This video shows how to exploit a vulnerability in Microsoft Word and
Excel by using Exploit Pack 2.1.7. Get you own copy of Exploit Pack
from: http://exploitpack.com
Check it out: http://www.youtube.com/watch?v=4n0J6DXFQI0
Exploit Pack Team
Juan Sacco
http://exploitpack.com
Exploit Pack - New video! Release - Ultimate 2.1
Check it out! http://www.youtube.com/watch?v=4TrsFry13TU
Exploit Pack Team
http://exploitpack.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
DoS attacks by using Exploit Pack
What is this? Exploit Pack is a next generation tool to assist you
while you perform penetration testing to your workstations or servers.
Make your workstation safe by testing its security. Before hackers do.
Take a look of this tool while we perform a denial of
Exploit Pack is a Security Tool that will assist you while you test
the security of your workstations or networks. With a friendly and easy
to use interface, it has an update manager to keep you up to date and an
IDE for develop or modify it’s modules. Also we provide you with
technical
Exploit Pack Team is happy to announce that we reach a new frontier
+20k active users and 15+ developers. We want to thank you all for this
excelent years we hope to continue improving all our proyects.
We have made a new roadmap for 2012 including a lot of bug fixing, new
modules and
[FG-VD-11-007]IBM Lotus Notes/Domino Server Remote Denial of Service
Vulnerability
2011.December.30
Summary:
Fortinet's FortiGuard Labs has discovered a Remote Denial of Service
Vulnerability in IBM Lotus Notes/Domino Server.
Impact:
Remote Denial of Service
Risk:
High (CVSS Base
Exploit Pack Team is happy to announce that we reach a new frontier
+20k active users and 15+ developers. We want to thank you all for this
excelent years we hope to continue improving all our proyects.
We have made a new roadmap for 2012 including a lot of bug fixing, new
modules and
Hi! I saw your message on FD and SF mailing list... So sorry for this..
But I didnt have the time to create the installer for win32, linux32/64
In fact.. I was playing my favourite MMORPG ( Lineage2 ) and they
opened a new server yesterday so haha that keep me busy :p
Anyway, that its planned to
Hello there!
The exploit roaringbeast will be added to Exploit pack
Authors name and code/license will be respected and it will be ported
to Python with minimal modifications
The code will be uploaded to Exploit Pack Git Repo and will be
available to all our users
Thank you and
Exploit Pack is an open source security tool that will help you test
the security of your computer or servers. It combines the benefits of a
Java GUI, Python as engine and the latest exploits on the wild. It has
an IDE to make the task of developing new exploits easier, Instant
Search and
Exploit Pack is an open source security tool that will help you test
the security of your computer or servers. It combines the benefits of a
Java GUI, Python as engine and the latest exploits on the wild. It has
an IDE to make the task of developing new exploits easier, Instant
Search and
ro...@fibertel.com : I know you don't have any experience with open
source projects, but this is not the right way.
Next time you should try doing it well.
Go to GitHub and write the change your own. The community will moderate
it and then you will see your proposal applied.
To be clear. The
Exploit Pack is an open source security framework developed by Juan
Sacco. It combines the benefits of a
JAVA GUI, Python as Engine and well-known exploits made by users. It
has a module editor to make the task of
developing new exploits easier, Instant Search and XML-based modules.
This open
20101028 - Justanotherhacker.com : Multiple vulnerabilities in Feindura CMS
JAHx104 - http://www.justanotherhacker.com/advisories/JAHx104.txt
Fortinet Discovers Vulnerability in Indeo Codec
2009.December.08
Summary:
Fortinet's FortiGuard Labs Discovers Memory Corruption Vulnerability in
Indeo Codec.
Impact:
Remote Code Execution.
Risk:
Critical.
Affected Software:
For a list of operating system and product versions affected,
Fortinet Discovers Vulnerability in Indeo Codec
2009.December.08
Summary:
Fortinet's FortiGuard Labs Discovers Memory Corruption Vulnerability in
Indeo Codec.
Impact:
Remote Code Execution.
Risk:
Critical.
Affected Software:
For a list of operating system and product versions affected,
Multiple Vulnerabilities in Adobe Acrobat / Reader
2009.October.13
Summary:
Fortinet discovers multiple vulnerabilities in Adobe Reader / Acrobat which may
allow a remote attacker to compromise a system.
Impact:
Remote Code Execution / Denial of Service (DoS).
Risk:
Critical.
Affected
Multiple Vulnerabilities in Adobe Acrobat / Reader
2009.October.13
Summary:
Fortinet discovers multiple vulnerabilities in Adobe Reader / Acrobat which may
allow a remote attacker to compromise a system.
Impact:
Remote Code Execution / Denial of Service (DoS).
Risk:
Critical.
Affected
Microsoft Office Web Components Remote Memory Corruption Vulnerability
2009.July.13
Fortinet's FortiGuard Global Security Research Team Discovers Memory Corruption
Vulnerability in Microsoft Office Web Components.
Summary:
A memory corruption vulnerability exists in the ActiveX
Adobe Reader/Acrobat TrueType Font Processing Memory Corruption Vulnerability
2009.June.10
Fortinet's FortiGuard Global Security Research Team Discovers Memory Corruption
Vulnerability in Adobe Reader / Acrobat.
Summary:
A memory corruption vulnerability exists when processing PDF
Apple Safari Remote Memory Corruption Vulnerability
2009.June.09
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in
Apple Safari.
Summary:
A memory corruption vulnerability exists in Apple Safari which allows a remote
attacker to execute arbitrary code
Microsoft Office Excel Remote Memory Corruption Vulnerability
2009.April.14
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in
Microsoft Office Excel.
Summary:
A memory corruption vulnerability exists in Microsoft Office Excel which allows
a remote attacker
FGA-2009-003:EMC RepliStor Buffer Overflow Vulnerability
2009.April.08
Summary:
Fortinet's FortiGuard Global Security Research Team has discovered a buffer
overflow vulnerability in EMC RepliStor.
Impact:
===
Remote code execution.
Risk:
=
IBM Tivoli Storage Manager Express Backup Heap Corruption
Assurent ID: FSC20090310-02
1. Affected Software
IBM Tivoli Storage Manager 5.4.4.0 to 5.4.4.0
IBM Tivoli Storage Manager 5.3 all levels
IBM Tivoli Storage Manager 5.2 all levels
IBM Tivoli Storage Manager Express all levels
Novell eDirectory Management Console Accept-Language Buffer Overflow
Assurent ID: FSC20090226-11
1. Affected Software
Novell eDirectory 8.8.3 prior to patch 8.8.3 FTF3
Novell eDirectory 8.8.4 prior to patch 8.8.4 FTF1
Novell eDirectory 8.7.3 prior to patch 8.7.3.10b Hotfix 1
2.
RealNetworks RealPlayer IVR File Processing Multiple Code Execute
Vulnerabilities
2009.February.05
Fortinet's FortiGuard Global Security Research Team Discovers Two
Vulnerabilities in RealNetworks RealPlayer.
Summary:
Two code execute vulnerabilities exist in RealNetworks RealPlayer
Oracle Secure Backup's observiced.exe Denial Of Service vulnerability
2009.January.13
Fortinet's FortiGuard Global Security Research Team Discovers a vulnerability
in observiced.exe of Oracle Secure Backup
Summary:
A Denial Of Service vulnerability exists Oracle Secure Backup
Oracle Secure Backup Multiple Denial Of Service vulnerabilities
2009.January.13
Fortinet's FortiGuard Global Security Research Team Discovers multiple
vulnerabilities in Oracle Secure Backup
Summary:
Multiple Denial Of Service vulnerabilities exist Oracle Secure Backup 10.2.0.2
Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH Command Buffer Overflow
Vulnerability
2009.January.13
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in
Oracle Secure Backup
Summary:
A Buffer Overflow vulnerability exists Oracle Secure Backup 10.2.0.2 through
Oracle BEA WebLogic Server Apache Connector Buffer Overflow
Assurent ID: FSC20090113-10
1. Affected Software
Oracle WebLogic Server 10.3
Oracle WebLogic Server 10.0 released through MP1
Oracle WebLogic Server 9.2 released through MP3
Oracle WebLogic Server 9.1
Oracle WebLogic Server
Oracle BEA WebLogic Server Apache Connector Buffer Overflow
Assurent ID: FSC20090113-10
1. Affected Software
Oracle WebLogic Server 10.3
Oracle WebLogic Server 10.0 released through MP1
Oracle WebLogic Server 9.2 released through MP3
Oracle WebLogic Server 9.1
Oracle WebLogic Server
CA ARCserve Backup DB Engine Denial of Service
Assurent ID: FSC20081009-12
1. Affected Software
CA ARCserve Backup 11.1 Windows
CA ARCserve Backup 11.5 Windows
CA ARCserve Backup 12.0 Windows
Reference: http://www.ca.com/us/data-loss-prevention.aspx
2. Vulnerability Summary
A
CA ARCserve Backup Tape Engine Denial of Service
Assurent ID: FSC20081009-11
1. Affected Software
CA ARCserve Backup 11.1 Windows
CA ARCserve Backup 11.5 Windows
CA ARCserve Backup 12.0 Windows
Reference: http://www.ca.com/us/data-loss-prevention.aspx
2. Vulnerability Summary
A
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
strongSwan IKEv2 Denial-of-Service Vulnerability [MU-200809-01]
September 18, 2008
http://labs.mudynamics.com/advisories.html
Affected Products/Versions:
strongswan 4.2.6 and other branches
Product Overview:
strongSwan is an Open Source
Microsoft Windows Graphics Rendering Engine WMF Parsing Buffer Overflow
Assurent ID: FSC20080909-12
1. Affected Software
Digital Image Suite 2006
Forefront Client Security 1.0
Microsoft Office 2003 SP2, SP3
Microsoft Office PowerPoint Viewer 2003
Microsoft Windows XP prior to SP3
CA ARCserve Backup for Laptops and Desktops LGServer Handshake Buffer Overflow
Assurent ID: FSC20080731-12
1. Affected Software
CA ARCserve Backup for Laptops and Desktops version r11.5
CA ARCserve Backup for Laptops and Desktops version r11.1 SP2
CA ARCserve Backup for Laptops and Desktops
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Remote DoS in reSIProcate [MU-200807-01]
July 10, 2008
http://labs.mudynamics.com/advisories.html
Affected Products/Versions:
* repro SIP proxy/registrar 1.3.2
http://www.resiprocate.org/ReSIProcate_1.3.2_Release
* Any product using the
Adobe RoboHelp Server SQL Injection Vulnerability
Assurent ID: FSC20080708-10
1. Affected Software
Adobe RoboHelp Server, version 6
Adobe RoboHelp Server, version 7
Reference: http://www.adobe.com/products/robohelpserver/
2. Vulnerability Summary
There exists an SQL injection
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Multiple buffer overflows in Asterisk [MU-200803-01]
March 18, 2008
http://labs.musecurity.com/advisories.html
Affected Products/Versions:
Asterisk 1.4.18 and other branches
http://www.asterisk.org/node/48466
Product Overview:
Asterisk is an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Multiple Remote Arbitrary Execution Vulnerabilities in Mplayer [MU-200802-01]
February 14, 2008
http://labs.musecurity.com/advisories.html
Affected Products/Versions:
MPlayer 1.0rc2 and SVN before r25824 (Sun Jan 20 20:58:02 2008 UTC). Older
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
|| [ISR]
|| || Infobyte Security Research
|| www.infobyte.com.ar
|| 12.14.2007
||
.:: SUMMARY
Novell GroupWise Client Remote Stack Overflow
Version: GroupWise 6.5.6, It is suspected that all previous versions of
Groupwise Client
are vulnerable.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
|| [ISR]
|| || Infobyte Security Research
|| www.infobyte.com.ar
|| 09.21.2007
||
.:: SUMMARY
Barracuda Spam Firewall Cross-Site Scripting
Version: Barracuda Spam Firewall firmware v3.4.10.102
It is suspected that all previous
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Quagga bgpd Remote Denial of Service Vulnerability [MU-200709-01]
September 12, 2007
http://labs.musecurity.com/advisories.html
Affected Products/Versions:
Quagga 0.99.8
Product Overview:
Quagga is a routing software suite. Quagga bgpd
Microsoft Agent Crafted URL Stack Buffer Overflow
Assurent ID: FSC20070911-11
1. Affected Software
Microsoft Agent, version 2.0.0.3425 (bundled with Windows 2000 Service Pack 4)
Reference: http://www.microsoft.com/msagent/
2. Vulnerability Summary
The Microsoft Agent ActiveX control
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Helix DNA Server Heap Corruption Vulnerability [MU-200708-01]
August 24, 2007
http://labs.musecurity.com/advisories.html
Affected Products/Versions:
Helix DNA Server versions 11.x
Product Overview:
https://helix-server.helixcommunity.org/
The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Remote DOS in Asterisk SIP [MU-200703-01]
March 07, 2006
http://labs.musecurity.com/advisories.html
Affected Products/Versions:
Asterisk versions 1.2.15 and 1.4.0, and earlier versions
Product Overview:
http://www.asterisk.org/
Asterisk is the
Path traversal security vulnerability in Kiwi CatTools TFTP up to 3.2.8
server can lead to information disclosure and remote code execution
Risk: High
DISCUSSION
Kiwi CatTools TFTP server doesn't properly verify filename in PUT and GET
request which can be used to download/upload any file
No matter if you publish; we already did and we get more hits than you.
http://rixstep.com/2/20070121,00.shtml
Still, right is right and you should publish to set the record straight.
Regards,
John
___
Full-Disclosure - We believe in it.
Charter:
Wep0ff is new tool to crack WEP-key without access to AP by mount fake
access point attack against WEP-based wireless clients.
http://www.ptsecurity.ru/download/wepoff.tar.gz
It uses combination of fragmentation and evil twin attacks to generate
traffic which can be used for KoreK-style WEP-key
driver
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pre-Authentication Vulnerability in Mac OSX kernel PPP driver [MU-200611-01]
November 28, 2006
http://labs.musecurity.com/advisories.html
Affected Product/Versions:
Mac OS X v10.3.9
Mac OS X Server v10.3.9
Mac OS X v10.4.8
Mac OS X Server
Internet Explorer 7.0 mhtml stack overflow
Penetrate - patch - penetrate - patch - penetrate. Software life cycle or
recursion?
Impact
Low (client side dos)
Technical details
Recursion, stack overflow, exception on PUSH.
http://www.securitylab.ru/vulnerability/276342.php
Web-style Wireless IDS attacks
By Sergey Gordeichik, Positive Technologies Security Expert
Introduction
Wireless intrusion detection systems (WIDS) are not yet as popular as their
wired counterparts, but current trends would suggest that their number is
set to grow. One positive factor in this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Denial of Service in XORP OSPFv2 [MU-200610-01]
October 17, 2006
http://labs.musecurity.com/advisories.html
Affected Product/Versions:
XORP OSPFv2 1.2, 1.3
Product Overview:
XORP is the eXtensible Open Router Platform.
Our goal is to develop an
Airmagnet
management interfaces multiple vulnerabilities
A
management interface of AirMagnet Enterprise contains several middle-risk
vulnerabilities. Vulnerabilities ranges from reflected and stored Cross-Site
scripting to remote code execution and protection bypass.
Smart
Sensor Edge
Multiple vulnerabilities in Highwall Enterprise and Highwall Endpoint
4.0.2.11045 management interface
SUMMARY
Highwall Enterprise and Highwall Endpoint wireless IDS management interface
contain multiple vulnerabilities which can lead to privilege escalation and
code execution.
DETAILS
Web
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Denial of Service in XORP OSPFv2 [MU-200610-01]
October 17, 2006
http://labs.musecurity.com/advisories.html
Affected Product/Versions:
XORP OSPFv2 1.2, 1.3
Product Overview:
XORP is the eXtensible Open Router Platform.
Our goal is to develop an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Multiple Pre-Authentication Vulnerabilities in MailEnable SMTP [MU-200609-01]
September 29, 2006
http://labs.musecurity.com/advisories.html
Affected Product/Versions:
MailEnable Professional 2.0
MailEnable Enterprise 2.0
Product Overview:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Multiple Vulnerabilities in Asterisk 1.2.10 [MU-200608-01]
August 23, 2006
http://labs.musecurity.com/advisories.html
Affected Product/Versions:
Asterisk 1.0.0 through 1.2.10
Product Overview:
http://www.asterisk.org/features
Asterisk-based
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Apple Open Directory Pre-Authentication Denial of Service [MU-200606-02]
June 27, 2006
http://labs.musecurity.com/advisories.html
Affected Product/Versions:
OSX 10.4.4 through 10.4.6
Product Overview:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Real Helix RTSP Server Heap Corruption Vulnerabilities [MU-200606-01]
Updated on June 23, 2006
http://labs.musecurity.com/advisories.html
Affected Product / Versions:
Real Networks Helix DNA Server 11.0.x
Real Networks Helix DNA Server 10.0.x
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Real Helix RTSP Server Heap Corruption Vulnerabilities [MU-200606-01]
June 22, 2006
http://labs.musecurity.com/advisories.html
Affected Product / Versions:
Real Networks Helix DNA Server 11.0.x
Real Networks Helix DNA Server 10.0.x
Product
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Apple QuickTimeStreamingServer RTSP Server Vulnerability
[MU-200605-02]
May 11, 2006
http://labs.musecurity.com/advisories.html
Affected Product / Versions:
QuickTimeStreamingServer 5.5 and earlier
Product Overview:
The Real Time Streaming
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Multiple vulnerabilities in Linux SCTP 2.6.16 [MU-200605-01]
May 8, 2006
http://labs.musecurity.com/advisories.html
Affected Product/Versions:
Linux SCTP 2.6.16 [http://lksctp.sourceforge.net]
Product Overview:
The Linux Kernel Stream Control
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service [MU-200604-01]
April 7, 2006
http://labs.musecurity.com/advisories.html
Affected Product/Versions:
cyrus-sasl-2.1.18
Product Overview:
SASL (Simple Authentication Security Layer) is an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MailEnable POP3 Pre-Authentication Buffer Overflow [MU-200603-01]
March 20, 2006
http://labs.musecurity.com/advisories.html
Affected Product / Versions:
MailEnable Professional 1.7, 1.71, 1.72
MailEnable Standard 1.91, 1.92
MailEnable Enterprise
=== Call for Papers hack.lu 2006 ===
The purpose of the hack.lu convention is to give an open and free
playground where people can discuss the implication of new
technologies in society. hack.lu is a balanced mix convention where
technical and non-technical people can meet
66 matches
Mail list logo