what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2008-05-01

Debian Linux Security Advisory 1565-1
Posted May 1, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1565-1 - Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. Cyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS). Nick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code. David Peer discovered that users could escape administrator imposed cpu time limitations (RLIMIT_CPU) by setting a limit of 0. Alexander Viro discovered a race condition in the directory notification subsystem that allows local users to cause a Denial of Service (oops) and possibly result in an escalation of privileges.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, suse, debian
advisories | CVE-2007-6694, CVE-2008-0007, CVE-2008-1294, CVE-2008-1375
SHA-256 | ed43a1ccb15a2ec568645c1df25b8fe8d03affe766fc2a7cde70bedba788f722
Debian Linux Security Advisory 1564-1
Posted May 1, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1564-1 - Several remote vulnerabilities have been discovered in wordpress, a weblog manager. Multiple cross-site scripting vulnerabilities allowed remote authenticated administrators to inject arbitrary web script or HTML. SQL injection vulnerability allowed allowed remote authenticated administrators to execute arbitrary SQL commands. WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. Insufficient input sanitising caused an attacker with a normal user account to access the administrative interface.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability, xss, sql injection
systems | linux, debian
advisories | CVE-2007-3639, CVE-2007-4153, CVE-2007-4154, CVE-2007-0540
SHA-256 | 7aec6003c272ef69deae398d5dba99b0d52dfc993f407eefa4106bdf56885017
mjguest-xss.txt
Posted May 1, 2008
Authored by IRCRASH | Site ircrash.com

mjguest version 6.7 suffers from cross site scripting and redirection vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 5654b6d68fe01e4002e02811d528637ac4592ab91e91f072b51ebdfdc77833bd
iDEFENSE Security Advisory 2008-04-30.1
Posted May 1, 2008
Authored by iDefense Labs, Peter Vreugdenhil | Site idefense.com

iDefense Security Advisory 04.30.08 - Remote exploitation of a design error in Akamai Technologies, Inc's Download Manager allows attackers to execute arbitrary code in the context of the current user. iDefense confirmed the existence of this vulnerability using version 2.2.2.1 of Akamai Technologies Inc's DownloadManagerV2.ocx. Additionally, iDefense confirmed the problem exists in version 2.2.2.0 of the Download Manager Java Applet. All versions prior to the fixed version are suspected to be vulnerable.

tags | advisory, java, remote, arbitrary
advisories | CVE-2008-6339
SHA-256 | f0e0510c73a61c63aa3aab61418d9329d39123888ec190022a7e749ba1be1c5c
oracle-cdc.txt
Posted May 1, 2008
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Server versions 10gR1, 10gR2 and 11gR1 suffer from a SQL injection vulnerability in SYS.DBMS_CDC_UTILITY.LOCK_CHANGE_SET.

tags | advisory, sql injection
SHA-256 | 94ba6caf19058ad048493cc14fa73c4bc39279796b9fa5d8409fa5e71f5b898b
oracle-kupf.txt
Posted May 1, 2008
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Server versions 9iR2, 10gR1, 10gR2 and 11gR1 suffer from a buffer overflow vulnerability in SYS.KUPF$FILE_INT.GET_FULL_FILENAME.

tags | advisory, overflow
SHA-256 | 99556d664ab32dc34f75b94140c8074a1bbce0bebd0a724b7250aeff65c852ef
oracle-aqjms.txt
Posted May 1, 2008
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Server versions 9iR1, 9iR2 (9.2.0.7 and previous patchsets) and 10gR1 suffer from a buffer overflow vulnerability in SYS.DBMS_AQJMS_INTERNAL.

tags | advisory, overflow
SHA-256 | 1c7f1b151a5468928658fcc1e0d2f4b62069f6f76811b2a21b6a32822343f1f8
vlbook-lfixss.txt
Posted May 1, 2008
Authored by IRCRASH | Site ircrash.com

vlBook version 1.21 suffers from local file inclusion and cross site scripting vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
SHA-256 | 4a66304f20b976a722de873e13b1b9e248c4170c8cd8ad77fab13a0fcebf0e28
aal-lfi.txt
Posted May 1, 2008
Authored by IRCRASH | Site ircrash.com

ActualAnalyzer Lite version 2.78 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 90664d29906072243682b62bce708f5b85ef62fa4758cb52d9f3e222cffeb05e
joomlawebhost-sql.txt
Posted May 1, 2008
Authored by Inphex

Blind SQL injection exploit for the Joomla Webhosting component.

tags | exploit, sql injection
SHA-256 | 4501c5a87daa1bce328737c9fd9aba3ee6e486c1b6c5f806a920980ffb1b226e
0804-exploits.tgz
Posted May 1, 2008
Authored by Todd J. | Site packetstormsecurity.com

Packet Storm new exploits for April, 2008.

tags | exploit
SHA-256 | b26cfb99fd61de8e007de5fd284d62bdba78f0fcd580859a6040d5f4f47ba4db
astrocam-xss.txt
Posted May 1, 2008
Authored by Steffen Wendzel | Site wendzel.de

AstroCam versions 2.5.0 through 2.7.3 suffer from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | f0d70dc471b487e095c1c1b658f70d9feacc28f774495582874721a4dffe478d
akamai-activex.txt
Posted May 1, 2008
Authored by iDefense | Site akamai.com

A security vulnerability has been discovered in versions prior to 2.2.3.5 of Akamai Download Manager. For successful exploitation, this vulnerability requires a user to be convinced to visit a malicious URL put into place by an attacker. This may then lead to an unauthorized download and automatic execution of arbitrary code run within the context of the victim user.

tags | advisory, arbitrary, activex
advisories | CVE-2007-6339
SHA-256 | 6513f8507a93764c7e4e3f9c944ed980d881f73edd90dc048061591e2b5a87e3
Debian Linux Security Advisory 1563-1
Posted May 1, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1563-1 - Joel R. Voss discovered that the IAX2 module of Asterisk, a free software PBX and telephony toolkit performs insufficient validation of IAX2 protocol messages, which may lead to denial of service.

tags | advisory, denial of service, protocol
systems | linux, debian
advisories | CVE-2008-1897
SHA-256 | 97d037ca7b365b1c1889ff90e00b690dfb8d67d9335ff98918757842a39e8032
harris-rfi.txt
Posted May 1, 2008
Authored by k1n9k0ng | Site sekuritionline.net

Harris WapChat version 1 suffers from multiple remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | a048d2ba8b9d9b4e4ee2f3ce819417c9b9bf836e962847c7263556c847e54fa2
HP Security Bulletin 2008-00.0
Posted May 1, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running WBEM Services. These vulnerabilities could be exploited remotely to execute arbitrary code or to gain extended privileges.

tags | advisory, arbitrary, vulnerability
systems | hpux
advisories | CVE-2007-5360, CVE-2008-0003
SHA-256 | e565660b4395504e89cce5071209f8be22639198ad37e0cee7e83139c5765578
OpenNHRP NBMA Next Hop Resolution 0.7
Posted May 1, 2008
Authored by Timo Teras | Site sourceforge.net

OpenNHRP implements the NBMA Next Hop Resolution Protocol (as defined in RFC 2332). It makes it possible to create a dynamic multipoint VPN Linux router using NHRP, GRE, and IPsec. It aims to be Cisco DMVPN compatible.

Changes: Multiple bug fixes, some code cleanups, and improvements.
tags | encryption, protocol
systems | cisco, linux
SHA-256 | 952864d4b416e345b0087958afb252884104d6a86bf6e1c9e1e7dc2c31905d01
oxyproject-exec.txt
Posted May 1, 2008
Authored by GolD_M | Site tryag.cc

OxYProject version 0.85 suffers from a remote code execution vulnerability in edithistory.php.

tags | exploit, remote, php, code execution
SHA-256 | c9c2884eb94ae0ce3d2cdb9e8d5e65c3f7c89b8837751fca2c42107228be82b6
NGS-SNMPc.txt
Posted May 1, 2008
Authored by John Heasman, Wade Alcorn | Site ngssoftware.com

Wade Alcorn and John Heasman of NGSSoftware have discovered a stack overflow vulnerability in Castle Rock Computing SNMPc Network Manager. Versions 7.1 and below are affected.

tags | advisory, overflow
SHA-256 | 44f1205ae4dc7f2841bac78a799e87ca996df01f25e2116bf1a2a9de5b97fa5d
pbcs-multi.txt
Posted May 1, 2008
Authored by GolD_M | Site tryag.cc

Project Based Calendaring System (PBCS) version 0.7.1 suffers from remote file upload and remote file disclosure vulnerabilities.

tags | exploit, remote, vulnerability, file upload
SHA-256 | 9c1798634ac52cc0585e135861a1c3530a8bbf5e6c5435988633ccfd6a85149e
KiwiCON 2008 Call For Papers
Posted May 1, 2008
Site kiwicon.org

Kiwicon '08 Call For Papers - Kiwicon2k8 is intended to be an informal conference, drawing on the wider security community of Australia and New Zealand. It will be held in Wellington, New Zealand, on the weekend of the 27th and 28th of September, 2008.

tags | paper, conference
SHA-256 | 14c10c4a4b81ab4c0695c3d90533ba7889ed39d8d24e37ae0bf8b67d92367072
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close