Exploit

EXPLOIT DATABASE

• Fri, 11 Mar 2011 04:32:21 +0000: [webapps] – Oracle WebLogic Session Fixation Via HTTP POST
  – [CVE: 2010-4437] – Exploit-DB updates
• Thu, 10 Mar 2011 21:35:01 +0000: [remote] – Oracle MySQL for Microsoft Windows Payload Execution – Exploit-DB updates
• Thu, 10 Mar 2011 21:28:26 +0000: [remote] – Novell iPrint Client ActiveX Control <= 5.52 Buffer Overflow
  – [CVE: 2010-4321] – Exploit-DB updates
• Thu, 10 Mar 2011 17:11:59 +0000: [webapps] – SmarterMail 7.3 and 7.4 Multiple Vulnerabilities – Exploit-DB updates
• Thu, 10 Mar 2011 11:13:20 +0000: [webapps] – Keynect Ecommerce SQL Injection Vulnerability – Exploit-DB updates
• Thu, 10 Mar 2011 11:07:21 +0000: [webapps] – Luch Web Designer Multiple SQL Injection Vulnerabilities – Exploit-DB updates
• Thu, 10 Mar 2011 11:03:22 +0000: [dos] – Linux Kernel < 2.6.37-rc2 TCP_MAXSEG Kernel Panic DoS
  – [CVE: 2010-4165] – Exploit-DB updates
• Thu, 10 Mar 2011 00:02:49 +0000: [local] – FreeBSD <= 6.4 Netgraph Local Privledge Escalation Exploit
  – [CVE: 2008-5736] – Exploit-DB updates
• Wed, 09 Mar 2011 14:00:38 +0000: [webapps] – RecordPress 0.3.1 Multiple Vulnerabilities – Exploit-DB updates
• Wed, 09 Mar 2011 10:44:20 +0000: [webapps] – maian weblog <= v4.0 remote blind SQL injection exploit – Exploit-DB updates
• Wed, 09 Mar 2011 10:40:10 +0000: [webapps] – Esselbach Storyteller CMS System Version 1.8 SQL Injection Vulnerability – Exploit-DB updates
• Tue, 08 Mar 2011 23:37:31 +0000: [webapps] – GRAND Flash Album Gallery 0.55 WordPress Plugin Multiple Vulnerabilities – Exploit-DB updates
• Tue, 08 Mar 2011 22:13:38 +0000: [webapps] – RuubikCMS Version 1.0.3 Multiple Vulnerabilities – Exploit-DB updates
• Tue, 08 Mar 2011 21:26:54 +0000: [dos] – Nokia N97 m3u Playlist Crash PoC – Exploit-DB updates
• Tue, 08 Mar 2011 21:23:42 +0000: [dos] – Movavi VideoSuite 8.0 Movie Editor avi Local Crash PoC – Exploit-DB updates

PACKETSTORM DATABASE

• 11 March 2011: Oracle WebLogic Server 9 / 10 Session Fixation – Files ≈ Packet Storm
  Oracle WebLogic server versions 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 suffers from a session fixation vulnerability.
• 10 March 2011: Air Contacts Lite Denial Of Service – Files ≈ Packet Storm
  The Air Contacts Lite iPhone / iPod application suffers from a denial of service vulnerability.
• 10 March 2011: SmarterMail 7.x Cross Site Scripting / Shell Upload / Traversal – Files ≈ Packet Storm
  SmarterMail version 7.x suffers from cross site scripting, shell upload and directory traversal vulnerabilities.
• 10 March 2011: Debian Security Advisory 2189-1 – Files ≈ Packet Storm
  Debian Linux Security Advisory 2189-1 – Several vulnerabilities were discovered in the Chromium browser.
• 10 March 2011: KMPlayer 2.9.3 Stack Buffer Overflow – Files ≈ Packet Storm
  KMPlayer version 2.9.3 stack buffer overflow proof of concept exploit.
• 10 March 2011: Windows Movie Maker 2.1 Stack Overflow – Files ≈ Packet Storm
  Windows Movie Maker version 2.1 import AVI video stack overflow proof of concept exploit.
• 10 March 2011: Lazyest Gallery 1.0.26 Cross Site Scripting / Path Disclosure – Files ≈ Packet Storm
  Lazyest Gallery version 1.0.26 suffers from cross site scripting and path disclosure vulnerabilities.
• 10 March 2011: Nagios 3.2.0 / 3.2.3 Cross Site Scripting – Files ≈ Packet Storm
  Nagios versions 3.2.0 and 3.2.3 suffer from a cross site scripting vulnerability.
• 10 March 2011: PASSWORDS^11 Call For Papers – Files ≈ Packet Storm
  The PASSWORDS^11 Call For Papers has been announced. It will be held at the University in Bergen (Norway) from June 7th through the 8th, 2011.
• 10 March 2011: PHP-Nuke 8.0 Cross Site Scripting – Files ≈ Packet Storm
  PHP-Nuke versions 8.0 and below suffer from cross site scripting and anti-automation vulnerabilities.
• 10 March 2011: CosmoShop ePRO 10.05.00 Cross Site Scripting / SQL Injection – Files ≈ Packet Storm
  CosmoShop ePRO version 10.05.00 suffers from cross site scripting and remote SQL injection vulnerabilities.
• 10 March 2011: HP Security Bulletin HPSBMA02629 SSRT100381 3 – Files ≈ Packet Storm
  HP Security Bulletin HPSBMA02629 SSRT100381 3 – Potential security vulnerabilities have been identified with HP Power Manager (HPPM) running on Linux and Windows. One vulnerability could result in cross site request forgery (CSRF) leading to unauthorized administrative access. Another vulnerability could result in cross site scripting (XSS). Revision 3 of this advisory.
• 10 March 2011: Understanding The ARM Architecture – Files ≈ Packet Storm
  Whitepaper called Understanding the ARM Architecture. Written in Portuguese.
• 10 March 2011: DLL Hijacking With Metasploit – Files ≈ Packet Storm
  Whitepaper called DLL Hijacking with Metasploit. Written in Portuguese.
• 10 March 2011: OATH Toolkit 1.6.2 – Files ≈ Packet Storm
  The OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.

OPENSOURCE VULNERABILITY DATABASE

• : Apple Safari Script Variable Length DoS – Latest OSVDB Vulnerabilities
  Apple Safari Script Variable Length DoS
• : WSN Guest edit.php condition Parameter SQL Injection – Latest OSVDB Vulnerabilities
  WSN Guest edit.php condition Parameter SQL Injection
• : WSN Guest search.php Multiple Parameter SQL Injection – Latest OSVDB Vulnerabilities
  WSN Guest search.php Multiple Parameter SQL Injection
• : WSN Guest memberlist.php field Parameter SQL Injection – Latest OSVDB Vulnerabilities
  WSN Guest memberlist.php field Parameter SQL Injection
• : WSN Guest classes/member.php member() Function wsnuser Cookie SQL Injection – Latest OSVDB Vulnerabilities
  WSN Guest classes/member.php member() Function wsnuser Cookie SQL Injection
• : Comment Rating Plugin for WordPress ck-processkarma.php id Parameter SQL Injection – Latest OSVDB Vulnerabilities
  Comment Rating Plugin for WordPress ck-processkarma.php id Parameter SQL Injection
• : TTtuangou index.php id Parameter SQL Injection – Latest OSVDB Vulnerabilities
  TTtuangou index.php id Parameter SQL Injection
• : TTtuangou ajax.php email Parameter SQL Injection – Latest OSVDB Vulnerabilities
  TTtuangou ajax.php email Parameter SQL Injection
• : Citrix Licensing Administration Console Unspecified Access Bypass (2011-1101) – Latest OSVDB Vulnerabilities
  Citrix Licensing Administration Console Unspecified Access Bypass (2011-1101)
• : Citrix XenApp / XenDesktop Unspecified XML Service Interface Issue – Latest OSVDB Vulnerabilities
  Citrix XenApp / XenDesktop Unspecified XML Service Interface Issue

SECURITYFOCUS DATABASE

• Thu, 10 Mar 2011 00:00:00 +0000: Vuln: Oracle Weblogic CVE-2010-4437 Remote Session Fixation Vulnerability – SecurityFocus Vulnerabilities
  Oracle Weblogic CVE-2010-4437 Remote Session Fixation Vulnerability
• Thu, 10 Mar 2011 00:00:00 +0000: Vuln: WebKit Use-After-Free Remote Code Execution Vulnerability – SecurityFocus Vulnerabilities
  WebKit Use-After-Free Remote Code Execution Vulnerability
• Thu, 10 Mar 2011 00:00:00 +0000: Vuln: Cisco IOS CVE-2010-2828 H.323 Unspecified Denial of Service Vulnerability – SecurityFocus Vulnerabilities
  Cisco IOS CVE-2010-2828 H.323 Unspecified Denial of Service Vulnerability
• Thu, 10 Mar 2011 00:00:00 +0000: Vuln: OpenLDAP Multiple Security Bypass Vulnerabilities – SecurityFocus Vulnerabilities
  OpenLDAP Multiple Security Bypass Vulnerabilities
• : Bugtraq: [security bulletin] HPSBMA02629 SSRT100381 rev.3 – HP Power Manager (HPPM) Running on Linux and Windows, Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS) – SecurityFocus Vulnerabilities
  [security bulletin] HPSBMA02629 SSRT100381 rev.3 – HP Power Manager (HPPM) Running on Linux and Windows, Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS)
• : Bugtraq: Re: HTB22875: XSS in Lazyest Gallery wordpress plugin – SecurityFocus Vulnerabilities
  Re: HTB22875: XSS in Lazyest Gallery wordpress plugin
• : Bugtraq: Re: Cross-Site Scripting vulnerability in Nagios – SecurityFocus Vulnerabilities
  Re: Cross-Site Scripting vulnerability in Nagios
• : Bugtraq: Call for Papers: Passwords^11 – SecurityFocus Vulnerabilities
  Call for Papers: Passwords^11
• : More rss feeds from SecurityFocus – SecurityFocus Vulnerabilities
  News, Infocus, Columns, Vulnerabilities, Bugtraq …