what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 36 RSS Feed

Files Date: 2009-02-11

pam-krb5 File Ovewrite
Posted Feb 11, 2009
Authored by Russ Allbery

A security vulnerability in pam-krb5 allowing overwrite and chown of arbitrary files via Solaris su was discovered by Derek Chan and reported by Steven Luo on 2009-01-29. Subsequent code auditing for behavior in setuid applications uncovered another, more general and more serious bug that could result in privilege escalation. Versions below 3.13 are affected.

tags | advisory, arbitrary
systems | solaris
advisories | CVE-2009-0360, CVE-2009-0361
SHA-256 | bdb406a56845ea6531e01e4f9824194fe901c4587b9a6192655d9830a038ffb2
Graugon Gallery 1.0 XSS / SQL Injection
Posted Feb 11, 2009
Authored by X0r

Graugon Gallery version 1.0 suffers from cross site scripting, SQL injection, and cookie bypass vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | a2e74a0506476cd4ef4ab67a924caba75d014ed2ad1962d458b63b8c65b4e839
Dacio's CMS 1.08 XSS / SQL Injection / Disclosure
Posted Feb 11, 2009
Authored by XORON

Dacio's CMS version 1.08 suffers from cross site scripting, database disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 030203d02df729588bab35247810993b2257a55f199924cd6900ced12c43e75f
SkaDate Online 7 Shell Upload
Posted Feb 11, 2009
Authored by ZoRLu

SkaDate Dating suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
SHA-256 | b26ee5c1519b7cc3af1c2bfc41802f79bc2a2bbff364ec370157997a77028d49
Debian Linux Security Advisory 1722-1
Posted Feb 11, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1722-1 - Derek Chan discovered that the PAM module for the Heimdal Kerberos implementation allows reinitialisation of user credentials when run from a setuid context, resulting in potential local denial of service by overwriting the credential cache file or to local privilege escalation.

tags | advisory, denial of service, local
systems | linux, debian
advisories | CVE-2009-0361
SHA-256 | fca6c711b97c44e903888c29aac2e93038a81a49e80ca4144969b8744c9faf79
Debian Linux Security Advisory 1721-1
Posted Feb 11, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1721-1 - Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos.

tags | advisory, local, vulnerability
systems | linux, debian
advisories | CVE-2009-0360, CVE-2009-0361
SHA-256 | db0345a6dd0cf6b1a7b5cb0b929674cc542799fb057597a2cd7ae6f1ec768cf9
GNU SIP Witch Telephony Server
Posted Feb 11, 2009
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Conditional provision possible based on server state. Realm Handling. A couple other enhancements.
tags | telephony, protocol
SHA-256 | bcea66086fbb2b455dd77dd47b251b2b9abb43f51652e6fa3898ee2b3761bd11
Rarlab.com SQL Injection
Posted Feb 11, 2009
Authored by MurderSkillz

RARlab.com, the makers of WinRAR, suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 35139152dea6419a75a272d05fca49b76748b9c1696f7d4fd3ea427a062cee3c
Blogger Universe SQL Injection/ Code Execution
Posted Feb 11, 2009
Authored by Osirys | Site y-osirys.com

Remote exploit for Bloggeruniverse version 2Beta that uses SQL injection to extract administrative credentials, file disclosure, and remote command execution.

tags | exploit, remote, sql injection
SHA-256 | 2c0d883c2325166492708347aba64e0139eb3fda8b4a9bd4540c7bf1a1e8495e
GeoVision Directory Traversal
Posted Feb 11, 2009
Authored by Dejan Levaja

The Geovision Digital Video Surveillance system version 8.2 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 540c6d8a477a34290f881e238b953948cd43f88fb9a50fc94f60e8e6971736dd
Fuzzing For Fun And Profit
Posted Feb 11, 2009
Authored by Jeremy Brown | Site krakowlabs.com

Whitepaper called Fuzzing for Fun and Profit.

tags | paper
SHA-256 | 768dd0043af9a050054a164285b92b9a735df2f08c479aa9062253d8d6558d37
Mandriva Linux Security Advisory 2009-035
Posted Feb 11, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-035 - Security vulnerabilities have been discovered and corrected in gstreamer0.10-plugins-good, might allow remote attackers to execute arbitrary code via a malformed QuickTime media file. The updated packages have been patched to prevent this.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2009-0386, CVE-2009-0387, CVE-2009-0397
SHA-256 | 172994b9d9ea19facad0b14db1988ec0a0bcd56dc7e5e711bae7204b1e51c582
Ubuntu Security Notice 717-3
Posted Feb 11, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-717-3 - Kojima Hajime discovered that Firefox did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. Wladimir Palant discovered that Firefox did not restrict access to cookies in HTTP response headers. If a user were tricked into opening a malicious web page, a remote attacker could view sensitive information.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2008-5510, CVE-2009-0357
SHA-256 | b419591ea81440e5b2b1faa1b19e923b05930c7c64addc334bcc9a4bc1bb90fc
Ubuntu Security Notice 717-2
Posted Feb 11, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-717-2 - A flaw was discovered in the browser engine when restoring closed tabs. If a user were tricked into restoring a tab to a malicious website with form input controls, an attacker could steal local files on the user's system. Wladimir Palant discovered that Firefox did not restrict access to cookies in HTTP response headers. If a user were tricked into opening a malicious web page, a remote attacker could view sensitive information.

tags | advisory, remote, web, local
systems | linux, ubuntu
advisories | CVE-2009-0355, CVE-2009-0357
SHA-256 | 5eb3961ec908da19beb5f976be19d24395dfd349964275176bc5a1c06d991ec3
Ubuntu Security Notice 717-1
Posted Feb 11, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-717-1 - Several flaws were discovered in Firefox 3.0 and XULRunner 1.9. These range from denial of service to code execution vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, ubuntu
advisories | CVE-2009-0352, CVE-2009-0353, CVE-2009-0354, CVE-2009-0355, CVE-2009-0357, CVE-2009-0358
SHA-256 | b014be89d21cd295d8644f8a7293edf116674173a80e4437ca816e1706c5053b
ProFTPd With mod_mysql Authentication Bypass
Posted Feb 11, 2009
Authored by AlpHaNiX

Remote exploit for the authentication bypass vulnerability in ProFTPd using mod_mysql.

tags | exploit, remote, sql injection, bypass
SHA-256 | e1f5b601f8af81df0b2624222de455c263ed411d290e7259eac220962b0c67c4
Secunia Security Advisory 33915
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in AIX, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
systems | aix
SHA-256 | 71c620b075d1293df5733bf05861d1680dc1415826a46c5fd315963589e15bc6
Secunia Security Advisory 33848
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Evolution, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
SHA-256 | a8c31b527b3c9d69e11f229a478fc040b4a0b110e6e6c3e5caa52f20bb526d63
Secunia Security Advisory 33908
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - x0r has discovered a vulnerability in Auth PHP, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, php, sql injection
SHA-256 | 778f0b0fa8f18e5d853b77c2823e6186097321380ca34182eab05c9fda123697
Secunia Security Advisory 33858
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), and by malicious people to cause a DoS or to potentially compromise a vulnerable system.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, redhat
SHA-256 | e2130f0a980a83070e1df386deb863276b9bebf683bd0bac2ab9c060674f2c0d
Secunia Security Advisory 33888
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Pebble, which can be exploited by malicious people to conduct cross-site scripting attacks

tags | advisory, xss
SHA-256 | a19edff6576eff3f74c19cd2ae808f408cdbf0a73d81dfd28c448e162d244572
Secunia Security Advisory 33869
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for firefox-3.0 and xulrunner-1.9. This fixes some vulnerabilities, which can be exploited by malicious, local users to potentially disclose sensitive information, and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose sensitive information, or potentially to compromise a user's system.

tags | advisory, local, vulnerability, xss
systems | linux, ubuntu
SHA-256 | 8565c3c56ecbe94351bd05a5578821d8346aaacde3cbe56944c3417df9781486
Secunia Security Advisory 33900
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | 34d0ed637f3767199d1bcfbe68e8002f949fc14a04a25461ec86a344f494b90c
Secunia Security Advisory 33902
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | d0d5414466386d65dc3bad54cdbafe64cba842a26f82d673d5b85b97e56e9d99
Secunia Security Advisory 33863
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - make0day has discovered a vulnerability in Zeroboard XE, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | f8e96e511d316e7cda08ecf6be40e3fc4fd041e45154a37741b99fa0b3880d4c
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close