploited to execute remote code under the context of the user.

tags | exploit, remote, tcp
advisories | CVE-2011-5001, OSVDB-77585
SHA-256 | a04483c90d2ea44a263aa576ce03bb6bfbcf03f1fa5d6ff7e8b522c7b58f3163
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close