what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 49 RSS Feed

Files Date: 2009-06-15

Netgear DG632 Denial Of Service
Posted Jun 15, 2009
Authored by Tom Neaves | Site tomneaves.co.uk

The Netgear DG632 router suffers from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | 9a8958aabaf48784b84218497d65d53cbbb47505c242c143bbbd7ec98c035307
Netgear DG632 Authentication Bypass
Posted Jun 15, 2009
Authored by Tom Neaves | Site tomneaves.co.uk

The Netgear DG632 router suffers from a remote authentication bypass vulnerability.

tags | exploit, remote, bypass
SHA-256 | 1818feb50968cf0776a3746ebe2f0f7b13166a30328356c4b83002d2e9df1e9b
phpCollegeExchange 0.1.5c SQL Injection
Posted Jun 15, 2009
Authored by SirGod | Site insecurity.ro

phpCollegeExchange version 0.1.5c suffers from a remote SQL injection vulnerability in listing_view.php.

tags | exploit, remote, php, sql injection
SHA-256 | c58ad0cfb7c0c94d8a5f4d360488dacd934c24ef0963d31a64c763ee6bbee7e9
Joomla iJoomla RSS Blind SQL Injection
Posted Jun 15, 2009
Authored by XORON

Blind remote SQL injection exploit for the Joomla iJoomla RSS component.

tags | exploit, remote, sql injection
SHA-256 | 121bdda0ee89ef2f6f6d5b486157850580201ad037e5bea6076ad541895912e8
Zoki Catalog SQL Injection
Posted Jun 15, 2009
Authored by SmOk3

The Zoki Catalog is susceptible to a remote SQL injection vulnerability in the search form.

tags | advisory, remote, sql injection
SHA-256 | 99906b09a99128cdb4be9548688bf6b09df220667c8bd9fe373bbb19ae65873b
Apple QuickTime CRGN Atom Overflow
Posted Jun 15, 2009
Authored by webDEViL

Apple QuickTime CRGN Atom stack overflow exploit that creates a malicious .mov file.

tags | exploit, overflow
systems | apple
SHA-256 | fb8e543a1b14d05da7d1eaf72adb2dc68be619562fc03383b54d35808421f260
vBulletin Radio And TV Player Cross Site Scripting
Posted Jun 15, 2009
Authored by d3v1l

The vBulletin Radio and TV Player add-on suffers from cross site scripting, iframe injection, and redirect vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 2a658ed82ade2cbe65d85e97696da855037c00a04db06e087702785efc20ec33
Ubuntu Security Notice 788-1
Posted Jun 15, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-788-1 - Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. Yoshihito Fukuyama discovered that Tomcat did not properly handle errors when the Java AJP connector and mod_jk load balancing are used. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a temporary denial of service. D. Matscheko and T. Hackner discovered that Tomcat did not properly handle malformed URL encoding of passwords when FORM authentication is used. A remote attacker could exploit this in order to enumerate valid usernames. Deniz Cevik discovered that Tomcat did not properly escape certain parameters in the example calendar application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. Philippe Prados discovered that Tomcat allowed web applications to replace the XML parser used by other web applications. Local users could exploit this to bypass security restrictions and gain access to certain sensitive files.

tags | advisory, java, remote, web, denial of service, local, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783
SHA-256 | 03c46ab8e039d95b3d68d8fff432ef9ad26a6c0edc896dd0c164b176129017f4
TorrentTrader Classic 1.09 SQL Injection
Posted Jun 15, 2009
Authored by Janek Vind aka waraxe | Site waraxe.us

TorrentTrader Classic version 1.09 suffers from information leakage, forced database backup, and multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | e8769d9da4b097523f74971e6c76bddfba18b6af3bdc4de9d5059363ee58d5d2
WordPress Photoracer SQL Injection
Posted Jun 15, 2009
Authored by Kacper | Site devilteam.pl

The WordPress Photoracer plugin version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 79d64286fdeb1c3c428240c4f0ef515ae6d370c9864776e13470184dcdd133cb
Debian Linux Security Advisory 1815-1
Posted Jun 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1815-1 - It was discovered that the Rasterbar Bittorrent library performed insufficient validation of path names specified in torrent files, which could lead to denial of service by overwriting files.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2009-1760
SHA-256 | ad63608a9520d0d064fda0d70c6160937238a9bb33814e1fb611af3e163f35cd
SugarCRM 5.2.0e Code Execution
Posted Jun 15, 2009
Authored by Francesco Ongaro, Antonio Parata, Giovanni Pellerano | Site ush.it

SugarCRM versions 5.2.0e and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | b46bbb1752deb1c9295ffea5807d2e474bb3c4c6de135549995c2c9d75270085
Entropy Broker RNG
Posted Jun 15, 2009
Authored by Folkert van Heusden | Site vanheusden.com

Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.

tags | encryption
SHA-256 | 6d97fadeca01d2e5ee203525b223ac4cd679980f47e622d67703c64b5711e36d
AdaptWeb 0.9.2 LFI / SQL Injection
Posted Jun 15, 2009
Authored by SirGod | Site insecurity.ro

AdaptWeb version 0.9.2 suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
SHA-256 | d4add75fa25385d92452041623a88df0efa077f1ed23a576e5d434b05ae11008
Elvin BTS 1.2.0 XSS / LFI / SQL Injection
Posted Jun 15, 2009
Authored by SirGod | Site insecurity.ro

Elvin BTS version 1.2.0 suffers from remote SQL injection, cross site scripting, cross site request forgery, and local file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, xss, sql injection, file inclusion, csrf
SHA-256 | 191399e1fec220534cbe41495d53b0c6358f217c80972cab1524de35fa59f90d
DB Top Sites 1.0 Local File Inclusion
Posted Jun 15, 2009
Authored by SirGod | Site insecurity.ro

DB Top Sites version 1.0 suffers from a local file inclusion vulnerability in index.php.

tags | exploit, local, php, file inclusion
SHA-256 | 71352bf1853bab4b83bdfafa46d1b078a606412620ed42cf0d1956f5ae43e6eb
DB Top Sites 1.0 Code Execution
Posted Jun 15, 2009
Authored by SirGod | Site insecurity.ro

DB Top Sites version 1.0 remote command execution exploit.

tags | exploit, remote
SHA-256 | 93d8a06caaf5690de2bb7c27089cc5e73ea3b9d8d141da2eba7acf6d96f1afd4
Impleo Music Collection 2.0 XSS / SQL Injection
Posted Jun 15, 2009
Authored by SirGod | Site insecurity.ro

Impleo Music Collection version 2.0 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 8f6e16161583651c0a985b99937c04928d00eeaacc2ff6d35eec8d075fc758a7
Evernew Free Joke Script 1.2 Password Changer
Posted Jun 15, 2009
Authored by Hakxer

Evernew Free Joke Script version 1.2 remote change password exploit.

tags | exploit, remote
SHA-256 | da90bddae0b91d23a85262ef92a35e133173075a5ca21eb3e480de7ef9160630
Debian Linux Security Advisory 1814-1
Posted Jun 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1814-1 - Two vulnerabilities have been found in libsndfile, a library to read and write sampled audio data.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-1788, CVE-2009-1791
SHA-256 | 1251a085719d046c220358316daf5f8f362b05eb479e9c0d4ad744ff518c15b4
Apple Safari Remote Code Execution
Posted Jun 15, 2009
Authored by Thierry Zoller

Calling a CSS attr attribute with a large number leads to memory corruption in Apple Safari.

tags | advisory
systems | apple
SHA-256 | 8696c6faba5a8300579b75b6979bea48b7c31cb18483efb7802cc5c6b277d26c
Apple Safari / QuickTime Denial Of Service
Posted Jun 15, 2009
Authored by Thierry Zoller

Apple Safari and QuickTime programs suffer from a denial of service vulnerability.

tags | exploit, denial of service
systems | apple
SHA-256 | afebe5688f42de20f215c74637ba9a8e5c736d7c2a3f411f2ba4e22b0910b105
F-prot TAR Bypass / Evasion
Posted Jun 15, 2009
Authored by Thierry Zoller

The F-prot parsing engine can be bypassed by a specially crafted and formatted TAR archive.

tags | advisory
SHA-256 | dfbeadbf4429aedb4b3293e8587c35d54104a2ec76c6f28051b8946cbab51a94
Norman Generic Evasion
Posted Jun 15, 2009
Authored by Thierry Zoller

Norman with decompression engine versions below 5.99.07 suffer from a RAR related bypass vulnerability.

tags | advisory, bypass
SHA-256 | 2752bd6cbaf45a3d245c65d2ae96d8968b3aaa13fc4e7e50d8bb6ee07d35ab7e
Ikarus CAB/RAR/ZIP Evasions
Posted Jun 15, 2009
Authored by Thierry Zoller

The Ikarus parsing engine versions below 1.1.58 suffer from CAB, RAR, and ZIP related bypass vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 358d51815c888893939a997bfb094d5961c12e6b4660b3012c271b5bda414c4b
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close