what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files Date: 2012-08-07 to 2012-08-08

AraDown Blind SQL Injection
Posted Aug 7, 2012
Authored by G-B

AraDown suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 41e7b47921288cc2622e48e697fcad74d05977c7a323d075cf3df493214caa46
WespaJuris 3.0 Shell Upload / SQL Injection
Posted Aug 7, 2012
Authored by WhiteCollarGroup

WespaJuris versions 3.0 and below exploit that leverages multiple vulnerabilities in order to upload a shell.

tags | exploit, shell, vulnerability
SHA-256 | c88b207a07a921881c04bb51f5e72349969de8ea379080cc49da4fee5d1b3689
Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow
Posted Aug 7, 2012
Authored by juan vazquez, Brian Gorenc | Site metasploit.com

This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).

tags | exploit, java, web, overflow, code execution, activex
advisories | CVE-2012-0549, OSVDB-81439
SHA-256 | d858c8b6d6fe0d0ffc9d06afc12e482599a5ca2b027ef372734fa46886a66c4d
Ubisoft uplay 2.0.3 Active X Control Arbitrary Code Execution
Posted Aug 7, 2012
Authored by Tavis Ormandy, Richard Hicks, phillips321, Ben Campbell | Site metasploit.com

The uplay ActiveX component allows an attacker to execute any command line action. User must sign in, unless auto-sign in is enabled and uplay is not already running. Due to the way the malicious executable is served (WebDAV), the module must be run on port 80, so please ensure you have proper privileges. Ubisoft released patch 2.04 as of Mon 20th July.

tags | exploit, activex
advisories | OSVDB-84402
SHA-256 | b06a8a97e093f62b1f9d8ff1ae71702688d1cb47e94160036dd253ab69142e43
CoolPlayer+ Portable 2.19.2 Buffer Overflow
Posted Aug 7, 2012
Authored by Robert Larsen

CoolPlayer+ Portable version 2.19.2 buffer overflow exploit with ASLR bypass.

tags | exploit, overflow
SHA-256 | 166843ef977577a858c2c28b45a618c91cb636c27690ed808c276fca44609888
Oracle BTM 12.1.0.2.7 Remote File Deletion
Posted Aug 7, 2012
Authored by rgod | Site retrogod.altervista.org

Oracle Business Transaction Management Server version 12.1.0.2.7 suffers from a FlashTunnelService remote file deletion vulnerability.

tags | exploit, remote
SHA-256 | 311f91db815c5072aac47198136e9ee10f620d76d370e8cac2b356c864e2ee5e
YourOnlineAgents CMS Cross Site Scripting
Posted Aug 7, 2012
Authored by Crim3R

YourOnlineAgents CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | 08c47bd484b067291df87dd30298341a33104a747b55afc101b3888cdada0f17
Opera.com Cross Site Scripting
Posted Aug 7, 2012
Authored by TayfunBasoglu

Opera.com suffers from a cross site scripting vulnerability during registration.

tags | exploit, xss
SHA-256 | 6295963fda07a45257b8abb964451700bcfe0fc0421fb156eff043655e4fe033
Zoho BugTracker Cross Site Scripting
Posted Aug 7, 2012
Authored by LiquidWorm | Site zeroscience.mk

Zoho BugTracker suffers from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 5f84abf0fd32b20d83731d75e8fa472c4d86148ea3ded99941f4e9ec38a9a318
Oracle BTM Server 12.1.0.2.7 Remote Code Execution
Posted Aug 7, 2012
Authored by rgod | Site retrogod.altervista.org

Oracle Business Transaction Management Server version 12.1.0.2.7 suffers from a remote code execution vulnerability in the FlashTunnelService WriteToFile message. Proof of concept included.

tags | exploit, remote, code execution, proof of concept
SHA-256 | acb8d1760f5f38380a8cfd44a94ad8e001b2abf766fc39b9cc5f2f92f8d61758
VMware Vendor Service Cross Site Scripting
Posted Aug 7, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

VMware's vendor website service application suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 97fea96f5c77623458d932b5ee192d04609a250f496344ae5ccebf8f7fa24694
iAuto Mobile Application 2012 Cross Site Scripting
Posted Aug 7, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

iAuto Mobile Application 2012 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 6fcd4bdd4e9f9da4b8ee80d130444bbd608889f7016cdbbe4cd6eac9b18fdc47
Mandriva Linux Security Advisory 2012-125
Posted Aug 7, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-125 - It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This advisory provides the latest version of Wireshark (1.4.14, 1.6.8) which is not vulnerable to these issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-4048, CVE-2012-4049
SHA-256 | 9e87ddc3fea6ac41e4d9377c1943007652e3a474c5e39060f4f84cb334d16997
HP Security Bulletin HPSBMU02798 SSRT100908
Posted Aug 7, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02798 SSRT100908 - Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). Revision 1 of this advisory.

tags | advisory, vulnerability, xss
systems | linux, windows, solaris, hpux
advisories | CVE-2012-2022
SHA-256 | a885cd01ca8cd93fe66e4e8013b2d793165bb1bcc6b061769b8c443a13f18e3f
AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution
Posted Aug 7, 2012
Authored by rgod | Site retrogod.altervista.org

AOL products downloadUpdater2 plugin suffers from a remote code execution vulnerability. Proof of concept included.

tags | exploit, remote, code execution, proof of concept
SHA-256 | 5dd419850203744eecbd83ce5e621ac6ad8521036c7ff6ea92f36ad34d871c9d
Inoutmail Webmail CMS 2012 Cross Site Scripting
Posted Aug 7, 2012
Authored by Hubert Wojciechowski, Vulnerability Laboratory | Site vulnerability-lab.com

Inoutmail Webmail CMS 2012 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d8b9e67d54c9d90d74f9052a85dac0ea25191ec820d9607b7be90a978e3b1ab3
Entropy Broker RNG 1.0
Posted Aug 7, 2012
Authored by Folkert van Heusden | Site vanheusden.com

Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.

Changes: EGD client now fully implements the EGD protocol. A network protocol fix was implemented.
tags | encryption
systems | linux
SHA-256 | 76ca25d4f7c84938b67595662b7b2a2ccc1f026c5fd38878da67d399c829206c
Joomla Enmasse SQL Injection
Posted Aug 7, 2012
Authored by Daniel Barragan

Joomla Enmasse component remote SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | cf821d066145cc0aaa6bf61dac10e9bf55b1cb6536262dcf10639062c8982c56
Debian Security Advisory 2525-1
Posted Aug 7, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2525-1 - It was discovered that Expat, a C library to parse XML, is vulnerable to denial of service through hash collisions and a memory leak in pool handling.

tags | advisory, denial of service, memory leak
systems | linux, debian
advisories | CVE-2012-0876, CVE-2012-1148
SHA-256 | 848c3eb00844f54221e2042582ec3fba9c8596a608dd661ee1ed3f8fdc13fcb6
Secunia Security Advisory 50085
Posted Aug 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in NVIDIA Graphics Drivers for Linux, which can be exploited by malicious, local users to potentially gain escalated privileges.

tags | advisory, local
systems | linux
SHA-256 | a4d7a89a52823ee72e2d9c1b6867da8316cbe73c3406841aa4fb1e2b1d525648
Secunia Security Advisory 50185
Posted Aug 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for nvidia-graphics-drivers. This fixes a vulnerability which can be exploited by malicious, local users to potentially gain escalated privileges.

tags | advisory, local
systems | linux, ubuntu
SHA-256 | 2eb5d533cfcdb87f080e49702bf297ae62062fa49729a3ee3845b1ff8d06cc66
Secunia Security Advisory 50138
Posted Aug 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for globus-gridftp-server. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
systems | linux, debian
SHA-256 | ed41f44e3b0b071a4b2c879a145f99965553ad8cdb77a72f4a087a93b9f0f033
Secunia Security Advisory 50199
Posted Aug 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Accuvant Labs has reported a vulnerability in KOffice, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | ac14bbaedc29c2f936ec38bc639b32637749fa45449b932c1eaaf1935a45b3f7
Secunia Security Advisory 50112
Posted Aug 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for expat. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, debian
SHA-256 | a08cff871694f7e8edfadb551932b52d7279d0e2bbdd430a360ca65e0df88a44
Secunia Security Advisory 50184
Posted Aug 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Intuit GoPayment, which can be exploited by malicious people to disclose certain sensitive information.

tags | advisory
SHA-256 | 296d497cb44a6a3bb9e277edfabe66ef50ab505c27ed5b60a0cfc4ecf6bc7315
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close