exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 45 RSS Feed

Files Date: 2008-12-10

Gentoo Linux Security Advisory 200812-11
Posted Dec 10, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-11 - Several remotely exploitable bugs have been found in CUPS, which allow remote execution of arbitrary code. Versions less than 1.3.9-r1 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2008-3639, CVE-2008-3640, CVE-2008-3641, CVE-2008-5286
SHA-256 | 827cf9ee7779b7a80dd45cbbe00a496e41377152190668ccd97c51324afc527b
CA ARCserve Backup LDBserver Vulnerability
Posted Dec 10, 2008
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup contains a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient verification of client data. A remote attacker can crash the LDBserver service or execute arbitrary code in the context of the service. Note: The client installation is not affected.

tags | advisory, remote, denial of service, arbitrary
advisories | CVE-2008-5415
SHA-256 | c3f42a1781959a4e232299fd40445813782d401f6a4ad863bcdc64c3aefdb67a
Microsoft Internet Explorer Vista XML Overflow
Posted Dec 10, 2008
Authored by Mati Aharoni | Site offensive-security.com

Microsoft Internet Explorer 7 XML parsing remote buffer overflow exploit that spawns calc.exe.

tags | exploit, remote, overflow
SHA-256 | 68f9fa88b21b8862740cac4d6058e5ea49f525f8a10b4724d1d4297a7a3e4da5
CF Forum Blind SQL Injection
Posted Dec 10, 2008
Authored by AlpHaNiX | Site offensivetrack.org

CF Forum suffers from a blind remote SQL injection vulnerability in forummessages.cfm.

tags | exploit, remote, sql injection
SHA-256 | ebc826e3757bc8e495970a7e3759749423bfb04df583e504d7bedc54766f8a97
CFMBLOG Blind SQL Injection
Posted Dec 10, 2008
Authored by AlpHaNiX | Site offensivetrack.org

CFMBLOG suffers from a blind remote SQL injection vulnerability in index.cfm.

tags | exploit, remote, sql injection
SHA-256 | 99fee75837ee20f62c240d0ffc1c1f7934ba8a5ff7036a95879da3fa4d70a37f
Mandriva Linux Security Advisory 2008-240
Posted Dec 10, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2008-240 - Alfredo Ortega found a flaw in how Vinagre uses format strings. A remote attacker could exploit this vulnerability if they were able to trick a user into connecting to a malicious VNC server, or opening a specially crafted URI with Vinagre. With older versions of Vinagre, it was possible to execute arbitrary code with user privileges. In later versions, Vinagre would abort, leading to a denial of service. The updated packages have been patched to prevent this issue.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
SHA-256 | 39d368ad79c4624b60368ed3801cfa631cf29c75ff6e77ddce8838a0cbd8afe4
Max's Guestbook 1.0 Cross Site Scripting
Posted Dec 10, 2008
Authored by GTADarkDude

Max's Guestbook version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6929c525157307cfb8c066422be51c338b5e131994e4ab28e2455268cf6d607e
CF Auction SQL Injection
Posted Dec 10, 2008
Authored by AlpHaNiX | Site offensivetrack.org

CF Auction suffers from a blind remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6893efae3026ceb24806ed2f478acc9942a8c8b8f726704da885fb0b40dec9af
CF Calendar SQL Injection
Posted Dec 10, 2008
Authored by AlpHaNiX | Site offensivetrack.org

CF Calendar suffers from a remote SQL injection vulnerability in calendarevent.cfm.

tags | exploit, remote, sql injection
SHA-256 | f0fac2796a6d478bf1285aebff0460edc1e34ad258d71f9e816f57f184a457e3
iDEFENSE Security Advisory 2008-12-09.3
Posted Dec 10, 2008
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 12.09.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel spreadsheet could allow attackers to execute arbitrary code with the privileges of the current user. This issue exists in the handling of certain malformed object records within an Excel spreadsheet (XLS), allowing memory corruption to occur. This could lead to an exploitable situation. iDefense has confirmed the existence of this vulnerability with Office 2000 SP3 fully patched as of July 2008.

tags | advisory, remote, arbitrary
advisories | CVE-2008-4265
SHA-256 | 4441eb16250d65d8bc6ff4a748607eb35ff4755d0a9fde4c53f0225021c96e4d
CF Shopkart 5.2.2 SQL Injection
Posted Dec 10, 2008
Authored by AlpHaNiX | Site offensivetrack.org

CF Shopkart version 5.2.2 suffers from remote SQL injection and database disclosure vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | 693f24f76e8795a2c9fadc701f58825470b74b5f39b01fd5cf08865a23644a83
Butterfly Organizer 2.0.1 SQL Injection
Posted Dec 10, 2008
Authored by Osirys

Butterfly Organizer version 2.0.1 suffers from a remote SQL injection vulnerability in view.php.

tags | exploit, remote, php, sql injection
SHA-256 | 7a32fc917b63a62485b3b5b92f85145c7297227227ad6036aa9d06884c1fe042
Nebula Intrusion Signature Generator 0.2.3
Posted Dec 10, 2008
Authored by Tillmann Werner | Site nebula.mwcollect.org

Nebula is a data analysis tool that automatically generates intrusion signatures from attack traces. It runs as a daemon that processes data submitted from honeypots. New signatures are published as Snort rules and can be used to defend a network from future intrusion attempts.

Changes: Entropy threshold bug corrected. Enabled realtime signal thread control only if available. BSD compatibility changes.
tags | tool, sniffer
SHA-256 | 6d90fe1c5c1d81045134485e8ee4e888e9fce5d4323a2b6b321bf8a9765fc856
HP Security Bulletin 2008-00.57
Posted Dec 10, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running DCE. The vulnerability could be exploited remotely to create a Denial of Service (DoS).

tags | advisory, denial of service
systems | hpux
advisories | CVE-2008-4418
SHA-256 | 471823d5e54224359fc29c8657b25f4c4bb648e0288c1c9d07f9b36f3614c09b
SEC Consult Security Advisory 20081210-0
Posted Dec 10, 2008
Authored by Bernhard Mueller | Site sec-consult.com

SEC Consult Security Advisory 20081210-0 - By calling the extended stored procedure sp_replwritetovarbin, an attacker can write limited values to arbitrary locations in process memory. This vulnerability has been described in a prior security advisory for MS SQL Server 2000.

tags | advisory, arbitrary
SHA-256 | 35360a7acfa1a99b8a092110b58250c85ed5ca8c4ccd0d0b760cbb8a46b38a39
iViZ Security Advisory 08-016
Posted Dec 10, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

It is possible to protect an ELF binary against f-prot by corrupting its ELF header, while letting the binary completely functional. F-prot will crash when analyzing the file, letting the possible malware undetected. f-prot version 4.6.8 for GNU/Linux is affected.

tags | advisory
systems | linux
SHA-256 | a1424ff8ad9ff444b319433fdf1a2163ec6ad872d6772bed154f4806cb4e88df
iViZ Security Advisory 08-015
Posted Dec 10, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

Sophos Antivirus deterministically crashes (segmentation fault) when analyzing corrupted packed files for multiple packers: armadillo, asprotect, asprotectSKE. The same behavior has also been observed when analyzing corrupted CAB files. Sophos SAVScan 4.33.0 for Linux and possibly others are affected.

tags | advisory
systems | linux
SHA-256 | 9228d18fc3b87e9dfa481b98001a67b62060706c5652631568b031109f3efa05
iViZ Security Advisory 08-014
Posted Dec 10, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

AVG antivirus can be deterministically forced to crash (segmentation fault) when analyzing corrupted UPX files. AVG for Linux version 7.5.51 (current) and possibly other versions are affected.

tags | advisory
systems | linux
SHA-256 | 5e961e37dbebcceed6eeb4bb17a3094e91573d02baa5556259658da15b68d26f
iViZ Security Advisory 08-013
Posted Dec 10, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

Multiple buffer overflows were discovered in the GNU/Linux version of Avast when analyzing corrupted ISO and RPM files. Avast for Workstations version 1.0.8 Trial versions and possibly others are affected.

tags | advisory, overflow
systems | linux
SHA-256 | 45808bf369b9de88af97274c0bdbdb9c6a37f8c49f6d650f396a93a786278ecc
iViZ Security Advisory 08-012
Posted Dec 10, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

Multiple integer overflows were discovered in the GNU/Linux version of Bitdefender when analyzing corrupted PE binaries packed with neolite and asprotect packers. Bitdefender for GNU/Linux versions 7.60825 and below are affected.

tags | advisory, overflow
systems | linux
SHA-256 | e166e24e386d19eeb0be908dfb8aff0db2050d27a19747733c8f6db105b3d5f1
iViZ Security Advisory 08-011
Posted Dec 10, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

Clamav uses an external unpacker, which can be deterministically crashed, when processing corrupted LZH files. Versions 0.93.3 and below are affected.

tags | advisory
SHA-256 | af9e2f87235c167df539925d2d3e6d8133912250f66b6b29626b3fb8d4cbdf95
Microsoft Internet Explorer 7 XML Parsing Overflow
Posted Dec 10, 2008
Authored by k'sOSe | Site pornosecurity.org

Microsoft Internet Explorer 7 XML parsing remote buffer overflow exploit that spawns calc.exe.

tags | exploit, remote, overflow
SHA-256 | bf0cf3c2d60be063bd15565d0f2e4c146b0b396c2c2fd67bb3b37d350e1ecbe3
Core Security Technologies Advisory 2008.0228
Posted Dec 10, 2008
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - A vulnerability has been found in the way that Microsoft Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed record value. An attacker who successfully exploited this vulnerability could execute arbitrary code with the privileges of the user running the MS Word application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2008-0228
SHA-256 | 6f84551f3249c3aa35a7feb4f055de3b8c4220bfed506d6013db37f88a75caec
Insomnia Security Vulnerability Advisory ISVA-081209.1
Posted Dec 10, 2008
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - A vulnerability was found in the way that webdav requests are cached and then later retrieved by Internet Explorer. This results in the use of uninitialized memory which under the right situation can lead to command execution.

tags | advisory
SHA-256 | 0ebee2503764c3f44cce43818618fb05a3255230042be4a70fb22d4b93f6b573
NuFW Authenticating Firewall 2.2.20
Posted Dec 10, 2008
Authored by regit | Site nufw.org

NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.

Changes: Fixed a potential race condition. Various clean up and improvements.
tags | tool, remote, firewall
systems | unix
SHA-256 | 877b7e9b725720cd726819e5c02975055cb56ed9c064fc11b6e503f648519c32
Page 1 of 2
Back12Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close