Section: .. / Last 100 Files /
| /// File Name: | dewnewphplinks-lfi.txt | Description:
| DewNewPHPLinks version 2.1.0.1 suffers from a local file inclusion vulnerability. | | Author: | Itsecteam | | File Size: | 695 | | Last Modified: | Mar 18 22:39:07 2010 | | MD5 Checksum: | d06a5a6a0e3c231c86a8f9fd5556ca56 |
|
| /// File Name: | USN-915-1.txt | Description:
| Ubuntu Security Notice 915-1 - Several flaws were discovered in the JavaScript engine of Thunderbird. Josh Soref discovered that the BinHex decoder used in Thunderbird contained a flaw. It was discovered that Thunderbird did not properly manage memory when using XUL tree elements. Jesse Ruderman and Sid Stamm discovered that Thunderbird did not properly display filenames containing right-to-left (RTL) override characters. Takehiro Takahashi discovered flaws in the NTLM implementation in Thunderbird. Ludovic Hirlimann discovered a flaw in the way Thunderbird indexed certain messages with attachments. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 19073 | | Related CVE(s): | CVE-2009-0689, CVE-2009-2463, CVE-2009-3072, CVE-2009-3075, CVE-2009-3077, CVE-2009-3376, CVE-2009-3983, CVE-2010-0163 | | Last Modified: | Mar 18 22:36:51 2010 | | MD5 Checksum: | b1e32685bd8203c6cf50424db44e1118 |
|
| /// File Name: | crimson-overwrite.tgz | Description:
| A vulnerability exists in the way Crimson Editor reads file types from within configuration files and can be exploited, by malicious people, to compromise a vulnerable system. Version 3.70 is vulnerable. Proof of concept configuration file included. | | Author: | sharpe | | File Size: | 4683 | | Last Modified: | Mar 18 22:35:35 2010 | | MD5 Checksum: | 8e5e7879cc0de787203305c7bee9d33c |
|
| /// File Name: | ONSEC-10-003.txt | Description:
| AboCMS versions 5.4 and below suffer from remote SQL injection vulnerabilities. | | Author: | Vladimir Vorontsov | | File Size: | 2289 | | Last Modified: | Mar 18 22:32:32 2010 | | MD5 Checksum: | 7fdfc0964d8f332a026ec0dc7e260ea6 |
|
| /// File Name: | dsa-2018-1.txt | Description:
| Debian Linux Security Advisory 2018-1 - Auke van Slooten discovered that PHP 5, an hypertext preprocessor, crashes (because of a NULL pointer dereference) when processing invalid XML-RPC requests. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 53065 | | Related CVE(s): | CVE-2010-0397 | | Last Modified: | Mar 18 22:31:54 2010 | | MD5 Checksum: | f37f54beb719713cf6d8cad2c3ff44ac |
|
| /// File Name: | philweb-sql.txt | Description:
| Philweb version 1.02 suffers from a remote SQL injection vulnerability. | | Author: | ViRuS_HiMa | | File Size: | 1846 | | Last Modified: | Mar 18 22:30:28 2010 | | MD5 Checksum: | 44ddb3add52016e4dd8d1170962e72c2 |
|
| /// File Name: | phpauthent-sql.txt | Description:
| phpAuthent version 0.2.1 suffers from a remote SQL injection vulnerability. | | Author: | Gamoscu | | File Size: | 2202 | | Last Modified: | Mar 18 22:28:38 2010 | | MD5 Checksum: | 49ddac055fe4a4f211ff5749ad582960 |
|
| /// File Name: | phpscripte24-sql.txt | Description:
| phpscripte24 Niedrig Gebote Pro Auktions System II suffers from a remote blind SQL injection vulnerability. | | Author: | Easy Laster | | File Size: | 1833 | | Last Modified: | Mar 18 22:20:17 2010 | | MD5 Checksum: | 55434ad8bc584b770248e4a0a4e9415f |
|
| /// File Name: | mymp3player-overflow.txt | Description:
| myMP3-Player version 3.0 local buffer overflow exploit that creates a malicious .m3u file. | | Author: | n3w7u | | File Size: | 1870 | | Last Modified: | Mar 18 22:10:55 2010 | | MD5 Checksum: | 85722a7f60597a6797d212652eb644b4 |
|
| /// File Name: | mplayer-dereference.txt | Description:
| mplayer versions 4.4.1 and below NULL pointer dereference exploit. | | Author: | Pietro Oliva | | File Size: | 2228 | | Last Modified: | Mar 18 18:51:46 2010 | | MD5 Checksum: | 5b393ddf344fc2b81f77436fcce10dc8 |
|
| /// File Name: | zippho-overflow.py.txt | Description:
| ZippHo version 3.0.6 stack buffer overflow exploit that creates a malicious .zip file. | | Author: | mr_me | | Homepage: | http://www.corelan.be/ | | File Size: | 4750 | | Last Modified: | Mar 18 18:49:27 2010 | | MD5 Checksum: | 8799e4198e2a8675bdc054bea94a502e |
|
| /// File Name: | mes-sql.pdf | Description:
| Manage Engine Service Desk Plus version 7.6 suffers from a remote SQL injection vulnerability. | | Author: | N. Grisolia | | File Size: | 66301 | | Last Modified: | Mar 18 16:48:09 2010 | | MD5 Checksum: | 7fd396afbaba4f79e8489971c25ebfc2 |
|
| /// File Name: | dsa-2015-1.txt | Description:
| Debian Linux Security Advisory 2015-1 - A local vulnerability has been discovered in drbd8. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 236406 | | Last Modified: | Mar 18 10:55:22 2010 | | MD5 Checksum: | c762b8e740f7d414f8852a48c921fa87 |
|
| /// File Name: | phpbb2plus-sql.txt | Description:
| phpBB2 Plus version 1.53 suffers from a remote SQL injection vulnerability. | | Author: | Gamoscu | | File Size: | 893 | | Last Modified: | Mar 17 19:21:32 2010 | | MD5 Checksum: | 942f30467708404c8d45483541812a40 |
|
| /// File Name: | oraclexdb-overflow.txt | Description:
| Oracle XDB FTP service UNLOCK buffer overflow exploit that spawns a reverse shell. | | Author: | mc2_s3lector | | File Size: | 7417 | | Last Modified: | Mar 17 19:18:53 2010 | | MD5 Checksum: | fe4d969fe804fa22c0fa72d6ccb7efbc |
|
| /// File Name: | phpnukerd-sql.txt | Description:
| PHP-Nuke Ratedownload suffers from a remote SQL injection vulnerability. | | Author: | Itsecteam | | File Size: | 1472 | | Last Modified: | Mar 17 19:16:29 2010 | | MD5 Checksum: | 11f80d08f579f7bb45439f9c8bfa5659 |
|
| /// File Name: | ninkobb-addadmin.txt | Description:
| NinkoBB version 1.3RC4 change / add administrator cross site request forgery exploit. | | Author: | Itsecteam | | File Size: | 1424 | | Last Modified: | Mar 17 19:14:10 2010 | | MD5 Checksum: | 8e261c3dcf60222e2db4a653d4f19363 |
|
| /// File Name: | joomlaalert-sql.txt | Description:
| Joomla Alert suffers from a remote SQL injection vulnerability. | | Author: | N2n-Hacker | | File Size: | 1349 | | Last Modified: | Mar 17 19:13:12 2010 | | MD5 Checksum: | 295ec7c5bd412530294d076301728c44 |
|
| /// File Name: | miranda-fail.txt | Description:
| Miranda versions 0.8.16 and 0.9.0 alpha build #6 Unicode and SVN rev. 11383 suffer from a silent TLS failure. | | Author: | Jan Schejbal | | File Size: | 2026 | | Last Modified: | Mar 17 19:10:46 2010 | | MD5 Checksum: | faf4a2b8a510aea1894b2cc17b22289a |
|
| /// File Name: | arp_sniff.c | Description:
| ARP Sniff (Sniffer Lite) is a tiny ARP sniffer. This tool will be useful to analyze the ARP packets in the network. The tool gives out two types of information, the 14 byte Ethernet header and 28 byte ARP header. The tool requires G++ compiler and a libpcap package. Three arguments are coded as of now. One is to list the available devices, second is to sniff the default device and third is to sniff the device given as argument. The sniffer outputs the Ethernet header (Source MAC address, Destination MAC address and Ethernet type), ARP Header (Hardware type, Protocol type, Hardware address length, Protocol address length, Opcode, Source Hardware address and Protocol address, Destination hardware address and Protocol address). | | Author: | K.K.Senthil Velan | | File Size: | 15585 | | Last Modified: | Mar 17 19:06:29 2010 | | MD5 Checksum: | 18ae58b999b218c41f4714dc43037caf |
|
| /// File Name: | varicad-overflow.c | Description:
| VariCAD version 2010-2.05 EN local buffer overflow exploit. Comes with options to spawn calc.exe, bindshell, and add user shellcode. | | Author: | n00b | | File Size: | 14992 | | Last Modified: | Mar 17 19:01:21 2010 | | MD5 Checksum: | b6dbc9d650ce73b8aa187ad4cf6bf2e3 |
|
| /// File Name: | softsaurus-rfi.txt | Description:
| Softsaurus version 2.01 suffers from multiple remote file inclusion vulnerabilities. | | Author: | cr4wl3r | | File Size: | 1823 | | Last Modified: | Mar 17 18:57:51 2010 | | MD5 Checksum: | 14d7be34b23f35e3dd69aab5b75e04ee |
|
| /// File Name: | nensorcms-lfisql.txt | Description:
| Nensor CMS version 2.01 suffers from remote SQL injection and local file inclusion vulnerabilities. | | Author: | cr4wl3r | | File Size: | 2029 | | Last Modified: | Mar 17 18:56:54 2010 | | MD5 Checksum: | 5cdae11649756b722c81bb5992e4698e |
|
| /// File Name: | sahana-bypass.txt | Description:
| Sahana version 0.6.2.2 suffers from an authentication bypass vulnerability. | | Author: | vooduhal | | File Size: | 288 | | Last Modified: | Mar 17 18:54:21 2010 | | MD5 Checksum: | 22c6ac27d9bff68d6635249a65a45771 |
|
| /// File Name: | USN-914-1.txt | Description:
| Ubuntu Security Notice 914-1 - Mathias Krause discovered that the Linux kernel did not correctly handle missing ELF interpreters. Marcelo Tosatti discovered that the Linux kernel's hardware virtualization did not correctly handle reading the /dev/port special device. Sebastian Krahmer discovered that the Linux kernel did not correctly handle netlink connector messages. Ramon de Carvalho Valle discovered that the Linux kernel did not correctly validate certain memory migration calls. Jermome Marchand and Mikael Pettersson discovered that the Linux kernel did not correctly handle certain futex operations. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 159562 | | Related CVE(s): | CVE-2010-0307, CVE-2010-0309, CVE-2010-0410, CVE-2010-0415, CVE-2010-0622, CVE-2010-0623 | | Last Modified: | Mar 17 18:35:36 2010 | | MD5 Checksum: | 06a07f29fba6efe5a2d2ad91ac618b24 |
|
| /// File Name: | secunia-qfxsrf.txt | Description:
| Secunia Research has discovered a vulnerability in Quicksilver Forums, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. execute arbitrary SQL queries by tricking a logged in administrator into visiting a malicious web site. | | Homepage: | http://secunia.com/ | | File Size: | 4446 | | Last Modified: | Mar 17 18:34:35 2010 | | MD5 Checksum: | 272179a9f78ab71c2ade4e2b7ce9f79c |
|
| /// File Name: | joomlackforms-lfisql.txt | Description:
| The Joomla Ckforms component suffers from local file inclusion and remote SQL injection vulnerabilities. | | Author: | altbta | | File Size: | 1036 | | Last Modified: | Mar 17 18:33:17 2010 | | MD5 Checksum: | 6fa0d36ba2432485eebfd2e394776117 |
|
| /// File Name: | preisschlact-sql.txt | Description:
| Preisschlacht Multi Liveshop System suffers from a remote SQL injection vulnerability. | | Author: | Easy Laster | | File Size: | 1697 | | Last Modified: | Mar 17 18:32:09 2010 | | MD5 Checksum: | d1b67fb30d444f6dfb4b3a56201e15ba |
|
| /// File Name: | sipwitch-0.7.4.tar.gz | Description:
| GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate. | | Author: | David Sugar | | Homepage: | http://www.gnutelephony.org/ | | Changes: | Sending of hash rather than realm to server when a user changes the authentication secret with a live server instance running was fixed. Automatic activation of generated UUID SIP realm when no realm is explicitly set by the user was fixed. | | File Size: | 491064 | | Last Modified: | Mar 17 18:29:34 2010 | | MD5 Checksum: | bb754e9f6f8dfbdef7741452d3f762c2 |
|
| /// File Name: | secunia-qfbidisclose.txt | Description:
| Secunia Research has discovered a security issue in Quicksilver Forums, which can be exploited by malicious people to disclose potentially sensitive information. The database backup functionality stores the database backup with a semi-predictable file name inside the web root. This can be exploited to download the backup by guessing the file name. | | Homepage: | http://secunia.com/ | | File Size: | 4469 | | Last Modified: | Mar 17 18:27:18 2010 | | MD5 Checksum: | 7cdbe957564918e29559a390e72e6652 |
|
| /// File Name: | postnukece-sql.txt | Description:
| The Postnuke ContentExpress module suffers from a remote SQL injection vulnerability. | | Author: | Ali Abbasi | | File Size: | 795 | | Last Modified: | Mar 17 18:25:56 2010 | | MD5 Checksum: | c0070c1513a455ad171e113012add0e8 |
|
| /// File Name: | secunia-qfmddisclose.txt | Description:
| Secunia Research has discovered a security issue in Quicksilver Forums, which can be exploited by malicious, local users to disclose sensitive information. The application passes the database password via the command line to the "mysqldump" utility, which may disclose the password via the process list. | | Homepage: | http://secunia.com/ | | File Size: | 4280 | | Last Modified: | Mar 17 18:21:20 2010 | | MD5 Checksum: | e7161deac23c4bea4473bac95e0456b3 |
|
| /// File Name: | joomlainclude-sql.txt | Description:
| The Joomla Include component suffers from a remote SQL injection vulnerability. | | Author: | DevilZ TM | | File Size: | 1429 | | Last Modified: | Mar 17 18:20:26 2010 | | MD5 Checksum: | 34a27a7e5186546e26df47da413dbb6f |
|
| /// File Name: | CORE-2010-0311.txt | Description:
| Core Security Technologies Advisory - eFront is vulnerable to local file inclusion vulnerability, which allows an external remote attacker to upload an arbitrary file and execute code on the vulnerable website learning platform. Version 3.5.5 is vulnerable. | | Author: | Core Security Technologies | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 7172 | | Last Modified: | Mar 17 18:17:03 2010 | | MD5 Checksum: | 915435e9b89c6b131497134dd31b51b3 |
|
| /// File Name: | joomlavxdate-sqlxss.txt | Description:
| The Joomla VXDate component suffers from cross site scripting, path disclosure and remote SQL injection vulnerabilities. | | Author: | MustLive | | File Size: | 1294 | | Last Modified: | Mar 17 18:15:03 2010 | | MD5 Checksum: | 6a405fe670df7981e606f9c5a699f0cc |
|
| /// File Name: | USN-913-1.txt | Description:
| Ubuntu Security Notice 913-1 - It was discovered that libpng did not properly initialize memory when decoding certain 1-bit interlaced images. If a user or automated system were tricked into processing crafted PNG images, an attacker could possibly use this flaw to read sensitive information stored in memory. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. It was discovered that libpng did not properly handle certain excessively compressed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 17736 | | Related CVE(s): | CVE-2009-2042, CVE-2010-0205 | | Last Modified: | Mar 16 20:04:21 2010 | | MD5 Checksum: | e34dd3abb0e2d79fb917042a37af2af6 |
|
| /// File Name: | argosoft-traversal.txt | Description:
| ArGoSoft FTP Server .NET version 1.0.2.1 suffers from a directory traversal vulnerability. | | Author: | dmnt | | File Size: | 432 | | Last Modified: | Mar 16 20:01:06 2010 | | MD5 Checksum: | bb8f51d72fd0b584647dd84d190a595a |
|
| /// File Name: | dff-0.5.0-src.tar.gz | Description:
| DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules. | | Author: | Christophe M.,Solal J. | | Homepage: | http://www.digital-forensic.org/ | | Changes: | This release includes several bugfixes and a new API and graphical features: file carving with an enhanced algorithm, a complete rewrite of the hexadecimal viewer, research functions in the API, a new gallery viewer with speed improvements, a partition mapper that allows extended partitions to be added, and automation capabilities based on MIME type for improved GUI navigation. | | File Size: | 2838773 | | Last Modified: | Mar 16 19:57:44 2010 | | MD5 Checksum: | ae8674a3ec7268d1f500bb5eb5a828bc |
|
| /// File Name: | CORE-2009-0803.txt | Description:
| Core Security Technologies Advisory - A vulnerability found in the memory management of the Virtual Machine Monitor makes memory pages mapped above the 2GB available with read or read/write access to user-space programs running in a Guest operating system. | | Author: | Core Security Technologies,Diego Juarez,Nicolas A. Economou | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 36508 | | Last Modified: | Mar 16 19:53:29 2010 | | MD5 Checksum: | 936c26e59571a54c68f677c92c973253 |
|
| /// File Name: | CORELAN-10-013.txt | Description:
| Windisc version 1.3 suffers from a stack buffer overflow vulnerability. Full exploit code included. | | Author: | Rick | | Homepage: | http://www.corelan.be/ | | File Size: | 11031 | | Last Modified: | Mar 16 19:51:52 2010 | | MD5 Checksum: | ae169a1b3bef09878c6b43b25193a365 |
|
| /// File Name: | fckeditor-shell.txt | Description:
| FCKEditor version 2.0 RC3 suffers from a shell upload vulnerability. | | Author: | Aodrulez | | File Size: | 935 | | Last Modified: | Mar 16 19:48:58 2010 | | MD5 Checksum: | b59c2afa640cc668f579fb57c3dac4e0 |
|
| /// File Name: | USN-912-1.txt | Description:
| Ubuntu Security Notice 912-1 - It was discovered that Audio File Library contained a heap-based buffer overflow. If a user or automated system processed a crafted WAV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. The default compiler options for Ubuntu should reduce this vulnerability to a denial of service. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 15508 | | Related CVE(s): | CVE-2008-5824 | | Last Modified: | Mar 16 19:47:32 2010 | | MD5 Checksum: | cea5bb89800954462cbfdec1bfb278eb |
|
| /// File Name: | ZDI-10-032.txt | Description:
| Zero Day Initiative Advisory 10-032 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP MaxDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the serv.exe process which listens by default on TCP port 7210. The process trusts a value from a handshake packet and uses it as a length when copying data to the stack. If provided a malicious value and packet data, this can be leveraged to execute arbitrary code under the context of the SYSTEM user. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2648 | | Last Modified: | Mar 16 19:47:16 2010 | | MD5 Checksum: | e2375d89695fe12b1a00cc15adebefb0 |
|
| /// File Name: | clantigercms-xsrf.txt | Description:
| Clan Tiger CMS suffers from a cross site request forgery vulnerability. | | Author: | Pratul Agrawal | | File Size: | 1699 | | Last Modified: | Mar 16 19:46:20 2010 | | MD5 Checksum: | 8ac6d6d229428e13402d0a1955b048ba |
|
| /// File Name: | chillycms-xss.txt | Description:
| Chilly CMS suffers from a persistent cross site scripting vulnerability. | | Author: | Pratul Agrawal | | File Size: | 3159 | | Last Modified: | Mar 16 19:45:12 2010 | | MD5 Checksum: | e97b751f44416cb2cc09edb43df20446 |
|
| /// File Name: | chillycms-xsrf.txt | Description:
| Chilly CMS suffers from a cross site request forgery vulnerability. | | Author: | Pratul Agrawal | | File Size: | 1737 | | Last Modified: | Mar 16 19:44:18 2010 | | MD5 Checksum: | 6f5f88f67ef821bb958d06369419b319 |
|
| /// File Name: | wftpdkill.py.txt | Description:
| WFTPD version 3.3 remote unhandled exception denial of service exploit. | | Author: | dmnt | | File Size: | 1323 | | Last Modified: | Mar 16 19:43:06 2010 | | MD5 Checksum: | 8323be9aa4f257a477d0cf841e451e32 |
|
| /// File Name: | sugarcrm-xss.txt | Description:
| SugarCRM versions prior to 5.5.0a and 5.2.0l suffer from a cross site scripting vulnerability. | | Author: | Jeromie Jackson | | File Size: | 2111 | | Related CVE(s): | CVE-2010-0465 | | Last Modified: | Mar 16 19:41:43 2010 | | MD5 Checksum: | 65028fdd56e01094100a9af2f5680c25 |
|
| /// File Name: | ZDI-10-031.txt | Description:
| Zero Day Initiative Advisory 10-031 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable software utilizing Apple's WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due to a failure to unregister a callback pointer during the destruction of a particular type of element when embedded inside a 'blink' container. The application dereferences the original resource which can can be leveraged by an attacker to execute arbitrary code under the context of the current user. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2910 | | Last Modified: | Mar 16 19:40:43 2010 | | MD5 Checksum: | 43ec94b162ba7d2b0766fafde3e3e294 |
|
| /// File Name: | ossim22-exec.pdf | Description:
| CYBSEC Security Advisory - OSSIM version 2.2 suffers from a remote command execution vulnerability. | | Author: | Nahuel Grisolia | | Homepage: | http://www.cybsec.com/ | | File Size: | 65714 | | Last Modified: | Mar 16 19:33:55 2010 | | MD5 Checksum: | d41bdbe4b05ef8ac976280685a559ab9 |
|
| /// File Name: | ossim22-upload.pdf | Description:
| CYBSEC Security Advisory - OSSIM version 2.2 suffers from an arbitrary file upload vulnerability. | | Author: | Nahuel Grisolia | | Homepage: | http://www.cybsec.com/ | | File Size: | 64759 | | Last Modified: | Mar 16 19:33:50 2010 | | MD5 Checksum: | 0d2575f09ecdeab1d769bcad45a27d0a |
|
| /// File Name: | ossim22-download.pdf | Description:
| CYBSEC Security Advisory - OSSIM version 2.2 suffers from an arbitrary file download vulnerability. | | Author: | Nahuel Grisolia | | Homepage: | http://www.cybsec.com/ | | File Size: | 65669 | | Last Modified: | Mar 16 19:33:44 2010 | | MD5 Checksum: | c1260392b7369292d9f6003b0d6b7963 |
|
| /// File Name: | egroupware-exec.pdf | Description:
| CYBSEC Security Advisory - EGroupware suffers from a remote command execution vulnerability. Versions 1.4.001 / 1.4.002 / 1.6.001 / 1.6.002 and Premium Line versions 9.1 and 9.2 are affected. | | Author: | Nahuel Grisolia | | Homepage: | http://www.cybsec.com/ | | File Size: | 377524 | | Last Modified: | Mar 16 19:34:21 2010 | | MD5 Checksum: | cd3392e71ec7dd6cd61ee3e6df2f1390 |
|
| /// File Name: | egroupware-xss.pdf | Description:
| CYBSEC Security Advisory - EGroupware suffers from a reflected cross site scripting vulnerability. Versions 1.4.001 / 1.4.002 / 1.6.001 / 1.6.002 and Premium Line versions 9.1 and 9.2 are affected. | | Author: | Nahuel Grisolia | | Homepage: | http://www.cybsec.com/ | | File Size: | 377386 | | Last Modified: | Mar 16 19:34:12 2010 | | MD5 Checksum: | edcf883b64ba6f5440633f8c051e01dc |
|
| /// File Name: | occms-sql.txt | Description:
| Online Community CMS By I-net suffers from a remote SQL injection vulnerability. | | Author: | Th3 RDX | | File Size: | 2999 | | Last Modified: | Mar 16 19:32:47 2010 | | MD5 Checksum: | c953d33ead51b48209a45fa2489cdd63 |
|
| /// File Name: | zigurratcms-sql.txt | Description:
| Zigurrat CMS suffers from a remote SQL injection vulnerability. | | Author: | Isfahan University of Technology | | File Size: | 1064 | | Last Modified: | Mar 16 19:29:34 2010 | | MD5 Checksum: | ea2d6bbeac33bd7357d32c710bc3362e |
|
| /// File Name: | parscms-sql.txt | Description:
| Pars CMS suffers from a remote SQL injection vulnerability. | | Author: | Isfahan University of Technology | | File Size: | 1160 | | Last Modified: | Mar 16 19:28:49 2010 | | MD5 Checksum: | c91edb7d57a0243b3445a51147e8cc9a |
|
| /// File Name: | dsa-2017-1.txt | Description:
| Debian Linux Security Advisory 2017-1 - Dan Rosenberg discovered that the PulseAudio sound server creates a temporary directory with a predictable name. This allows a local attacker to create a Denial of Service condition or possibly disclose sensitive information to unprivileged users. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 59070 | | Related CVE(s): | CVE-2009-1299 | | Last Modified: | Mar 16 19:28:16 2010 | | MD5 Checksum: | c7940506ee2f24afcaa65332c6a54d6b |
|
| /// File Name: | cutenews-insecure.txt | Description:
| CuteNews version 1.4.6 suffers from an insecure cookie handling vulnerability. | | Author: | indoushka | | File Size: | 2098 | | Last Modified: | Mar 16 19:26:53 2010 | | MD5 Checksum: | 04d570d583a36d524fbe3d82c01d26b1 |
|
| /// File Name: | familyconnections22-sql.txt | Description:
| Family Connections version 2.2 suffers from multiple remote SQL injection vulnerabilities. | | Author: | Blake | | File Size: | 3114 | | Last Modified: | Mar 16 19:25:29 2010 | | MD5 Checksum: | 7c8b7a5bc42c222e570cfc4490d6510d |
|
| /// File Name: | ZDI-10-030.txt | Description:
| Zero Day Initiative Advisory 10-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari and other WebKit based browsers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of the run-in value for display CSS styles. A specially crafted web page can cause a use after free() condition in WebKit's WebCore::RenderBlock() method. This can be further leveraged by attackers to execute arbitrary code under the context of the current user. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2745 | | Last Modified: | Mar 16 19:23:46 2010 | | MD5 Checksum: | 01f4bf61bb7cbb5256b0ad70e2ff46d0 |
|
| /// File Name: | frecf-lfi.txt | Description:
| Free Real Estate Contact Form version 1.09 suffers from a local file inclusion vulnerability. | | Author: | Pouya Daneshmand | | File Size: | 846 | | Last Modified: | Mar 16 18:05:32 2010 | | MD5 Checksum: | b240e39bf6abbb836cbabe60252fbc52 |
|
| /// File Name: | shorturl-lfi.txt | Description:
| Short URL version 1.01 suffers from a local file inclusion vulnerability. | | Author: | Pouya Daneshmand | | File Size: | 815 | | Last Modified: | Mar 16 18:04:49 2010 | | MD5 Checksum: | 69a2e15252eb4b91243a8b8e9b14282d |
|
| /// File Name: | oscmax-shell.txt | Description:
| osCMax version 2.0 using blacklisting instead of whitelisting and due to this suffers from a shell upload vulnerability. | | Author: | Itsecteam | | File Size: | 1947 | | Last Modified: | Mar 16 18:03:50 2010 | | MD5 Checksum: | cde1c450c31235324a15d6ccb746ff45 |
|
| /// File Name: | adobe_libtiff.rb.txt | Description:
| This Metasploit module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions 8.0 through 8.2 and 9.0 through 9.3. | | Author: | Microsoft,jduck,villy | | Homepage: | http://www.metasploit.com | | File Size: | 11578 | | Related OSVDB(s): | 62526 | | Related CVE(s): | CVE-2010-0188 | | Last Modified: | Mar 16 17:51:38 2010 | | MD5 Checksum: | 7e3d29c6e1a62c31e6d005a4c6c26424 |
|
| /// File Name: | httpdx-break.txt | Description:
| Httpdx version 1.5.3 remote break services exploit. | | Author: | Jonathan Salwan | | File Size: | 1513 | | Last Modified: | Mar 16 00:48:54 2010 | | MD5 Checksum: | 5dc4a8f716291ef5f6ee472c61c54e83 |
|
| /// File Name: | dojo-xss.txt | Description:
| Dojo Toolkit SDK versions 1.4.1 and below suffer from a cross site scripting vulnerability. | | Author: | Adam Bixby | | Homepage: | http://www.gdssecurity.com/ | | File Size: | 4343 | | Last Modified: | Mar 16 00:46:57 2010 | | MD5 Checksum: | 35c74e69700d51106381fc918fded8e4 |
|
| /// File Name: | plumbercon10-cfp.txt | Description:
| PlumberCon 10 Call For Papers - This convention will be taking place in Austria from July 9th through the 11th, 2010. | | Homepage: | http://plumbercon.org/ | | File Size: | 5213 | | Last Modified: | Mar 16 00:45:57 2010 | | MD5 Checksum: | 0e4053ecbfbfdb5f785a0768c3121f79 |
|
| /// File Name: | csice-xssxsrf.txt | Description:
| CSICE suffers from cross site request forgery and cross site scripting vulnerabilities. | | Author: | FB1H2S | | File Size: | 2046 | | Last Modified: | Mar 16 00:39:32 2010 | | MD5 Checksum: | 9cff76f6a49ec0dea4b4b1024a864414 |
|
| /// File Name: | buck-security_0.4.zip | Description:
| Buck-Security is a security scanner for Debian and Ubuntu Linux. It helps you to harden your system by running some important security checks. For example, it finds world-writable files and directories, setuid and setgid programs, superuser accounts, and installed attack tool packages. It also checks your umask and checks if the sticky bit is set for /tmp, among other checks. | | Homepage: | http://buck-security.sourceforge.net/ | | File Size: | 35181 | | Last Modified: | Mar 16 00:35:57 2010 | | MD5 Checksum: | d10b3410df616cea9b60b44a182debf2 |
|
| /// File Name: | iexploder-1.5.tgz | Description:
| iExploder is like a fire hydrant full of bad HTML and CSS code to test the stability and security of web browsers. Available as a standalone webserver or CGI script, it continuously feeds browsers bad data in the hope that they will eventually crash. It is designed to run for hours, or even days until the browser crashes. namebench was initially written as a QA tool for the Mozilla Project to test the Firefox 1.0 release, and is now included and used by Apple's Webkit project. | | Author: | Thomas Stromberg | | Homepage: | http://code.google.com/p/iexploder/ | | File Size: | 344463 | | Last Modified: | Mar 16 00:32:10 2010 | | MD5 Checksum: | a9f13caef6e05e60c287cb32bf4e5084 |
|
| /// File Name: | joomlaas-sql.txt | Description:
| The Joomla As component suffers from a remote SQL injection vulnerability. | | Author: | N2n-Hacker | | File Size: | 1177 | | Last Modified: | Mar 16 00:28:05 2010 | | MD5 Checksum: | 09707a55a39a42123137cd9512d4bc93 |
|
| /// File Name: | iphone_crash_2.py.txt | Description:
| iPhone Springboard crash proof of concept exploit. | | Author: | Chase Higgins | | File Size: | 1326 | | Last Modified: | Mar 16 00:26:32 2010 | | MD5 Checksum: | fe7fc2c53b3770143815e56cc0b9cd39 |
|
| /// File Name: | whatweb-0.4.tar.gz | Description:
| WhatWeb next generation web scanner identifies what websites are running. Released at the Kiwicon conference (kiwicon.org) in Wellington, New Zealand. Written in Ruby for Linux. Flexible plugin architecture with over 70 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver. Screenshots on the homepage. | | Author: | Andrew Horton (urbanadventurer) | | Homepage: | http://www.morningstarsecurity.com/research/whatweb | | Changes: | Added HTTPS support. Improved documentation. Various additions and updates. | | File Size: | 170740 | | Last Modified: | Mar 15 23:14:59 2010 | | MD5 Checksum: | e1e415bb7cb2c76ff4489232fff5a668 |
|
| /// File Name: | swingette-dos.txt | Description:
| Swingette version 1.1 buffer overflow denial of service exploit that creates a malicious .mp3 file. | | Author: | cr4wl3r | | File Size: | 3102 | | Last Modified: | Mar 16 00:22:33 2010 | | MD5 Checksum: | 1eef33283d881afdf0885f51df41ca63 |
|
| /// File Name: | embedthis-dos.txt | Description:
| Embedthis Appweb version 3.1.2 remote denial of service exploit. | | Author: | chr1x | | File Size: | 4192 | | Last Modified: | Mar 16 00:21:05 2010 | | MD5 Checksum: | 21b1af26a52d6bc36668e826d80f52a0 |
|
| /// File Name: | httpdx153b-crash.txt | Description:
| httpdx version 1.5.3b remote pre-authentication denial of service proof of concept exploit. | | Author: | loneferret | | File Size: | 3898 | | Last Modified: | Mar 16 00:19:41 2010 | | MD5 Checksum: | cd6eaf143dd7d6978809b8f9990e2645 |
|
| /// File Name: | mediaplayer-dos.txt | Description:
| Media Player version 6.4.9.1 with K-Lite Codec Pack denial of service exploit that creates a malicious .avi file. | | Author: | Enigma7 | | File Size: | 886 | | Last Modified: | Mar 16 00:17:06 2010 | | MD5 Checksum: | 0dfc40bacc39b136497d4969c1427b4d |
|
| /// File Name: | gomplayeravi-dos.txt | Description:
| GOM Player version 2.1.21 denial of service exploit that creates a malicious .avi file. | | Author: | Enigma7 | | File Size: | 550 | | Last Modified: | Mar 16 00:15:35 2010 | | MD5 Checksum: | e5fc437366d97e8499cadf910f1dcf1d |
|
| /// File Name: | quickzip_xpsp3.pl.txt | Description:
| QuickZip version 4.60.019 stack buffer overflow exploit for XP SP3. | | Author: | corelanc0d3r | | File Size: | 4363 | | Last Modified: | Mar 16 00:13:48 2010 | | MD5 Checksum: | 115495832ffe27ef0c37a2dfa4d3d799 |
|
| /// File Name: | ocftpd-overflow.rb.txt | Description:
| This Metasploit module exploits a stack overflow in the USER verb in Open & Compact FTPd version 1.2. The program will crash once the payload is sent, so bind shell payloads are not effective. | | Author: | Blake | | Homepage: | http://www.metasploit.com | | File Size: | 2154 | | Last Modified: | Mar 15 23:20:20 2010 | | MD5 Checksum: | 4a8214de5df6870ce41b4ddd3218d4f4 |
|
| /// File Name: | ads-xss.txt | Description:
| phpAdsNew, OpenAds and OpenX suffer from a cross site scripting vulnerability in banner.swf. | | Author: | MustLive | | File Size: | 2273 | | Last Modified: | Mar 15 23:18:33 2010 | | MD5 Checksum: | 147a3787722d88ea4263a8c894cecc5d |
|
| /// File Name: | sqlmap-0.8.tar.gz | Description:
| sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more. | | Author: | Bernardo Damele | | Homepage: | http://sqlmap.sourceforge.net | | Changes: | Support to enumerate and dump all database tables. Support to parse -C when fetching columns of a table. Support for takeover features on PostgreSQL 8.4. Various other improvements and tweaks. | | File Size: | 3811238 | | Last Modified: | Mar 15 23:12:07 2010 | | MD5 Checksum: | 1005e55af73b4368c4f70de54bea4d24 |
|
| /// File Name: | joomlagcalendar-lfi.txt | Description:
| The Joomla GCalendar component version 2.1.5 suffers from a local file inclusion vulnerability. | | Author: | jdc | | File Size: | 296 | | Last Modified: | Mar 15 23:09:35 2010 | | MD5 Checksum: | 37dcdf5f0f4940cdb5864baaaf25fede |
|
| /// File Name: | phpclassifieds75-sql.txt | Description:
| PHP Classifieds version 7.5 suffers from a remote blind SQL injection vulnerability. | | Author: | Itsecteam | | File Size: | 1516 | | Last Modified: | Mar 15 23:08:04 2010 | | MD5 Checksum: | 0871c7e1bf89556b85ecd113cc2f230e |
|
| /// File Name: | joomlaninjarss-lfi.txt | Description:
| The Joomla Ninja RSS Syndicator component version 1.0.8 suffers from a local file inclusion vulnerability. | | Author: | jdc | | File Size: | 311 | | Last Modified: | Mar 15 23:05:22 2010 | | MD5 Checksum: | 59a0759b1ea9efe414effe42422ced7c |
|
| /// File Name: | phenix-sql.txt | Description:
| Phenix version 3.5b suffers from a remote SQL injection vulnerability. | | Author: | Itsecteam | | File Size: | 2063 | | Last Modified: | Mar 15 23:03:52 2010 | | MD5 Checksum: | 4097c788d6d53965d4649fe9c5ad2bd3 |
|
| /// File Name: | joomlabidding-sql.txt | Description:
| The Joomla Bidding component suffers from a remote SQL injection vulnerability. | | Author: | N2n-Hacker | | File Size: | 1240 | | Last Modified: | Mar 15 23:02:38 2010 | | MD5 Checksum: | d039e0d38d16ba0a6848b06d4c63e909 |
|
| /// File Name: | joomlarpx-lfi.txt | Description:
| The Joomla Ulti RPX component version 2.1.0 suffers from a local file inclusion vulnerability. | | Author: | jdc | | File Size: | 250 | | Last Modified: | Mar 15 23:00:11 2010 | | MD5 Checksum: | 0362dd1eacdc9969a8aa5ac8f934909a |
|
| /// File Name: | duhok-xss.txt | Description:
| Duhok Forum version 1.0 suffers from a cross site scripting vulnerability. | | Author: | indoushka | | File Size: | 1992 | | Last Modified: | Mar 15 22:59:14 2010 | | MD5 Checksum: | 2222bf305eadf8baf0a8c2dd3db603fc |
|
| /// File Name: | freehost-shell.txt | Description:
| FreeHost version 1.00 suffers from a remote shell upload vulnerability. | | Author: | indoushka | | File Size: | 1971 | | Last Modified: | Mar 15 22:58:11 2010 | | MD5 Checksum: | c7bb1e8b5731131a5a22dd70cc19c874 |
|
| /// File Name: | torrenthoster-shellxss.txt | Description:
| Torrent Hoster suffers from cross site scripting and shell upload vulnerabilities. | | Author: | El-Kahina | | File Size: | 1993 | | Last Modified: | Mar 15 22:56:32 2010 | | MD5 Checksum: | 6728da522ea89ad62f28da2d3d152f08 |
|
| /// File Name: | chcms-shell.txt | Description:
| CH-CMS.ch version 2 suffers from a remote shell upload vulnerability. | | Author: | El-Kahina | | File Size: | 1390 | | Last Modified: | Mar 15 22:54:44 2010 | | MD5 Checksum: | 42986c4fdebb5d7031d3ef144de9d0d8 |
|
| /// File Name: | interspiresc-upload.txt | Description:
| Interspire Shopping Cart version 5.5.4 suffers from backup related and shell upload vulnerabilities. | | Author: | indoushka | | File Size: | 1854 | | Last Modified: | Mar 15 22:53:00 2010 | | MD5 Checksum: | 7e59767527a61084a2f4637a36ca304a |
|
| /// File Name: | subdreamer-upload.txt | Description:
| Subdreamer CMS version 3.0.1 suffers from an arbitrary file upload vulnerability. | | Author: | indoushka | | File Size: | 1982 | | Last Modified: | Mar 15 22:51:20 2010 | | MD5 Checksum: | ff371a3a2960d4b3bf18321c42fe8cdf |
|
| /// File Name: | ZDI-10-029.txt | Description:
| Zero Day Initiative Advisory 10-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the WebCore's HTMLObjectElement::renderFallBackContent() method. By rewriting an HTML element via the document's innerHTML() method a memory corruption occurs resulting from a call-after-free. This can be leveraged to execute arbitrary code under the context of the current user. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2730 | | Related CVE(s): | CVE-2010-0050 | | Last Modified: | Mar 15 22:50:04 2010 | | MD5 Checksum: | 8ead72db8cf3df3d033a75fb0998dc6b |
|
| /// File Name: | andromeda-xsscookie.txt | Description:
| Andromeda version 1.9.2 suffers from cross site scripting and cookie manipulation vulnerabilities. | | Author: | indoushka | | File Size: | 3059 | | Last Modified: | Mar 15 22:49:13 2010 | | MD5 Checksum: | a555f2b25982c6e7a88144e45071ec84 |
|
| /// File Name: | IranianNames.txt | Description:
| This is a list of Iranian names to be used for cracking. | | Author: | Nima Ghotbi | | Homepage: | http://h.ackerz.com/ | | File Size: | 8905 | | Last Modified: | Mar 15 22:44:16 2010 | | MD5 Checksum: | f464e0417d96108872099ed26f004e20 |
|
| /// File Name: | addressbookscript-lfi.txt | Description:
| Address Book Script version 1.9 suffers from a local file inclusion vulnerability. | | Author: | Pouya Daneshmand | | File Size: | 863 | | Last Modified: | Mar 15 22:42:59 2010 | | MD5 Checksum: | 7735c19b3d2c60e24e4c585577e042dc |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
