exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 54 RSS Feed

Files Date: 2012-04-19

xRadio 0.95b Buffer Overflow
Posted Apr 19, 2012
Authored by b0telh0

This Metasploit module exploits a buffer overflow in xRadio 0.95b. Using the application to import a specially crafted xrl file, a buffer overflow occurs allowing arbitrary code execution.

tags | exploit, overflow, arbitrary, code execution
SHA-256 | 29818ef616f922a8dafe08d3b7fc05bbecd247b885f9977dbbbf05e4045d35b1
OpenSSL Memory Corruption
Posted Apr 19, 2012
Authored by Tavis Ormandy

OpenSSL versions up to and including 1.0.1 are affected by a memory corruption vulnerability. asn1_d2i_read_bio in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can be exploited on systems that parse untrusted data, such as X.509 certificates or RSA public keys.

tags | advisory
advisories | CVE-2012-2110
SHA-256 | b2527f3f787a4be179232af6290c80365f3d3b21d504e92bda12f332f8efc586
Oracle GlassFish Server 3.1.1 Cross Site Request Forgery
Posted Apr 19, 2012
Authored by Roberto Suggi Liverani | Site security-assessment.com

Oracle GlassFish Server version 3.1.1 build 12 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2012-0550
SHA-256 | 1ab958cd22e7204426b09ede8bb2230718a9c906cf7ed05673dd8784c94bdb4a
Oracle Enterprise Manager Session Fixation
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 10.2.0.5 and 11.1.0.7 (and previous patchsets) suffer from a session fixation vulnerability.

tags | advisory
advisories | CVE-2012-0528
SHA-256 | b23814439d636e11ed6a260aec8c598ed350de8a5024e6065430fd9b1b3534e8
Ruxcon 2012 Call For Papers
Posted Apr 19, 2012
Site ruxcon.org.au

Ruxcon 2012 Call For Papers - Ruxcon is the premier technical computer security conference in the Australia. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations. This year the conference will take place over the weekend of 20th and 21st of October at the CQ Function Centre, Melbourne, Australia.

tags | paper, conference
SHA-256 | 967b14c2cc86eb829ac73a7d5559ae16ecaeaee7a00dda16841f0629ce75679a
Oracle Enterprise Manager prevPage HTTP Response Splitting
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 10.2.0.5, 11.1.0.7 and 11.2.0.3 (and previous patchsets) along with Oracle Enterprise Manager Grid Control version 10.2.0.5 (and previous patchsets) suffer from an HTTP response splitting vulnerability in the prevPage parameter.

tags | advisory, web
advisories | CVE-2012-0526
SHA-256 | 8181e024c40eda634dec94eeab4606fb3db63b7568215c373cb8f48ead738da1
Oracle Data Lock Account Protection
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Data Server versions 10gR1, 10gR2 (10.2.0.5 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) suffer from incomplete protection of locked accounts.

tags | advisory
advisories | CVE-2012-0510
SHA-256 | 215843a987ff2f43ea718bc99ea044e6b7625eafbbcbc9548a64806ba5eddf08
Oracle Enterprise Manager pageName HTTP Response Splitting
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 10.2.0.5, 11.1.0.7, and 11.2.0.3 (and previous patchsets) along with Oracle Enterprise Manager Grid Control version 10.2.0.5 (and previous patchsets) suffer from an HTTP response splitting vulnerability in the pageName parameter.

tags | advisory, web
advisories | CVE-2012-0527
SHA-256 | 4a9392fef4e6e9384b1634a3dd07200e175b383fcc4c1b78ec8e889706f4392d
Oracle Failed Logging On Password Attempts
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Server versions 10gR1, 10gR2 (10.2.0.4 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) have an issue where failed authentication attempts using the OCIPasswordChange API are not recorded.

tags | advisory
advisories | CVE-2012-0511
SHA-256 | 173e01a97b485a5516ae3a72a066b88d84c9785fbf34fde460d39e1a7ee0dcb4
Comodo Internet Security Blue Screen Of Death
Posted Apr 19, 2012
Authored by Ange Albertini

Comodo Internet Security versions until 5.9 suffered from a blue screen of death denial of service condition on Microsoft Windows 7 x64 if a 32b PE with a kernel ImageBase is executed.

tags | advisory, denial of service, kernel
systems | windows
SHA-256 | 1e86af280c77354ea561913520978f4b427cfd15a034c0157c849df03bb3da47
Oracle Enterprise Manager searchPage SQL Injection
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 11.1.0.7 and 11.2.0.3 (and previous patchsets) along with Oracle Enterprise Manager Grid Control versions 10.2.0.5 and 11.1.0.1 (and previous patchsets) suffer from a remote SQL injection vulnerability in the searchPage web page.

tags | exploit, remote, web, sql injection
advisories | CVE-2012-0525
SHA-256 | 238c4c370d27fbb4af33c31d9b6b3c6a70be3e90074b5802d357dae06c3c99a4
ReadyDesk Cross Site Scripting
Posted Apr 19, 2012
Authored by Sony

ReadyDesk suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d933cf2d5240cd1b9fef0c9dff0b3afddcab16f19f6a7204ee5c5a9fe6166cd9
Oracle Enterprise Manager compareWizFirstConfig SQL injection
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 11.1.0.7 and 11.2.0.2 (and previous patchsets) along with Oracle Enterprise Manager Grid Control version 10.2.0.4 (and previous patchsets) suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2012-0512
SHA-256 | aaf728d372e18f22b5e25311a5a3f620eec0564baa23a4ceed2f9a4ee870f4c0
ChatBlazer Flash Chat Cross Site Scripting
Posted Apr 19, 2012
Authored by Sony

ChatBlazer Flash Chat suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2863706204b0d4e44dce1eef5246375180b128da4fdfce31ea95394d82592837
PG-MailingList 3.0 Cross Site Scripting
Posted Apr 19, 2012
Authored by KedAns-Dz

PG-MailingList versions 3.0 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a9e87d839e6fb56045cb70c7be7d2d1eef1cacb23d8f5c04a3ad122dffc4131b
Bugzilla Unauthorized Access / Cross Site Scripting
Posted Apr 19, 2012
Authored by Soroush Dalili, Frederic Buclin, Byron Jones | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 3.5.3 to 3.6.8, 3.7.1 to 4.0.5, and 4.1.1 to 4.2 suffer from an authorized access vulnerability. Bugzilla versions 2.17.4 to 3.6.8, 3.7.1 to 4.0.5, and 4.1.1 to 4.2 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2012-0465, CVE-2012-0466
SHA-256 | cd5bcb16d9fc77f836d09c3e0255fb95fd2cfe29cc6147822f65c77d60475b15
Adobe Flash Player NetStream Remote Code Execution
Posted Apr 19, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. The vulnerability is caused by an invalid object being used when parsing a malformed video via "NetStream.appendBytes", which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP enabled.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0773
SHA-256 | 9b4488d35212ce158b36f3b2eb967b148fddbf040de1f99a30ab5a53f3202ef4
VLC 2.0.1 Division By Zero
Posted Apr 19, 2012
Authored by Senator of Pirates

VLC version 2.0.1 suffers from a division by zero vulnerability during the handling of mp4 files.

tags | exploit, denial of service
SHA-256 | 10f07cc24725bca656acafb4767470f9903dd176fb798703ffd1e1ed72195799
Wireshark call_dissector() Denial Of Service
Posted Apr 19, 2012
Authored by Wireshark

Wireshark suffers from a call_dissector() NULL pointer dereference denial of service vulnerability. Proof of concept pcap included.

tags | exploit, denial of service, proof of concept
systems | linux
advisories | CVE-2012-1593
SHA-256 | 8139489227889d61c55034247a3d493ffe6a2ec4f169b8c36e0554eda132852d
EMC Data Protection Advisor Denial Of Service
Posted Apr 19, 2012
Site emc.com

EMC Data Protection Advisor (DPA) contains vulnerabilities that can potentially be exploited by malicious users to cause denial of service.

tags | advisory, denial of service, vulnerability
advisories | CVE-2012-0406, CVE-2012-0407
SHA-256 | e93e8f6daaaf175e61291a89a77cb04b5b8f20c9b8728903f3742f9f8c6eab80
Secunia Security Advisory 48870
Posted Apr 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Enterprise Manager Grid Control, which can be exploited by malicious users and malicious people to disclose potentially sensitive information and manipulate certain data.

tags | advisory, vulnerability
SHA-256 | a582ae23e10997c0d9b4daf76b0e8efb1bd46136ec1043d0fe26db13b10bf615
Secunia Security Advisory 48864
Posted Apr 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oracle has acknowledged multiple vulnerabilities in Oracle JRockit, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
SHA-256 | 0648456b106e3c6500b7e3c3e6dbaecb42e7c5472647b666c188aa06d9bca516
Secunia Security Advisory 48867
Posted Apr 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Outside In Technology, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | a51319aa9f81116178be2277b28e8eb2bb7e49dd5712eafea85085eb7877f652
Secunia Security Advisory 48869
Posted Apr 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Oracle WebCenter Forms Recognition, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | b7838f61a9deb77d2526cccbc98d495f86bee11c0354bbbde8e7705b0f2bdcee
Secunia Security Advisory 48861
Posted Apr 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle Identity Manager, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.

tags | advisory
SHA-256 | a50837c4ca1aaebf48c86cbbecf6a448857ef1e17b53afb4ec81cd50b6406837
Page 1 of 3
Back123Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close