what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2009-02-17

ACM Call For Workshop Proposals
Posted Feb 17, 2009
Site sigsac.org

Proposals are solicited for workshops to be held in conjunction with ACM CCS 2009. Each workshop provides a forum to address a specific topic at the forefront of security research.

tags | paper, conference
SHA-256 | 88ac32a4513f06c60189acfe263d9806f225b37575f41d3e8e55ecafb80c8498
Troopers 2009 Call For Papers
Posted Feb 17, 2009
Site troopers09.org

Call For Papers for Troopers 09 - This year's Troopers edition will be held in Munich, Germany from 04/22/09 through 04/23/09.

tags | paper, conference
SHA-256 | 1bdae3f6c3485a03fb4d95711a4fef46a31a8eb696a54c349e4b260c4e21af78
FreeBSD-SA-09:05 - telnetd Code Execution
Posted Feb 17, 2009
Site security.freebsd.org

FreeBSD Security Advisory - In order to prevent environment variable based attacks, telnetd scrubs its environment; however, recent changes in FreeBSD's environment-handling code rendered telnetd's scrubbing inoperative, thereby allowing potentially harmful environment variables to be set. An attacker who can place a specially-constructed file onto a target system (either by legitimately logging into the system or by exploiting some other service on the system) can execute arbitrary code with the privileges of the user running the telnet daemon (usually root).

tags | advisory, arbitrary, root
systems | freebsd
SHA-256 | 8fd5f35be1f357357d7faa04aaf55fefca25b625f49ea0f157d81958e7d9b0a6
Ubuntu Security Notice 722-1
Posted Feb 17, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-722-1 - Harald Koenig discovered that sudo did not correctly handle certain privilege changes when handling groups. If a local attacker belonged to a group included in a "RunAs" list in the /etc/sudoers file, that user could gain root privileges. This was not an issue for the default sudoers file shipped with Ubuntu.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2009-0034
SHA-256 | 26888ffa441a8f7d7d57f9182852691fd49fdff85cc9378a1e342fe8ef67fc38
Ubuntu Security Notice 721-1
Posted Feb 17, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-721-1 - Marko Lindqvist discovered that the fglrx installer created an unsafe LD_LIBRARY_PATH on 64bit systems. If a user were tricked into downloading specially crafted libraries and running commands in the same directory, a remote attacker could execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
SHA-256 | 9a3ffc11b9e5c924f6d6db339a4f5402ca2c1e29a7a4764fbb7d2eb927c355f1
/tmp chmod Shellcode
Posted Feb 17, 2009
Authored by Jonathan Salwan | Site shell-storm.org

25 bytes small Linux/x86 shellcode that performs setuid(0) & chmod("/tmp",111) & exit(0).

tags | x86, shellcode
systems | linux
SHA-256 | 70012b6a9f63a1fbd31046b9774d5fa74262f66480c9c829e6a5af1480c0cd48
Mandriva Linux Security Advisory 2009-041
Posted Feb 17, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-041 - Security vulnerabilities have been identified and fixed in jhead. Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash). Jhead before 2.84 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. Jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename. jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. This update provides the latest Jhead to correct these issues.

tags | advisory, denial of service, overflow, arbitrary, shell, local, vulnerability
systems | linux, mandriva
advisories | CVE-2008-4575, CVE-2008-4639, CVE-2008-4640, CVE-2008-4641
SHA-256 | ec03dde18fba49ba3c5a579afa29b6ff1c75dc1ed6f2fc7e6db863639c69172b
Mandriva Linux Security Advisory 2009-040
Posted Feb 17, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-040 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current dia working directory. This update provides fix for that vulnerability.

tags | advisory, arbitrary, local, python
systems | linux, mandriva
advisories | CVE-2008-5984
SHA-256 | 7e29c33e5353157868092f0dbeea2b284255d91607df1eda453c666f1ce8fa41
Tor-ramdisk i686 UClibc-based Linux Distribution
Posted Feb 17, 2009
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP.

Changes: Tor updated to 0.2.0.34. UI was updated. Scripts were cleaned up.
tags | tool, kernel, peer2peer
systems | linux
SHA-256 | de0d28fc7164b70da593dfc37665e09f6b253e8db5fdd20f21b590ea56184ab3
pHNews Alpha 1 Database Disclosure
Posted Feb 17, 2009
Authored by X0r

pHNews Alpha 1 suffers from a remote database disclosure vulnerability in genbackup.php.

tags | exploit, remote, php, info disclosure
SHA-256 | a2cbfa10e68b0a9f1c49b967c1aeb01ea423ad03813f51b0da48d20fcf6e96a9
pHNews Alpha 1 SQL Injection
Posted Feb 17, 2009
Authored by X0r

pHNews Alpha 1 suffers from a remote SQL injection vulnerability in header.php.

tags | exploit, remote, php, sql injection
SHA-256 | 6ec7a36bc2f0da5725d4bfa6053d567f941684bfe5f281586f21aa9317161f68
S-CMS 1.1 Insecure Cookie Handling
Posted Feb 17, 2009
Authored by X0r

S-CMS version 1.1 Stable suffers from insecure cookie handling and page deletion vulnerabilities.

tags | exploit, vulnerability, insecure cookie handling
SHA-256 | a8a83dc86698b9c2a8f66081ffe259500b74125f1ed9082b3884c8f3d11564df
Grestul SQL Injection
Posted Feb 17, 2009
Authored by X0r

Grestul version 1.x suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | dc7ffd268101ab6a5796ae577c5f031beb6cf547b91fe53d77e86daff1d1bb2c
SAS Hotel Management System Shell Upload
Posted Feb 17, 2009
Authored by ZoRLu | Site yildirimordulari.org

The SAS Hotel Management System suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
SHA-256 | adce8906e70141e31297727df259b698a4961dae44c7fb2d6a3f21a3b80f4155
Secunia Security Advisory 33959
Posted Feb 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in YACS, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 9f6acdb5d9e6dfa664abd49f4e9a8128173c28dadee3247735acf3ba1fa815a8
Secunia Security Advisory 33941
Posted Feb 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - nuclear has discovered a vulnerability in IdeaCart, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | de9512265b9acf4ad01521aa7719ea45e486912584f3163e3912e5aa6abd8b7f
Secunia Security Advisory 33961
Posted Feb 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - DarkB0x has reported a vulnerability in SAS Hotel Management System, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | d492424f48a65ddecb937b220e9d5ce6ffcd9ead37fa5b0ef5bb44044cb4377c
Secunia Security Advisory 33926
Posted Feb 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Osirys has discovered a vulnerability in BlogWrite, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | d20af9677f6557c2fe6e84ab5851f46937f7d23998e0ffb78a640d0836201d3f
Secunia Security Advisory 33973
Posted Feb 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and a vulnerability have been discovered in Falt4 CMS, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | 6478673ca1367ac2ea5985a91ce04bcabd6b7aacafc0ccdefe4f09128b2755e5
Secunia Security Advisory 33927
Posted Feb 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - bd0rk has discovered a vulnerability in ea-gBook, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 3178392f66295f855a91da59b12c8296275fe87d4dc9f60216c1418064fd2a34
Secunia Security Advisory 33966
Posted Feb 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - brain[pillow] has discovered some vulnerabilities and a security issue in NovaBoard, which can be exploited by malicious people to conduct SQL injection attacks, disclose sensitive information, and bypass certain security restrictions.

tags | advisory, vulnerability, sql injection
SHA-256 | 38a5aa44c6124c6e74929e0d7f5fcd403d0714b61dff1138d5c7b9881bd0f0d3
Secunia Security Advisory 33965
Posted Feb 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in MemHT Portal, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 2f34cf6a1f0a316cbbc8a26f6f320ffda82fb077c058536889d712d705d92e7d
Secunia Security Advisory 33681
Posted Feb 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Dejan Levaja has discovered a vulnerability in Openfiler, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 6fc70d7bbde5e28d8f8e45c42f8cd29b045e8e28a3c374a0ed32084fd2facf9c
Secunia Security Advisory 33956
Posted Feb 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in WikkaWiki, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
SHA-256 | e3fa4d0a83a2ca1100d775912536511fe8613eb636e4a54d1913974f6aa4b161
Secunia Security Advisory 33952
Posted Feb 17, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sam Johnston has reported a security issue in Enomaly ECP, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | b6fd3dfd727d32d52794062ca63fd0f7614875ec8425ea6a05ac72738c2cf99b
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close