exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31 RSS Feed

Files Date: 2010-02-25

iPhone CSS::Selector Crash Exploit
Posted Feb 25, 2010
Authored by Chase Higgins

iPhone CSS::Selector crash exploit that acts as a web server that sends a malformed long string to the CSS style tag.

tags | exploit, web
systems | apple, iphone
SHA-256 | d71ada90483a76b113062fdae1846313e113c33c00836ca4c4a16526a4b6222b
EMC HomeBase Server Arbitrary File Upload
Posted Feb 25, 2010
Site emc.com

EMC HomeBase Server contains a vulnerability that may allow an unauthenticated remote user to upload arbitrary files on the affected HomeBase Server. Versions 6.2.x and 6.3.x are affected.

tags | advisory, remote, arbitrary
advisories | CVE-2010-0620
SHA-256 | 1481b43fd91ee9d43c4ca39ea27c50887e8ea9279062e3564ef9f2bc7328f2f6
iDEFENSE Security Advisory 2010-02-23.1
Posted Feb 25, 2010
Authored by iDefense Labs, Yorick Koster | Site idefense.com

iDefense Security Advisory 02.23.10 - Remote exploitation of an input validation vulnerability in NOS Microsystems Ltd.'s getPlus Download Manager, as used by Adobe and potentially other vendors, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists due to improper validation of the domain used to download and execute applications from. The vulnerable code always assumes that the domain being validated is a subdomain, which can lead to a logic error when comparing the valid domain and the requested domain. iDefense has confirmed the existence of this vulnerability in getPlus version 1.5.2.35 as distributed by Adobe. The Adobe Download Manager on Windows (prior to February 23, 2010) has been confirmed vulnerable by Adobe.

tags | advisory, remote, arbitrary
systems | windows
SHA-256 | d0efdc32584a23be37a59e4491447cc4ca499652cf899ad6b592297321df9b3a
MIMEDefang Email Scanner 2.68
Posted Feb 25, 2010
Authored by Dianne Skoll | Site mimedefang.org

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

Changes: This is a bugfix and minor cleanup release. It detects Sys::Syslog vs. Unix::Syslog at run-time rather than when running ./configure. It no longer changes Content-Disposition to "inline" by default; it was causing weird bugs with Outlook iCalendar attachments. Various other minor bugfixes and improvements were made.
systems | windows, unix
SHA-256 | af6d947eef87f00fe513045bf79828808ea42b9cf70eaee033d5e96e73edf61a
Symantec Products SYMLTCOM.dll Buffer Overflow
Posted Feb 25, 2010
Site vupen.com

VUPEN Vulnerability Research Team discovered a vulnerability in various Symantec security products. The vulnerability is caused by a buffer overflow error in the SYMLTCOM.dll module when processing user-supplied data, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page on a domain masqueraded as an authorized site.

tags | advisory, remote, web, overflow, arbitrary
advisories | CVE-2010-0107
SHA-256 | 1396c6713bed4dbfef7dae21661f037819774374e8dbc9e411a22263e49446ef
Technical Cyber Security Alert 2010-55A
Posted Feb 25, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-55A - Malicious activity detected in mid-December targeted at least 20 organizations representing multiple industries including chemical, finance, information technology, and media. Investigation into this activity revealed that third parties routinely accessed the personal email accounts of dozens of users based in the United States, China, and Europe. Further analysis revealed these users were victims of previous phishing scams through which threat actors successfully gained access to their email accounts.

tags | advisory
SHA-256 | cceaf3df3ab1ccf182366803b6bfb56b7c9cea916f742e8b4f9563252efe670d
JavaPont Local File Inclusion
Posted Feb 25, 2010
Authored by Palyo34

JavaPont suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | a013ca51d89ccb35e75cf4a2690348cf7368c3f368782a8e9e86ea9554782fad
Joomla HDFlvPlayer SQL Injection
Posted Feb 25, 2010
Authored by kaMtiEz | Site indonesiancoder.com

Joomla HDFlvPlayer component remote SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | dc912df0feedfb9f5ed7ac43039d679783880a60893bc48825697898d2e49d96
LiveChatNow SQL Injection
Posted Feb 25, 2010
Authored by Ariko-Security

LiveChatNow suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c185d764e3b247a42464968a76d8964632b5864476eab2c18fead83e812651f6
Kojoney 0.0.4.1 Denial Of Service
Posted Feb 25, 2010
Authored by Nicob

Kojoney versions prior to 0.0.4.2 suffer from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | a877fb5d19fecba22603df6557ffba4026cac256b572c537cf59dc8df9a77783
Apple Safari 4.0.4 / Google Chrome 4.0.249 Denial Of Service
Posted Feb 25, 2010
Authored by Rad L. Sneak

Apple Safari version 4.0.4 and Google Chrome version 4.0.249 suffer from a stack overflow denial of service vulnerability.

tags | exploit, denial of service, overflow
systems | apple
SHA-256 | ba90a1df6078d3a036b3d5ff300808e8b94b9214960121c8a2c8e6c054db790e
FTP Brute Forcing Script
Posted Feb 25, 2010
Authored by gunslinger | Site gunslingerc0de.wordpress.com

FTP brute forcing utility written in Python.

tags | tool, scanner, python
systems | unix
SHA-256 | cfa21c0a60f0dce81d28f10ac3a3c8f1ec11c0e1803d9b519d2fa308c15c83df
Assembly Port Binding Code
Posted Feb 25, 2010
Authored by mywisdom

Assembly code that binds to port 12345.

tags | shellcode
SHA-256 | 3b81b5eab10bc8cb8b3503424ac364d82d833f0afa4ccc82097c78cc6c06910f
Avast! 4.8 / 5.0 Kernel Memory Corruption
Posted Feb 25, 2010
Authored by Tobias Klein | Site trapkit.de

Avast! versions 4.8 and 5.0 suffer from a aavmker4.sys kernel memory corruption vulnerability.

tags | advisory, kernel
SHA-256 | 423e14acc68af28b36348077feb4ef7ada79727abeb0a3fa6fe5fcf347f9aa5c
phpCOIN 1.2.1 SQL Injection
Posted Feb 25, 2010
Authored by Baybora

phpCOIN version 1.2.1 suffers from a remote SQL injection vulnerability in mod.php.

tags | exploit, remote, php, sql injection
SHA-256 | 851d9fe31093b2a8736a03c6b09fcf3a26c924a64cccfd1b49beaaecb6d38f9f
Ubuntu Security Notice 903-1
Posted Feb 25, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 903-1 - OpenOffice suffers from multiple vulnerabilities. It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. If a user were tricked into opening a specially crafted image, an attacker could execute arbitrary code with user privileges. Nicolas Joly discovered that OpenOffice did not correctly handle certain Word documents. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary code with user privileges. It was discovered that OpenOffice did not correctly handle certain VBA macros correctly. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary macro commands, bypassing security controls.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-0217, CVE-2009-2949, CVE-2009-2950, CVE-2009-3301, CVE-2009-3302, CVE-2010-0136
SHA-256 | d0a5d9315dd8e403cd8b3e519b8802f52fab3266e43dcc3d765e96967c414897
Softbiz Auktios SQL Injection
Posted Feb 25, 2010
Authored by Easy Laster

Softbiz Auktios suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 47b1b5a09e2eec6890da99390c693438358b62b46bd79d23337fa9c2c09d0108
Ubuntu Security Notice 904-1
Posted Feb 25, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 904-1 - It was discovered that Squid incorrectly handled certain malformed packets received on the HTCP port. A remote attacker could exploit this with a specially-crafted packet and cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2010-0639
SHA-256 | d8d35fbd670ceb872134e0a760b1297c0ddf57008a8b14fb9d239abb228c5540
Softbiz Classifieds PLUS SQL Injection
Posted Feb 25, 2010
Authored by Easy Laster

Softbiz Classifieds PLUS suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 6637f9df6e7c0380a790cc741bef9937374ec63fb8e821aa365caae0bca84e85
WikyBlog 1.7.3rc2 XSS / Shell Upload / RFI
Posted Feb 25, 2010
Authored by indoushka

WikyBlog version 1.7.3rc2 suffers from shell upload, cross site scripting, cookie manipulation, session fixation, and remote file inclusion vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution, xss, file inclusion
SHA-256 | acbfd4c7f5e319c5a321f810fa9217f1b5ee15842e106529193c9cdbeeb6d15d
Article Friendly Local File Inclusion
Posted Feb 25, 2010
Authored by Pratul Agrawal

Article Friendly suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | bc6d96165ee0b4314aced6aba236f9bd3f29556c15be47378166e74df0c8237e
PBBoard 2.0.5 Add Administrator / Shell Upload
Posted Feb 25, 2010
Authored by indoushka

PBBoard version 2.0.5 suffers from add administrator and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, add administrator, file upload
SHA-256 | 29abb40977a4fb0be424a9f90430a489826cd07952a220e94dc1737315b5b968
Zero Day Initiative Advisory 10-020
Posted Feb 25, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-020 - This vulnerability allows remote attackers to upload arbitrary files on vulnerable installations of EMC HomeBase Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HomeBase SSL Service due to a failure to sanitize '../' directory traversal modifiers from a parameter. This will allow a user to specify any filename to upload arbitrary contents into. Successful exploitation can result in code execution under the context of the service.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2010-0620
SHA-256 | 94b735cb9134c2f95e503f506eef61a55020e96a2a8404d05a17d6880d25f3d2
Newbie CMS Insecure Cookie Handling
Posted Feb 25, 2010
Authored by jiko

Newbie CMS suffers from an insecure cookie handling vulnerability.

tags | exploit, insecure cookie handling
SHA-256 | f54f9549b0f96010f41871d9edbfacb2abb179f8fdfb7cacb26a99f79eb4aa89
MediaCoder 0.7.3.4605 Local Buffer Overflow
Posted Feb 25, 2010
Authored by fl0 fl0w

MediaCoder version 0.7.3.4605 local buffer overflow exploit with calc.exe and bindshell shellcode.

tags | exploit, overflow, local, shellcode
SHA-256 | fddb673addca4e8f2a1b132f3c1cc428c3b5554e631381b9af04b449c98a5ce4
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close