what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2011-02-16

BWMeter 5.4.0 Denial Of Service
Posted Feb 16, 2011
Authored by b0telh0 | Site gotgeek.com.br

BWMeter version 5.4.0 suffers from a .csv related denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 8476daffe3c151e34d74efc148c63294041d42df986fb7db49fee44d2123ab9d
QuickRecon 0.2.2
Posted Feb 16, 2011
Authored by Filip Szymanski

QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.

Changes: Bug fix release.
tags | tool, scanner, python
systems | unix
SHA-256 | 44d3ec57af0dc97b14b5c020752e414feebca30aa7690beb7e3ec23e8d74fa41
Samhain File Integrity Checker 2.8.2
Posted Feb 16, 2011
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: It is possible now to skip checksumming for files matching user-defined criteria (based on file size, permission, name, and/or file type). Several minor bugs have been fixed.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | e540629c6ff9fde640ac60a02cfab398a398992ca4c964d45644c176ae77aba1
yCrawler Web Crawling Utility
Posted Feb 16, 2011
Authored by Osirys | Site y-osirys.com

YCrawler is a web crawler that is useful for grabbing all user supplied input related to a given website and will save the output. It has proxy and log file support.

tags | tool, web, scanner
systems | unix
SHA-256 | 602e299d0d83a27072e94350f35ff2215599c2fc81c708ab79ed31bcc7d34dc0
John The Ripper 1.7.6 Jumbo 12
Posted Feb 16, 2011
Authored by Solar Designer | Site openwall.com

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.

Changes: The "generic MD5" self-test bug with "-sse2" and "-mmx" builds (introduced in -jumbo-10) has been corrected. MSCash and MSCash2 OpenMP parallelization has been enhanced to adjust the number of key slots according to the number of threads.
tags | cracker
systems | windows, unix, beos
SHA-256 | 2bbc034089dceb05f7284a0f997225b240d96b085ef8b399eb2d4b6aefb348d9
ActFax Server 4.25 LPD / LPR Buffer Overflow
Posted Feb 16, 2011
Authored by chap0

ActFax Server LPD/LPR remote buffer overflow exploit that binds a shell to port 4444.

tags | exploit, remote, overflow, shell
SHA-256 | 2ebd17d945bc423b321135f0783c3876ec973dd144c78277fde44d8e82cecd88
PHP 5.2.5 grapheme_extract() NULL Pointer Dereference
Posted Feb 16, 2011
Authored by Maksymilian Arciemowicz

PHP version 5.2.5 suffers from a grapheme_extract() null pointer dereference vulnerability.

tags | exploit, php
advisories | CVE-2011-0420
SHA-256 | 03b8ac9c97cec89d34b8ed048ab62fda0ab9ae70423a1f1f02f86a029656b0fe
Debian Security Advisory 2166-1
Posted Feb 16, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2166-1 - Several vulnerabilities were discovered in the Chromium browser.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-0777, CVE-2011-0778, CVE-2011-0783, CVE-2011-0983, CVE-2011-0981, CVE-2011-0984, CVE-2011-0985
SHA-256 | a6a76d3c535b5fb417f4e7106d5ad0ee7686155e667ca967a7c17a31f118f588
Rae Media Real Estate Multi Agent SQL Injection
Posted Feb 16, 2011
Authored by R4dc0re

Rae Media Real Estate Multi Agent suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 65fa9b69de034bc0b90de3020b374fc86d97b8ebc96effc1273e9273f7b3f5b3
Rae Media Real Estate Single Agent SQL Injection
Posted Feb 16, 2011
Authored by R4dc0re

Rae Media Real Estate Single Agent suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b8456af5393cf02c831f2afca6c026ff6d47bd9b3d61d87c1e751ebbb02852d8
Embedding Hidden Files In Jpeg Images
Posted Feb 16, 2011
Authored by Antoine Santo

Whitepaper that goes into detail on the steps necessary to hide and extract uuencoded files leveraging EXIF comments and third party sites like Facebook that fail to strip the data.

tags | paper
SHA-256 | e02a9efdacf2dbb1b333b7e4332c7ea69935dd1ff427b5a18569dbdc26045b5f
Apache Archiva 1.3.3 Cross Site Scripting
Posted Feb 16, 2011
Authored by Brett Porter | Site archiva.apache.org

A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into the Apache Archiva user management page. Versions 1.3.3 and earlier are affected.

tags | advisory, arbitrary, javascript
advisories | CVE-2011-0533
SHA-256 | ef5405a5cdb908fbdea9c2ca94e9485904f66d387638df61bed5396d7b39036a
Debian Security Advisory 2165-1
Posted Feb 16, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2165-1 - Several vulnerabilities have been discovered in FFmpeg coders, which are used by by MPlayer and other applications.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2010-3429, CVE-2010-4704, CVE-2010-4705
SHA-256 | b86d844f77a36230e7ea5dd52db346756dc5589423153d62a071288e7d8462ed
Debian Security Advisory 2164-1
Posted Feb 16, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2164-1 - Kees Cook discovered that the chfn and chsh utilities do not properly sanitize user input that includes newlines. An attacker could use this to to corrupt passwd entries and may create users or groups in NIS environments.

tags | advisory
systems | linux, debian
advisories | CVE-2011-0721
SHA-256 | 3c7165f169abaa8fe7fc4e48f066e16009452afff08998bc155b3bce7e40bb3b
ActFax Server 4.25 FTP Buffer Overflow
Posted Feb 16, 2011
Authored by chap0

ActFax Server version 4.25 FTP remote post-authentication buffer overflow exploit.

tags | exploit, remote, overflow
SHA-256 | e372efd4be2ecd84eb83b01bedea71b0e1db048ce07a6fa000e38442781e8ff4
Drupal Broken Anti-Automation / Path Disclosure
Posted Feb 16, 2011
Authored by MustLive

Drupal versions 6.20 and below suffer from broken anti-automation and path disclosure vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 998d6854d0553d84a23f01ebfab42858ac12d515cef3a3c74af722f5b84febca
Ubuntu Security Notice USN-1065-1
Posted Feb 16, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1065-1 - Kees Cook discovered that some shadow utilities did not correctly validate user input. A local attacker could exploit this flaw to inject newlines into the /etc/passwd file. If the system was configured to use NIS, this could lead to existing NIS groups or users gaining or losing access to the system, resulting in a denial of service or unauthorized access.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2011-0721
SHA-256 | 92adb8f4be3a172b9daf23a25bcfb40f576aef58e5527fc907ecb89a7df62a69
Seo Panel 2.2.0 SQL Injection
Posted Feb 16, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Seo Panel version 2.2.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 4aeaba7c6b82354b1bb4d94a7be9784d7bdf4c44c32481a7e292675ea6477aa8
Zero Day Initiative Advisory 11-086
Posted Feb 16, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-086 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Java Webstart loader of the Java Runtime Environment. When parsing a .jnlp file containing an extension, the loader will honor the permissions defined within. This will allow one to explicitly define the security permissions of their java component which will then get executed. This will allow one to execute code outside of the context of the JRE sandbox.

tags | advisory, java, remote, arbitrary
advisories | CVE-2010-4463
SHA-256 | 98b41896a0a5e3ce96407cf119a951881a4a9dd0776d496f10c73c727d9dcbdd
Zero Day Initiative Advisory 11-085
Posted Feb 16, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-085 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within jsound!XGetSamplePtrFromSnd. When extracting a sample from a soundbank stream user supplied data is used to calculate the bounds of a call to PV_Swap16BitSamples. By supplying a specially crafted sound file, a remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, java, remote, arbitrary
advisories | CVE-2010-4462
SHA-256 | 0183d6ecb86380619b79711f01ae81870d70369d913fa06a21cd4512e75903aa
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close