what you don't know can hurt you
Showing 1 - 25 of 108 RSS Feed

Files Date: 2008-09-03

Mandriva Linux Security Advisory 2008-185
Posted Sep 3, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A cross-site request forgery vulnerability was discovered in Django that, if exploited, could be used to perform unrequested deletion or modification of data. Updated versions of Django will now discard posts from users whose sessions have expired, so data will need to be re-entered in these cases. The versions of Django shipping with Mandriva Linux have been updated to the latest patched versions that include the fix for this issue. In addition, they provide other bug fixes.

tags | advisory, csrf
systems | linux, mandriva
MD5 | 6ac0b104186085519706b8c2c66e09d3
Mandriva Linux Security Advisory 2008-184
Posted Sep 3, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Drew Yaro of the Apple Product Security Team reported multiple uses of uninitialized values in libtiff's LZW compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked to libtiff to crash or potentially execute arbitrary code. The updated packages have been patched to prevent this issue.

tags | advisory, arbitrary
systems | linux, apple, mandriva
advisories | CVE-2008-2327
MD5 | a603583eb6b1e7b4ab9c84a0ebade1c6
Cisco Security Advisory 20080903-asa
Posted Sep 3, 2008
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances that may result in a reload of the device or disclosure of confidential information.

tags | advisory, vulnerability
systems | cisco
advisories | CVE-2008-2732, CVE-2008-2733, CVE-2008-2734, CVE-2008-2735, CVE-2008-2736
MD5 | dcc3833fe405434e423da50c55a28149
cisco-sr-20080903-csacs.txt
Posted Sep 3, 2008
Site cisco.com

Cisco Security Advisory - A specially crafted Remote Authentication Dial In User Service (RADIUS) Extensible Authentication Protocol (EAP) Message Attribute packet sent to the Cisco Secure Access Control Server (ACS) can crash the CSRadius and CSAuth processes of Cisco Secure ACS. Because this affects CSAuth all authentication requests via RADIUS or TACACS+ will be affected during exploitation of this vulnerability.

tags | advisory, remote, protocol
systems | cisco
advisories | CVE-2008-2441
MD5 | 115410313bc62c93c6e6d1391b58bab4
cisco-acs.txt
Posted Sep 3, 2008
Authored by Laurent Butti, Gabriel Campana

Cisco Secure ACS does not correctly parse the length of EAP-Response packets which allows remote attackers to cause a denial of service and possibly execute arbitrary code. A remote attacker (acting as a RADIUS client) could send a specially crafted EAP Response packet against a Cisco Secure ACS server in such a way as to cause the CSRadius service to crash (reliable). This bug may be triggered if the length field of an EAP-Response packet has a certain big value, greater than the real packet length.

tags | advisory, remote, denial of service, arbitrary
systems | cisco
advisories | CVE-2008-2441
MD5 | af42d10de51f46d9fd8a6bf7ca0cf4ad
Secunia Security Advisory 31719
Posted Sep 3, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in Open Media Collectors Database (OpenDb), which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
MD5 | cbad228bca857f35e076936c302cbaf2
distack-1.1.0-dev.tar.gz
Posted Sep 3, 2008
Site tm.uka.de

Distack is a framework for local and distributed attack detection and traffic analysis. It can run on live interfaces or traces files, as well as in simulation environments. Therefore it provides easy ways to develop attack detection mechanisms and evaluate them on a large-scale in simulated networks.

tags | tool, local, intrusion detection
systems | unix
MD5 | 3fb4c5502309f3badd504a961d5c19db
fusil-0.9.1.tar.gz
Posted Sep 3, 2008
Authored by Victor Stinner | Site fusil.hachoir.org

Fusil the fuzzer is a Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files. Fusil has many probes to detect program crash: watch process exit code, watch process stdout and syslog for text patterns (eg. "segmentation fault"), watch session duration, watch cpu usage (process and system load), etc.

tags | python, library, fuzzer
MD5 | 68ab675bee4c53dc2b7929121401e99c
livinglocal-sql.txt
Posted Sep 3, 2008
Authored by Hussin X | Site tryag.cc

Living Local Website suffers from a SQL injection vulnerability in listtest.php.

tags | exploit, local, php, sql injection
MD5 | aed2227fccc75ee8c058fc811ae683b7
moodle-exec.txt
Posted Sep 3, 2008
Authored by zurlich.ipt

Moodle versions 1.8.4 and below remote code execution exploit.

tags | exploit, remote, code execution
MD5 | 7f3beb6819cc88f01ffaf5f6e7718031
uploader6-xss.txt
Posted Sep 3, 2008
Site xc0re.net

Uploader version 6.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | d3868d8d336ff7a3919446693fca6528
secunia-iprintboundary.txt
Posted Sep 3, 2008
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "IppCreateServerRef()" function in nipplib.dll. This can be exploited to cause a heap-based buffer overflow by passing an overly long, specially crafted string as argument to either "GetPrinterURLList()", "GetPrinterURLList2()", or "GetFileList2()" as provided by the Novell iPrint ActiveX control (ienipp.ocx). Successful exploitation may allow execution of arbitrary code.

tags | advisory, overflow, arbitrary, activex
advisories | CVE-2008-2436
MD5 | 5f0735fc1bc5e620690fa1fac9a4c647
google-download.txt
Posted Sep 3, 2008
Authored by nerex

Google Chrome Browser version 0.2.149.27 automatic file download exploit.

tags | exploit
MD5 | eae4601ff8c54d54721be67a4701b9e7
google_chrome.tgz
Posted Sep 3, 2008
Authored by Rishi Narang | Site greyhat.in

Google Chrome Browser version 0.2.149.27 suffers from a denial of service crash vulnerability when mishandling a malicious link. Proof of concept code included.

tags | exploit, denial of service, proof of concept
MD5 | dc520b74c3da64470e484723fa2ccf18
Samhain File Integrity Checker 2.4.6
Posted Sep 3, 2008
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | b707b7b7207b4bfa6357fe70795ef57d
spice-sql.txt
Posted Sep 3, 2008
Authored by Cyb3r-1sT

Spice Classifieds suffers from a remote SQL injection vulnerability in index.php.

tags | exploit, remote, php, sql injection
MD5 | aa454ef31230d003a379d250406a8443
translucid-upload.txt
Posted Sep 3, 2008
Authored by AmnPardaz Security Research Team | Site bugreport.ir

TransLucid version 1.75 suffers from a remote arbitrary file upload vulnerability.

tags | exploit, remote, arbitrary, file upload
MD5 | 061bebb6b88a1774334dcf9c565d595a
aspwebalbum-sqlxssupload.txt
Posted Sep 3, 2008
Authored by Alemin Krali | Site al3m.blogspot.com

aspWebAlbum version 3.2 suffers from cross site scripting, SQL injection, and upload vulnerabilities.

tags | exploit, vulnerability, xss, sql injection, file upload
MD5 | 783696c8eddcb252ce39137aeb79df35
alphanumeric-shellcode.txt
Posted Sep 3, 2008
Authored by koshi

67 byte Win32 PEB Kernel32.dll ImageBase Finger Alphanumeric shellcode.

tags | shellcode
systems | windows
MD5 | 6d2a060c4b5b120608b335f01eabb6bd
imagebase-shellcode.txt
Posted Sep 3, 2008
Authored by koshi

49 byte Win32 PEB Kernel32.dll ImageBase Finger shellcode.

tags | shellcode
systems | windows
MD5 | fc3c982d2817211fd69ee6a7abc76c19
Secunia Security Advisory 31683
Posted Sep 3, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - DarkFig has reported some vulnerabilities in Invision Power Board (IP.Board), which can be exploited by malicious users to disclose sensitive information and compromise a vulnerable system, and by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
MD5 | f87a3fa1ae53e9536c45e50011aea15e
Digital Defense VRT Advisory 2008.13
Posted Sep 3, 2008
Authored by Digital Defense, Corey LeBleu, r@b13$ | Site digitaldefense.net

PageR versions below 5.0.l7 from AVTECH suffer from a directory traversal vulnerability.

tags | advisory
MD5 | 4f3dc854012982faa1c7229a759a2dd8
Digital Defense VRT Advisory 2008.14
Posted Sep 3, 2008
Authored by Digital Defense, r@b13$, Brandon Shilling | Site digitaldefense.net

The 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point is susceptible to a denial of service condition via the web management interface.

tags | advisory, web, denial of service
MD5 | d3b32a21f0121d23492de63e5c6ed8f2
Secunia Security Advisory 31665
Posted Sep 3, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - noensr has reported a vulnerability in Belkin Wireless G F5D7632-4V6, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | 6a74f8a32c1e24dd75e6cf5c07df3dcf
Secunia Security Advisory 31720
Posted Sep 3, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - C1c4Tr1Z has discovered some vulnerabilities in @Mail, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 075a44ec7fd37e97ef2bf153943c3d41
Page 1 of 5
Back12345Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close