exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2009-03-03

NovaBoard 1.0.1 Cross Site Scripting
Posted Mar 3, 2009
Authored by Pepelux | Site enye-sec.org

NovaBoard versions 1.0.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f8fe8b2938711a77820fcb328acecba6868a79215340edd3548bb3d101c9fef4
GNU SIP Witch Telephony Server
Posted Mar 3, 2009
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Static routing tables with rewrite rules and internode call support. Various other tweaks and enhancements.
tags | telephony, protocol
SHA-256 | 2335e0261b571f980efbed1cc166a3ea79da2c0c494386dacdf173da46ef5b79
Defeating The iPhone Passcode
Posted Mar 3, 2009
Authored by Brad Antoniewicz

Whitepaper called Defeating the iPhone Passcode.

tags | telephony
systems | apple, iphone
SHA-256 | 4057ba42acd5baab592ee9f0a9a299e6dee396369e8d1034ae8a86a9271d0b89
Ghostscripter Amazon Shop XSS / Traversal
Posted Mar 3, 2009
Authored by d3b4g

Ghostscripter Amazon Shop suffers from cross site scripting, directory traversal, and file inclusion vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion
SHA-256 | 4e57053545531baeac49bfc80ddd1f9b93ac08cc1ecee41ff01fce6519ea0159
Mandriva Linux Security Advisory 2009-064
Posted Mar 3, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-064 - Security vulnerabilities has been identified and fixed in University of Washington IMAP Toolkit which could allow local users to gain privileges by specifying incorrect folder name. The updated packages have been patched to prevent this.

tags | advisory, local, vulnerability, imap
systems | linux, mandriva
advisories | CVE-2008-5005
SHA-256 | 5faed625e4de4ed595ab21867cef59e7b9c4dceb7261b7405dc26e620ce6be46
Zabbix 1.6.2 XSRF / LFI / Code Execution
Posted Mar 3, 2009
Authored by Francesco Ongaro, Antonio Parata, Giovanni Pellerano | Site ush.it

Zabbix version 1.6.2 suffers from remote code execution, cross site request forgery, and local file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion, csrf
SHA-256 | 6fc6a1f1b3df47f2608e299ed5ea4014c5c4b5292607adb72d978c18e293dc26
BlindBlog 1.3.1 LFI / SQL Injection
Posted Mar 3, 2009
Authored by Salvatore Fresta

BlindBlog version 1.3.1 suffers from local file inclusion and a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, local, sql injection, file inclusion
SHA-256 | a46ca1ee4cb9d934ffc313d81f2df2188b36602b41cc3fb22ed162be3e1d1d13
Imera Code Execution
Posted Mar 3, 2009
Authored by Elazar Broad

The Imera ImeraIEPlugin.dll version 1.0.2.54 suffers from an arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution
SHA-256 | 4fec98095b98c4e50689fb2b454b7ab1bde5684601a56db62c95836de5a60c9c
Secunia - Winamp Integer Overflow
Posted Mar 3, 2009
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error in the libsndfile.dll library while processing CAF description chunks. This can be exploited to cause a heap-based buffer overflow by tricking a user into processing a specially crafted CAF audio file. Successful exploitation may allow execution of arbitrary code. Versions 5.541 and 5.55 of Winamp are affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-0186
SHA-256 | e97f2fe73e532a5dec458183af5d69b27e62e2a71a4a255ef386e4dca35a6f89
Secunia - libsndfile Integer Overflow
Posted Mar 3, 2009
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in libsndfile, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to an integer overflow error in the processing of CAF description chunks. This can be exploited to cause a heap-based buffer overflow by tricking the user into processing a specially crafted CAF audio file. Successful exploitation may allow execution of arbitrary code. Version 1.0.18 of libsndfile is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-0186
SHA-256 | b5eb317c23578aec59191a12b52b4f678a3da0e4fb73652dfa8b4375cf3a713a
Google Gmail Cross Site Request Forgery
Posted Mar 3, 2009
Authored by Vicente Aguilera Diaz

Google's GMail service is vulnerable to cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 5e81bd372f765d1aa6e08bbb3574bc02f3fffd59eb60cdad2600347d27ff9d55
Sopcast SopCore Control Command Execution
Posted Mar 3, 2009
Authored by Nine:Situations:Group | Site retrogod.altervista.org

Sopcast SopCore Control SetExternalPlayer() user assisted command execution exploit that leverages sopocx.ocx version 3.0.3.501.

tags | exploit
SHA-256 | c8ad28db3188f7a8c3d2dc7d08602bb8f80dfcb9040c262bf8287c712a696860
FreeRange CMS SQL Injection
Posted Mar 3, 2009
Authored by Pouya Server

FreeRange CMS suffers from a remote SQL injection vulnerability in resources_for_nowal_members.php.

tags | exploit, remote, php, sql injection
SHA-256 | 5e5291457e6a59bc62373da7ef074e135997da7af572d1651565a417dfb2e86b
ProtX Shop SQL Injection
Posted Mar 3, 2009
Authored by Pouya Server

ProtX Shop suffers from a remote SQL injection vulnerability in productdetails.php.

tags | exploit, remote, php, sql injection
SHA-256 | 7829db5eccd36cd67ac1bd489fec37856ad496a8fea5ffd2b08e5faa73f343f0
Debian Security Advisory 1733
Posted Mar 3, 2009
Site debian.org

Debian Security Advisory 1733 - Several vulnerabilities have been found in vim, an enhanced vi editor.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2008-2712, CVE-2008-3074, CVE-2008-3075, CVE-2008-3076, CVE-2008-4104
SHA-256 | ac7379d457a6d77bac691d4b0a79c31d70bae3178e666cf6edf19545fa85f02f
cURL/libcURL Arbitrary File Access
Posted Mar 3, 2009
Authored by David Kierznowski | Site withdk.com

libcURL suffers from an arbitrary file access and creation vulnerability.

tags | exploit, arbitrary
advisories | CVE-2009-0037
SHA-256 | ea48c68e60758cd036e647780eceaa6311e727a11ac4678e78454f9681ad31cd
Easy Chat Server Buffer Overflow
Posted Mar 3, 2009
Authored by His0k4

EFS Easy Chat Server authentication request SEH buffer overflow exploit that spawns calc.exe.

tags | exploit, overflow
SHA-256 | ccf382c74daf1cd4e09b03aa86e18bc93b57ffb27366e8af079aceaa3798c5f8
Orbit 2.8.4 Buffer Overflow
Posted Mar 3, 2009
Authored by JavaGuru

Orbit versions 2.8.4 and below long hostname remote buffer overflow exploit.

tags | exploit, remote, overflow
SHA-256 | e04704d5f38326fa8ed25ae66ffbb6e3fa2741d55c4277b1feecf32fcd322af7
Debian Security Advisory 1732
Posted Mar 3, 2009
Site debian.org

Debian Security Advisory 1732 - Joshua Morin, Mikko Varpiola and Jukka Taimisto discovered an assertion error in squid3, a full featured Web Proxy cache, which could lead to a denial of service attack.

tags | advisory, web, denial of service
systems | linux, debian
advisories | CVE-2009-0478
SHA-256 | a983b90292ef870490f19ac8f72c722d9da3a72ba10dc4ff81d262c3dca19584
Secunia Security Advisory 34100
Posted Mar 3, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Matteo Ignaccolo and Gabriele Zanoni have reported some vulnerabilities in Plunet BusinessManager, which can be exploited by malicious users to bypass certain security restrictions and conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | 9858e5e8499f6df030175f73a1d3eefce708f6c53af8af7d1d3eac96b7f26d41
Secunia Security Advisory 34055
Posted Mar 3, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for vim. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | 90611c43342a32ed42a31d68ecf125c41b2e00284e24312cebbf160b3d734085
Secunia Security Advisory 34078
Posted Mar 3, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for squid3. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, debian
SHA-256 | 439042419e1ddf3a3ba9f20018426a5abdbaea42acce576c75e99ea3fa6c5d10
Blogsa 1.0 Beta 3 Cross Site Scripting
Posted Mar 3, 2009
Authored by Onur YILMAZ

Blogsa versions 1.0 Beta 3 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 726407a7afa60b9becff57b57418976454485f050bc0c47529f0cf04a77063f9
Mandriva Linux Security Advisory 2009-063
Posted Mar 3, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-063 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current eog working directory. This update provides fix for that vulnerability.

tags | advisory, arbitrary, local, python
systems | linux, mandriva
advisories | CVE-2008-5987
SHA-256 | 7d5f8348c8180cb57da5367b9337064c16fd1fb59a680802ba899adff5f47f96
Mandriva Linux Security Advisory 2009-062
Posted Mar 3, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-062 - A security vulnerability has been identified and fixed in login application from shadow-utils, which could allow local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry. The updated packages have been patched to prevent this. Note: Mandriva Linux is using login application from util-linux-ng by default, and therefore is not affected by this issue on default configuration.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2008-5394
SHA-256 | f85164ad0dd2f9a35f8b48660973cda52086237a9ab2d346109d2032752d2d29
Page 1 of 2
Back12Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close