what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 108 RSS Feed

Files Date: 2008-09-03

Mandriva Linux Security Advisory 2008-185
Posted Sep 3, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A cross-site request forgery vulnerability was discovered in Django that, if exploited, could be used to perform unrequested deletion or modification of data. Updated versions of Django will now discard posts from users whose sessions have expired, so data will need to be re-entered in these cases. The versions of Django shipping with Mandriva Linux have been updated to the latest patched versions that include the fix for this issue. In addition, they provide other bug fixes.

tags | advisory, csrf
systems | linux, mandriva
SHA-256 | f29f1fd342862c32773ddaecee0eace0a22b56524a1bce50300386a68f70cf4c
Mandriva Linux Security Advisory 2008-184
Posted Sep 3, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Drew Yaro of the Apple Product Security Team reported multiple uses of uninitialized values in libtiff's LZW compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked to libtiff to crash or potentially execute arbitrary code. The updated packages have been patched to prevent this issue.

tags | advisory, arbitrary
systems | linux, apple, mandriva
advisories | CVE-2008-2327
SHA-256 | d48a8e56693a581360a4d4704458409a15be75044e1e7812103d06ebab38680e
Cisco Security Advisory 20080903-asa
Posted Sep 3, 2008
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances that may result in a reload of the device or disclosure of confidential information.

tags | advisory, vulnerability
systems | cisco
advisories | CVE-2008-2732, CVE-2008-2733, CVE-2008-2734, CVE-2008-2735, CVE-2008-2736
SHA-256 | 09ef207441d25378dcebdc2f3b18ca0c3e8eb21a303ae4cdf5f6ef2a3ca8e2d0
Posted Sep 3, 2008
Site cisco.com

Cisco Security Advisory - A specially crafted Remote Authentication Dial In User Service (RADIUS) Extensible Authentication Protocol (EAP) Message Attribute packet sent to the Cisco Secure Access Control Server (ACS) can crash the CSRadius and CSAuth processes of Cisco Secure ACS. Because this affects CSAuth all authentication requests via RADIUS or TACACS+ will be affected during exploitation of this vulnerability.

tags | advisory, remote, protocol
systems | cisco
advisories | CVE-2008-2441
SHA-256 | 03d2b3ad06e56bf03200206d5acb2d150486c95c36526b6ba7e8707ba224b692
Posted Sep 3, 2008
Authored by Laurent Butti, Gabriel Campana

Cisco Secure ACS does not correctly parse the length of EAP-Response packets which allows remote attackers to cause a denial of service and possibly execute arbitrary code. A remote attacker (acting as a RADIUS client) could send a specially crafted EAP Response packet against a Cisco Secure ACS server in such a way as to cause the CSRadius service to crash (reliable). This bug may be triggered if the length field of an EAP-Response packet has a certain big value, greater than the real packet length.

tags | advisory, remote, denial of service, arbitrary
systems | cisco
advisories | CVE-2008-2441
SHA-256 | 319147cb46911ef704c63fc39bf9d0a5a41748f5c8eed7579cf3a521ef71ba93
Secunia Security Advisory 31719
Posted Sep 3, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in Open Media Collectors Database (OpenDb), which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
SHA-256 | aed6998604d3b94349a6f5b29750a2cc7c3cbbcf8c81878d9e6da41ebd9feffa
Posted Sep 3, 2008
Site tm.uka.de

Distack is a framework for local and distributed attack detection and traffic analysis. It can run on live interfaces or traces files, as well as in simulation environments. Therefore it provides easy ways to develop attack detection mechanisms and evaluate them on a large-scale in simulated networks.

tags | tool, local, intrusion detection
systems | unix
SHA-256 | eb5886135284d2c107e34ae4f23c6fcf85ac4b052094602cb06c30e1d8476400
Posted Sep 3, 2008
Authored by Victor Stinner | Site fusil.hachoir.org

Fusil the fuzzer is a Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files. Fusil has many probes to detect program crash: watch process exit code, watch process stdout and syslog for text patterns (eg. "segmentation fault"), watch session duration, watch cpu usage (process and system load), etc.

tags | python, library, fuzzer
SHA-256 | 137174c6ed1dcabe5eef7a967a9521beb3fa81f8484b91cad6f69c9d2872af32
Posted Sep 3, 2008
Authored by Hussin X | Site tryag.cc

Living Local Website suffers from a SQL injection vulnerability in listtest.php.

tags | exploit, local, php, sql injection
SHA-256 | 30c3ac6019bfdc90961cafb8e335ca47274ca1bce61919eb2b1cf1acfcc69325
Posted Sep 3, 2008
Authored by zurlich.ipt

Moodle versions 1.8.4 and below remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | b12d5fcaf3b259962d8a11ef243d4975a7f2d75b27c4f2182e97e9a20aa36af6
Posted Sep 3, 2008
Site xc0re.net

Uploader version 6.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c1e8f12b0b5d2c75f58f71f12cc891ef7582473f1513465366a0668f2bd71e83
Posted Sep 3, 2008
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "IppCreateServerRef()" function in nipplib.dll. This can be exploited to cause a heap-based buffer overflow by passing an overly long, specially crafted string as argument to either "GetPrinterURLList()", "GetPrinterURLList2()", or "GetFileList2()" as provided by the Novell iPrint ActiveX control (ienipp.ocx). Successful exploitation may allow execution of arbitrary code.

tags | advisory, overflow, arbitrary, activex
advisories | CVE-2008-2436
SHA-256 | e699e714cb91f13aebcf4f514a87db66114a8b4c8b623bc39df1bb5445e65ef5
Posted Sep 3, 2008
Authored by nerex

Google Chrome Browser version automatic file download exploit.

tags | exploit
SHA-256 | c18a210e326724014f3fc95593542a16a6c5f80c004133f1a5e9bdf72f14cf6e
Posted Sep 3, 2008
Authored by Rishi Narang | Site greyhat.in

Google Chrome Browser version suffers from a denial of service crash vulnerability when mishandling a malicious link. Proof of concept code included.

tags | exploit, denial of service, proof of concept
SHA-256 | 88289f21b3c77ff48a8ec6ec66e2bd8950f58167221d5297bab3322d7d4d1a24
Samhain File Integrity Checker 2.4.6
Posted Sep 3, 2008
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 90f5459e742e79f0fd86240b4ba0a584b2963d01b24ba8cfb2fa0cf529b1535f
Posted Sep 3, 2008
Authored by Cyb3r-1sT

Spice Classifieds suffers from a remote SQL injection vulnerability in index.php.

tags | exploit, remote, php, sql injection
SHA-256 | 247fa6953c62c653da0d807dca649fdc0e469253a0b5d86dcca9974bba97d482
Posted Sep 3, 2008
Authored by AmnPardaz Security Research Team | Site bugreport.ir

TransLucid version 1.75 suffers from a remote arbitrary file upload vulnerability.

tags | exploit, remote, arbitrary, file upload
SHA-256 | e9567ac9823ceb39cd82126aa0d63fa304be53841ead193c02397f434d6617e3
Posted Sep 3, 2008
Authored by Alemin Krali | Site al3m.blogspot.com

aspWebAlbum version 3.2 suffers from cross site scripting, SQL injection, and upload vulnerabilities.

tags | exploit, vulnerability, xss, sql injection, file upload
SHA-256 | 9100025966c075d93a29f844cda21de61f1b0b61c904988e6d76b4864284e1ca
Posted Sep 3, 2008
Authored by koshi

67 byte Win32 PEB Kernel32.dll ImageBase Finger Alphanumeric shellcode.

tags | shellcode
systems | windows
SHA-256 | 7edd77337a4cddaae3c77b3778d9de498c100a2f5dbfbb94d1a1bd7484c8ec2b
Posted Sep 3, 2008
Authored by koshi

49 byte Win32 PEB Kernel32.dll ImageBase Finger shellcode.

tags | shellcode
systems | windows
SHA-256 | 23ae18945ff456479ef4e6344f82cc9a281c5472da34397d346f64073ff308d6
Secunia Security Advisory 31683
Posted Sep 3, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - DarkFig has reported some vulnerabilities in Invision Power Board (IP.Board), which can be exploited by malicious users to disclose sensitive information and compromise a vulnerable system, and by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | dc8ee3e1e4ef0de19891c070321d6c792e888205047040f44e7c943abce9b5af
Digital Defense VRT Advisory 2008.13
Posted Sep 3, 2008
Authored by Digital Defense, Corey LeBleu, r@b13$ | Site digitaldefense.net

PageR versions below 5.0.l7 from AVTECH suffer from a directory traversal vulnerability.

tags | advisory
SHA-256 | fa3adea33552ca9262630da8516877402668262951127620425fcaead47745da
Digital Defense VRT Advisory 2008.14
Posted Sep 3, 2008
Authored by Digital Defense, r@b13$, Brandon Shilling | Site digitaldefense.net

The 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point is susceptible to a denial of service condition via the web management interface.

tags | advisory, web, denial of service
SHA-256 | 9849fcdf81060bc5e4eb148d4e44667e9e892e9da6e3c25d212c10f11dbd7eed
Secunia Security Advisory 31665
Posted Sep 3, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - noensr has reported a vulnerability in Belkin Wireless G F5D7632-4V6, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | cf15a0a379650fda1f09bb84e4e640ddbf1544fd98f9aa61c7d4fd7b8bcf2e32
Secunia Security Advisory 31720
Posted Sep 3, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - C1c4Tr1Z has discovered some vulnerabilities in @Mail, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | a380bac864c998f001fc31f1760e9c2cd34a95199a88e979cd295d13aeae0f2e
Page 1 of 5

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By