what you don't know can hurt you
Showing 1 - 25 of 96 RSS Feed

Files Date: 2009-01-21

Mandriva Linux Security Advisory 2009-022
Posted Jan 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-022 - Denial of service, bypass, integer overflow, and stack overflow vulnerabilities have been addressed in php.

tags | advisory, denial of service, overflow, php, vulnerability
systems | linux, mandriva
advisories | CVE-2007-4782, CVE-2007-4850, CVE-2008-1384, CVE-2008-2050, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498
MD5 | 4040d8559ccadb70d4465b917a6859ae
Mandriva Linux Security Advisory 2009-021
Posted Jan 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-021 - Multiple buffer overflows, an array indexing error, and a denial of service vulnerability have all been addressed in php.

tags | advisory, denial of service, overflow, php
systems | linux, mandriva
advisories | CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498
MD5 | 8e0dc176946984a8e8facd828bd54b94
Mandriva Linux Security Advisory 2009-020
Posted Jan 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-020 - Multiple vulnerabilities ranging from denial of service to heap-based overflows have been addressed in xine-lib.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2008-3231, CVE-2008-5233, CVE-2008-5234, CVE-2008-5236, CVE-2008-5237, CVE-2008-5239, CVE-2008-5240, CVE-2008-5241, CVE-2008-5243, CVE-2008-5245, CVE-2008-5246
MD5 | f0057ad0a3243911a0c7647c1bdcc610
Zero Day Initiative Advisory 09-08
Posted Jan 21, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-008 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of JPEG atoms embedded in STSD atoms within the function JPEG_DComponentDispatch(). When the image width data in this atom is modified, a heap corruption occurs which can be further leveraged to execute arbitrary code under the context of the current user.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2009-0007
MD5 | 17c33457bd90b9e2a332f9364a09b4d3
Zero Day Initiative Advisory 09-07
Posted Jan 21, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-007 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of movie data encoded using the Cinepak Video Codec. When parsing the data in the MDAT atom, there exists a signedness error which leads to a heap overflow. When this occurs it can be further leveraged to execute arbitrary code under the context of the current user.

tags | advisory, remote, overflow, arbitrary
systems | apple
advisories | CVE-2009-0006
MD5 | d327df6babbdc6e39e5e993226a09333
Gentoo Linux Security Advisory 200901-14
Posted Jan 21, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200901-14 - An insecure temporary file usage has been reported in Scilab, allowing for symlink attacks. Dmitry E. Oboukhov reported an insecure temporary file usage within the scilink, scidoc and scidem scripts. Versions less than 4.1.2-r1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2008-4983
MD5 | 69844ab602e681bbd72182afd19f26c2
Gentoo Linux Security Advisory 200901-15
Posted Jan 21, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200901-15 - A vulnerability in Net-SNMP could lead to a Denial of Service. Oscar Mira-Sanchez reported an integer overflow in the netsnmp_create_subtree_cache() function in agent/snmp_agent.c when processing GETBULK requests. Versions less than 5.4.2.1 are affected.

tags | advisory, denial of service, overflow
systems | linux, gentoo
advisories | CVE-2008-4309
MD5 | 6ddaa8852d1d4c8f325ac20959ca2eca
Zero Day Initiative Advisory 09-06
Posted Jan 21, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-006 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AVI files. When the AVI header contains a malformed nBlockAlign value in the _WAVEFORMATEX structure, a heap overflow may occur which can be leveraged to execute arbitrary code under the context of the current user.

tags | advisory, overflow, arbitrary
systems | apple
advisories | CVE-2009-0003
MD5 | 43db50512e2ccc58dc911610f4445471
Zero Day Initiative Advisory 09-05
Posted Jan 21, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-005 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 'tkhd' atoms found inside QuickTimeVR files. Improper validation of the transform matrix data results in a heap chunk header overwrite leading to arbitrary code execution under the context of the currently logged in user.

tags | advisory, arbitrary, code execution
systems | apple
advisories | CVE-2009-0002
MD5 | 31e9ab1f8397c6663080bb3a374451c2
Cisco Security Advisory 20090121-cucmcapf
Posted Jan 21, 2009
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unified Communications Manager, formerly Cisco CallManager, contains a denial of service (DoS) vulnerability in the Certificate Authority Proxy Function (CAPF) service. Exploitation of this vulnerability could cause an interruption in voice services. The CAPF service is disabled by default.

tags | advisory, denial of service
systems | cisco
advisories | CVE-2009-0057
MD5 | 9656dcde551b9b699f5d2f4f0077f939
Cisco Security Advisory 20090121-csm
Posted Jan 21, 2009
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Security Manager contains a vulnerability when it is used with Cisco IPS Event Viewer (IEV) that results in open TCP ports on both the Cisco Security Manager server and IEV client. An unauthenticated, remote attacker could leverage this vulnerability to access the MySQL databases or IEV server.

tags | advisory, remote, tcp
systems | cisco
advisories | CVE-2008-3820
MD5 | 886bb63fac89eab2ba2b4d77565e20cc
Call For Papers - IMF 2009
Posted Jan 21, 2009
Site imf-conference.org

IMF 2009 Call For Papers - The International Conference on IT-Incident Management and IT-Forensics invites submissions for IMF 2009 being held from September 15th through the 17th, 2009 in Stuttgart, Germany.

tags | paper, conference
MD5 | 9fae492b2f1c7fa34c49ebf37f306e9f
Joomla Beamospetition 1.0.12 XSS / SQL Injection
Posted Jan 21, 2009
Authored by vds_s

The Joomla Beamospetition component version 1.0.12 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | b4805e34a2211cff36ffe344128a1d8a
Command Execution With A MySQL UDF
Posted Jan 21, 2009
Authored by Bernardo Damele | Site bernardodamele.blogspot.com

Patched source code for lib_mysqldudf_sys that allows for command execution on mysql with user defined functions. Adds a sys_eval() UDF to return the standard output of the command executed.

tags | library
MD5 | ec8296fe0fbc38cb457fdbb7e3214d2d
Linux x86 ifconfig eth0 down Shellcode
Posted Jan 21, 2009
Authored by Jonathan Salwan | Site shell-storm.org

51 bytes small Linux x86 ifconfig eth0 down shellcode.

tags | x86, shellcode
systems | linux
MD5 | 476f1178823ea67fe75d991b7c76e17d
Linux x86 Kill Service Shellcode
Posted Jan 21, 2009
Authored by Jonathan Salwan | Site shell-storm.org

81 bytes small Linux x86 kill service shellcode.

tags | x86, shellcode
systems | linux
MD5 | dc833323da6b863c9de04349252414e9
Linux x86 shutdown -h now Shellcode
Posted Jan 21, 2009
Authored by Jonathan Salwan | Site shell-storm.org

51 bytes small Linux x86 shutdown -h now shellcode.

tags | x86, shellcode
systems | linux
MD5 | d9c63729994b7899778f366bf19f840e
Sad Raven's Click Counter Exploit
Posted Jan 21, 2009
Authored by Pouya Server

Sad Raven's Click Counter version 1.0 passwd.dat disclosure exploit.

tags | exploit, info disclosure
MD5 | b31503d4ca3a7738404baf1f0a49f4e2
eCLOWN ePassport Utility 1.01
Posted Jan 21, 2009
Authored by Jeroen van Beek | Site dexlab.nl

eCL0WN is an ePassport utility for Nokia NFC phones that allows you to read and clone your ePassport's chip content.

Changes: Added full support for reading non-BAC chips. Now sets target device to the same mode as the source chip. Added support for reading, writing and displaying datagroup 7. Fixed bug in index stripping routine for chips with 4+ tags in EF.COM.
tags | tool, wireless
MD5 | c9c03f5629b07a582883ebbbdfceb538
ePassport Emulator 1.02
Posted Jan 21, 2009
Authored by Jeroen van Beek | Site dexlab.nl

epassport_emulator is an ePassport / eID emulator for JavaCard. It implements functionality as described in ICAO Doc 9303. Additionally it implements functionality to write files and key data to the emulator.

Changes: Added non-BAC support. Added support for switching mode in runtime. Various other additions and some updates.
tags | tool, wireless
MD5 | c0eaefa048ba2365e2cdc05095cea110
Firefox 3.0.5 Status Bar Obfuscation / Clickjacking
Posted Jan 21, 2009
Authored by MrDoug

Firefox version 3.0.5 status bar obfuscation / clickjacking code.

tags | exploit
MD5 | 332caa9ad6091abdd7f40edaa4e14831
T-Com Speedport W 500 V Router Security Issues
Posted Jan 21, 2009
Authored by insec

Whitepaper discussing the T-Com Speedport W 500 V router and related security issues that surround it.

tags | paper
MD5 | fb2191cd8ac2a5b1f6cbf033b727d5b2
Debian Linux Security Advisory 1693-2
Posted Jan 21, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1693-2 - The security update for phpPgAdmin in DSA-1693-1 caused a regression in modifying table fields. This updates corrects that flaw.

tags | advisory
systems | linux, debian
advisories | CVE-2007-2865, CVE-2007-5728, CVE-2008-5587
MD5 | fb23bd872fe8cf243378b3930f7cb05b
Debian Linux Security Advisory 1709-1
Posted Jan 21, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1709-1 - Paul Szabo discovered that login, the system login tool, did not correctly handle symlinks while setting up tty permissions. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root privilege escalation.

tags | advisory, arbitrary, local, root
systems | linux, debian
advisories | CVE-2008-5394
MD5 | 205c0981372f23659163d696097c18a6
Mambo SOBI2 SQL Injection
Posted Jan 21, 2009
Authored by Br1ght D@rk

The Mambo SOBI2 component version RC 2.8.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c7608244a76b4ffe1b0a505b2447a0f6
Page 1 of 4
Back1234Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    13 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close