what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 58 RSS Feed

Files Date: 2009-01-07

FreeBSD Security Advisory 09:01 - LukemFTPd
Posted Jan 7, 2009
Site security.freebsd.org

FreeBSD Security Advisory - lukemftpd suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
systems | freebsd
advisories | CVE-2008-4247
SHA-256 | f96a133098c7d695b8ed4948a168b5a4bbc1e31a29cf5e7e4ead2bbc59be475b
FreeBSD Security Advisory SA-09:02 - OpenSSL
Posted Jan 7, 2009
Site security.freebsd.org

FreeBSD Security Advisory - The EVP_VerifyFinal() function from OpenSSL is used to determine if a digital signature is valid. The SSL layer in OpenSSL uses EVP_VerifyFinal(), which in several places checks the return value incorrectly and treats verification errors as a good signature. This is only a problem for DSA and ECDSA keys.

tags | advisory
systems | freebsd
advisories | CVE-2008-5077
SHA-256 | 0fb1c7f9876c52b5a471b7b0b3b96ecb570c084c5146b7a0b0b7cd4c332e5a41
Ubuntu Security Notice 704-1
Posted Jan 7, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-704-1 - It was discovered that OpenSSL did not properly perform signature verification on DSA and ECDSA keys. If user or automated system connected to a malicious server or a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2008-5077
SHA-256 | a30c92a8f6507461103b7e1f87cb1f4f2cd268532d770dd33938e10e1c178f06
CA smmsnmpd Arbitrary Command Execution
Posted Jan 7, 2009
Authored by Ken Williams | Site www3.ca.com

CA Service Metric Analysis and CA Service Level Management contain a vulnerability that can allow a remote attacker to execute arbitrary commands. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient access restrictions associated with the smmsnmpd service. A remote attacker can exploit this vulnerability to execute arbitrary commands in the context of the service. Affected products include CA Service Level Management 3.5, CA Service Metric Analysis r11.0, CA Service Metric Analysis r11.1, and CA Service Metric Analysis r11.1 SP1.

tags | advisory, remote, arbitrary
advisories | CVE-2009-0043
SHA-256 | a62071c482a2724a1868fed40e856bb95649bf2a7c07ab8477daf6ca035387fe
Debian Linux Security Advisory 1697-1
Posted Jan 7, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1697-1 - Several remote vulnerabilities have been discovered in Iceape an unbranded version of the Seamonkey internet suite.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2008-0016, CVE-2008-0304, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811, CVE-2008-2933, CVE-2008-3835, CVE-2008-3836
SHA-256 | 5f3741463ecc48ccf8ae4ebfd405196b887e872bd1b70b5a03ec77dabc5422bc
Debian Linux Security Advisory 1696-1
Posted Jan 7, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1696-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2008-0016, CVE-2008-1380, CVE-2008-3835, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4067, CVE-2008-4068, CVE-2008-4070, CVE-2008-5012, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021, CVE-2008-5022
SHA-256 | 154fedd699ba34a05bcf8f64a0d9f5313de39f5e8b2112be12d7f1262c1160b3
QuoteBook Configuration File Disclosure
Posted Jan 7, 2009
Authored by Moudi

QuoteBook suffers from a remote configuration file disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | 8700944c1ea65194af9fbe9d2d8b5e8e26c6da5526384d7b89082369de5c522f
CTS 2009 Call For Papers
Posted Jan 7, 2009
Site cisedu.us

Call For Papers for the 2009 International Symposium on Collaborative Technologies and Systems (CTS 2009). It will be held from May 18th through May 22nd, 2009 at the Westin Baltimore Washington International Airport Hotel.

tags | paper, conference
SHA-256 | df671cf2f237d97b9175e2894ccefd611d71872245f98dda203d89e17ebe6f95
Cisco Security Advisory 20090107-gss
Posted Jan 7, 2009
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System (DNS) requests that may lead to a crash of the DNS service on the GSS.

tags | advisory
systems | cisco
advisories | CVE-2008-3819
SHA-256 | c1424921b0504320ff3ff004ca557c8e4a8468a3f0dc49081fa19ce1616a14f9
OpenSSL Security Advisory 07-Jan-2009
Posted Jan 7, 2009
Site openssl.org

Several functions inside OpenSSL incorrectly checked the result aftercalling the EVP_VerifyFinal function, allowing a malformed signatureto be treated as a good signature rather than as an error. This issueaffected the signature checks on DSA and ECDSA keys used withSSL/TLS.One way to exploit this flaw would be for a remote attacker who is incontrol of a malicious server or who can use a 'man in the middle'attack to present a malformed SSL/TLS signature from a certificate chainto a vulnerable client, bypassing validation.

tags | advisory, remote
advisories | CVE-2008-5077
SHA-256 | 8dbd38114d5639253aa0620ba251aa5bd0a44e9f411e34da95345184528fc4df
Open Source CERT Security Advisory 2008.16
Posted Jan 7, 2009
Authored by Will Drewry, Open Source CERT | Site ocert.org

Several functions inside the OpenSSL library incorrectly check the result after calling the EVP_VerifyFinal function. This bug allows a malformed signature to be treated as a good signature rather than as an error. This issue affects the signature checks on DSA and ECDSA keys used with SSL/TLS. The flaw may be exploited by a malicious server or a man-in-the-middle attack that presents a malformed SSL/TLS signature from a certificate chain to a vulnerable client, bypassing validation.

tags | advisory
advisories | CVE-2008-5077, CVE-2008-0021, CVE-2008-0025
SHA-256 | f5724c1eba1778218b03f1b5af75356b08e95a08bbe2b92274df7f31dea9d59a
Plunet BusinessManager Information Disclosure / XSS
Posted Jan 7, 2009
Authored by Gabriele Zanoni, Matteo Ignaccolo | Site securenetwork.it

Plunet BusinessManager suffers from stored cross site scripting and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | bbb6b7efc7455a72e4246a17d17484a00d7d0d57b0db5110e8853ccd42f1c704
Microsoft Internet Explorer Denial Of Service
Posted Jan 7, 2009
Authored by SkyLined

A NULL pointer read vulnerability exists in Microsoft Internet Explorer versions 6.0, 7.0, and 8.0 Beta.

tags | advisory, denial of service
SHA-256 | da104f3d68f39d3929b4c38e3bf2f61ce309b27f516300071bd2635ddb8f20f7
WinAmp GEN_MSN Plugin Heap Buffer Overflow
Posted Jan 7, 2009
Authored by SkD

WinAmp GEN_MSN plugin heap buffer overflow proof of concept exploit that creates a malicious .pls file.

tags | exploit, overflow, proof of concept
SHA-256 | 6cc13470a643ecebc9414c4bd17a426ef9b9cd1233f7e12bc459d001d2fd4a32
SAP GUI TabOne ActiveX Control Caption List Buffer Overflow
Posted Jan 7, 2009
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in SAP GUI, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error in the included TabOne ActiveX control (sizerone.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding multiple tabs via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. SAP GUI 6.40 Patch 29 and SAP GUI 7.10 are both affected.

tags | advisory, overflow, arbitrary, activex
advisories | CVE-2008-4827
SHA-256 | e136911cfe27d72e5490b136aeb2053781377bf5055fa3476256cbb7bea1a60a
TSC2 Help Desk CTab ActiveX Control Buffer Overflow
Posted Jan 7, 2009
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in TSC2 Help Desk, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error in the included CTab ActiveX control (c1sizer.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding multiple tabs via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. TSC2 Help Desk version 4.1.8 is affected.

tags | advisory, overflow, arbitrary, activex
advisories | CVE-2008-4827
SHA-256 | 6431c5ae11ab8eaeab4e6b301d650c2cb842767fe8fabcfc3d3a370c8d34135c
ComponentOne SizerOne ActiveX Control Buffer Overflow
Posted Jan 7, 2009
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in ComponentOne SizerOne, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error in the included Tab ActiveX control (c1sizer.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding tabs with overly long captions via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. ComponentOne SizerOne version 8.0.20081.140 is affected.

tags | advisory, overflow, arbitrary, activex
advisories | CVE-2008-4827
SHA-256 | 1864b06eeec1d88cdfd1c2ff046c8f677ee6d390a1c5880b9640a21412721137
PHP-Fusion E-Cart SQL Injection
Posted Jan 7, 2009
Authored by IRCRASH | Site ircrash.com

The PHP-Fusion E-Cart module suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 558f6adbaa7c087b1b2987853e9648a78ab0138b2ee254af603beffcc0e9e744
Audacity 1.6.2 Crash Exploit
Posted Jan 7, 2009
Authored by Stack | Site v4-team.com

Audacity version 1.6.2 remote off by one crash exploit that creates a malicious .aup file.

tags | exploit, remote
SHA-256 | c8fd5c94251952b01f4ae7e071e2b3452ff7456c26201ad20e081651d89c527f
Perception LiteServe 2.0.1 Buffer Overflow
Posted Jan 7, 2009
Authored by H-T Team | Site no-hack.fr

Perception LiteServe version 2.0.1 remote buffer overflow proof of concept exploit.

tags | exploit, remote, overflow, proof of concept
SHA-256 | 501bcc5de54eca133709c17d368196c679fa05ab452b1879b142c8010b154ae3
PHP-Fusion Member Bewerb Module SQL Injection
Posted Jan 7, 2009
Authored by IRCRASH | Site ircrash.com

The PHP-Fusion module Members Bewerb suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 21dd2a7a10d17babd7b1b5a2254a05d87fe40bb2c802f1922f73820c1ab6ad91
HP OpenView Network Node Manager Vulnerabilities
Posted Jan 7, 2009
Authored by JJ Reyes | Site secunia.com

Secunia Research has discovered vulnerabilities in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system. HP OpenView Network Node Manager 7.51 with NNM_01168 is affected.

tags | advisory, vulnerability
advisories | CVE-2008-0067
SHA-256 | fa7a9736766557f2c0ed917d85e79169437fe85ee69db841ac493df2a1024843
VUPlayer 2.49 .PLS Universal Buffer Overflow Exploit
Posted Jan 7, 2009
Authored by SkD

VUPlayer versions 2.49 .PLS file universal buffer overflow exploit that spawns calc.exe.

tags | exploit, overflow
SHA-256 | 729f0902f6070beb1ba0a8381214ba7f39df71107b9d26e54ebae427021e9191
Secunia Security Advisory 32648
Posted Jan 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered a vulnerability in TSC2 Help Desk , which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory
SHA-256 | a3e3604212ece3c8d06722de62c74ccce6db623e3939d7eac01802d29c9b4f43
Secunia Security Advisory 32609
Posted Jan 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered a vulnerability in ComponentOne SizerOne, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory
SHA-256 | 3708d58521c0c9a9a4602dc5494ab750980cdbcd0f1433ec67e8469c72d57e96
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close