Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:56:28 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1915048755&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=ASP%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Fasp%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1915048755.1338191788.1338191788.1338191788.1%3B%2B__utmz%3D32867617.1338191788.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/112259/aspdevxmforums-sql.txt http://packetstormsecurity.org/files/112259/aspdevxmforums-sql.txt http://packetstormsecurity.org/files/112259/ASP-DEv-XM-Forums-SQL-Injection.html Fri, 27 Apr 2012 20:02:28 GMT ASP-DEv XM Forums suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/files/112257/aspdevxmdiary-sql.txt http://packetstormsecurity.org/files/112257/aspdevxmdiary-sql.txt http://packetstormsecurity.org/files/112257/ASP-DEv-XM-Diary-SQL-Injection.html Fri, 27 Apr 2012 20:00:41 GMT ASP-DEv XM Diary suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/files/111678/landesk_thinkmanagement_upload_asp.rb.txt http://packetstormsecurity.org/files/111678/landesk_thinkmanagement_upload_asp.rb.txt http://packetstormsecurity.org/files/111678/LANDesk-Lenovo-ThinkManagement-Console-Remote-Command-Execution.html Tue, 10 Apr 2012 01:33:20 GMT This Metasploit module can be used to execute a payload on LANDesk Lenovo ThinkManagement Suite 9.0.2 and 9.0.3. The payload is uploaded as an ASP script by sending a specially crafted SOAP request to "/landesk/managementsuite/core/core.anonymous/ServerSetup.asmx" , via a "RunAMTCommand" operation with the command '-PutUpdateFileCore' as the argument. After execution, the ASP script with the payload is deleted by sending another specially crafted SOAP request to "WSVulnerabilityCore/VulCore.asmx" via a "SetTaskLogByFile" operation. http://packetstormsecurity.org/files/111277/SA-20120328-1.txt http://packetstormsecurity.org/files/111277/SA-20120328-1.txt http://packetstormsecurity.org/files/111277/Microsoft-ASP.NET-Forms-Authentication-Bypass.html Thu, 29 Mar 2012 02:42:01 GMT Microsoft ASP.NET Forms versions 4.0.30319.237 and below suffer from an authentication bypass vulnerability. http://packetstormsecurity.org/files/111264/sa48573.txt http://packetstormsecurity.org/files/111264/sa48573.txt http://packetstormsecurity.org/files/111264/Secunia-Security-Advisory-48573.html Wed, 28 Mar 2012 06:36:22 GMT Secunia Security Advisory - demonalex has discovered some vulnerabilities in Matthew1471's ASP BlogX, which can be exploited by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/111241/matthew1471s-xss.txt http://packetstormsecurity.org/files/111241/matthew1471s-xss.txt http://packetstormsecurity.org/files/111241/Matthew1471s-ASP-BlogX-Cross-Site-Scripting.html Wed, 28 Mar 2012 02:37:08 GMT Matthew1471s ASP BlogX suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/files/110941/aspclassifieds-sql.txt http://packetstormsecurity.org/files/110941/aspclassifieds-sql.txt http://packetstormsecurity.org/files/110941/ASP-Classifieds-SQL-Injection.html Sun, 18 Mar 2012 12:11:11 GMT ASP Classifieds suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/files/110431/lastguru-sql.txt http://packetstormsecurity.org/files/110431/lastguru-sql.txt http://packetstormsecurity.org/files/110431/Lastguru-ASP-Guestbook-SQL-Injection.html Sun, 04 Mar 2012 17:22:22 GMT Lastguru ASP Guestbook suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/files/108869/acidcat-xss.txt http://packetstormsecurity.org/files/108869/acidcat-xss.txt http://packetstormsecurity.org/files/108869/Acidcat-ASP-CMS-3.5.2-Cross-Site-Scripting.html Sat, 21 Jan 2012 04:37:19 GMT Acidcat ASP CMS versions 3.5.1 and 3.5.2 suffer from multiple cross site scripting vulnerabilities. http://packetstormsecurity.org/files/108434/HybrisDisaster-aspHashDoS.tar.gz http://packetstormsecurity.org/files/108434/HybrisDisaster-aspHashDoS.tar.gz http://packetstormsecurity.org/files/108434/ASP.NET-Hash-Denial-Of-Service-Payload.html Fri, 06 Jan 2012 12:12:12 GMT ASP.NET hash denial of service exploit payload. Includes 1mb and 4mb files. http://packetstormsecurity.org/files/108245/SA-20111230-0.txt http://packetstormsecurity.org/files/108245/SA-20111230-0.txt http://packetstormsecurity.org/files/108245/Microsoft-ASP.NET-Forms-Authentication-Bypass.html Fri, 30 Dec 2011 17:23:40 GMT Microsoft ASP.NET Forms suffers from a null byte termination authentication bypass vulnerability that exists in the CopyStringToUnAlingnedBuffer() function of the webengine4.dll library used by the .NET framework. The unicode string length is determined using the lstrlenW function. The lstrlenW function returns the length of the string, in characters not including the terminating null character. If the unicode string containing a null byte is passed, its length is incorrectly calculated, so only characters before the null byte are copied into the buffer. http://packetstormsecurity.org/files/108104/ZDI-11-354.txt http://packetstormsecurity.org/files/108104/ZDI-11-354.txt http://packetstormsecurity.org/files/108104/Zero-Day-Initiative-Advisory-11-354.html Thu, 22 Dec 2011 19:56:44 GMT Zero Day Initiative Advisory 11-354 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely create arbitrary files. http://packetstormsecurity.org/files/108097/ZDI-11-353.txt http://packetstormsecurity.org/files/108097/ZDI-11-353.txt http://packetstormsecurity.org/files/108097/Zero-Day-Initiative-Advisory-11-353.html Thu, 22 Dec 2011 19:43:04 GMT Zero Day Initiative Advisory 11-353 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPAUploader.dll file. An extended length string can be passed into scripts within the management website on port 80 (the 'uploadfile' multipart form data 'filename' parameter in Default.asp) and ultimately to MPAUploader.dll. As a static stack allocation is used to store the buffer and the string length is not handled properly, a remote attacker may overwrite the stack and ultimately execute remote code. http://packetstormsecurity.org/files/107665/DCA-2011-0015.txt http://packetstormsecurity.org/files/107665/DCA-2011-0015.txt http://packetstormsecurity.org/files/107665/QuesCom-Qportal-User-5.10.014-Source-Disclosure.html Fri, 09 Dec 2011 00:01:25 GMT QueCom Qortal User version 5.10.014 suffers from an ASP source code disclosure vulnerability. http://packetstormsecurity.org/files/106531/sa46686.txt http://packetstormsecurity.org/files/106531/sa46686.txt http://packetstormsecurity.org/files/106531/Secunia-Security-Advisory-46686.html Wed, 02 Nov 2011 09:45:56 GMT Secunia Security Advisory - A vulnerability has been reported in VP-ASP, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/105208/aspbasithaber-sql.txt http://packetstormsecurity.org/files/105208/aspbasithaber-sql.txt http://packetstormsecurity.org/files/105208/Asp-Basit-Haber-Script-1.0-SQL-Injection.html Mon, 19 Sep 2011 06:13:29 GMT Asp Basit Haber Script version 1.0 suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/files/104425/planeteriadesign-sql.txt http://packetstormsecurity.org/files/104425/planeteriadesign-sql.txt http://packetstormsecurity.org/files/104425/Planeteria-Design-ASP-SQL-Injection.html Thu, 25 Aug 2011 00:06:20 GMT Planeteria Design ASP suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/files/104380/sa45661.txt http://packetstormsecurity.org/files/104380/sa45661.txt http://packetstormsecurity.org/files/104380/Secunia-Security-Advisory-45661.html Tue, 23 Aug 2011 06:07:36 GMT Secunia Security Advisory - L0rd CrusAd3r has reported two vulnerabilities in CodeWidgets.com Pop-Over Login Form (ASP), which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/104334/magnonsolutions-sql.txt http://packetstormsecurity.org/files/104334/magnonsolutions-sql.txt http://packetstormsecurity.org/files/104334/Magnon-Solutions-ASP-SQL-Injection.html Tue, 23 Aug 2011 01:54:23 GMT Magnon Solutions ASP suffers from a remote SQL injection vulnerability. http://packetstormsecurity.org/files/104257/sa45619.txt http://packetstormsecurity.org/files/104257/sa45619.txt http://packetstormsecurity.org/files/104257/Secunia-Security-Advisory-45619.html Sat, 20 Aug 2011 05:32:05 GMT Secunia Security Advisory - Two vulnerabilities have been reported in Multiple Question - Multiple Choice Online Questionaire (ASP), which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/104055/sa45625.txt http://packetstormsecurity.org/files/104055/sa45625.txt http://packetstormsecurity.org/files/104055/Secunia-Security-Advisory-45625.html Tue, 16 Aug 2011 06:20:57 GMT Secunia Security Advisory - A vulnerability has been reported in Aipo and Aipo ASP, which can be exploited by malicious users to conduct SQL injection attacks. http://packetstormsecurity.org/files/103421/virtualconsultant-sql.txt http://packetstormsecurity.org/files/103421/virtualconsultant-sql.txt http://packetstormsecurity.org/files/103421/Virtual-Consultant-SQL-Injection.html Tue, 26 Jul 2011 14:31:51 GMT Virtual Consultant suffers from a remote SQL injection vulnerability in newsDetail.asp. http://packetstormsecurity.org/files/101481/ESA-2011-016.txt http://packetstormsecurity.org/files/101481/ESA-2011-016.txt http://packetstormsecurity.org/files/101481/EMC-SourceOne-ASP.NET-Application-Tracing-Information-Disclosure.html Tue, 17 May 2011 02:16:44 GMT EMC SourceOne Email Management may allow the disclosure of application-sensitive information using ASP.NET Application Tracing. The ASP.NET application trace is enabled in affected versions of EMC SourceOne Email Management. This trace file may contain application-sensitive information that can be accessed by a remote user. Authentication is required to access the trace file. http://packetstormsecurity.org/files/100412/uploadform-shell.txt http://packetstormsecurity.org/files/100412/uploadform-shell.txt http://packetstormsecurity.org/files/100412/Uploadform-ASP-Script-Shell-Upload.html Thu, 14 Apr 2011 16:25:37 GMT The Uploadform ASP script suffers from a shell upload vulnerability. http://packetstormsecurity.org/files/100030/ideasfactory-sql.txt http://packetstormsecurity.org/files/100030/ideasfactory-sql.txt http://packetstormsecurity.org/files/100030/Ideas-Factory-PHP-ASP-SQL-Injection.html Sun, 03 Apr 2011 13:11:11 GMT Ideas Factory PHP and ASP suffers from a remote SQL injection vulnerability.