exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files Date: 2012-06-06

Drupal Node Embed 6.x / 7.x Access Bypass
Posted Jun 6, 2012
Authored by Paul Aumer-Ryan | Site drupal.org

Drupal Node Embed third party module versions 6.x and 7.x suffer from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 6571dcae03f74430b92cba3fd36dd0c9b1987cd05595801d3c575a45c620eb9b
Drupal Organic Groups 6.x Cross Site Scripting / Access Bypass
Posted Jun 6, 2012
Authored by Ezra Barnett Gildesgame, Fox | Site drupal.org

Drupal Organic Groups third party module version 6.x suffers from access bypass and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | b56a43fd6cb4f6b56f362161245de3105f1a148e93042618473ddbf92210cccc
Zero Day Initiative Advisory 12-084
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-084 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within the RV10 encoded data in the rv10.dll component. When encountering an invalid encoded height or width field the process miscalculates an offset while preparing to decode the data packets which constitute the stream. The process attempts to store data at this location. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0926
SHA-256 | e5150c82d73cc84c7bac0c2ef829f0a287bb6936a0e3495f3879c41d5fc6830d
Zero Day Initiative Advisory 12-083
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-083 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the Java OpenAL (JOAL) library. This library is not installed by default with Java, but it is available as a signed .jar package. The affected jar files are signed with a certificate that is trusted by default JRE installs and as such are downloaded and run without user interaction. Crafted Java applets can reach a call to 'dispatch_alDeleteBuffers1' that takes a user controllable int and uses it as a function pointer. This can lead to remote code execution under the context of the current process.

tags | advisory, java, remote, arbitrary, code execution
SHA-256 | af539ecf2fd986a71482f5bce919ec4d7ceb0240ccf75537508e640b7af3e7ca
Zero Day Initiative Advisory 12-082
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-082 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the Java OpenGL (JOGL) library. This library is not installed by default with Java, but it is available as a signed .jar package. The affected jar files are signed with a certificate that is trusted by default JRE install and as such is downloaded and run without user interaction. Crafted Java applets can reach a call to 'LoadLibraryA' in the JOGL library that allow remote .dll files to be loaded into the JRE process. This can lead to remote code execution under the context of the current process.

tags | advisory, java, remote, arbitrary, code execution
SHA-256 | bb546a1c4d0591f0955a1fb9585c688375530e4f11bf3db53027c0f08245bc52
WordPress Gallery 3.06 Shell Upload
Posted Jun 6, 2012
Authored by Sammy FORGIT

WordPress Gallery version 3.06 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 2b0f0fe86f415125d42d36d0589f6fe4b9637d3413cf619df1989e1dae3c5d70
WordPress Font Uploader 1.2.4 Shell Upload
Posted Jun 6, 2012
Authored by Sammy FORGIT

WordPress Font Uploader plugin version 1.2.4 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 17c62c1e17ef6474b73a184ec68ac0e8f8e3036b76c2a5001ed445f21db3f074
WordPress FCChat Widget 2.x Shell Upload
Posted Jun 6, 2012
Authored by Sammy FORGIT

WordPress FCChat Widget plugin versions 2.2.12.2 through 2.2.13.1 suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 0638063cb46b9dac5fd57097067cad9c433262ac71905a4d3738d4c5b7a06be2
WordPress Email Newsletter 8.0 Information Disclosure
Posted Jun 6, 2012
Authored by Sammy FORGIT

WordPress Email Newsletter plugin version 8.0 suffers from multiple information disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
SHA-256 | 5af9cbff36f380221e2a6015e1612cfd09e21fd6c1700e807643711213eae0aa
Zero Day Initiative Advisory 12-081
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-081 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the Java GlueGen library. This library is not installed by default with Java, but it is available as a signed .jar package. The affected jar files are signed with a certificate that is trusted by default JRE installs and as such are downloaded and run without user interaction. Crafted Java applets can reach a call to 'openLibraryGlobal' in the GlueGen library that allow remote .dll files to be loaded into the JRE process. This can lead to remote code execution under the context of the current process.

tags | advisory, java, remote, arbitrary, code execution
SHA-256 | fdfdf57a16d5e8b2b98688acf1dbab23802afc1c664ac025083b2c7000f2bbe8
Zero Day Initiative Advisory 12-080
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-080 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. A size value is read from MP4 files and used for size calculation without proper validation. The arithmetic performed on the size value can cause integer overflows, resulting in undersized allocations. This undersized memory allocation can be subsequently overpopulated with data supplied by the input file which can be used to gain remote code execution under the context of the current process.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2012-0754
SHA-256 | 7d4277c0240390dfaf844d794201f5813348bc3c4e7a17ba30d5fa943904ac26
Zero Day Initiative Advisory 12-078
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-078 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Apple QuickTime handles file with the Sorenson v3 Codec. When parsing the data inside the svq3 stream QuickTime does not verify the value for the mb_skip_run value it reads from the data. This value is used later as a loop counter to write data to a heap allocation without boundary checking. This can result in a heap based buffer overflow that can result in remote code execution under the context of the user running the application.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2012-0669
SHA-256 | 61ff5ba569ae6822a11c20b7069612ed862249b5319f04436e627d8046c35a87
Zero Day Initiative Advisory 12-077
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-077 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QuickTimeVR.qtx component. A signedness error exists when processing a QTVRStringAtom having an overly large "stringLength" parameter. This can be exploited to cause a stack-based buffer overflow and execute arbitrary code under the context of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | apple
advisories | CVE-2012-0667
SHA-256 | e647f5ae4eb85ad14d26b00c977c80ec8a5dc2aab52bccbb59f7d9ad5c7dbddc
Zero Day Initiative Advisory 12-076
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-076 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application calculates the padding for an MPEG sample. When calculating the padding, the MPEG library will subtract this from another length without checking for underflow. This resulting length will then be used in a memcpy operation into a statically sized buffer allocated on the heap. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
systems | apple
advisories | CVE-2012-0659
SHA-256 | ebbfba28118d24f1d8b399ccd10a105b73410f3d44f0dd5d1dda1152ef2b523a
Zero Day Initiative Advisory 12-075
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-075 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application decodes video samples encoded with the RLE codec. When decompressing the sample, the application will fail to accommodate for the canvas the sample is rendered into. This can cause a buffer overflow and thus can be taken advantage of in order to gain code execution under the context of the application.

tags | advisory, remote, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2012-0668
SHA-256 | d5468bb73b626a9a652d543969f2fda02d088248591c4fe62f3624ccad53adb2
Ubuntu Security Notice USN-1466-1
Posted Jun 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1466-1 - It was discovered that, when defining security groups in Nova using the EC2 or OS APIs, specifying the network protocol (e.g. 'TCP') in the incorrect case would cause the security group to not be applied correctly. An attacker could use this to bypass Nova security group restrictions.

tags | advisory, tcp, protocol
systems | linux, ubuntu
advisories | CVE-2012-2654
SHA-256 | aaa802033fd02ad4127bca32ff6245611c268e7f7d2b90b51e38b75b80cefe1e
Ubuntu Security Notice USN-1465-3
Posted Jun 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1465-3 - USN-1465-1 fixed vulnerabilities in Ubuntu One Client. The update failed to install on certain Ubuntu 10.04 LTS systems that had a legacy Python 2.5 package installed. This update fixes the problem. It was discovered that the Ubuntu One Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information. Various other issues were also addressed.

tags | advisory, remote, web, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2011-4409
SHA-256 | 5c0afee4c4cf6f20c5072c02b401c558c85c7f6589dbc77daf0c51474d1c8b8f
Ubuntu Security Notice USN-1463-1
Posted Jun 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1463-1 - Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2011-3101, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-0441, CVE-2011-3101, CVE-2012-0441, CVE-2012-1937, CVE-2012-1938, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947
SHA-256 | a1ddfa9c7fec8efed51fe4b27376372c6d46f9f58545ac36826bbc207ecd680e
Ubuntu Security Notice USN-1464-1
Posted Jun 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1464-1 - It was discovered that the Ubuntu Single Sign On Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2011-4408
SHA-256 | 289394b386becc411d1da7e03909df1856271f711709c51b346d29cd31c165ae
Ubuntu Security Notice USN-1465-1
Posted Jun 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1465-1 - It was discovered that the Ubuntu One Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2011-4409
SHA-256 | 4043575a28f3151a2c63c3f93da7f4ede5fdb9d43fbcd6804a4bde82d888ea74
Ubuntu Security Notice USN-1465-2
Posted Jun 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1465-2 - USN-1465-1 fixed a vulnerability in the Ubuntu One Client. This update adds a required fix to the Ubuntu One storage protocol library. It was discovered that the Ubuntu One Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information. Various other issues were also addressed.

tags | advisory, remote, web, protocol
systems | linux, ubuntu
advisories | CVE-2011-4409
SHA-256 | bfc4b1a4f40b1086e4a2f1209aef6c19231f1edd3f5e17263857e268a19058a8
Vanilla kPoll 1.2 Stored Cross Site Scripting
Posted Jun 6, 2012
Authored by Henry Hoggard

Vanilla kPoll plugin version 1.2 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9577d4d05fd0c60f1a6495210bcf2770b8279ce9336ad0be687891c55b8a2283
Audio Editor Master 5.4.1.217 Denial Of Service
Posted Jun 6, 2012
Authored by Onying

Audio Editor Master version 5.4.1.217 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | b6930c08d1b40f2adf2de7921d89da8214fff73ac57df097378d448e1c3d2690
Evolutia Design SQL Injection
Posted Jun 6, 2012
Authored by D0m12

Evolutia Design suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f3ea0e419820028b6cd34af716a3b5f914d18198b589ad07f1dd598a406ad1ac
Secunia Security Advisory 49395
Posted Jun 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - m1k3 has discovered a vulnerability in Winlog, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | e2af86e51f3b172ba44db4551fe392b03f4fd5094dab76f17d25471293940bb0
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close