what you don't know can hurt you
Showing 1 - 25 of 54 RSS Feed

Files Date: 2009-03-16

Ubuntu Security Notice 738-1
Posted Mar 16, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-738-1 - Diego Petten discovered that the Base64 encoding functions in GLib did not properly handle large strings. If a user or automated system were tricked into processing a crafted Base64 string, an attacker could possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2008-4316
MD5 | 7cd8f9bf9b1bad91664fe0d0cd5dd1ce
Ubuntu Security Notice 734-1
Posted Mar 16, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-734-1 - It was discovered that FFmpeg did not correctly handle certain malformed Ogg Media (OGM) files. If a user were tricked into opening a crafted Ogg Media file, an attacker could cause the application using FFmpeg to crash, leading to a denial of service. It was discovered that FFmpeg did not correctly handle certain parameters when creating DTS streams. If a user were tricked into processing certain commands, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.10. It was discovered that FFmpeg did not correctly handle certain malformed DTS Coherent Acoustics (DCA) files. If a user were tricked into opening a crafted DCA file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that FFmpeg did not correctly handle certain malformed 4X movie (4xm) files. If a user were tricked into opening a crafted 4xm file, an attacker could execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2008-4610, CVE-2008-4866, CVE-2008-4867, CVE-2009-0385
MD5 | 475d8c7133049a76da8c0ee1c137c63e
Gentoo Linux Security Advisory 200903-29
Posted Mar 16, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200903-29 - Insufficient input validation in BlueZ may lead to arbitrary code execution or a Denial of Service. It has been reported that the Bluetooth packet parser does not validate string length fields in SDP packets. Versions less than 3.36 are affected.

tags | advisory, denial of service, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2008-2374
MD5 | 4762bda98a68de0cb2c5d2dec18aaf45
Ubuntu Security Notice 737-1
Posted Mar 16, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-737-1 - It was discovered that the Base64 encoding functions in libsoup did not properly handle large strings. If a user were tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0585
MD5 | 4081326f2a1489b6256c7d38b8ead0f2
Ubuntu Security Notice 735-1
Posted Mar 16, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-735-1 - It was discovered that the Base64 decoding functions in GStreamer Base Plugins did not properly handle large images in Vorbis file tags. If a user were tricked into opening a specially crafted Vorbis file, an attacker could possibly execute arbitrary code with user privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0586
MD5 | 162958df2524ded113b4dfe78e6dc2d9
Ubuntu Security Notice 736-1
Posted Mar 16, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-736-1 - It was discovered that GStreamer Good Plugins did not correctly handle malformed Composition Time To Sample (ctts) atom data in Quicktime (mov) movie files. If a user were tricked into opening a crafted mov file, an attacker could execute arbitrary code with the privileges of the user invoking the program. It was discovered that GStreamer Good Plugins did not correctly handle malformed Sync Sample (aka stss) atom data in Quicktime (mov) movie files. If a user were tricked into opening a crafted mov file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that GStreamer Good Plugins did not correctly handle malformed Time-to-sample (aka stts) atom data in Quicktime (mov) movie files. If a user were tricked into opening a crafted mov file, an attacker could execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0386, CVE-2009-0387, CVE-2009-0397
MD5 | 83dc47ac1d058a707580c7ecd9bbebbe
Ubuntu Security Notice 733-1
Posted Mar 16, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-733-1 - It was discovered that the Base64 encoding functions in evolution-data-server did not properly handle large strings. If a user were tricked into opening a specially crafted image file, or tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0587
MD5 | 44f9fb2caca798edb0cb61fd0eac945a
YSTS 3.0 Call For Papers
Posted Mar 16, 2009
Site ysts.org

The 3rd edition of YSTS (You Shot The Sheriff) has announced its call for papers. It will be held in Sao Paulo, Brazil on June 22nd.

tags | paper, conference
MD5 | cfe2180465c68bbbeab20d68351811b1
WinAsm Studio 5.1.5.0 Overflow
Posted Mar 16, 2009
Authored by Stack | Site v4-team.com

WinAsm Studio version 5.1.5.0 local heap overflow proof of concept exploit.

tags | exploit, overflow, local, proof of concept
MD5 | a149073d139c66f07670c40f8cb6b2f7
Kim Websites 1.0 Download Backup / Info Disclosure
Posted Mar 16, 2009
Authored by SirGod | Site insecurity.ro

Kim Websites version 1.0 suffers from an arbitrary backup download and phpinfo disclosure vulnerabilities.

tags | exploit, arbitrary, vulnerability, info disclosure
MD5 | 12f88017140d2d1a4e126e96edaeedee
w32 SEH Omelet Shellcode
Posted Mar 16, 2009
Authored by SkyLined

This is a small piece of shellcode written in assembler that can scan the user-land address space for small blocks of memory ("eggs") and recombine the eggs into one large block.

tags | shellcode
MD5 | a5e21a351710cb56abc553dbb789c14e
OpenCart 1.1.8 SQL Injection
Posted Mar 16, 2009
Authored by Adam Baldwin

OpenCart version 1.1.8 suffers from a blind SQL injection vulnerability.

tags | advisory, sql injection
MD5 | 6b9510542471e7bcf60503b92162d141
GOM Encoder 1.0.0.11 Buffer Overflow
Posted Mar 16, 2009
Authored by Encrypt3d.M!nd

Proof of concept exploit for a local buffer overflow vulnerability in GOM Encoder version 1.0.0.11.

tags | exploit, overflow, local, proof of concept
MD5 | 3a4ace4f2f38b212a0a19ae6c7411999
phpFoX 1.6.21 Cross Site Request Forgery
Posted Mar 16, 2009
Authored by d14l

phpFoX version 1.6.21 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 9d4ca4611277087c980b838903e81085
Debian Linux Security Advisory 1742-1
Posted Mar 16, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1742-1 - Alan Rad Pop discovered that libsndfile, a library to read and write sampled audio data, is prone to an integer overflow. This causes a heap-based buffer overflow when processing crafted CAF description chunks possibly leading to arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2009-0186
MD5 | c2b46e6ec52de36996dff5a7094a19f0
Tutorial - SSH Tunneling And SSH Port Forwarding
Posted Mar 16, 2009
Authored by n3tpr0b3

Short tutorial called SSH Tunneling and SSH Port Forwarding.

tags | paper
MD5 | 74f38a09137240cb3c9a6ca2d431fc9c
Gentoo Linux Security Advisory 200903-28
Posted Mar 16, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200903-28 - Multiple vulnerabilities were found in libpng, which might result in the execution of arbitrary code. Versions less than 1.2.35 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5907, CVE-2008-6218, CVE-2009-0040
MD5 | 3300d7d98434fc08c515ca440028bcf9
Google Chrome 1.0.154.48 Denial Of Service
Posted Mar 16, 2009
Authored by Aditya K Sood | Site secniche.org

Google Chrome version 1.0.154.48 single thread alert out of bounds memory access exploit.

tags | exploit
MD5 | 1f93f75509617183ceefe6ca07822f2d
Cryptographp File Disclosure
Posted Mar 16, 2009
Authored by Jan G.B.

Cryptographp version 1.4 suffers from a file disclosure vulnerability.

tags | advisory, info disclosure
MD5 | 75fb1968e47ef5dd48a9e0aca2b68f13
Xplico Internet Traffic Decoder With GUI
Posted Mar 16, 2009
Authored by Gianluca Costa, Andrea de Franceschi | Site xplico.org

Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc. This is the version that has a GUI allowing you to view photos, texts and videos contained in MMS messages.

Changes: This release introduce the MMS dissector. With this dissector it is possible to reconstruct the MMS message transported by HTTP protocol and extracts the media contained. This release introduces the generation of geographical and temporal map (GeoMap) of data rebuilding. The files generated are kml files and can be used with Google Earth.
tags | tool, imap, forensics
MD5 | a32cfce6c92066803d9aaad016619d4e
Xplico Internet Traffic Decoder
Posted Mar 16, 2009
Authored by Gianluca Costa, Andrea de Franceschi | Site xplico.org

Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc.

Changes: This release introduce the MMS dissector. With this dissector it is possible to reconstruct the MMS message transported by HTTP protocol and extracts the media contained. This release introduces the generation of geographical and temporal map (GeoMap) of data rebuilding. The files generated are kml files and can be used with Google Earth.
tags | tool, imap, forensics
MD5 | 251516854d7dc1f3c189b80a88791f2b
Rosoft Media Player 4.2.1 Buffer Overflow
Posted Mar 16, 2009
Authored by SimO-s0fT

Rosoft Media Player Free version 4.2.1 local buffer overflow exploit for multiple targets. Binds a shell to port 7777.

tags | exploit, overflow, shell, local
MD5 | f5f2a85f7d5046c9be73fb55df95ff34
GOM Encoder 1.0.0.11 Buffer Overflow
Posted Mar 16, 2009
Authored by SVRT | Site security.bkis.vn

GOM Encoder Demo versions 1.0.0.11 and below suffer from a buffer overflow vulnerability.

tags | advisory, overflow
MD5 | 39814080e7815193b49d4efb3ba636ed
Mozilla Firefox 3.0.7 Denial Of Service
Posted Mar 16, 2009
Authored by SkyLined

Mozilla Firefox 3.0.7 OnbeforeUnLoad DesignMode reference crash exploit.

tags | exploit, denial of service
MD5 | f12ff389aa578484490526c79acc2586
Rapidleech Download / LFI / XSS
Posted Mar 16, 2009
Authored by SVRT | Site security.bkis.vn

Rapidleech versions prior to revision 36 suffer from arbitrary file download, local file inclusion, and cross site scripting vulnerabilities.

tags | advisory, arbitrary, local, vulnerability, xss, file inclusion
MD5 | 28f8d086ce53e0e637688f9d6a14d7ef
Page 1 of 3
Back123Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    30 Files
  • 4
    Mar 4th
    13 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close