what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2011-11-28

JQuery-Real-Person CAPTCHA 1.0.1 Bypass
Posted Nov 28, 2011
Authored by Alberto Garcia-Illera

JQuery-Real-Person CAPTCHA version 1.0.1 suffers from a bypass vulnerability.

tags | exploit, bypass
SHA-256 | 88acaf35a6e44556dbbd197ce718043faa683831d70524641e78b36bd688850e
Siemens Automation License Manager 500.0.122.1 Code Execution
Posted Nov 28, 2011
Authored by Luigi Auriemma | Site aluigi.org

Siemens Automation License Manager versions 500.0.122.1 and below suffer from code execution, exceptions, NULL pointer and file overwriting vulnerabilities.

tags | exploit, vulnerability, code execution
systems | linux
SHA-256 | e61451e125e77cab78837988677423da6fc75b4df2db952c026dc6b6bc139ab3
Zero Day Initiative Advisory 11-335
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-335 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application attempts to parse a height out of the RV10 codec object. The application will incorrectly treat the value as a signed integer and will its value as the count within a loop that populates rows of sample data within a buffer. This can allow for memory corruption which can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4252
SHA-256 | 19263aa6e1a5b59b2ad9eb7e45da961a8ebdf4fe7400684eb0e1c596149cc1f1
Manx 1.0.1 HTTP Response Splitting
Posted Nov 28, 2011
Authored by LiquidWorm | Site zeroscience.mk

Manx version 1.0.1 suffers from multiple HTTP response splitting vulnerabilities.

tags | exploit, web, vulnerability
SHA-256 | a6a7de112093cbfbe0e4ff7567742a81f074bf0d6f304a028437b6e42ce409f7
Manx 1.0.1 Cross Site Scripting
Posted Nov 28, 2011
Authored by LiquidWorm | Site zeroscience.mk

Manx version 1.0.1 suffers from multiple cross site scripting vulnerabilities in ajax_get_file_listing.php.

tags | exploit, php, vulnerability, xss
SHA-256 | 669e915698fd0ba750b560af7b70c727f692af13154d585aa6656e8e88ce2a75
Adapt CMS 2.0.1 SQL Injection
Posted Nov 28, 2011
Authored by X-Cisadane, Vulnerability Laboratory | Site vulnerability-lab.com

Adapt CMS version 2.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 495b7f416ff662dda1258dc83507a9f5beaa56b53d434674b1379643ed670f2e
Zero Day Initiative Advisory 11-334
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-334 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes the audio specific data within a RealMedia audio file. When decoding sample data, the application will explicitly trust a length read from the sample data when populating a buffer that is allocated based on the codec information. Due to this, a memory corruption can be made to occur which can result in code execution within the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4251
SHA-256 | a7a0e1f5a510767a203883c22ca987a3d6527f55342b4946f60fee31cb02af82
Zero Day Initiative Advisory 11-333
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-333 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the ATRC codec parses sample data out of the media file. When reading bit sizes from the sample, the application will seek a structure that is used for consuming bits from the sample stream outside the bounds of the correct data. When decoding the sample, the application will use the transformed data to initialize another structure. Due to the sizes being unbound, this can be used to corrupt memory outside the original allocation. This type of memory corruption can be leveraged to gain code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4250
SHA-256 | e577e50ea5b9346d525ea656c752164cf4ed9edf71adb8964e1a8881dc18bf98
WordPress Security Scanner 1.1
Posted Nov 28, 2011
Authored by Ryan Dewhurst | Site code.google.com

WordPress Security Scanner can perform username enumeration, weak password cracking, version / vulnerability / plugin enumeration, and more.

Changes: Detection for 750 more plugins. Detection for 107 new plugin vulnerabilities. Detection for 447 possible timthumb file locations. Advanced version fingerprinting implemented. Full Path Disclosure (FPD) checks. Auto updates. Progress indicators. Various other additions and changes.
tags | tool, scanner
systems | linux, unix
SHA-256 | c9c8e314f8ebdc87651ebdd42e92f9e439b9431b0beb3e3e535e0a805477e7ce
Ubuntu Security Notice USN-1283-1
Posted Nov 28, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1283-1 - It was discovered that APT incorrectly handled the Verify-Host configuration option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to steal repository credentials. This issue only affected Ubuntu 10.04 LTS and 10.10. USN-1215-1 fixed a vulnerability in APT by disabling the apt-key net-update option. This update re-enables the option with corrected verification. It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2011-3634
SHA-256 | 327413c22646f7456258bc2947fe0d8a48a8445340fd324511f04b9e940e42e2
Zero Day Initiative Advisory 11-332
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-332 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. AUser interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPLayer handles AAC files. When parsing an AAC file, Realplayer will create buffers based on the type of Channel it finds in the first frame. When the AAC starts with a Single channel in the first frame, and then changes to a channel pair in the following frame, Realplayer fails to update the buffer size for the channel data. The buffer overwrite that follows could result in remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4248
SHA-256 | 7dd13629ad3b9e3ac3af5a7df51e788585cc5b43f7e85085a0f86d547a44ce3d
Zero Day Initiative Advisory 11-331
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-331 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles MPEG files. Realplayer parses the mpg file by doing a do while loop where it uses the width of the movie for the loop condition. However, it will subtracts 1 from the width for every iteration of the loop and then compare it to 0. If the width of the movie was zero at the beginning the loop will run 0xFFFFFFFF times. This results in a memory corruption that can lead to remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4259
SHA-256 | 6a8d26996f84e01bae44e66eb7acdcfb123b54cf4dcae161cb23df3bf1115b61
Social Book Facebook Clone Script Cross Site Scripting
Posted Nov 28, 2011
Authored by Eyup CELIK

Social Book Facebook Clone Script suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ea240a98db0c1a0fadf3d64b54b39e49a30d2cbc394db025127e7210f8992406
Siemens SIMATIC WinCC Flexible Overflow / Traversal / Denial Of Service
Posted Nov 28, 2011
Authored by Luigi Auriemma | Site aluigi.org

Siemens SIMATIC WinCC Flexible suffers from stack overflow, directory traversal, denial of service and arbitrary memory read access vulnerabilities.

tags | exploit, denial of service, overflow, arbitrary, vulnerability
systems | linux
SHA-256 | ac12fa0c1d674d87df9e9af74d9ed93fa0067b7b9acdb1061dde4681e09149b1
WordPress Skysa Official 1.01 / 1.02 / 1.03 Cross Site Scripting
Posted Nov 28, 2011
Authored by Am!r | Site irist.ir

The WordPress Skysa-Official plugin versions 1.01 through 1.03 suffer from a cross site scripting vulnerability. The vendor fixed this quickly once made aware of the issue and version 1.04 fixes the problem.

tags | exploit, xss
SHA-256 | 464c62bd3947966cc2dce2717ecb16dc3b25093627fc4012ce57db68fcd2c705
Ubuntu Security Notice USN-1282-1
Posted Nov 28, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1282-1 - Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash Thunderbird, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, web, denial of service, javascript
systems | linux, ubuntu
advisories | CVE-2011-3648, CVE-2011-3650, CVE-2011-3651, CVE-2011-3652, CVE-2011-3654, CVE-2011-3655
SHA-256 | 173dd2dc6e40dec5c7c9c41431ee90ad71887b768a7cbbe149bad7a87ed33359
Secunia Security Advisory 47033
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for OFED. This fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability
systems | linux, suse
SHA-256 | cce758d55acab7249f9a9fee24990aa9e3ec5f41af59366d1d98ca9bf67c7679
Secunia Security Advisory 46973
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Celery, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
SHA-256 | 4f3bca3f1a6856136673cf01ef59f4af10ffab8f015b5f6cd47fde33521b9e84
Secunia Security Advisory 47043
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, fedora
SHA-256 | cd785fb410937f18bb137c044081710571ec1d09d666661d8bb0cc13760db581
Secunia Security Advisory 47039
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes two weaknesses and multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, conduct session hijacking attacks, and cause a DoS (Denial of Service), by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local, vulnerability
SHA-256 | d134437382538e6cefa7dc44ceeec54679919d1def6f0cc9a5fd30290e9aa4ec
Secunia Security Advisory 46978
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and potentially compromise a user's system.

tags | advisory, vulnerability, xss
systems | linux, ubuntu
SHA-256 | 1af7dbe7b7fc4f005d1b57e5f928de9ce4ed69a254b5f7933386415366f0eb71
Secunia Security Advisory 47036
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ismail Kaleem has discovered a vulnerability in the Fabrik component for Joomla!, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
SHA-256 | 7b8b83c9a6d67b0cfd61af443d5ba79d5a97931d6c5dbdcb4827d7b1abaecc08
Secunia Security Advisory 46979
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Luigi Auriemma has discovered multiple vulnerabilities in Siemens Automation License Manager, which can be exploited by malicious people to cause a DoS (Denial of Service) and manipulate certain data.

tags | advisory, denial of service, vulnerability
SHA-256 | e1bf931bcea281e0eb63e8f960facb62fb5d1b4a9bba66933a71119f82f2edae
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close