what you don't know can hurt you
Showing 1 - 25 of 45 RSS Feed

Files Date: 2008-12-10

Gentoo Linux Security Advisory 200812-11
Posted Dec 10, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-11 - Several remotely exploitable bugs have been found in CUPS, which allow remote execution of arbitrary code. Versions less than 1.3.9-r1 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2008-3639, CVE-2008-3640, CVE-2008-3641, CVE-2008-5286
MD5 | 412ed9cc273be9120ea72d7b2ed4fcc8
CA ARCserve Backup LDBserver Vulnerability
Posted Dec 10, 2008
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup contains a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient verification of client data. A remote attacker can crash the LDBserver service or execute arbitrary code in the context of the service. Note: The client installation is not affected.

tags | advisory, remote, denial of service, arbitrary
advisories | CVE-2008-5415
MD5 | 3199e210467e764518ad5ff768796b19
Microsoft Internet Explorer Vista XML Overflow
Posted Dec 10, 2008
Authored by Mati Aharoni | Site offensive-security.com

Microsoft Internet Explorer 7 XML parsing remote buffer overflow exploit that spawns calc.exe.

tags | exploit, remote, overflow
MD5 | d496f9a07952ac8fefff369a1d776a88
CF Forum Blind SQL Injection
Posted Dec 10, 2008
Authored by AlpHaNiX | Site offensivetrack.org

CF Forum suffers from a blind remote SQL injection vulnerability in forummessages.cfm.

tags | exploit, remote, sql injection
MD5 | ef54051abc85634b684d08a50fe2b226
CFMBLOG Blind SQL Injection
Posted Dec 10, 2008
Authored by AlpHaNiX | Site offensivetrack.org

CFMBLOG suffers from a blind remote SQL injection vulnerability in index.cfm.

tags | exploit, remote, sql injection
MD5 | 8c9880ddff71bfd2b5b4999695bb2f41
Mandriva Linux Security Advisory 2008-240
Posted Dec 10, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2008-240 - Alfredo Ortega found a flaw in how Vinagre uses format strings. A remote attacker could exploit this vulnerability if they were able to trick a user into connecting to a malicious VNC server, or opening a specially crafted URI with Vinagre. With older versions of Vinagre, it was possible to execute arbitrary code with user privileges. In later versions, Vinagre would abort, leading to a denial of service. The updated packages have been patched to prevent this issue.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
MD5 | b2e67d424ad100502a168ee7c2004525
Max's Guestbook 1.0 Cross Site Scripting
Posted Dec 10, 2008
Authored by GTADarkDude

Max's Guestbook version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 25a58b6e60fd8d2fdc44a439d9784b5a
CF Auction SQL Injection
Posted Dec 10, 2008
Authored by AlpHaNiX | Site offensivetrack.org

CF Auction suffers from a blind remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3c435f75885f8181371138f7e37c4d43
CF Calendar SQL Injection
Posted Dec 10, 2008
Authored by AlpHaNiX | Site offensivetrack.org

CF Calendar suffers from a remote SQL injection vulnerability in calendarevent.cfm.

tags | exploit, remote, sql injection
MD5 | 1554d9271beee06c3a91a038c3ce24d4
iDEFENSE Security Advisory 2008-12-09.3
Posted Dec 10, 2008
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 12.09.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel spreadsheet could allow attackers to execute arbitrary code with the privileges of the current user. This issue exists in the handling of certain malformed object records within an Excel spreadsheet (XLS), allowing memory corruption to occur. This could lead to an exploitable situation. iDefense has confirmed the existence of this vulnerability with Office 2000 SP3 fully patched as of July 2008.

tags | advisory, remote, arbitrary
advisories | CVE-2008-4265
MD5 | 9466a65eb7380edb98fba1c7e6571a47
CF Shopkart 5.2.2 SQL Injection
Posted Dec 10, 2008
Authored by AlpHaNiX | Site offensivetrack.org

CF Shopkart version 5.2.2 suffers from remote SQL injection and database disclosure vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
MD5 | 3e14f4b1709c69f5878ec5354a453917
Butterfly Organizer 2.0.1 SQL Injection
Posted Dec 10, 2008
Authored by Osirys

Butterfly Organizer version 2.0.1 suffers from a remote SQL injection vulnerability in view.php.

tags | exploit, remote, php, sql injection
MD5 | 0123de35f5cc99c1aaa92512a9eb92cf
Nebula Intrusion Signature Generator 0.2.3
Posted Dec 10, 2008
Authored by Tillmann Werner | Site nebula.mwcollect.org

Nebula is a data analysis tool that automatically generates intrusion signatures from attack traces. It runs as a daemon that processes data submitted from honeypots. New signatures are published as Snort rules and can be used to defend a network from future intrusion attempts.

Changes: Entropy threshold bug corrected. Enabled realtime signal thread control only if available. BSD compatibility changes.
tags | tool, sniffer
MD5 | 06eabd66634e7969203465fb94900f18
HP Security Bulletin 2008-00.57
Posted Dec 10, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running DCE. The vulnerability could be exploited remotely to create a Denial of Service (DoS).

tags | advisory, denial of service
systems | hpux
advisories | CVE-2008-4418
MD5 | 3e6a283f2bdbdfd261fa15d1f419665e
SEC Consult Security Advisory 20081210-0
Posted Dec 10, 2008
Authored by Bernhard Mueller | Site sec-consult.com

SEC Consult Security Advisory 20081210-0 - By calling the extended stored procedure sp_replwritetovarbin, an attacker can write limited values to arbitrary locations in process memory. This vulnerability has been described in a prior security advisory for MS SQL Server 2000.

tags | advisory, arbitrary
MD5 | 100b389de53df5833f845321a44aaa62
iViZ Security Advisory 08-016
Posted Dec 10, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

It is possible to protect an ELF binary against f-prot by corrupting its ELF header, while letting the binary completely functional. F-prot will crash when analyzing the file, letting the possible malware undetected. f-prot version 4.6.8 for GNU/Linux is affected.

tags | advisory
systems | linux
MD5 | 784ec034097cd2a378d0ac99587e8f24
iViZ Security Advisory 08-015
Posted Dec 10, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

Sophos Antivirus deterministically crashes (segmentation fault) when analyzing corrupted packed files for multiple packers: armadillo, asprotect, asprotectSKE. The same behavior has also been observed when analyzing corrupted CAB files. Sophos SAVScan 4.33.0 for Linux and possibly others are affected.

tags | advisory
systems | linux
MD5 | 38e2007ac4098ad444940502fa07d90b
iViZ Security Advisory 08-014
Posted Dec 10, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

AVG antivirus can be deterministically forced to crash (segmentation fault) when analyzing corrupted UPX files. AVG for Linux version 7.5.51 (current) and possibly other versions are affected.

tags | advisory
systems | linux
MD5 | 567323a87a689aff43c464049365374c
iViZ Security Advisory 08-013
Posted Dec 10, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

Multiple buffer overflows were discovered in the GNU/Linux version of Avast when analyzing corrupted ISO and RPM files. Avast for Workstations version 1.0.8 Trial versions and possibly others are affected.

tags | advisory, overflow
systems | linux
MD5 | fd8b11cc90d0183b9cb9b7f59c96f0fb
iViZ Security Advisory 08-012
Posted Dec 10, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

Multiple integer overflows were discovered in the GNU/Linux version of Bitdefender when analyzing corrupted PE binaries packed with neolite and asprotect packers. Bitdefender for GNU/Linux versions 7.60825 and below are affected.

tags | advisory, overflow
systems | linux
MD5 | cb458d0cea1c0dab406e443d79b5c17a
iViZ Security Advisory 08-011
Posted Dec 10, 2008
Authored by Jonathan Brossard | Site ivizsecurity.com

Clamav uses an external unpacker, which can be deterministically crashed, when processing corrupted LZH files. Versions 0.93.3 and below are affected.

tags | advisory
MD5 | 5e380141b9b8aca38d9b56fe22d493a0
Microsoft Internet Explorer 7 XML Parsing Overflow
Posted Dec 10, 2008
Authored by k'sOSe | Site pornosecurity.org

Microsoft Internet Explorer 7 XML parsing remote buffer overflow exploit that spawns calc.exe.

tags | exploit, remote, overflow
MD5 | 7a72b665a0b23128a343b57df44502c2
Core Security Technologies Advisory 2008.0228
Posted Dec 10, 2008
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - A vulnerability has been found in the way that Microsoft Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed record value. An attacker who successfully exploited this vulnerability could execute arbitrary code with the privileges of the user running the MS Word application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2008-0228
MD5 | f1f46493517fefc63140ee39402d2470
Insomnia Security Vulnerability Advisory ISVA-081209.1
Posted Dec 10, 2008
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - A vulnerability was found in the way that webdav requests are cached and then later retrieved by Internet Explorer. This results in the use of uninitialized memory which under the right situation can lead to command execution.

tags | advisory
MD5 | bac6b8f0af3d3c8a07a00f3b1369b5fd
NuFW Authenticating Firewall 2.2.20
Posted Dec 10, 2008
Authored by regit | Site nufw.org

NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.

Changes: Fixed a potential race condition. Various clean up and improvements.
tags | tool, remote, firewall
systems | unix
MD5 | ebf4315b24ca4033c9cdd20289ed8c3a
Page 1 of 2
Back12Next

File Archive:

June 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    10 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close