This Metasploit module exploits a vulnerability found in QuickShare File Share's FTP service. By supplying "../" in the file path, it is possible to trigger a directory traversal flaw, allowing the attacker to read a file outside the virtual directory. By default, the "Writable" option is enabled during account creation, therefore this makes it possible to create a file at an arbitrary location, which leads to remote code execution.
f232667933a9b74318156ffe27e5e96cconntrack-tools is a set of userspace tools for Linux that allow system administrators to interact with the Connection Tracking System, the module which provides stateful packet inspection for iptables. It includes the userspace daemon conntrackd and the commandline interface conntrack.
8e20330d6ca3a3f23552aa900b1d467ciptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
5ab24ad683f76689cfe7e0c73f44855dCall For Papers for the 8th edition of the Ekoparty Security Conference being held from September 17th through the 21st, 2012, in Latin America.
4dc6e51a4158ed3ceda8c21b8b704623b2ePMS version 1.0 suffers from multiple remote SQL injection vulnerabilities.
42298de74f5e382122bf6d9b2440ee81WhyWeb suffers from a remote SQL injection vulnerability.
6d3ab7b3f1457ff72887080dd37aad19Santilga CMS version 1.2.6.3 suffers from cross site request forgery and remote SQL injection vulnerabilities.
faf336b3a1b026bfc8e870b2405b19a6AzDGDatingMedium version 1.9.3 suffers from cross site request forgery, cross site scripting, php code execution, remote SQL injection, and directory traversal vulnerabilities.
6962b986c26730e365d1c16552cababaiOS versions 5.1.1 and below Safari Browser JS match(), search() crash proof of concept exploit.
4c3d65eecf219e11043dc54dccc454f8Hyperion is a runtime encrypter for 32-bit portable executables. It is a reference implementation and bases on the paper "Hyperion: Implementation of a PE-Crypter".
48c78f07f8d9d8a7e61b055e99290f24PHP List version 2.10.9 suffers from a remote PHP code injection vulnerability.
0242d7481f2a7870b00218bc4efd3a7dSmall CMS suffers from a remote PHP code injection vulnerability.
cc559ce5b66ce07d448792573d28d86dSymantec Web Gateway version 5.0.2 remote local file inclusion root exploit.
e1cd70ed9ddc7db0a7bc45a9ac537159Ubuntu Security Notice 1454-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service.
669bfff032cd2b42bbdf149e5ef06a1dGekko CMS appears to suffer from a file disclosure vulnerability.
fc10d007f192d991f48cc9832fb49312This Metasploit module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution.
8dc19f398388284a81cf2ecae5005436This Metasploit module exploits a vulnerability found in RabidHamster R4's web server. By supplying a malformed HTTP request, it is possible to trigger a stack-based buffer overflow when generating a log, which may result in arbitrary code execution under the context of the user.
d5c7b728cc34e438d56471e6fbda49bdThe GreHack 2012 Call For Papers has been announced. It will be held in Grenoble, France on October 19th, 2012.
77c4584bf8b850f6540301a838dd4258ResEdit version 1.5.11-win32 suffers from a buffer overflow. Proof of concept denial of service exploits included.
6f23782d3add86957f122b199a5849ecKolkata is a tool for IDS evading web application fingerprinting. It is written in perl and uses LibWhisker.
bb2c661a62752b3093161dc4ad3b29baThis Metasploit module exploits a vulnerability found in Dorn Content Management Script (CMS), version 1.4. By abusing the add_page.php file, the attacker can upload/add a new file (.php) to the /cms/pages/ directory without any authentication, which results in arbitrary code execution.
c93d65487a1c0efc12fc9a8a68adc5dbThe Hacktivity 2012 Call For Papers has been announced. It will be held from October 12th through the 13th, 2012 in Budapest, Hungary.
c4e46f46fe62ec6961a307d6fb8167afLogAnalyzer version 3.4.2 suffers from cross site scripting, arbitrary file reading, and remote SQL injection vulnerabilities.
2427d2cf98e92db38be0f21c58da1065Pligg CMS version 1.2.1 suffers from cross site scripting and local file inclusion vulnerabilities.
7b79d17eacb9df80bafc88ab8fbbdabcpragmaMx version 1.12.1 suffers from a cross site scripting vulnerability.
5433c6278bfe6b6212f911b0a46eda42
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed