exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 54 RSS Feed

Files Date: 2012-02-08

Zero Day Initiative Advisory 12-031
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-031 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Server. Authentication is not required to exploit this vulnerability. The flaw exists within the mod_ipp apache module component of the iprint-server, which listens by default on 631/tcp. During the handling of get-printer-attributes requests containing a attributes-natural-language attribute cause a validation routine to be hit. When validating this parameter the contents of the attribute are copied, without validation, to a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2011-4194
SHA-256 | 8785ce5e4895042ebedf436b8cf98faabc69c6c55879154a348e72a44cb21bbb
Zero Day Initiative Advisory 12-030
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to TestCompatibilityRecordMode() which allows a remote attacker to reliably corrupt controlled memory regions. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-1388
SHA-256 | 622911706f81e9fdc034ca737be28695759a0dc4084b9264057c6fec06c15272
TORCS 1.3.2 Buffer Overflow
Posted Feb 8, 2012
Authored by Andres Gomez

TORCS versions 1.3.2 and below XML buffer overflow /SAFESEH evasion exploit.

tags | exploit, overflow
SHA-256 | f4d0b175d9615c806d60537bb9afa6783a39591964e27c8826aba57a1f4bc5a2
Haveged 1.4
Posted Feb 8, 2012
Site issihosts.com

haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.

Changes: A 'generic' architecture based upon clock_gettime() has also been added. An s390 architecture has also been added. The build script now allows non Red Hat init scripts to be installed without patching the build. The collection loop has been rewritten to support multiple instances, and an experimental threaded option is now available to spread the CPU load. Auto tuning has been rewritten to replace buggy cpuid code and to incorporate information obtained from the /proc and /sys filesystems.
tags | tool
systems | linux, unix
SHA-256 | d4be23e678194631e3d13b0ced92b3bf2f4c5d7d881ad975e3c206ad79728397
Zero Day Initiative Advisory 12-029
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to InsertMarker() which in turn can allow an attacker to corrupt memory in a controlled fashion. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-1391
SHA-256 | 76805c536c447f4915a19c2be819b065adf829fffb16f51c4133629f6e4650de
Red Hat Security Advisory 2012-0104-01
Posted Feb 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0104-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3919
SHA-256 | 9165e3b50d8f4caa9cb36bcfa88ebf90af850df3617220c0b88374cbdcb36f8f
Red Hat Security Advisory 2012-0105-01
Posted Feb 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0105-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0490, CVE-2012-0492
SHA-256 | ca9f76af30a66df0629ba0bf43922a0401cc9257369853f8b953da2e2cabb20c
Red Hat Security Advisory 2012-0103-01
Posted Feb 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0103-01 - SquirrelMail is a standards-based webmail package written in PHP. A cross-site scripting flaw was found in the way SquirrelMail performed the sanitization of HTML style tag content. A remote attacker could use this flaw to send a specially-crafted Multipurpose Internet Mail Extensions message that, when opened by a victim, would lead to arbitrary web script execution in the context of their SquirrelMail session. Multiple cross-site scripting flaws were found in SquirrelMail. A remote attacker could possibly use these flaws to execute arbitrary web script in the context of a victim's SquirrelMail session.

tags | advisory, remote, web, arbitrary, php, xss
systems | linux, redhat
advisories | CVE-2010-1637, CVE-2010-2813, CVE-2010-4554, CVE-2010-4555, CVE-2011-2023, CVE-2011-2752, CVE-2011-2753
SHA-256 | 040b4b10a49caa004db71999e8f7658921ee27aeb022c6727ca45cd9c27514ad
trixd00r 0.0.1
Posted Feb 8, 2012
Authored by noptrix | Site nullsecurity.net

trixd00r is an advanced and invisible userland backdoor based on TCP/IP for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP. The client is used to send magic packets to trigger the server and get a shell.

tags | tool, shell, udp, tcp, rootkit
systems | unix
SHA-256 | a0eed62b5c320cfd39c32774d90d6628aacc7c98a02dc18bb3533d4641887a47
Viper FakeUpdate Script
Posted Feb 8, 2012
Authored by Bl4ck.Viper

This is a simple script to spawn dns spoofing, arp spoofing, a fake update page for Windows and a backdoored executable on a webserver to cause the Windows box to connect back. Requires Metasploit.

tags | tool, spoof, rootkit
systems | windows, unix
SHA-256 | fafffa5a5d80b84aa1e06752a7b0e865780f651a7fbff17eb1f66ed93cefbbbc
Zero Day Initiative Advisory 12-028
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-028 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within BB FlashBack Recorder.dll. The Filename property is vulnerable to directory traversal via the Start() method. PauseAndSave() is also vulnerable to directory traversal via its nextfilename parameter. InsertMarker() and InsertSoundToFBRAtMarker() have parameters that are vulnerable to script injection and can be combined with the previously mentioned vulnerabilities to achieve remote arbitrary code execution.

tags | advisory, remote, arbitrary, vulnerability, code execution
advisories | CVE-2011-1392
SHA-256 | b91a6531dea44477e2aadda1393a53b6738e18af1494bf5db32e2e7f7e05104f
CLiki Cross Site Scripting
Posted Feb 8, 2012
Authored by Sony

CLiki suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6a5e6a211a7bc98dfd99057049dbdd952041e4f668f15c7a7049e892d1365e72
HP Security Bulletin HPSBMU02742 SSRT100740
Posted Feb 8, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02742 SSRT100740 - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. The vulnerability could be exploited remotely resulting in unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory
systems | linux, windows
advisories | CVE-2011-3389
SHA-256 | d6dcf4dc11e54c3512513d4c9fb74bed62b7514a37e510af9b062a7b00783b4b
Zero Day Initiative Advisory 12-027
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SaveDoc function exposed by the VsVIEW6.ocx ActiveX control. The SaveDoc function causes a file to be created at an arbitrary path specified by the first argument (FileName). The file contents can be controlled by first setting the 'Text' member of the object. These behaviors can be exploited by a remote attacker to execute arbitrary code on the target system.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2012-0189
SHA-256 | 18a904ce62adf630cb8f08055cd0c8789ee111f72763c2cbf5bde4315c6c054a
ZENphoto 1.4.2 Code Execution / XSS / SQL Injection
Posted Feb 8, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

ZENphoto version 1.4.2 suffers from PHP code execution, cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, code execution, xss, sql injection
SHA-256 | e0d667d27dfd0d237ee2f58c90924b167d238873df32eeb1fe48fa4f7c550d81
ClubHACK Magazine Issue 25
Posted Feb 8, 2012
Authored by clubhack | Site chmag.in

ClubHACK Magazine Issue 25 - Topics covered include Exploiting Remote Systems Without Being Online, Firewall 101, Introduction To Skipfish, and more.

tags | remote, magazine
SHA-256 | 6b346c440dc82a5b86ffd88d761d91e37f2912e2d346a0290cbdec723448dd3f
Android Webkit XSS / Cross Domain Issues
Posted Feb 8, 2012
Authored by 80vul | Site 80vul.com

Android suffers from multiple cross site scripting, cross domain, auto file download and cross protocol vulnerabilities.

tags | exploit, vulnerability, protocol, xss
SHA-256 | a1d1a21cef752ac336635608065950185fee872c9f2986f93039600444e3c1ab
Zero Day Initiative Advisory 12-026
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-026 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Render() method exposed by the ExportHTML.dll ActiveX control. This method causes a file to be written to an arbitrary path specified by the second argument (Output). The contents of the file can be controlled by manipulating the object members 'CssLocation', 'LayoutStyle' and 'EmbedCss'. The CssLocation member can be directed to a UNC path containing a file to be included in the file generated by the call to Render(). These behaviors can be exploited by an attacker to execute arbitrary code on the target system.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2012-0190
SHA-256 | 5faff96d7b772db4987ba0423e5a6873f87e25fb7f156aa3410fe6e26a0817ce
Zero Day Initiative Advisory 12-025
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the indexd.exe handles rpc calls with opcode 0x1 for program 0x0005F3D9. While processing this message a user supplied string is copied into a fixed size stack buffer. This can result in a buffer overflow which can lead to remote code execution under the context of the current process.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2012-0395
SHA-256 | cc67964915fcfb176e4d7e59a6f033eda56531c16675a4a919fa72e82ca22936
Zero Day Initiative Advisory 12-024
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-024 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uncsp_ViewReportsHomepage stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the uncsp_ViewReportsHomepage stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request--which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
SHA-256 | 38c96fbd0758de3d47d24f2cd78a96e8dd8121809197ed09d568532c067566ad
Zero Day Initiative Advisory 12-023
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-023 - This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of CA Total Defense Suite UNC Management Web Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the App_Code.dll service listening by default on TCP ports 34444 and 34443 (SSL). The service allows a remote client to request encrypted domain credentials without authentication. The encryption lacks a salt allowing an attacker with a local installation of CA Total Defense Suite UNC Management Web Service to easily decrypt the credentials.

tags | advisory, remote, web, local, tcp
SHA-256 | 1de96172989487fd3a6ea16f36030260ccf1f16e55224c94d2ef37c87fcf3425
Zero Day Initiative Advisory 12-022
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-022 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ExportReport stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the ExportReport stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request--which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.

tags | advisory, remote, web, arbitrary, code execution
SHA-256 | 0e8f7ca268f389e2b1876c29d7b402d6145d28a3f54451240d6162b5bbe3dc50
Zero Day Initiative Advisory 12-021
Posted Feb 8, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-021 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within 2d.x3d, which is Adobe Reader's code responsible for processing BMP files. When passing a negative size parameter in the 'colors' field, a series of signed comparisons will be averted, and the overly large size parameter is passed to a memcpy(). This will cause a heap-based buffer overflow, allowing an attacker to execute code under the context of the user.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2011-4373
SHA-256 | 24f0d26f31e6c8fcf24c50cab38a6f9c749dcbe2a5ff797f47cc95f3469fc940
D-Link ShareCenter Remote Code Execution
Posted Feb 8, 2012
Authored by Roberto Paleari

This advisory expands on a previously known authentication bypass issue in D-Link ShareCenter products. It documents how the vulnerability can also be leveraged to execute arbitrary commands.

tags | exploit, arbitrary
SHA-256 | 4a7f66cacd9969a9c8db74887be83cbc3943cb63c95b99147923056026257454
SciTools Understand 2.6 DLL Loading Code Execution
Posted Feb 8, 2012
Authored by LiquidWorm | Site zeroscience.mk

A vulnerability in SciTools Understand version 2.6 is caused due to the application loading libraries (wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening an Understand Project file (.UDB) located on a remote WebDAV or SMB share.

tags | exploit, remote, arbitrary
SHA-256 | 5cda689106931a122f885350c46515532ff0a47fdb0e7ef0f9f15038b40dc6e7
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close