exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 60 RSS Feed

Files Date: 2008-05-22

Debian Linux Security Advisory 1586-1
Posted May 22, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1586-1 - Multiple vulnerabilities have been discovered in xine-lib, a library which supplies most of the application functionality of the xine multimedia player. Integer overflow vulnerabilities exist in xine's FLV, QuickTime, RealMedia, MVE and CAK demuxers, as well as the EBML parser used by the Matroska demuxer. Insufficient input validation in the Speex implementation used by this version of xine enables an invalid array access and the execution of arbitrary code by supplying a maliciously crafted Speex file. Inadequate bounds checking in the NES Sound Format (NSF) demuxer enables a stack buffer overflow and the execution of arbitrary code through a maliciously crafted NSF file.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2008-1482, CVE-2008-1686, CVE-2008-1878
SHA-256 | 7355be718f57b1c08e1f04edd7309ae95359f8b6a3dba2dc3d07285db02c23a0
abledating-sqlxss.txt
Posted May 22, 2008
Authored by Ali Jasbi

AbleDating version 2.4 suffers from SQL injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | 73a15086564c5355c9428489912632b3ac252a24044e4a322414cee0cb3253e3
fslint-2.26.tar.gz
Posted May 22, 2008
Authored by pixelbeat | Site pixelbeat.org

FSlint is a toolkit to find various forms of lint on a filesystem. At the moment it reports duplicate files, bad symbolic links, troublesome file names, empty directories, non stripped executables, temporary files, duplicate/conflicting (binary) names, and unused ext2 directory blocks.

Changes: Added and updated multiple translations. Multiple bug fixes.
tags | tool
systems | unix
SHA-256 | c80f537d9db5de71dad583228ece831d62aa03bdd394f927c6567112d6ccfa84
bunny-0.93.tgz
Posted May 22, 2008
Authored by Michal Zalewski | Site code.google.com

Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.

Changes: Bug fix release.
tags | protocol, fuzzer
SHA-256 | 30c7765b960b131246bfe8c25b79d20eae49f282dd0ac3b7e1e293233a446f99
bmforum-xss.txt
Posted May 22, 2008
Authored by CWH Underground | Site citecclub.org

BMForum Remote version 5.6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss
SHA-256 | 8f595250462eb8e1b20ff9980e0c4ffe0fb9e72739420988134d936fb176a7ee
exteen-disclose.txt
Posted May 22, 2008
Authored by CWH Underground | Site citecclub.org

Exteen Blog suffers from a cookie disclosure flaw using a cross site scripting vulnerability.

tags | exploit, xss, info disclosure
SHA-256 | 9773d823ba5cb2ce67daadc1aedaff09c9ec6b57d0bf06397bfa75cb870454e6
HP Security Bulletin 2008-00.72
Posted May 22, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP-UX Secure Shell. The vulnerability could be exploited locally to gain unauthorized access and create a Denial of Service (DoS).

tags | advisory, denial of service, shell
systems | hpux
advisories | CVE-2008-1483
SHA-256 | 2cd46811be74b61931443d90b14f854ab729ee479e5a774b1d8a65ea85ff55fb
phpsqlitecms-xss.txt
Posted May 22, 2008
Authored by CWH Underground | Site citecclub.org

phpSQLiteCMS version 1 RC2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e2c0022d7c7bb0a81228bd239b46b326e42f265be1c47704ece49c01bdfda1ad
phpfreeforum-xss.txt
Posted May 22, 2008
Authored by CWH Underground | Site citecclub.org

PHPFreeForum versions 1.0 RC2 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a7f164b952ba42cba0a2e8d0046bdf409748965eac017aec3b2060b0cacc3eff
bthub-password.txt
Posted May 22, 2008
Authored by Adrian Pastor | Site gnucitizen.org

The BT Home Hub has now changed the default access password from admin to the serial number of the device, but allows retrieval of the number via a simple MDAP request in the same network.

tags | advisory
SHA-256 | 5a3ba5771f669f0d36e2e14d02605ae45cde0985a569ac6b24a5e403fcc692c7
barracuda-xss.txt
Posted May 22, 2008
Site irmplc.com

The Barracuda Spam Firewall device web administration interface is vulnerable to a reflected cross site scripting vulnerability which may allow theft of administrative credentials or downloading of malicious content. IRM confirmed the presence of this vulnerability in Barracuda Spam Firewall 600 Firmware 3.5.11.020. The vendor has confirmed the issue exists in all versions prior to 3.5.11.025.

tags | exploit, web, xss
advisories | CVE-2008-2333
SHA-256 | 9f40b815888c87cdeb682e726a415b2f57a0e4e96a16e1c928489289784a80fb
sametime-exploit.txt
Posted May 22, 2008
Authored by Manuel Santamarina Suarez

IBM Lotus Sametime StMUX stack overflow exploit that binds a shell to port 4444.

tags | exploit, overflow, shell
SHA-256 | 70ad7c5c6d5f9fcf5bb0e2e9cde8e152fa49ef8e0aa91c1fb05503ce176602ea
Secunia Security Advisory 30348
Posted May 22, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Snort, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | bb3c8b291059e3c69795d519613c6bdd2bd64d7e2ce1b84a3c2eda08a90ba88e
Secunia Security Advisory 30352
Posted May 22, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for nss_ldap. This fixes a security issue, which can be exploited by malicious people to manipulate certain data.

tags | advisory
systems | linux, redhat
SHA-256 | 70e58be39bc5901d935629d61a8d1c8251f6ac97ab4a5b655ccda02d588513d0
AST-2008-007.txt
Posted May 22, 2008
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Asterisk installations using cryptographic keys generated by Debian-based systems may be using a vulnerable implementation of OpenSSL.

tags | advisory
systems | linux, debian
advisories | CVE-2008-0166
SHA-256 | 9e1a273be0fa164aae613d72d1ac5770291a36e329b0ef6f8f88dc52d55212ae
Mandriva Linux Security Advisory 2008-104
Posted May 22, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple race conditions have been addressed in the Linux 2.6 kernel.

tags | advisory, kernel
systems | linux, mandriva
advisories | CVE-2008-1375, CVE-2008-1669
SHA-256 | 7a3fe08bf3eec20d06755c9431d74aa4ce09ca2fec57d36ec7991fa23b4f3f9b
Zero Day Initiative Advisory 08-031
Posted May 22, 2008
Authored by Tipping Point, tw33k, n8 | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the header parsing code for the msn protocol. When processing the X-MMS-IM-FORMAT header, certain attributes are copied into a buffer located on the stack without any length verification which can eventually lead to code execution with the privileges of the user that is running the application.

tags | advisory, remote, arbitrary, code execution, protocol
SHA-256 | 4d0a6af5e44d2bdd56945b744c3b6f4b89a2d5e8d4768d943eb3bfc81d350476
Zero Day Initiative Advisory 08-030
Posted May 22, 2008
Authored by Tipping Point, tw33k, n8 | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within XML parsing in talk.dll. When processing certain malformed attributes within an 'IMG' tags, it is possible to overwrite past an allocated heap chunk which can eventually lead to code execution under the context of the currently user.

tags | advisory, remote, arbitrary, code execution
SHA-256 | 8fdf950b0f377ce0f861aa8e4fbbf191238473172e4170a987fa019d0aa05e97
Zero Day Initiative Advisory 08-029
Posted May 22, 2008
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trillian. User interaction is required to exploit this vulnerability in that the target must open a malicious image file. The specific flaws exists during the parsing of messages with overly long attribute values within the FONT tag. The value for any attribute is copied into a stack based buffer via sprintf() which can result in a buffer overrun and can be subsequently leveraged to execute arbitrary code under the privileges of the logged in user. Exploitation may occur over the AIM network or via direct connections.

tags | advisory, remote, overflow, arbitrary
SHA-256 | 5d989512a7ddd1bb4faf147b19da9f8fc2c822c256c6593dbf81d50f70814e65
Zero Day Initiative Advisory 08-028
Posted May 22, 2008
Authored by Tipping Point, Manuel Santamarina Suarez | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Sametime. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of long URLs in the Community Services Multiplexer (StMux.exe) listening on TCP port 1533. A specially crafted URL can be passed into a vulnerable sscanf() function that will result in a stack overflow resulting in the ability to execute arbitrary code.

tags | advisory, remote, overflow, arbitrary, tcp
SHA-256 | 8ed7a6fdc52c86303cf6d9ba98be2cbe194fea9fb4821f008b8660ae7a801511
iDEFENSE Security Advisory 2008-05-21.1
Posted May 22, 2008
Authored by Silvio Cesare, iDefense Labs | Site idefense.com

iDefense Security Advisory 05.21.08 - Remote exploitation of a design error vulnerability in Snort, as included in various vendors' operating system distributions, could allow an attacker to bypass filter rules. Due to a design error vulnerability, Snort does not properly reassemble fragmented IP packets. When receiving incoming fragments, Snort checks the Time To Live (TTL) value of the fragment, and compares it to the TTL of the initial fragment. If the difference between the initial fragment and the following fragments is more than a configured amount, the fragments will be silently discard. This results in valid traffic not being examined and/or filtered by Snort. iDefense has confirmed the existence of this vulnerability in Snort 2.8 and 2.6. Snort 2.4 is not vulnerable.

tags | advisory, remote
advisories | CVE-2008-1804
SHA-256 | 71694e299caa136a88ff4553f89f1078e330d6913b0b76957abb0e2e9cfa6bff
Core Security Technologies Advisory 2008.0126
Posted May 22, 2008
Authored by Core Security Technologies, Rodrigo Carvalho | Site coresecurity.com

Core Security Technologies Advisory - Three vulnerabilities discovered in the iCal application may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) the assistance from the end user of the application and may cause a denial of service condition. iCal version 3.0.1 on MacOS X 10.5.1 (Leopard) is affected.

tags | exploit, denial of service, arbitrary, vulnerability
advisories | CVE-2008-1035, CVE-2008-2006, CVE-2008-2007
SHA-256 | 50d4793f2baf710c1c56d4c0a79886923259f972a87d94aa8b20feaedbd4b114
Gentoo Linux Security Advisory 200805-20
Posted May 22, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200805-20 - Multiple vulnerabilities might allow for the execution of arbitrary code in daemons using GnuTLS. Versions less than 2.2.5 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
SHA-256 | e37e04b526b4b0b5bb000df629ceab208e43543a12e0226906b04744ba9ae394
Debian Linux Security Advisory 1585-1
Posted May 22, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1585-1 - It was discovered that speex, The Speex codec command line tools, did not correctly did not correctly deal with negative offsets in a particular header field. This could allow a malicious file to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2008-1686
SHA-256 | 58ba5f6f2087b0475b32666839ed85079aae9b23d864adaa42fe7bc7447bf0e4
Debian Linux Security Advisory 1584-1
Posted May 22, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1584-1 - It was discovered that libfishsound, a simple programming interface that wraps Xiph.Org audio codecs, didn't correctly handle negative values in a particular header field. This could allow malicious files to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2008-1686
SHA-256 | 87491f9f366dac141525b69c9cb64ea9a5018739043844747a58d03549743c13
Page 1 of 3
Back123Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close