exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 47 RSS Feed

Files Date: 2008-11-20

Zero Day Initiative Advisory 08-076
Posted Nov 20, 2008
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to retrieve arbitrary files on systems with vulnerable installations of EMC Control Center SAN Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SAN Manager Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_SENDFILE requests the service does not validate the requestor allowing any remote attacker to download arbitrary files.

tags | advisory, remote, arbitrary, tcp
SHA-256 | 461e165b1293cc00e1d6b9380680b3251d008e466d4d8f0a77303e8d91c15fbd
Zero Day Initiative Advisory 08-075
Posted Nov 20, 2008
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC Control Center SAN Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SAN Manager Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_CTGTRANS requests the process copies packet data into a fixed length stack buffer. Exploitation allows for arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution
SHA-256 | aee6d5e4517fc845d2a37d58942b8f8d9b515170a768e9ea0179b3cafcc43942
toursmanager-blindsql.txt
Posted Nov 20, 2008
Authored by XaDoS

ToursManager suffers from a blind SQL injection vulnerability in tourview.php.

tags | exploit, php, sql injection
SHA-256 | 4d0862ac35c71f59549f8a0f7be83099dd4f645b32ac2abbf8e1b5cf37c106c9
phprsgal-sql.txt
Posted Nov 20, 2008
Authored by d3v1l

phpRS versions 2.6.x and 2.8.x suffer from a remote SQL injection vulnerability in gallery.php.

tags | exploit, remote, php, sql injection
SHA-256 | cd37a62705b90092cec6ee3361131b1700931e182692ee03102eb885c5ef7e27
Mandriva Linux Security Advisory 2008-233
Posted Nov 20, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2008-233 - A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code. In addition, the fixes for were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 (this was originally fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied. The updated packages have been patched to prevent these issues.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2005-0706, CVE-2008-5030
SHA-256 | 2dce704b30c5057d574019fc7d3911b1a7e1917657a49ce71f95f9a0d9af8dda
java2-malware.pdf
Posted Nov 20, 2008
Authored by Aodrulez | Site aodrulez.blogspot.com

Whitepaper entitled Java 2 Micro Edition (J2ME or Java ME) Based Computer Malware Propagation Technique.

tags | paper, java
SHA-256 | 33dd9cf75d17e73d0b9c873025e3dd464002ef35b74dc38578987a00ee29000d
ora_dv_mem_off.c
Posted Nov 20, 2008
Authored by Jakub Wartak

Oracle Database Vault runtime disabler that uses ptrace.

tags | exploit
SHA-256 | 0d48b8ebbd50899212a445327c014e7d2065b85348b30ced6cef07c51a106a34
natterchat-sql.txt
Posted Nov 20, 2008
Authored by Stack | Site v4-team.com

Natterchat versions 1.12 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | fdaca1a9c305161e92f99409bc5f23f72a342ea384bd5b361a547e3fa2b96b45
php526-bypass.txt
Posted Nov 20, 2008
Authored by Maksymilian Arciemowicz | Site securityreason.com

PHP version 5.2.6 suffers from an error_log related safe_mode bypass vulnerability.

tags | exploit, php, bypass
SHA-256 | dfa81ee9fe5ed6e1ece110d40fa867c9d3ca32a9a65c0a1f95afb57512cb484d
phpfusion7001-sql.txt
Posted Nov 20, 2008
Authored by irk4z

PHP-Fusion version 7.00.1 remote SQL injection exploit that makes use of messages.php.

tags | exploit, remote, php, sql injection
SHA-256 | 77817606cf5e9fed61740e8e7fda85ce50b412c3ee6fc324930edec411a37b22
social-sql.txt
Posted Nov 20, 2008
Authored by David "Aesthetico" Vieira-Kurz

Social Engine versions 2.7 and below suffer from remote SQL injection and cookie manipulation vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | cc404081ed843b5c909a79b12ce67ff7d853b70cf072abefb61a297df95cc82c
vbulletin-xssxsrf.txt
Posted Nov 20, 2008
Authored by Mx

The Visitor Messages add-on for vBulletin version 3.7.3 suffers from cross site scripting and cross site request forgery vulnerabilities. This is a worm exploit that takes advantage of these issues.

tags | exploit, worm, vulnerability, xss, csrf
SHA-256 | 5752206c5691ff705d128ca2dc77666331538a0b7d3d082cd48a913b6c4d2723
askpert-sql.txt
Posted Nov 20, 2008
Authored by TR-ShaRk

AskPert suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | a790ed10037506515e1cb4fa8df7b0b9165b6d1742e7081b58afa65f98c028e2
return-to-libc-linux.txt
Posted Nov 20, 2008
Authored by Jeremy Brown | Site jbrownsec.blogspot.com

Brief whitepaper discussing return to LIBC exploitation on Linux.

tags | paper
systems | linux
SHA-256 | 60df69f9613a7068834b59cadfa21bfe78b5e1a540709800c8da40b9243c2620
stack-overflow-linux.txt
Posted Nov 20, 2008
Authored by Jeremy Brown | Site jbrownsec.blogspot.com

Brief whitepaper discussing stack overflow exploit on Linux.

tags | paper, overflow
systems | linux
SHA-256 | 213beb0caf6939f7b983962882c19d76cf2d7c40ce84befefe5a6c4310688863
backlinkspider-sql.txt
Posted Nov 20, 2008
Authored by d3v1l

The BackLinkSpider Exchange Links script suffers from remote SQL injection vulnerabilities in links.asp and links.php.

tags | exploit, remote, php, vulnerability, sql injection, asp
SHA-256 | 95bd3ddaba52709a0a2ff97a065ee4fb33c150b34551544104ec30c5b5dca58c
exodus-injection.txt
Posted Nov 20, 2008
Authored by Nine:Situations:Group | Site retrogod.altervista.org

Exodus version 0.10 suffers from an URI handler arbitrary parameter injection vulnerability.

tags | exploit, arbitrary
SHA-256 | a264639d87455f56875a23401f59036d3f82d8733d2fa690f11e8e6f50ec84e0
wportfolio-upload.txt
Posted Nov 20, 2008
Authored by Osirys

wPortfolio versions 0.3 and below remote arbitrary file upload exploit.

tags | exploit, remote, arbitrary, file upload
SHA-256 | 77857473a16edc35e3846dde8b47e890e7346e7a1246ca3ed301a780b8622f1f
smallest_setuid_execve_sc.c
Posted Nov 20, 2008
Authored by vlan7 | Site vlan7.blogspot.com

26 byte (the smaller) GNU/Linux x86 setuid/execve shellcode without NULLs.

tags | x86, shellcode
systems | linux
SHA-256 | 87786ce6282d8885f0a55ff4452c4588f5c2aaa59e5b5c89e649507cc012443b
boastmachine-sql.txt
Posted Nov 20, 2008
Authored by IRCRASH | Site ircrash.com

BoastMachine version 3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 3188017b37ab4a98aa44caa9771b4a4443c0211c97b37cc476885a070dc0110e
HP Security Bulletin 2008-00.59
Posted Nov 20, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM).The vulnerabilities could be exploited remotely to allow cross site scripting (XSS).

tags | advisory, vulnerability, xss
advisories | CVE-2007-6388, CVE-2007-5000
SHA-256 | b8c9fe6d25660a81a6f06aae5f7fa118b9a41d276c0d7b7e813c689357f06725
punportal-lfi.txt
Posted Nov 20, 2008
Authored by StAkeR

PunPortal PunBB module version 0.1 local file inclusion exploit.

tags | exploit, local, file inclusion
SHA-256 | 63e5162517b423113437d76ce37e4881551e54e731e0b89b6f220564e426d437
prejobboard-sql.txt
Posted Nov 20, 2008
Authored by R3d-D3v!L | Site ahacker.net

Pre Job Board suffers from a SQL injection vulnerability that allows for authentication bypass.

tags | exploit, sql injection
SHA-256 | 767f3b7b80905d4af74a7319352b4d649488147010ed6235478fe8c051e7c9fb
Secunia Security Advisory 32820
Posted Nov 20, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in SystemImager, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
SHA-256 | b86a2ff45f2aee8400b99722dcda1cae022399f4bc56b827c5b235f3c249d084
Secunia Security Advisory 32800
Posted Nov 20, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HP has acknowledged some vulnerabilities in OpenView Network Node Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | c878986f26c644625cbed0d7794101f606d09164f75f812d506ee2556b57c81c
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close