what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 42 RSS Feed

Files Date: 2010-02-17

Joomla AllVideos 3.1 File Disclosure
Posted Feb 17, 2010
Authored by Mehul Revankar

The Joomla AllVideos plugin version 3.1 suffers from a remote file download vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | e9dda8ae08a11a40684f7bd3a4d0142b84326eb00479bf9a3b70cf83672a5b1c
Pixel Portal SQL Injection
Posted Feb 17, 2010
Authored by Pouya Daneshmand

Pixel Portal suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 58642a988f04600193625a4de6fabb0ced026eb401c6bb6cf399e05b4f3889e1
Cisco Security Advisory 20100217-csa
Posted Feb 17, 2010
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Management Center for Cisco Security Agents is affected by a directory traversal vulnerability and a SQL injection vulnerability. Successful exploitation of the directory traversal vulnerability may allow an authenticated attacker to view and download arbitrary files from the server hosting the Management Center. Successful exploitation of the SQL injection vulnerability may allow an authenticated attacker to execute SQL statements that can cause instability of the product or changes in the configuration. Additionally, the Cisco Security Agent is affected by a denial of service (DoS) vulnerability. Successful exploitation of the Cisco Security Agent agent DoS vulnerability may cause the affected system to crash. Repeated exploitation could result in a sustained DoS condition. These vulnerabilities are independent of each other.

tags | advisory, denial of service, arbitrary, vulnerability, sql injection
systems | cisco
advisories | CVE-2010-0146, CVE-2010-0147, CVE-2010-0148
SHA-256 | 89168264ce3123b644a7cdc45c7829cc364b9057312f73f74dba55d5259b1325
Joomla ACStartSeite SQL Injection
Posted Feb 17, 2010
Authored by AtT4CKxT3rR0r1ST

The Joomla ACStartSeite component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 14ded15eb3716be53a9029f4eddea21177b4286b9cee24588ae8e85e1c27efc0
Mandriva Linux Security Advisory 2010-039
Posted Feb 17, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-039 - Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-4274
SHA-256 | 7a5d6b7bf889ee556ed937e2c8e9f9a9b35d1e918e402269a20973667ee185ee
bbNew SQL Injection
Posted Feb 17, 2010
Authored by Easy Laster

bbNew suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e7f64b66ba497cf136b8dddeea76ec058cac6387699d525f833471d1c7770f6b
Joomla ACTeamMember SQL Injection
Posted Feb 17, 2010
Authored by altbta

The Joomla ACTeamMember component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d14e701fea615352dcec51bbdec1fc0280eda58ea81f02e1121055e39fd7b57b
Auktionshaus 4 SQL Injection
Posted Feb 17, 2010
Authored by Easy Laster

Auktionshaus version 4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | cbe64a89f21685a06e52c0194e489ce4f79884727f91f02be20a1b0009976c8e
iTunes 9.0 Buffer Overflow
Posted Feb 17, 2010
Authored by S2 Crew

iTunes file handling local buffer overflow exploit that creates a malicious .pls file. Affects version 9.0 on Mac OS X.

tags | exploit, overflow, local
systems | apple, osx
advisories | CVE-2009-2817
SHA-256 | 0d3d25fbf64ab5c281bc87376978e384c6e0c60f12194baa9a83445c36bdde3f
PHPIDS 0.4 Remote File Inclusion
Posted Feb 17, 2010
Authored by eidelweiss

PHPIDS version 0.4 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 3cfdaf4dfa2fe546e0fc0820ee2efde024e00a97e6fdd52989aceb7e48cfb22c
LPRng use_syslog Remote Format String Vulnerability
Posted Feb 17, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a format string vulnerability in the LPRng print server. This vulnerability was discovered by Chris Evans. There was a publicly circulating worm targeting this vulnerability, which prompted RedHat to pull their 7.0 release. They consequently re-released it as "7.0-respin".

tags | exploit, worm
systems | linux, redhat
advisories | CVE-2000-0917
SHA-256 | 9e9d9c676ffe3ef941db4fdffa7e60d38ecbbd2e8ce49d12e73a620e668ef3d6
BruCON 2010 Call For Papers
Posted Feb 17, 2010
Site brucon.org

The BruCON 2010 Call For Papers has been officially announced. It will be held in Brussels, Belgium from September 24th through the 25th, 2010.

tags | paper, conference
SHA-256 | b406709ea89a938160e7a2a4bc3d9a242cc62e6f07d44408ebab6f12b0658705
hplip hpssd.py From Address Arbitrary Command Execution
Posted Feb 17, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a command execution vulnerable in the hpssd.py daemon of the Hewlett-Packard Linux Imaging and Printing Project. According to MITRE, versions 1.x and 2.x before 2.7.10 are vulnerable. This Metasploit module was written and tested using the Fedora 6 Linux distribution. On the test system, the daemon listens on localhost only and runs with root privileges. Although the configuration shows the daemon is to listen on port 2207, it actually listens on a dynamic port. NOTE: If the target system does not have a 'sendmail' command installed, this vulnerability cannot be exploited.

tags | exploit, root
systems | linux, fedora
advisories | CVE-2007-5208
SHA-256 | a61d6fe01d001ab26212bd0bdbeb0ec7daf382cc4f4123b5cebd7477375463f6
Auktionshaus Gelb 3 SQL Injection
Posted Feb 17, 2010
Authored by Easy Laster

Auktionshaus Gelb version 3 suffers from a remote SQL injection vulnerability in news.php.

tags | exploit, remote, php, sql injection
SHA-256 | 2e129ed2c68f568791b31e54017eead2a6f7c246d4a92732ffca6ca40515c8e8
Worldweaver DX Studio Player <= 3.0.29 shell.execute() Command Execution
Posted Feb 17, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a command execution vulnerability within the DX Studio Player from Worldweaver. The player is a browser plugin for IE (ActiveX) and Firefox (dll). When an unsuspecting user visits a web page referring to a specially crafted .dxstudio document, an attacker can execute arbitrary commands. Testing was conducted using plugin version 3.0.29.0 for Firefox 2.0.0.20 and IE 6 on Windows XP SP3. In IE, the user will be prompted if they wish to allow the plug-in to access local files. This prompt appears to occur only once per server host. NOTE: This exploit uses additionally dangerous script features to write to local files!

tags | exploit, web, arbitrary, local, activex
systems | windows
advisories | CVE-2009-2011
SHA-256 | df30ef328f778fb87ec1bedbb5fb44c049613998b97f376e12ee685cf60c921b
Command Stager Web Test
Posted Feb 17, 2010
Authored by bannedit | Site metasploit.com

This Metasploit module tests the command stager mixin against a shell.jsp application installed on an Apache Tomcat server.

tags | exploit, shell
SHA-256 | d8dd64919cdfb10de8c7a3cdcde49d5fbf78ea5803b2d4d65ba04543e2ee4058
Erotik Auktionshaus SQL Injection
Posted Feb 17, 2010
Authored by Easy Laster

Erotik Auktionshaus suffers from a remote SQL injection vulnerability in news.php.

tags | exploit, remote, php, sql injection
SHA-256 | f68d45c98fe71acc90c07038eefffc60b75ca66a163850f72f9cd4488160b89c
Samba "username map script" Command Execution
Posted Feb 17, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a command execution vulnerability in Samba versions 3.0.0 through 3.0.25rc3 when using the non-default "username map script" configuration option. By specifying a username containing shell meta characters, attackers can execute arbitrary commands. No authentication is needed to exploit this vulnerability since this option is used to map usernames prior to authentication!

tags | exploit, arbitrary, shell
advisories | CVE-2007-2447
SHA-256 | b289ab34ef82c72ff59a32cde7bdb820e7678c2f9076832f19327938ba6cf263
uGround 1.0b SQL Injection
Posted Feb 17, 2010
Authored by Easy Laster

uGround versions 1.0b and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4a51102f3270ddc18fe820211d591ab42e7af100f0ac7732932527b2098ceff6
Nabernet SQL Injection
Posted Feb 17, 2010
Authored by AtT4CKxT3rR0r1ST

Nabernet suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 24828a23fa2a5c122b79708ff4490d82299668c4c7d7c07fc2e58ef4f8951db0
Intuitive SQL Injection
Posted Feb 17, 2010
Authored by AtT4CKxT3rR0r1ST

Intuitive suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 98f041ac15ba453326d7e80934b1c92f3dc78eaf8df1cb562eddc2233bae24de
Trusteer Rapport Security Circumvention
Posted Feb 17, 2010
Authored by Andrew Barkley

Trusteer Rapport fails to protect any of its install settings allowing for easy disabling.

tags | advisory
SHA-256 | 463ec3157a005c292c1ceb0426d09944563fc288b35a1f5a344364778dd1e036
Huawei HG510 Cross Site Request Forgery
Posted Feb 17, 2010
Authored by Ivan Markovic

Huawei HG510 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 094191035994503cb215fdf0f08e2ae41191c0754c469bc6949c483bf3fe8469
Secunia Security Advisory 38602
Posted Feb 17, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for mysql. This fixes multiple security issues and a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious users to cause a DoS (Denial of Service) and by malicious people to conduct script insertion attacks.

tags | advisory, denial of service, local
systems | linux, redhat
SHA-256 | 570d782efca6239e7f7a08c225c3b2c452d8d539aa99547066c74af573255e91
Secunia Security Advisory 38604
Posted Feb 17, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for mysql. This fixes multiple vulnerabilities and a security issue, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious users to cause a DoS (Denial of Service) and by malicious people to conduct spoofing attacks.

tags | advisory, denial of service, local, spoof, vulnerability
systems | linux, redhat
SHA-256 | 1883391a7c9442c6fc3f705a699b7396036db5549aa85b3a48eb2bffec30c8f9
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close