Uninformed is pleased to announce the release of its ninth volume. This volume includes 4 articles on reverse engineering and exploitation technology. These articles include - Engineering in Reverse: An Objective Analysis of the Lockdown Protection System for Battle.net. Exploitation Technology: ActiveX - Active Exploitation. Exploitation Technology: Context-keyed Payload Encoding. Exploitation Technology: Improving Software Security Analysis using Exploitation Properties.
23204c2fa4fa808fc62b756a27911c4c41e187e0ee04cf3d9b776e2b1c45f249The Endian Firewall version 2.1.2 suffers from a cross site scripting vulnerability.
2761b01b4d40f21655e1a04883fb4031535e7c3d2f8e353ff184c18217f2aae1VB Marketing suffers from a local file inclusion vulnerability in tseekdir.cgi.
386ad089962e0a331fc2aeb9419f01a49188ca0efac08136e45101a21a66e972Core Security Technologies Advisory - The Firebird database manager contains an integer overflow in the processing of certain tags on the XDR protocol used for communication with the server. Version vulnerable include Firebird SQL 1.0.3 and before, 1.5.5 and before, 2.0.3 and before, and 2.1.0 Beta 2 and before.
049362d5b2e4e09658272b9a1503df66c276926189db05c55ad7bfdb78bb1d0cThe Wordpress fGallery plugin version 2.4.1 suffers from a SQL injection vulnerability in firmrss.php.
7d542e8ed1b55d65e6b49a54eb524cfc4a297f3172fd742fa758eb0b6d3a316cThe Wordpress WP-Cal plugin version 0.3 suffers from a SQL injection vulnerability in editevent.php.
047566e2c220544bab7a52769d11489d306d123733102300f4112747dccd8cb7The Bubbling Library version 1.32 suffers from multiple local file inclusion vulnerabilities.
69765615987118a20ea833a5b5af9cbff352a4acfd80efa2e16e3afc161c87bfSimple Forum version 3.2 suffers from file disclosure and cross site scripting vulnerabilities.
c519964329b114e8d760a77e6a685612e9b12ead3d55187f74e177968841bad4Mambo version 4.6.3 suffers from path disclosure, cross site scripting, cross site request forgery, and denial of service vulnerabilities.
11fd34395ce14c48e3d329b487a2ffb8e5f8d0ce02bab9147296b7bf6926edd3Secunia Security Advisory - nnposter has reported a vulnerability in F5 BIG-IP Application Security Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
debc1d44ad71170d2fba979b4a0714a585304778a24ac410eb1d780deeedc7d6Secunia Security Advisory - Some vulnerabilities have been reported in CandyPress Store, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
3887f96914facdba972ec08deff6ad37812041b31bea294386285f5bc6fc802aThe Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
dda9009180f2f6c72446afb6c8e1a755810698fee39e22d94bd033d712b69f84ClanSphere version 2007.4.4 suffers from a remote file disclosure vulnerability.
a7b24c05d9b1513e2fb809a2ba8b468ada1abdb15005daa3a9e8fa01cd5d3711nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing. This is the Windows version.
47520bff7fb56027f4f9be5624fe8b097c9f7584e592d2c4d88351bae023e747nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing.
1e09de2e8206bd86d6775b0b4c4a7fe4dcfe636dcb0821c1f5584fe4157b4e1deTicket version 1.5.6-RC4 suffers from a cross site scripting vulnerability.
5c28a89d9866f0b6b900fbca6c5f86e59645564048de68cb55ce474a307852eaphpIP version 4.3.2 suffers from numerous SQL injection vulnerabilities.
6c1a3c40f46f705114b15018c36dcbb0c5b9ff5e18e3124f43189359ffd1dfdcASPired2Protect suffers from a login bypass vulnerability via SQL injection.
ca2eea31b502c72b6b8565b81bdc647fe49fddb0bb704fe7e5e21a056c7585f8Statcounter.com was susceptible to a remote credential disclosure vulnerability.
f78aa90af0b889ce27d5934a0084dc1edccdd2fee270b731cde7ef3e73249276Oracle 10g R1 xdb.xdb_pitrig_pkg.pitrig_drop SQL injection exploit that changes the system password.
09f212700f03bbc061c6451881af6f4f48e1044a3d2ee32a479c24063ef6a259Oracle 10g R1 xdb.xdb_pitrig_pkg.pitrig_truncate SQL injection exploit that grabs password hashes.
86f4d3757762e79f037895d1489b92f16c57f753e5979972b0d765d12247fbfbOracle 10g R1 xdb.xdb_pitrig_pkg.pitrig_drop SQL injection exploit that grabs password hashes.
4a5e9c7385fc08b30bdeda08fb53856cad444bdd11e613f300b8767e710c033cOracle 10g R1 xdb.xdb_pitrig_pkg.pitrig_truncate buffer overflow proof of concept exploit.
54d9ffbf19acfdb085440aa8eb8e8e04745be17094a93099bae803beefd4ff64fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
9c097761644f7cbf79a72b6aadd95384ab2965187bb8d9f8346c7de9905db08dPhPress version 0.3.0 leaks SQL information via allowing direct arbitrary access to the data.
0de7f6f8f0c7bdeceeb71a7a3c81f7bf6bb278635b03bc4b5aa46d06d3c3010d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed