what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 39 RSS Feed

Files Date: 2008-05-13

Secunia Security Advisory 30143
Posted May 13, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 9ed76ef7e0ca15b6f3d0dd3bbcb371b90415569769b68e0063e610641ecbe8e3
Secunia Security Advisory 30183
Posted May 13, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - BiNgZa has discovered some vulnerabilities in BIGACE Web CMS, which can be exploited by malicious people to disclose sensitive information and to compromise a vulnerable system.

tags | advisory, web, vulnerability
SHA-256 | 1e8ec9e5e93d1e907281afb6a88fb4977ef44673656aa84debe8017b8d4b36a8
Secunia Security Advisory 30200
Posted May 13, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in RakNet, which can potentially be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 09ac6da6ac360fcd42d94f4fd4d3c241ee27bf36c8b881fb0a050b895d8d3570
Secunia Security Advisory 30205
Posted May 13, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - David Vieira-Kurz has reported a vulnerability in ActualAnalyzer, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 4dd292eb107ba2f0661444303f837c2262698564797f628a94f0b96dc4aa7a89
Gentoo Linux Security Advisory 200805-14
Posted May 13, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200805-14 - Alfredo Ortega (Core Security Technologies) reported a boundary error within the Read32s_64() function when processing CDF files. Versions less than 3.2.1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2008-2080
SHA-256 | 646a4a7001bc9593bc74a79a95315612a38d85bb6bf77383ade5aa63b405d50d
ciscobbsm-xss.txt
Posted May 13, 2008
Authored by Brad Antoniewicz

Cisco BBSM Captive Portal suffers from a cross site scripting vulnerability.

tags | exploit, xss
systems | cisco
advisories | CVE-2008-2165
SHA-256 | 3678e1a7be3cdc235260ae444cf866aabaab44bd2264b0c8d01b9db67da91971
metoforum-sql.txt
Posted May 13, 2008
Authored by U238 | Site noexec.blogspot.com

Meto Forum version 1.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 762638415be049f70a20da96642eaaf9f89730bfba3b03a628cb1da2893d4eec
calogic-sql.txt
Posted May 13, 2008
Authored by His0k4

CaLogic Calendars version 1.2.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7d7ff16b4f9dea55cbdd6e202d946739b816eb47d5ef6cd7e7c5aab496e93d4b
wgcc-sql.txt
Posted May 13, 2008
Authored by myvx

Web Group Communication Center versions 1.0.3 PreRelease #1 and below suffer from cross site scripting and SQL injection vulnerabilities.

tags | exploit, web, vulnerability, xss, sql injection
SHA-256 | 69840bd4a4c4e2e4a68bb6d26dcb8233c187e7cae9c7ebb7dd4bc1c982e853e2
Technical Cyber Security Alert 2008-134A
Posted May 13, 2008
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA08-134A - Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Office, Jet Database Engine, Windows Live OneCare, Antigen, Windows Defender, and Forefront Security as part of the Microsoft Security Bulletin Summary for May 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database.

tags | advisory, remote, arbitrary, vulnerability
systems | windows
SHA-256 | a429cbb1dcc5d47b7037ad20109520509e20354b3dfced27f9ce609318f88abd
iDEFENSE Security Advisory 2008-05-13.1
Posted May 13, 2008
Authored by iDefense Labs, Jun Mao | Site idefense.com

iDefense Security Advisory 05.13.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code with the privileges of the logged in user. This vulnerability exists in the way Word handles CSS rules in an HTML document. When the number of CSS selectors is above some specific amount, an unspecified object will be corrupted causing Word to access a memory region that has already been freed. iDefense has confirmed fully patched Microsoft Word 2003 SP2, Microsoft Word XP SP3, Microsoft Word 2000 SP3 are vulnerable. Microsoft Word 2003 SP3 and Microsoft Word 2007 do not appear to be affected. Microsoft reports that all supported versions of Word, Word Viewer, and Outlook 2007 are vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2008-1434
SHA-256 | 28de6edcab5bca871b515513d06ce332b7e6948f6328c74f3c8fa3cc3e056b41
Zero Day Initiative Advisory 08-023
Posted May 13, 2008
Authored by Tipping Point, wushi | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a malicious file. The specific flaw exists when parsing malformed RTF documents. When processing a combination of RTF tags a heap overflow occurs. Successful exploitation can lead to remote compromise of a system under the credentials of the currently logged in user.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2008-1091
SHA-256 | ce5e0e1da217cf6a295fc152a35c405a6f643eab3dd911f17018432089b72331
Ubuntu Security Notice 612-3
Posted May 13, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 612-3 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of shared encryption keys and SSL/TLS certificates in OpenVPN. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.

tags | advisory
systems | linux, debian, ubuntu
advisories | CVE-2008-0166
SHA-256 | d1b51a7c86616452a841cab5c023851e85953537abe832637af6433873363015
TPTI-08-04.txt
Posted May 13, 2008
Authored by Aaron Portnoy | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the target opens an Office file that contains malicious Jet DB Engine objects. The specific flaw exists within the parsing of a column structure. The DWORD value from the structure that specifies the column count is trusted. If this value is changed, an inline memcpy to the stack can overflow while reading a column name. Typically Jet DB structures are used within MDB files which are considered unsafe. However, it is possible to embed such files within a trusted format, such as an Office Document (.doc). This issue allows for remote code execution under the context of the currently logged in user.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2007-6026
SHA-256 | e844b4959b56a2734f0ba5e359460c7e58277ade8dc77e054350154dc5dc0174
Secunia Security Advisory 30150
Posted May 13, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Publisher, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | c5944de586ee9d9c843d71f097dc04d488d49da40ad65926dffc9d9fdc4960fb
Secunia Security Advisory 30172
Posted May 13, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in various Microsoft products, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | 82a52a8c2a3cabc720c88318c46938959b105101fb927387ed72ba8c619e2599
Secunia Security Advisory 30220
Posted May 13, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for OpenSSL. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system, and a security issue, which can lead to weak cryptographic key material.

tags | advisory, denial of service, vulnerability
systems | linux, debian
SHA-256 | 19148622871388bcb872aa232adb8fb844a27eb715706a8d437ebe23f54a7aea
e107zogo-sql.txt
Posted May 13, 2008
Authored by Cr@zy_King

The e107 zogo-shop plugin version 1.16 Beta 13 suffers from a SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | 4e3a367518505fe315d437bb4366a6a34356137fdc613bac445122af6184a0b9
aih-sql.txt
Posted May 13, 2008
Authored by Stack-Terrorist | Site v4-team.com

Advanced Image Hosting version 2.1 remote SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | 303f27bad8605b27047b298c738ae8397dd66d785a2c277e7a0e4075935f2a88
e107blog-blindsql.txt
Posted May 13, 2008
Authored by Saime

The e107 BLOG engine plugin version 2.2 suffers from a blind SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | b4723a6a5ec828f71e328088ae74fb67edda892301b0b4475a508aeb609e1a40
ajhyip-sql.txt
Posted May 13, 2008
Authored by Cyb3r-1sT

AJ HYIP ACME suffers from a remote SQL injection vulnerability in topic_detail.php.

tags | exploit, remote, php, sql injection
SHA-256 | 29687480ef042d000372f86ada376f6b0291df7adbe2457186b0a1033aeb6da9
eqdkp-bypass.txt
Posted May 13, 2008
Authored by vortfu

EQDKP version 1.3.2f authentication bypass proof of concept exploit.

tags | exploit, proof of concept, bypass
SHA-256 | 08f7345e588e611f7225a9fefca51d81c9281172475942f754855b47add1e01d
Ubuntu Security Notice 612-2
Posted May 13, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 612-2 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. We consider this an extremely serious vulnerability, and urge all users to act immediately to secure their systems.

tags | advisory
systems | linux, debian, ubuntu
advisories | CVE-2008-0166
SHA-256 | a3fe7f7dd11d8ef80fad04e03042c734c5101a92993b5be8c41e700a460875f0
Debian Linux Security Advisory 1571-1
Posted May 13, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1571-1 - Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package. As a result, cryptographic key material may be guessable. This is a Debian-specific vulnerability which does not affect other operating systems which are not based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation.

tags | advisory
systems | linux, debian
advisories | CVE-2008-0166
SHA-256 | 32b6972f4816a9a80732fc9314dabd27a27224f039be6fcb0e57b1864547041e
articlelive-xss.txt
Posted May 13, 2008
Authored by SkyOut | Site wired-security.net

Interspire ArticleLive NX is vulnerable to a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 600f5af39b27695784b428bdccc38aba01ce7140cb248bfb9c88e28d8ff66982
Page 1 of 2
Back12Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close