exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 47 RSS Feed

Files Date: 2011-04-15

IPv6 Sniffer Detection
Posted Apr 15, 2011
Authored by van Hauser

IPv6 appears to suffer from a sniffer detection issue using an ICMP echo request packet with a multicast MAC address.

tags | advisory
advisories | CVE-2010-4562, CVE-2010-4563
SHA-256 | 1bdf6978fae4916cbd657629c58badd7f6daffae6f9f8441852945f289594ec5
ClubHACK Magazine Issue 15
Posted Apr 15, 2011
Authored by clubhack | Site chmag.in

ClubHACK Magazine Issue 15 - Topics covered include Mozilla Firefox Internals and Attack Strategies, FireCAT, Being Invisible on the Internet, and more.

tags | magazine
SHA-256 | 92810aaf42590da6a385dd916cc9887f2858306e425255a2d8f76964434c03fd
AdSuck DNS Server 2.3
Posted Apr 15, 2011
Authored by Marco Peereboom | Site peereboom.us

adsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers, etc. It can be used locally, for the road warrior, or on the network perimeter in order to protect local machines from malicious sites.

Changes: This release fixes a buffer underflow that could result in a crash. It adds SOA when replying NXDOMAIN. It has an Additional section when spoofing to an IP address. The dhclient script has been fixed. Updated hosts files from various sources.
tags | tool, local, spoof
systems | linux, unix
SHA-256 | 668367ef17eb4a5745b7af8e8ee359ced213d5dedc82c273be711440bd96a9ed
SQL-Ledger 2.8.33 Local File Inclusion
Posted Apr 15, 2011
Authored by bitform

SQL-Ledger versions 2.8.33 and below suffer from a post-authentication local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | d496bd5127052681237e5a8a52806489423cb1aec3e9d326887a4e4dbc8804b1
SimplyPlay Buffer Overflow
Posted Apr 15, 2011
Authored by C4SS!0 G0M3S

SimplyPlay revision 66 buffer overflow exploit that creates a malicious .pls file.

tags | exploit, overflow
SHA-256 | 3711a52f7ea4111fcfc07d40f11a484c3231b6b42e1c7f94e653809622405ba5
Apple Safari Text Nodes Remote Use-After-Free
Posted Apr 15, 2011
Authored by Matthieu Bonetti, VUPEN | Site vupen.com

The VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free error in the WebKit library when processing certain text nodes, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

tags | advisory, remote, web, arbitrary
systems | apple
advisories | CVE-2011-1344
SHA-256 | 68273b636979cb1468a8090e5e58828a83e73978c0b22c05b24a4b9d3b8c295a
Microsoft Windows OpenType CFF Driver Stack Overflow
Posted Apr 15, 2011
Authored by Sebastien Renaud, VUPEN | Site vupen.com

The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a stack overflow error in the OpenType Compact Font Format (CFF) driver "ATMFD.dll" when processing certain operands within an OpenType font, which could be exploited by remote attackers to execute arbitrary code on a vulnerable Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista systems via a malicious font, or by local attackers to gain elevated privileges on Windows XP and Windows Server 2003 systems via a malicious application.

tags | advisory, remote, overflow, arbitrary, local
systems | windows
advisories | CVE-2011-0034
SHA-256 | 4f3f32b3d21c7c657379213dbce2194f42ee815379440a6a45b032df836b15a9
Microsoft Office Excel Real Time Data Stack Overwrite
Posted Apr 15, 2011
Authored by Nicolas Joly, VUPEN | Site vupen.com

The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by a stack overwrite error when parsing the RTD RealTimeData record (0813h), which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted Excel document.

tags | advisory
advisories | CVE-2011-0105
SHA-256 | eb83b04f992840bb6eff2e981e45c08f92921571c592f54407896f0ebe817d1c
TextAds 2.08 Cross Site Scripting
Posted Apr 15, 2011
Authored by Ashiyane Digital Security Team

TextAds version 2.08 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 48fe4b05eefcf678307bf8c0811a92943aab040e74acd9f39d95490ff9e6f564
Microsoft Internet Explorer Property Change Memory Corruption
Posted Apr 15, 2011
Authored by Nicolas Joly, VUPEN | Site vupen.com

The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "CObjectElement::OnPropertyChange()" function within the MSHTML library when handling objects, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 6, 7, and 8 are affected.

tags | advisory, remote, web
advisories | CVE-2011-1345
SHA-256 | 59606c9acd8d8332ddbbdbeff4cd06911f15ac789a3a6ee075f3c52dff906ea9
Microsoft Internet Explorer Layouts Use-After-Free
Posted Apr 15, 2011
Authored by Nicolas Joly, VUPEN | Site vupen.com

The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "CSpliceTreeEngine::InsertSplice()" function within the MSHTML library when handling layouts, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 6 and 7 are affected.

tags | advisory, remote, web
advisories | CVE-2011-0094
SHA-256 | b8d96323c4a211ae41bedf90189a3872ffab299ee06c72ee8c21def85c12f670
Collaborative Passwords Manager (cPassMan) 1.82 Arbitrary File Download
Posted Apr 15, 2011
Authored by Kaan Kivilcim | Site senseofsecurity.com.au

Collaborative Passwords Manager (cPassMan) version 1.82 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | 967826b2fe42669cdbb86c278cdcd41df4089bd07c90acbcb696c66c58c57b9f
Agahi Advertisement CMS SQL Injection
Posted Apr 15, 2011
Authored by Sepehr Security Team

Agahi Advertisement CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8d7097ee7a0f8c968c01874badcbf438b062129cd0f05a336000f378d1e684c7
Zero Day Initiative Advisory 11-104
Posted Apr 15, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-104 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebKit library's implementation of a CSS style. When totaling the length of it's string elements, the library will store the result into a 32bit integer. This value will be used for an allocation and then later will be used to initialize the allocated buffer. Due to the number of elements being totaled being variable, this will allow an aggressor to provide as many elements as necessary in order to cause the integer value to wrap causing an under-allocation. Initialization of this data will then cause a heap-based buffer overflow. This can lead to code execution under the context of the application.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2011-1290
SHA-256 | 347cf5e231b4084b8fc7a2447d1f6527012477b05fa10b2f622c82dcfb76f440
Zero Day Initiative Advisory 11-135
Posted Apr 15, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-135 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the Webkit library handles WBR tags on a webpage. By adding children to a WBR tag and then consequently removing the tag through, for example, a 'removeChild' call it is possible to create a dangling pointer that can result in remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-1344
SHA-256 | be4c8dd019c0ab1ff982bb32c801b502ffe05b5d52a29f1a44bb8a75cc279411
Mimbo Pro 2.3.1 Cross Site Scripting
Posted Apr 15, 2011
Authored by MustLive

Mimbo Pro versions 2.3.1 and below suffer from cross site scripting, denial of service, path disclosure, and abuse of functionality vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
SHA-256 | 74e000d01037508cbeca559a4c9a061d44ef13bb2175b7f9206b7ab5fe1c0480
Ubuntu Security Notice USN-1110-1
Posted Apr 15, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1110-1 - It was discovered that KDE KSSL did not properly verify X.509 certificates when the certificate was issued for an IP address. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Tim Brown discovered that KDE KHTML did not properly escape URLs from externally generated error pages. An attacker could exploit this to conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2011-1094, CVE-2011-1168
SHA-256 | e78defb86c69f2ca1bbb9d91a5cec00811d513de3ef5cdfff2e34ffe7feee4cf
SaurusCMS 4.7.1 Remote File Inclusion
Posted Apr 15, 2011
Authored by KedAns-Dz

SaurusCMS versions 4.7.1 and below suffer from remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | 28d2ab9d9db4ad9624dc59580aec62ae0cee90246990c630c8c9c3226621161e
RunCMS Partners Module SQL Injection
Posted Apr 15, 2011
Authored by KedAns-Dz

The Partners module in RunCMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b983cc119430f8ce0688691ecd9dfcbc668c3cf5816c3a744a2d848242960144
PhoenixCMS 1.7.0 SQL Injection
Posted Apr 15, 2011
Authored by KedAns-Dz

PhoenixCMS versions 1.7.0 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f40d638835ae5d33b7d419ae121c7035401063517ef4a6498c1627a4f8ec7a59
PhoenixCMS 1.7.0 Local File Inclusion
Posted Apr 15, 2011
Authored by KedAns-Dz

PhoenixCMS versions 1.7.0 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | f9b14da7f2b2d6ed4f2c96e279cddfc7a867dcb8749e749cb020121374ad414a
Istgah CMS Cross Site Scripting / SQL Injection
Posted Apr 15, 2011
Authored by Ashiyane Digital Security Team

Istgah CMS suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 1315899efe88edc6032547187e79d4344d11f7b99d8180380bdaeb4f1bd2650c
Secunia Security Advisory 44159
Posted Apr 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows Messenger, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | windows
SHA-256 | 93ec5ce55a927a205df77f9cddc0499ccbc14e099c169d0fd3ab489449ccc670
Secunia Security Advisory 39122
Posted Apr 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | cc33916bbd27bd5f91d21918a9bee7122889cb6af557992afb078291bd81f9e1
Secunia Security Advisory 39903
Posted Apr 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Three vulnerabilities have been reported in Microsoft Office PowerPoint, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | a46aeea1974bac3d96cb90fe3809682f743e7e0b7a44d6e68cf8bd552e725aef
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close