exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files Date: 2009-02-06

Gentoo Linux Security Advisory 200902-1
Posted Feb 6, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200902-01 - A vulnerability in sudo may allow for privilege escalation. Harald Koenig discovered that sudo incorrectly handles group specifications in Runas_Alias (and related) entries when a group is specified in the list (using %group syntax, to allow a user to run commands as any member of that group) and the user is already a member of that group. Versions less than 1.7.0 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2009-0034
SHA-256 | d01204ca7b1ec791afe19e396723b1fda8d1c4789820abb625608d995c41aecd
phpYabs 0.1.2 Remote File Inclusion
Posted Feb 6, 2009
Authored by Arka69 | Site exploita.altervista.org

phpYabs version 0.1.2 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 2f3f0d369d804ebd7eac71f460b568e4e47337083033efb7b8b2a65d8846526c
iDEFENSE Security Advisory 2009-02-06.3
Posted Feb 6, 2009
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 02.06.09 - Remote exploitation of a BSS based buffer overflow vulnerability in Hewlett-Packard Development Co. LP (HP)'s Network Node Manager could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability exists within the 'ovlaunch' CGI application, which is used to launch the remote user interface. iDefense has confirmed the existence of this vulnerability in Network Node Manager version 7.53 for Windows. Previous versions may also be affected. The Linux version of 'ovlaunch' contains the vulnerable code, but it is not triggered. The actual hostname is used instead of the attacker supplied 'Host' parameter.

tags | advisory, remote, overflow, arbitrary, cgi
systems | linux, windows
advisories | CVE-2008-4562
SHA-256 | 26dfc28bbbebe64ce9d4722f1ae740edae5d75f638211f1f9d97f2ca4be3afd3
iDEFENSE Security Advisory 2009-02-06.2
Posted Feb 6, 2009
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 02.06.09 - Remote exploitation of multiple information disclosure vulnerabilities in Hewlett-Packard Development Co. LP (HP)'s Network Node Manager could allow an attacker to gain access to sensitive information. Two vulnerabilities exist within the CGI applications distributed with NNM. iDefense has confirmed the existence of these vulnerabilities in Network Node Manager version 7.53 for Linux and Windows. Previous versions may also be affected.

tags | advisory, remote, cgi, vulnerability, info disclosure
systems | linux, windows
advisories | CVE-2008-4560
SHA-256 | 1383b8f6f00f24494f4b27b8e42ff950034a86a07d5a4f362f2eb9297c90ce50
iDEFENSE Security Advisory 2009-02-06.1
Posted Feb 6, 2009
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 02.06.09 - Remote exploitation of multiple command injection vulnerabilities in Hewlett-Packard Development Co. LP (HP)'s Network Node Manager, could allow an attacker to execute arbitrary code with the privileges of the affected service. Multiple command injection vulnerabilities are present in NNM CGI applications. The vulnerabilities are very similar and occur in the webappmon.exe and OpenView5.exe program. iDefense has confirmed the existence of these vulnerabilities in Network Node Manager version 7.53 for Linux. Previous versions, as well as versions for other Unix based operating systems, may also be affected.

tags | advisory, remote, arbitrary, cgi, vulnerability
systems | linux, unix
advisories | CVE-2008-4559
SHA-256 | 7205e1f402b8dbdefe11b8330ff0cc23eca2e06cc1fe98d35bfcdc3e4fd65979
HP Security Bulletin 2008-01.82
Posted Feb 6, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running NFS. This vulnerability could be exploited locally resulting in a Denial of Service (DoS).

tags | advisory, denial of service
systems | hpux
advisories | CVE-2009-0206
SHA-256 | 345d0891e061a15b69734a5fb488bc92249bc57b1717a226b6f0789b051b2af8
HP Security Bulletin 2008-01.0
Posted Feb 6, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to allow execution of arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2009-0205
SHA-256 | 9eea2238d5bb38c2561a378ed08d0dc9d8069d0cc76378f7d65fe316cbc80f02
HP Security Bulletin 2008-01.66
Posted Feb 6, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders. The vulnerability could be exploited remotely to gain unauthorized access to files.

tags | advisory
advisories | CVE-2008-4419
SHA-256 | 1a6f2a2a7e4e6b06961ffdcd0c11103c84cc9c5d74501a570184405da9ba97aa
SilverNews 2.04 Bypass / LFI / Code Execution
Posted Feb 6, 2009
Authored by X0r

SilverNews version 2.04 suffers from authentication bypass, local file inclusion, and remote command execution vulnerabilities.

tags | exploit, remote, local, vulnerability, bypass, file inclusion
SHA-256 | 8a2ae6971c78605fddf72f8563149c737bd0db4e6da361499b8fe4beaff590f8
Ilch CMS SQL Injection
Posted Feb 6, 2009
Authored by Gizmore

Ilch CMS versions 1.1L and below suffer from a SQL injection vulnerability due to not sanitizing input from the X-Forwarded-For header.

tags | exploit, sql injection
SHA-256 | 79b2b624cd15c8c18f0bb8872e3736da562ad68e27c0f902f8df0ea8d7e65f13
CamFrog Credential Disclosure
Posted Feb 6, 2009
Authored by Zigma | Site nullarea.net

CamFrog Video Chat version 5.0 and CamFrog Pro version 5.2 apparently keep login and password information unencrypted in memory.

tags | advisory, info disclosure
SHA-256 | 8edd20c761bae5ed32f88301c3343513010ca3b2344d47c19df17e74f761e057
SFX-SQLi Proof Of Concept Tool
Posted Feb 6, 2009
Authored by Daniel Kachakil

Proof of concept tool called SFX-SQLi that implements an extremely fast method of extracting MS-SQL server information.

tags | tool, scanner, sql injection, proof of concept
systems | unix
SHA-256 | 7c38c7998b0304f46aaa56b1055a38cf8fe36cf5babcd2b3ee7ffc33a27f8790
SFX-SQLi - Select For XML SQL Injection
Posted Feb 6, 2009
Authored by Daniel Kachakil

Whitepaper called SFX-SQLi - Fast data extraction using SQL injection and XML statements.

tags | paper, sql injection
SHA-256 | ae97266f3b883dab25125e4ab583e17a7545ba6a9d60283d9bf7b3fac53d0de3
Stanford.edu SQL Injection
Posted Feb 6, 2009
Authored by Rohit Bansal

Stanford.edu suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9a9621de89ca6c600e90bbe229e829cf8a31da1b4cbea04108e14c889b3cd1f3
RealPlayer IVR File Code Execution
Posted Feb 6, 2009
Authored by Haifei Li | Site fortinet.com

RealNetworks RealPlayer version 11 suffers from multiple code execution vulnerabilities when processing IVR files.

tags | advisory, vulnerability, code execution
advisories | CVE-2009-0375, CVE-2009-0376
SHA-256 | 72e4e1e0d9144e2f6ac6fd0c86635d4392f59bb349d2bd69c4b436d1e28da956
1024 CMS 1.4.4 RFI / Command Execution
Posted Feb 6, 2009
Authored by JosS | Site spanish-hackers.com

1024 CMS versions 1.4.4 and below remote command execution exploit using remote file inclusion.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 019fcd602629fe932e3c63ad19b96766af61bb432cb2d92af537e4a502459a9d
Cafe Engine SQL Injection
Posted Feb 6, 2009
Authored by Snakespc | Site snakespc.com

Cafe Engine suffers from a remote SQL injection vulnerability in index.php.

tags | exploit, remote, php, sql injection
SHA-256 | 7542576d404d3b7b3a47516a5ba04245a65ab94330faf83b98b9679cffbaf886
Mailist 3.0 Insecure Backup / LFI
Posted Feb 6, 2009
Authored by SirGod | Site insecurity.ro

Mailist version 3.0 suffers from insecure backup and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | a3d7cbc5177664e2c8b00580d6679b3cabc1e1e4f070a210ccb2e9d9ee8d1bce
PHP-Calendar Information Disclosure
Posted Feb 6, 2009
Authored by Justin C. Klein Keane

PHP-Calendar suffers from an information disclosure vulnerability due to old update php files being left behind.

tags | advisory, php, info disclosure
SHA-256 | cbdb6e27a0f7e1f710c10c367f22d58f81f830bdca81b9de7ce942d5a228d804
Orbit Downloader 2.8.5 Buffer Overflow
Posted Feb 6, 2009
Authored by fl0 fl0w | Site fl0-fl0w.docspages.com

Orbit Downloader version 2.8.5 malformed URL buffer overflow exploit that spawns calc.exe, can add a user, or binds a shell to port 4444.

tags | exploit, overflow, shell
SHA-256 | 71c893ad1dd1876d071cdd705e17b2d651f69540f59d554ee72bd1a1dc797207
ZeroBoard4 LFI / SQL Injection / Bypass
Posted Feb 6, 2009
Authored by make0day

ZeroBoard4 pl8 (07.12.17) suffers from local file inclusion, blind SQL injection, cross site scripting, and authentication bypass vulnerabilities.

tags | exploit, local, vulnerability, xss, sql injection, bypass, file inclusion
SHA-256 | 0ef49cff0260bee1072b65864128cd4b397e7d3306abfbeb006d005e0cec0ec7
WikkiTikkiTavi 1.11 File Upload
Posted Feb 6, 2009
Authored by ByALBAYX | Site c4team.org

WikkiTikkiTavi version 1.11 suffers from a remote php shell upload vulnerability.

tags | exploit, remote, shell, php, file upload
SHA-256 | 22154b136691fa72fbdd57f6d1c86154003c9988e64f18c181111c43a19f88f6
Secunia Security Advisory 33860
Posted Feb 6, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
systems | hpux
SHA-256 | 829ad01ef97a5f8d00c60dd232c3635d882d76893074de065c31c28c96ebd119
Secunia Security Advisory 33814
Posted Feb 6, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in Simple PHP News, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, php, vulnerability
SHA-256 | b39ee4c152b5a9e11c2942fa496f013d07b052a909142d58e42af3181d79ae4a
Secunia Security Advisory 33846
Posted Feb 6, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Avaya has acknowledged some vulnerabilities in various Avaya products, which can be exploited by malicious, local users to potentially disclose sensitive information, and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose sensitive information, or potentially to compromise a user's system.

tags | advisory, local, vulnerability, xss
SHA-256 | de6287a4b842828c7e9c1887e2a5c6a562a4d39be7fddf13fa0f716e51553a03
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close