This archive contains all of the 433 exploits added to Packet Storm in June, 2012.
64ee9d7248a84c9714b50291e971d808e03935f4d5fbeca1f8c00aacbbae222aThis Metasploit module exploits a stack buffer overflow in HP Data Protector 5. The overflow occurs in the creation of new folders, where the name of the folder is handled in a insecure way by the dpwindtb.dll component. While the overflow occurs in the stack, the folder name is split in fragments in this insecure copy. Because of this, this module uses egg hunting to search a non corrupted copy of the payload in the heap. On the other hand the overflowed buffer is stored in a frame protected by stack cookies, because of this SEH handler overwrite is used. Any user of HP Data Protector Express is able to create new folders and trigger the vulnerability. Moreover, in the default installation the 'Admin' user has an empty password. Successful exploitation will lead to code execution with the privileges of the "dpwinsdr.exe" (HP Data Protector Express Domain Server Service) process, which runs as SYSTEM by default.
962411e193e7b384adfe805773b642d125d223dcbeecdc498ef53de2cbc5c202John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
27456073b0c2eda16714f4bf64a9731ba7dd9750bab5ee7ad4ba632ee2a6779cThis Metasploit module exploits a stack-based buffer overflow vulnerability in versions 4.3.2.0 and below of Irfanview's JPEG2000.dll plugin. This exploit has been tested on a specific version of irfanview (v4.3.2), although other versions may work also. The vulnerability is triggered via parsing an invalid qcd chunk structure and specifying a malformed qcd size and data. Payload delivery and vulnerability trigger can be executed in multiple ways. The user can double click the file, use the file dialog, open via the icon and drag/drop the file into Irfanview\'s window. An egg hunter is used for stability.
c5cce711dbd4abe77f358a5360b9fd21367c38e3811ab24c191fb5a02cb79609Python-wrapper executes any test.py script within the current working directory, when supplied with help('modules'). A non-privileged user may gain code execution by tricking root to help('modules') or help() and then modules from within python-wrapper while within a non-privileged user's work directory.
d58933fe94dc7d2c9f7f05b9dd9d6736fd4a43d5f37eee91e3e776a573bb8c24Photodex ProShow Producer version 5.0.3256 suffers from a local buffer overflow vulnerability.
0b8b05ed7b3f945e79239735409a386a1787e080be042c09324706c888d700e7Emesene version 2.12.5 suffers from a password disclosure vulnerability.
fc424025137d50af40a34bd19ad15ac25ff4d4bda85344dae83282ea92a49ffaMicrosoft IIS suffers from a short file/folder name disclosure vulnerability when handling tilde characters. The .NET framework may also suffer from a denial of service condition relating to the handling of tilde. Proof of concept scanner included.
ac7e17676655fc32991058e316c32da4c4a71a9100a0f1c88e9530581b4638c8WANGKONGBAO CNS-1000 and CNS-1100 suffer from a directory traversal vulnerability.
d08faedbde9b8dbd524b59e4193f087991c4d236239f0b21829cb29d78dfe7f3HP Security Bulletin HPSBMU02783 SSRT100806 - Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). Revision 1 of this advisory.
3ee41e405aad16edf01efb4d6b28e3c5d144471e878030f435a4674dc606792aHP Security Bulletin HPSBMU02781 SSRT100617 - Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running PostgreSQL. The vulnerabilities could be remotely exploited resulting in execution of arbitrary code and Denial of Service (DoS) . Revision 1 of this advisory.
b85e8b8a8b2b6709cb17786ee687f79c84cb868d3e8d7908aac5a6e2bead0467Mandriva Linux Security Advisory 2012-096 - Multiple vulnerabilities has been discovered and corrected in python. The _ssl module would always disable the CBC IV attack countermeasure. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file. A race condition was found in the way the Python distutils module set file permissions during the creation of the.pypirc file. Various other issues were also addressed.
6519f45b66e8e91380ebd2fe36730ada9b3c9fe8a02948e6fcc43d7e69bb6a64Global Pixel suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
f928e375b00ca40b103b9c8dfe95f3a36a0014c3dc99ffefc2abb76e8a42d319Ubuntu Security Notice 1494-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).
f137e62a4681a574d3de6129ce4e63221ef6ad665fac5aa66f74a74d396ed2efGeswebs suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
13ae04e09319b78940b411cbaad8203e0c82add9dd81d8a04ba46140c4331afaH.A.A.M suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
cd03d431efef55c324edccc037794e3fabcc260c24b36501fa3eabea4f6b46faRcsindia suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
14d9b296303c57e3e39fb9231b6015079e18acaa378af6d2aa27e5369eb30121Octagono suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
22ae4c9996d997ee9cb47e8fab12df551d21d10cbc0157ee4433ef25602a156dCMS MBB version 0.0.3 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
f8115ab5262866df0a5eae163876f8c327672e68afc452e1ad5591d558ae9c5fThis is a BSD telnetd remote root exploit supposedly stolen from Kingcope and posted on mailing lists.
86d6caae381ef38095dc163860a232ba735cc819e871d06ba7f5220da75fd8fcSites designed by Planetinfosoft suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
e419f28a1265ee21d230f8658b77aa6882490a23509c308a33269154bd6f560858 bytes small Linux/x86 rm -fr / shellcode.
f97ca9b35911145e544f8f2c9253eb7646968fcbab53346ae763b8c0513a2b5aHong Kong Firms CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
6810a857bdaa9282f31993bb7bbad89edeb6aa57a3b19f0962d31538d7fb6c0fBarrie.TV suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
5ad282707f685dbc51f50b429964162e9001b617190c53dfca55531abe769053Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in Magix CMS, which can be exploited by malicious people to compromise a vulnerable system.
f7c54d574bc10c94bd493fbf54976f8365de0b8ad4ba1d833d1faaafe1160765
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed