exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 42 RSS Feed

Files Date: 2012-11-13

Invision IP.Board 3.3.4 unserialize() PHP Code Execution
Posted Nov 13, 2012
Authored by EgiX, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in Invision IP.Board versions 3.3.4 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the '/admin/sources/base/core.php' script, which is called with user controlled data from the cookie. The exploit abuses the __destruct() method from the dbMain class to write arbitrary PHP code to a file on the Invision IP.Board web directory. The exploit has been tested successfully on Invision IP.Board 3.3.4.

tags | exploit, web, arbitrary, php
advisories | CVE-2012-5692, OSVDB-86702
SHA-256 | 7e91adb9a9ee325db99241f1b63825bee21c97d9b41b272172e2f7674cc58e74
Jira Scriptrunner 2.0.7 CSRF / Code Execution
Posted Nov 13, 2012
Authored by Ben Sheppard

This is a metasploit exploit for Jira Scriptrunner version 2.0.7. This Jira plugin does not use the built in Jira protections (websudo or CSRF tokens) to protect the page from CSRF. This page is supposed to be used by admins to automate tasks, it will accept java code and by default in a windows environment Jira will be run as system.

tags | exploit, java, csrf
systems | windows
SHA-256 | f7e10861901a1d9665e685842d12a026c5ffc0c56dbc38b827eb7b239eef52e1
OpenVAS Command Injection
Posted Nov 13, 2012
Authored by Tim Brown at OpenVAS

It has been identified that OpenVAS Manager is vulnerable to command injection due to insufficient validation of user supplied data when processing OMP requests. It has been identified that this vulnerability may allow arbitrary code to be executed with the privileges of the OpenVAS Manager on vulnerable systems.

tags | exploit, arbitrary
advisories | CVE-2012-5520
SHA-256 | 29cfb654d65c6206e5eb00b77e4c9af21b10e0084e0c061d804308cd9283a39f
RSA Data Protection Manager XSS / Broken Restriction
Posted Nov 13, 2012
Site emc.com

RSA Data Protection Manager is susceptible to vulnerabilities that could potentially be exploited by malicious users to compromise affected systems. These include a cross site scripting vulnerability and improper restriction of authentication attempts for OS lever user accounts.

tags | advisory, vulnerability, xss
advisories | CVE-2012-4612, CVE-2012-4613
SHA-256 | 3cb801677b567bb3d98b09a0716b18ba0be64f9acfcb404b730a7960ec1a21dd
Huawei Weak Password Encryption
Posted Nov 13, 2012
Authored by Roberto Paleari, Ivan Speziale

Various Huawei products use DES without any salt to encrypt passwords. Included vulnerable are the Huawei Quidway series and Huawei CX600.

tags | advisory
SHA-256 | 586945a98792e4b79e4cdf79efe5861cf28ea94190070c0a2759e3c7de8f3a24
WordPress UK-Cookie Cross Site Scripting
Posted Nov 13, 2012
Authored by Aditya Balapure

The WordPress UK Cookie third party plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-5856
SHA-256 | ac711c6e6c7ff2e01916df2bf23311f242efc228bcf33098b6a7937f76371bdc
Zoner Photo Studio 15 B3 Buffer Overflow
Posted Nov 13, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Zoner Photo Studio version 15 b3 suffers from buffer overflow vulnerabilities.

tags | exploit, overflow, vulnerability
SHA-256 | 2d2230f52cc78f81ca3bad5c99f86007608092614b3c55703b7685cafde3e071
Eventy CMS 1.8 Plus Cross Site Scripting / SQL Injection
Posted Nov 13, 2012
Authored by Ibrahim El-Sayed, Vulnerability Laboratory | Site vulnerability-lab.com

Eventy CMS version 1.8 Plus suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | a18069220cbe2fe4e9042b337f874f8ed51318a81673978302fcab0dff038764
WordPress WP E-Commerce 3.8.9 SQL Injection / Cross Site Scripting
Posted Nov 13, 2012
Authored by DefenseCode

WordPress WP E-Commerce third party plugin version 3.8.9 suffers from cross site scripting and multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 0d217823abae38bc48512f5c07fbec5a29e015e3bfddc654f8069b7e4310d5e4
Red Hat Security Advisory 2012-1459-01
Posted Nov 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1459-01 - nspluginwrapper is a utility which allows 32-bit plug-ins to run in a 64-bit browser environment. It includes the plug-in viewer and a tool for managing plug-in installations and updates. It was not possible for plug-ins wrapped by nspluginwrapper to discover whether the browser was running in Private Browsing mode. This flaw could lead to plug-ins wrapped by nspluginwrapper using normal mode while they were expected to run in Private Browsing mode.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-2486
SHA-256 | c749175bf3ddcfe2a107887e44db5e0dd9a11dd904419bc49b06d3c766f8c308
Red Hat Security Advisory 2012-1445-01
Posted Nov 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1445-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the RHSA-2010:0178 update did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged user with the ability to mount an ext4 file system could use this flaw to cause a denial of service. This update also fixes several bugs.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2012-2100
SHA-256 | 3c254f1449cdb66cbbceca5dbbc00aca97fc1eb8da9edf6e8a13d83f29570d7f
Good Mobile Access Man-In-The-Middle
Posted Nov 13, 2012
Authored by Thierry Zoller

GMA aka Good Mobile Access, part of the Good For Enterprise application, failed to validate server authenticity in versions prior to 2.0.2.

tags | advisory
SHA-256 | 437e815284a5837eb0e26f1d859c302fe999bb741e9a78b22782fe918ba09bc1
Microsoft Security Bulletin Re-Release For November, 2012
Posted Nov 13, 2012
Site microsoft.com

This bulletin summary lists two re-released Microsoft security bulletins for November, 2012.

tags | advisory
SHA-256 | ce4eceb68a40c33e6911b6971229b68eab8cdfe696e974ee663eb1cdc8e8fc19
IrfanView 4.33 RLE Image Decompression Buffer Overflow
Posted Nov 13, 2012
Authored by Francis Provencher

IrfanView version 4.33 suffers from a RLE image decompression buffer overflow vulnerability. Proof of concept included.

tags | exploit, overflow, proof of concept
systems | linux
SHA-256 | c7280f0bbcb5f8e1f959afbe12d0a3869c8de4db879212848a1273b635432924
Microsoft Security Bulletin Summary For November 2012
Posted Nov 13, 2012
Site microsoft.com

This bulletin summary lists 6 released Microsoft security bulletins for November, 2012.

tags | advisory
SHA-256 | d9291695e893a4a162b64b68337cff2c3c7a2887cb68d8d4416621fcc4e09466
SWF Upload Cross Site Scripting
Posted Nov 13, 2012
Authored by MustLive

Dotclear, InstantCMS, AionWeb, and Dolphin all include a version of swfupload.swf that suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-3414
SHA-256 | a2a158397ae79c78e46a0c4935d002352662c55b69f1181ce13b4acd1f39d885
IrfanView 4.33 TIF Image Decompression Buffer Overflow
Posted Nov 13, 2012
Authored by Francis Provencher

IrfanView version 4.33 suffers from a TIF image decompression buffer overflow vulnerability. Proof of concept included.

tags | exploit, overflow, proof of concept
systems | linux
SHA-256 | 72b8882cb0faee2b7373d6e6e4b71c5ed206922b7475df22542144a2d004de0d
Secunia Security Advisory 51255
Posted Nov 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in gatling, which can be exploited by malicious people to disclose certain sensitive information.

tags | advisory
SHA-256 | b8aedb8887ce2c45cda089fc597a4fd98bc57221cf0409db7d05aa9a2384678b
Secunia Security Advisory 51250
Posted Nov 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Carousel Slideshow plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | d1e732e0527192f76f521f3e99257edb21a5196c4241cfd6f1870fcd4e8bcf2d
Secunia Security Advisory 51266
Posted Nov 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in UnrealIRCd, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 890548698f89cbe72cdefa71176d1d1a73c637617d456ffbb076720c52d027f3
Secunia Security Advisory 51258
Posted Nov 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for libproxy. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | ee30a92a6efcc00980a8322ef1970dfedcc1a221865e45fa83fe82edbf8cf976
Secunia Security Advisory 51249
Posted Nov 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Wysija Newsletters plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | a00947c71bac49b805ceb490fd61528ddb873c88cd484f81b026b03d2af84a25
Secunia Security Advisory 51214
Posted Nov 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Citrix has acknowledged some vulnerabilities in XenServer, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability
SHA-256 | 6859462d6cf522c514e3f3d3f2a590a9830f73ebc7d6b0a0437f0528e3344443
Secunia Security Advisory 51246
Posted Nov 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Vulnerability Lab has reported multiple vulnerabilities in Eventy, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | d265de6defe402b2ef052fee47b05f917c79c18a347326465b13736aa9aa68ac
Secunia Security Advisory 51257
Posted Nov 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for libav. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to compromise an application using the library.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | af296bbb3bed1831a89ca287261aa40a2196ab4a0a6acbed96db223f82214afc
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close