what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files Date: 2008-06-04

iDEFENSE Security Advisory 2008-06-03.2
Posted Jun 4, 2008
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 06.03.08 - Remote exploitation of an information disclosure vulnerability in Sun Microsystem's Java System Active Server Pages allows attackers to obtain sensitive information. This vulnerability exists due to the placement of the password and configuration data within the application server root directory. By making requests for specific, sensitive documents an attacker could obtain the configuration or password hashes of allowed users. iDefense has confirmed the existence of this vulnerability within version 4.0.2 of Sun Microsystems Inc.'s Java System Active Server Pages. Older versions are suspected to be vulnerable.

tags | advisory, java, remote, root, info disclosure
advisories | CVE-2008-2402
SHA-256 | 23551924e25899f23827e631212b476536014a10dda1d024bd06c64162776740
iDEFENSE Security Advisory 2008-06-03.1
Posted Jun 4, 2008
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 06.03.08 - Remote exploitation of a file creation vulnerability in Sun Microsystem's Java System Active Server Pages allows attackers to execute arbitrary code with root privileges. The vulnerability exists within a file included by several ASP applications. This file provides a function that will write the contents contained within its first parameter to a file specified by its second parameter. Several ASP applications allow an attacker to control both the content and the location of the file written. iDefense has confirmed the existence of this vulnerability within version 4.0.2 of Sun Microsystems Inc.'s Java System Active Server Pages. Older versions are suspected to be vulnerable.

tags | advisory, java, remote, arbitrary, root, asp
advisories | CVE-2008-2401
SHA-256 | c8738c63961d01a910c9a1548f097fc57108cc926e6a36c5d014b8eeff808008
HP Security Bulletin 2007-14.90
Posted Jun 4, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with ActiveX controls in HP Instant Support HPISDataManager.dll running on Microsoft Windows. The vulnerabilities could be remotely exploited to allow remote execution of arbitrary code.

tags | advisory, remote, arbitrary, vulnerability, activex
systems | windows
advisories | CVE-2008-0952, CVE-2007-5604, CVE-2007-5605, CVE-2007-5606, CVE-2007-5607, CVE-2007-5608, CVE-2008-0953, CVE-2007-5610
SHA-256 | 73ddf361e685590c43f24d81890634225ab60734e083fa4f407ee0bae1723f30
CSIS-RI-0003.pdf
Posted Jun 4, 2008
Authored by Dennis Rand | Site csis.dk

The HP Online Support Service ActiveX control, also known as HPISDataManager.dll, suffers from eight vulnerabilities. Five of them allow for arbitrary code execution. Proof of concept code included. It only took Hewlett Packard 207 days to fix this!

tags | exploit, arbitrary, vulnerability, code execution, activex, proof of concept
advisories | CVE-2008-0952, CVE-2007-5604, CVE-2007-5605, CVE-2007-5606, CVE-2007-5607, CVE-2007-5608, CVE-2008-0953, CVE-2007-5610
SHA-256 | 1b188660e4a25d66cc3fa31a4fc24596dfd706b01ebaa57dcf760e66e66ee2ef
quicksite-multi.txt
Posted Jun 4, 2008
Authored by AmnPardaz Security Research Team | Site bugreport.ir

QuickerSite version 1.8.5 suffers from various site manipulation flaws as well as cross site scripting and SQL injection vulnerabilities. This thing is riddled with holes.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | 58acc7a4491e9f4405f467c26a046525f3d490c89855383f84152e5ed95324dd
sipvicious-0.2.3.tar.gz
Posted Jun 4, 2008
Authored by Sandro Gauci | Site sipvicious.org

SIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.

Changes: Multiple features added including fingerprinting support for svmap. Included fphelper.py and 3 databases used for fingerprinting.
tags | telephony, python
SHA-256 | 7a884728d0b0449539ae468744f04de9386aceef921b10b79cfdbcac2701d9ff
alph-0.24.tar.gz
Posted Jun 4, 2008
Authored by Corcalciuc V. Horia | Site sourceforge.net

alph implements and analyzes historical and traditional ciphers and codes, such as polyalphabetic, substitutional, and mixed employing human-reconstructable algorithms. It provides a pipe filter interface in order to encrypt and decrypt block text to achieve transparency. The program is meant to be used in conjunction with external programs that transfer data, resulting in transparent encryption or decryption of information. The program can thus be used as a mail filter, IRC filter, IM filter, and so on.

Changes: Added MILLENIUM photographic steganography. Switched to git repository. Optimised permutation and combination functions. Repaired ALBERTI cypher. Repaired LEWIS cypher. Repaired ROT-13 cypher. Repaired MORSE cypher.
tags | encryption
SHA-256 | c1ca70c2034101828bf6a6996161301331563b4e5a6b3957b3ce33da6c136ba9
joomlajotloader-sql.txt
Posted Jun 4, 2008
Authored by His0k4

Joomla Jotloader component versions 1.2.1a and below blind SQL injection exploit.

tags | exploit, sql injection
SHA-256 | adbadf3b6350077e9e924e7110f6121994f62f1f1a2867c6e89ef45953cbd743
1book-exec.txt
Posted Jun 4, 2008
Authored by jiko | Site no-back.org

1Book Guestbook suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | b23f8bba7a1d4b60bf861dfc3094186def94eb419801e9ebad6e8dc02e5b9e0b
joomlajooblog-sql.txt
Posted Jun 4, 2008
Authored by His0k4

Joomla JooBlog component blind SQL injection exploit.

tags | exploit, sql injection
SHA-256 | 366e8e1ebde95dd5033b3859ce4f354c4d578fbb2fe3cb9ab7dc9659b4544923
Mandriva Linux Security Advisory 2008-109
Posted Jun 4, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory. Additionally, some fixes were made, related to: iwlwifi (small bug interacting with drakconnect interface detection), brightness handling on EeePc, uvcvideo on Thinkpad X300, sound for TOSHIBA Satellite Pro A200 and A210, RealTek 8169 ethernet, unionfs, and more.

tags | advisory, kernel, local
systems | linux, mandriva
advisories | CVE-2008-1675
SHA-256 | e2c7f9ca31e1a830b26d32bb28c2e8bd202c4a3b98b402586a4f6a9c2ef72fb1
AST-2008-008.txt
Posted Jun 4, 2008
Authored by Hooi Ng | Site asterisk.org

Asterisk Project Security Advisory - During pedantic SIP processing the From header value is passed to the ast_uri_decode function to be decoded. In two instances it is possible for the code to cause a crash as the From header value is not checked to be non-NULL before being passed to the function.

tags | advisory
advisories | CVE-2008-2119
SHA-256 | 6d6c76931877fb8fcfcb71ac5a7f4ca1baaf4e140c905963272cd3b2b09ead91
Ubuntu Security Notice 614-1
Posted Jun 4, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 614-1 - It was discovered that PowerPC kernels did not correctly handle reporting certain system details. By requesting a specific set of information, a local attacker could cause a system crash resulting in a denial of service. A race condition was discovered between dnotify fcntl() and close() in the kernel. If a local attacker performed malicious dnotify requests, they could cause memory consumption leading to a denial of service, or possibly send arbitrary signals to any process. On SMP systems, a race condition existed in fcntl(). Local attackers could perform malicious locks, causing system crashes and leading to a denial of service. The tehuti network driver did not correctly handle certain IO functions. A local attacker could perform malicious requests to the driver, potentially accessing kernel memory, leading to privilege escalation or access to private system information.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2007-6694, CVE-2008-1375, CVE-2008-1669, CVE-2008-1675
SHA-256 | ca2f984d27aa5deee1f3c6719dc2cd35d3ea868489fb3ea00ecf5c0f4810bbeb
c6msg-activex.txt
Posted Jun 4, 2008
Authored by Nine:Situations:Group | Site retrogod.altervista.org

C6 Messenger Active-X related remote download and execute exploit.

tags | exploit, remote, activex
SHA-256 | 80297bec0528d0f53dfcf8e6de464e5f180b3c2d68d837064b9e5315ce04c433
Secunia Security Advisory 30427
Posted Jun 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Heise Security has reported a security issue in Online Backup 24 Client, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
SHA-256 | ad3c1a5ac4f2c257dea38f2cfcffd07ce6b429a6c651ac2dbe2b364717aefb8b
Secunia Security Advisory 30465
Posted Jun 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - M.Hasran Addahroni has reported a vulnerability in HiveMaker Professional, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 92c5af75c8fc21259dff9409ddcdaa4ac98564b359c5ccf53c5b7d8250d9c873
Secunia Security Advisory 30477
Posted Jun 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - CWH Underground has discovered some vulnerabilities in SMEweb, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 56c32afb5aa11438303b2867a25f534f718112d07610417317d19935d6e335f8
Secunia Security Advisory 30485
Posted Jun 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for imlib2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.

tags | advisory, denial of service
systems | linux, fedora
SHA-256 | 7907394ddf374b2713139d32a1a955e8dbdd9f0bbaa3f665d9765da69a7d9fcd
Secunia Security Advisory 30486
Posted Jun 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for libpng. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, or potentially compromise an application using the library.

tags | advisory, denial of service
systems | linux, fedora
SHA-256 | 95fe365f49ae469d6c6a5b0191b8b1bf4abe84552d8998d3b167046406734838
Secunia Security Advisory 30488
Posted Jun 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - CWH Underground has discovered some vulnerabilities in meBiblio, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 5cb0537692dc3d7b3008f228f0e9ea7fc241201cad7063645fd60742d0822f23
Secunia Security Advisory 30489
Posted Jun 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - rPath has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | ce9ab7f664a15c3cc0ed2c46f1f0dda62ca9a0f5daed8beb63911b6cfcdb9cbf
Secunia Security Advisory 30491
Posted Jun 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - rPath has issued an update for evolution. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | fc8779ec897820e1dbaaa907bb2d27e6e99c3636f0fa260b199cedfc7209f812
Secunia Security Advisory 30492
Posted Jun 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Stack & Jadi have reported a vulnerability in the Bible Study component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 6f219d73b02003f477107082b254369547e4f8d1e5512f281b4c390a8e3e9988
Secunia Security Advisory 30495
Posted Jun 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in LimeSurvey, where some have unknown impacts and others can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, vulnerability, csrf
SHA-256 | a76281d1162462362e67f9952435116c35fd9031ec3cd2a19c7ad37349fe4941
Secunia Security Advisory 30502
Posted Jun 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in HP StorageWorks Storage Mirroring Software, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 7971a1fcb8c764a72e5304a4ce83db718e4dcc0c793e9779ebc21526e7f1742f
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close