what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2012-10-08 to 2012-10-09

Avaya IP Office Customer Call Reporter Command Execution
Posted Oct 8, 2012
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability on Avaya IP Office Customer Call Reporter, which allows a remote user to upload arbitrary files through the ImageUpload.ashx component. It can be abused to upload and execute arbitrary ASP .NET code. The vulnerability has been tested successfully on Avaya IP Office Customer Call Reporter 7.0.4.2 and 8.0.8.15 on Windows 2003 SP2.

tags | exploit, remote, arbitrary, asp, bypass
systems | windows
advisories | CVE-2012-3811, OSVDB-83399
SHA-256 | 38fdec2a063f86b17c2227e7876f3caa2eb9ea10ec338d6f0a5b2d15773ee645
Conntrack Tools 1.4.0
Posted Oct 8, 2012
Authored by Pablo Neira Ayuso | Site conntrack-tools.netfilter.org

conntrack-tools is a set of userspace tools for Linux that allow system administrators to interact with the Connection Tracking System, the module which provides stateful packet inspection for iptables. It includes the userspace daemon conntrackd and the commandline interface conntrack.

Changes: This release adds the user-space helper infrastructure, which includes the RPC portmapper (to support NFSv3) and Oracle*TNS helpers.
tags | tool
systems | linux
SHA-256 | 036b032a5c4d180aad686df21399d74506b9b3d3000794eb13ac313482e24896
Interspire Email Marketer 6.0.1 XSS / SQL Injection
Posted Oct 8, 2012
Authored by Ibrahim El-Sayed, Vulnerability Laboratory | Site vulnerability-lab.com

Interspire Email Marketer version 6.0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | f8bd46b59908fd250f604a96039d46e1985482e022445cd4f574ef41594a8737
Linux IPTables Firewall 1.4.16.2
Posted Oct 8, 2012
Site iptables.org

iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.

Changes: This release includes aliasing support, which translates command lines using obsolete extensions into new ones. The option parser now flags illegal negative numbers in some more extensions. A division by zero was resolved in libxt_limit as well.
tags | tool, firewall
systems | linux
SHA-256 | 4468ce7e1d68349a8e30f26110eb7969dbfdbf497d6c53758883123b3f2d6f6e
PhpTax pfilez Parameter Exec Remote Code Injection
Posted Oct 8, 2012
Authored by sinn3r, Jean Pereira | Site metasploit.com

This Metasploit module exploits a vulnerability found in PhpTax, an income tax report generator. When generating a PDF, the icondrawpng() function in drawimage.php does not properly handle the pfilez parameter, which will be used in a exec() statement, and then results in arbitrary remote code execution under the context of the web server. Please note: authentication is not required to exploit this vulnerability.

tags | exploit, remote, web, arbitrary, php, code execution
SHA-256 | 3ecd2777666a36e43ebd4979984a5196686b1b70e2c3ecf4ce15f5ace94c27d1
Endpoint Protector 4.0.4.0 Cross Site Scripting
Posted Oct 8, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Endpoint Protector version 4.0.4.0 suffers from cross site scripting vulnerabilities. The vendor has contacted Packet Storm on 10/09/2013 and noted that they have addressed these issues in product update 4.4.0.1. The update is available through the Webadmin console :: Dashboard > Live Update.

tags | exploit, vulnerability, xss
SHA-256 | a2328643204ae516795d8ff44584e599f64ae809a6f8cea65a8b02f5dc1a9a04
Arctic Torrent 1.2.3 Memory Corruption
Posted Oct 8, 2012
Authored by Jean Pereira

Arctic Torrent version 1.2.3 remote memory corruption denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 9172304714395a3f989c23b4c6fb9c5679590e4aa469b113717c0617e2230ff7
Paypal BugBounty 5 Cross Site Scripting
Posted Oct 8, 2012
Authored by Ibrahim El-Sayed, Vulnerability Laboratory | Site vulnerability-lab.com

Paypal.com suffered from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 830b99c97288997b434a67b496389dd1abe41e3409067abdeb8904aadb08121e
Mandriva Linux Security Advisory 2012-161
Posted Oct 8, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-161 - Directory traversal vulnerability in html2ps before 1.0b7 allows remote attackers to read arbitrary files via directory traversal sequences in SSI directives. The updated packages have been upgraded to the 1.0b7 version which is not affected by this issue.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2009-5067
SHA-256 | 31f408029f1fd46e682a264c58eec8582e316235aafdcd50c1d8b422c86673c1
Red Hat Security Advisory 2012-1344-01
Posted Oct 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1344-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-1096
SHA-256 | ea965db75ccab2bc911e17e369001d135c14c39a71c3d7f46b9a1ff0db688bce
Debian Security Advisory 2558-1
Posted Oct 8, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2558-1 - It was discovered that bacula, a network backup service, does not properly enforce console ACLs. This could allow information about resources to be dumped by an otherwise-restricted client.

tags | advisory
systems | linux, debian
advisories | CVE-2012-4430
SHA-256 | 540e28b87842e07569ce4cdb550d5fd82780156516cf39012cc27566adf0b7d9
Debian Security Advisory 2557-1
Posted Oct 8, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2557-1 - Timo Warns discovered that the internal authentication server of hostapd, a user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator, is vulnerable to a buffer overflow when processing fragmented EAP-TLS messages. As a result, an internal overflow checking routine terminates the process. An attacker can abuse this flaw to conduct denial of service attacks via crafted EAP-TLS messages prior to any authentication.

tags | advisory, denial of service, overflow
systems | linux, debian
advisories | CVE-2012-4445
SHA-256 | c582a13609ee1ecc52a1cf49c47300445708bbdeff3916a7b6c350acdb913743
Debian Security Advisory 2556-1
Posted Oct 8, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2556-1 - Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3959, CVE-2012-3962, CVE-2012-3969, CVE-2012-3972, CVE-2012-3978
SHA-256 | dae9e88472f489701a9a4c3c26908271b44a466bf658731b487c1aa4c4bed850
Number Nine Design SQL Injection
Posted Oct 8, 2012
Authored by Net.W0lf, Hack Center Security Team

Number Nine Design suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 3626f2c20d0d1c333cedc520cacadaaed1687354a90213540bf6dd37a66cbc40
Icy Phoenix 2.0 Cross Site Scripting
Posted Oct 8, 2012
Authored by kurdish hackers team | Site kurdteam.org

Icy Phoenix CMS version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 15720fc7decd54d9ee32a0151f318dd82bc8c3f227810fad4a1408017fc42cd5
Hostapd Missing EAP-TLS Message Length Validation
Posted Oct 8, 2012
Authored by Timo Warns | Site pre-cert.de

Hostapd versions 0.6 through 1.0 fail to validation EAP-TLS message length allowing for a possible denial of service condition.

tags | advisory, denial of service
advisories | CVE-2012-4445
SHA-256 | a0941ae5fb0105278f2f227f2f8eeb6cb5597abe9be8c07f467d7e20a835d576
Easy Fast Admin SQL Injection
Posted Oct 8, 2012
Authored by Andrea Bocchetti

Easy Fast Admin suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 44ba807f64174cdb090827ed7459279438ec5befc347d31f201f72c5a7d33890
Secunia Security Advisory 50888
Posted Oct 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in hostapd, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 1a10b695395a0fa6c7d5b5a69e97622a405976e979ce4fd315b329544d5adba3
Web Help Desk 11.0.7 Cross Site Scripting
Posted Oct 8, 2012
Authored by loneferret

Web Help Desk version 11.0.7 suffers from a stored cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | 92d407863cc4660b9160ec7ee4b566b3f02ec436aa4aadd47f903d4acf797aa7
Secunia Security Advisory 50810
Posted Oct 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for icedove. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | ce3fa4a394934c7c76a8b8c3f9021f47bcf4a1235a4d23f63db614413f83dc30
Secunia Security Advisory 50805
Posted Oct 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for hostapd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, debian
SHA-256 | 05e102799fa3973c5602f39e2f90afaeab3199e280945cf51311fb85ddeef3a4
Secunia Security Advisory 50881
Posted Oct 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and two vulnerabilities have been reported in IBM Tivoli Directory Server, which can be exploited by malicious people to conduct spoofing attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, spoof, vulnerability
SHA-256 | e2e9d4a792eb8e813725170c748d216aad304e98f9fcef3b65f130cded7802d5
Secunia Security Advisory 50796
Posted Oct 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in SRWare Iron, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.

tags | advisory, vulnerability, xss
SHA-256 | 9cd16cbff19de037e240242115ac0b2ef72453078b69bc17a0dc39a95177528b
Secunia Security Advisory 50838
Posted Oct 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for libxslt. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

tags | advisory, denial of service, vulnerability
systems | linux, debian
SHA-256 | ab511b8f8bb9c34e2c7dc3d3bb6806517a57fc82e9bc605e7bd62faa7088e211
Secunia Security Advisory 50818
Posted Oct 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in IBM Tivoli Access Manager for e-business, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
SHA-256 | 8115ba527d6ea2a0ef8363f708240e851755025a0c9ae3d0b8d8c9ec19c53032
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close