exploit the possibilities
Showing 1 - 25 of 36 RSS Feed

Files Date: 2009-02-11

pam-krb5 File Ovewrite
Posted Feb 11, 2009
Authored by Russ Allbery

A security vulnerability in pam-krb5 allowing overwrite and chown of arbitrary files via Solaris su was discovered by Derek Chan and reported by Steven Luo on 2009-01-29. Subsequent code auditing for behavior in setuid applications uncovered another, more general and more serious bug that could result in privilege escalation. Versions below 3.13 are affected.

tags | advisory, arbitrary
systems | solaris
advisories | CVE-2009-0360, CVE-2009-0361
MD5 | da5578df37724c0d89cd20850b161992
Graugon Gallery 1.0 XSS / SQL Injection
Posted Feb 11, 2009
Authored by X0r

Graugon Gallery version 1.0 suffers from cross site scripting, SQL injection, and cookie bypass vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
MD5 | 16cec2feb61897debe267ad095216268
Dacio's CMS 1.08 XSS / SQL Injection / Disclosure
Posted Feb 11, 2009
Authored by XORON

Dacio's CMS version 1.08 suffers from cross site scripting, database disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 7a83cda9488092c258f462a862b9d84d
SkaDate Online 7 Shell Upload
Posted Feb 11, 2009
Authored by ZoRLu

SkaDate Dating suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | 7f6bbec083dd04693f152f82968a8784
Debian Linux Security Advisory 1722-1
Posted Feb 11, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1722-1 - Derek Chan discovered that the PAM module for the Heimdal Kerberos implementation allows reinitialisation of user credentials when run from a setuid context, resulting in potential local denial of service by overwriting the credential cache file or to local privilege escalation.

tags | advisory, denial of service, local
systems | linux, debian
advisories | CVE-2009-0361
MD5 | d997aec80b7bec41fe97a3e75c5deb5d
Debian Linux Security Advisory 1721-1
Posted Feb 11, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1721-1 - Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos.

tags | advisory, local, vulnerability
systems | linux, debian
advisories | CVE-2009-0360, CVE-2009-0361
MD5 | 9a5e7a19a1333d12ecc3f561be3df3b4
GNU SIP Witch Telephony Server
Posted Feb 11, 2009
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Conditional provision possible based on server state. Realm Handling. A couple other enhancements.
tags | telephony, protocol
MD5 | 7480470983bc4ab1b874acdc904ce290
Rarlab.com SQL Injection
Posted Feb 11, 2009
Authored by MurderSkillz

RARlab.com, the makers of WinRAR, suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e98fb559457a6ae14f012f53efb1e7f3
Blogger Universe SQL Injection/ Code Execution
Posted Feb 11, 2009
Authored by Osirys | Site y-osirys.com

Remote exploit for Bloggeruniverse version 2Beta that uses SQL injection to extract administrative credentials, file disclosure, and remote command execution.

tags | exploit, remote, sql injection
MD5 | 60e3afe8f1b475454c68d1ca1e5fe093
GeoVision Directory Traversal
Posted Feb 11, 2009
Authored by Dejan Levaja

The Geovision Digital Video Surveillance system version 8.2 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 514f140a0d376178f649a175a1a71ebc
Fuzzing For Fun And Profit
Posted Feb 11, 2009
Authored by Jeremy Brown | Site krakowlabs.com

Whitepaper called Fuzzing for Fun and Profit.

tags | paper
MD5 | ba5049b927cc2b273cc77a091b104201
Mandriva Linux Security Advisory 2009-035
Posted Feb 11, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-035 - Security vulnerabilities have been discovered and corrected in gstreamer0.10-plugins-good, might allow remote attackers to execute arbitrary code via a malformed QuickTime media file. The updated packages have been patched to prevent this.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2009-0386, CVE-2009-0387, CVE-2009-0397
MD5 | 27386ee216727e0364c5483c7a85f3e1
Ubuntu Security Notice 717-3
Posted Feb 11, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-717-3 - Kojima Hajime discovered that Firefox did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. Wladimir Palant discovered that Firefox did not restrict access to cookies in HTTP response headers. If a user were tricked into opening a malicious web page, a remote attacker could view sensitive information.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2008-5510, CVE-2009-0357
MD5 | 9146a4f4de69c274bd3b00a225687cef
Ubuntu Security Notice 717-2
Posted Feb 11, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-717-2 - A flaw was discovered in the browser engine when restoring closed tabs. If a user were tricked into restoring a tab to a malicious website with form input controls, an attacker could steal local files on the user's system. Wladimir Palant discovered that Firefox did not restrict access to cookies in HTTP response headers. If a user were tricked into opening a malicious web page, a remote attacker could view sensitive information.

tags | advisory, remote, web, local
systems | linux, ubuntu
advisories | CVE-2009-0355, CVE-2009-0357
MD5 | cc4fe5973f9f175a0218732151c9377f
Ubuntu Security Notice 717-1
Posted Feb 11, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-717-1 - Several flaws were discovered in Firefox 3.0 and XULRunner 1.9. These range from denial of service to code execution vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, ubuntu
advisories | CVE-2009-0352, CVE-2009-0353, CVE-2009-0354, CVE-2009-0355, CVE-2009-0357, CVE-2009-0358
MD5 | d71f8c9f167bbebd5f2e4966f04f8114
ProFTPd With mod_mysql Authentication Bypass
Posted Feb 11, 2009
Authored by AlpHaNiX

Remote exploit for the authentication bypass vulnerability in ProFTPd using mod_mysql.

tags | exploit, remote, sql injection, bypass
MD5 | 2bb08ad8bfb02ce8ca1d364de1caa9c7
Secunia Security Advisory 33915
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in AIX, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
systems | aix
MD5 | 7132c7ffce3a6f3dfe46acc893e7bba3
Secunia Security Advisory 33848
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Evolution, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
MD5 | 9f39dbc7cfafbfd415b267f5d6a33b6f
Secunia Security Advisory 33908
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - x0r has discovered a vulnerability in Auth PHP, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, php, sql injection
MD5 | 8da800125851fe4b88c2753620e416f7
Secunia Security Advisory 33858
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), and by malicious people to cause a DoS or to potentially compromise a vulnerable system.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, redhat
MD5 | 2ab135ec35f3b6cee3912167c58df762
Secunia Security Advisory 33888
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Pebble, which can be exploited by malicious people to conduct cross-site scripting attacks

tags | advisory, xss
MD5 | f9d480d482b609e979f849e5633cc736
Secunia Security Advisory 33869
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for firefox-3.0 and xulrunner-1.9. This fixes some vulnerabilities, which can be exploited by malicious, local users to potentially disclose sensitive information, and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose sensitive information, or potentially to compromise a user's system.

tags | advisory, local, vulnerability, xss
systems | linux, ubuntu
MD5 | 13feb8683108cd611fe1a9ec6b89ad02
Secunia Security Advisory 33900
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information.

tags | advisory, vulnerability
systems | linux, ubuntu
MD5 | c7eccf3931a15b4f84ce863649873ab3
Secunia Security Advisory 33902
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory, vulnerability
systems | linux, ubuntu
MD5 | c87c567bd95db9f32cc821692c37625b
Secunia Security Advisory 33863
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - make0day has discovered a vulnerability in Zeroboard XE, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
MD5 | 060fa17929dcaf4086f9b90e79a03465
Page 1 of 2
Back12Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close