what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2009-03-20

Pixie CMS XSS / SQL Injection
Posted Mar 20, 2009
Authored by Justin C. Klein Keane

Pixie CMS suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 014b6b5d9e7d55a61601dfa592eff2121ab89e7597270c082c0ba7309e7e7ba3
Chris Evans Security Advisory 2009.3
Posted Mar 20, 2009
Authored by Chris Evans

LittleCMS versions prior to 1.18beta2 suffers from various integer and buffer overflows as well as memory leak errors.

tags | advisory, overflow, memory leak
SHA-256 | e08b60bf2eb57ab4cae3a2831d2547cb74b70029d9d52d83b1c5a3cd3d0f3ac8
Gentoo Linux Security Advisory 200903-33
Posted Mar 20, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200903-33 - Multiple vulnerabilities in FFmpeg may lead to the remote execution of arbitrary code or a Denial of Service. Versions less than 0.4.9_p20090201 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-3162, CVE-2008-4866, CVE-2008-4867, CVE-2008-4868, CVE-2008-4869, CVE-2009-0385
SHA-256 | 2e7fe0c9e6d617ee63532c22950f83623c514d7da4bb23685213a080f9af5e9f
Ubuntu Security Notice 741-1
Posted Mar 20, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-741-1 - Several flaws were discovered in the browser engine. If Javascript were enabled, an attacker could exploit these flaws to crash Thunderbird and possibly execute arbitrary code with user privileges. Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user had Javascript enabled, these problems could allow a remote attacker to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Georgi Guninski discovered a flaw when Thunderbird performed a cross-domain redirect. If a user had Javascript enabled, an attacker could bypass the same-origin policy in Thunderbird by utilizing nsIRDFService and steal private data from users authenticated to the redirected website.

tags | advisory, remote, denial of service, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2009-0352, CVE-2009-0772, CVE-2009-0774, CVE-2009-0776
SHA-256 | 71df0c63229902bf45a99f841665304d7746f712c8283e344ef1a621a412203f
Mandriva Linux Security Advisory 2009-060
Posted Mar 20, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-060-1 - A security vulnerability has been identified and fixed in nfs-utils, which caused TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions. The updated packages have been patched to prevent this. The Corporate Server 4 packages had the wrong release number (lower than before) which prevented the update packages from being installed automatically. This problem has now been solved with new packages with the correct release number.

tags | advisory, remote, tcp
systems | linux, mandriva
advisories | CVE-2008-4552
SHA-256 | fb8a0645d60f88224f69188bd2314dc54eb2e4a2b2fb67caeff72743794909ce
Hannon Hill Cascade Server Command Execution
Posted Mar 20, 2009
Authored by Elliot Kendall | Site emory.edu

Hannon Hill's Cascade Server product is vulnerable to a command execution vulnerability. An attacker with access to an unprivileged account within Cascade Server could exploit this vulnerability to run arbitrary commands on the system with the privileges of the user who started Cascade Server. Exploit included.

tags | exploit, arbitrary
SHA-256 | f7ced456827e556f7666c29ee5a31702075e67c0ad2062551073b9d05905ce9f
Smartfilter Clear Text Password
Posted Mar 20, 2009
Authored by Daniel Sichel

It appears that Smartfilter for the Sidewinder G2 web proxy stores a world readable clear text password on the system.

tags | advisory, web
SHA-256 | 23911ab359ad001748750028cc5ad14c36650f378092c7ee3b5a0dd207cc0cb4
Ubuntu Security Notice 742-1
Posted Mar 20, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-742-1 - It was discovered that JasPer did not correctly handle memory allocation when parsing certain malformed JPEG2000 images. If a user were tricked into opening a specially crafted image with an application that uses libjasper, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. It was discovered that JasPer created temporary files in an insecure way. Local users could exploit a race condition and cause a denial of service in libjasper applications. It was discovered that JasPer did not correctly handle certain formatting operations. If a user were tricked into opening a specially crafted image with an application that uses libjasper, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2008-3520, CVE-2008-3521, CVE-2008-3522
SHA-256 | ceccfd6fef2b3c020e4997d4f5e70f5339b859709880e7609d97a4b9af7869b4
ModSecurity Denial Of Service
Posted Mar 20, 2009
Authored by Juan Galiana Lara

ModSecurity versions prior to 2.5.9 are vulnerable to a remote denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | 8773bf44208c8558e5fc2d15ae1be757d30697c1928ff4fefbf8e5dcf130a0f1
Bloginator 1a SQL Command Injection
Posted Mar 20, 2009
Authored by Osirys | Site y-osirys.com

Bloginator version 1a SQL command injection via cookie bypass exploit.

tags | exploit, sql injection
SHA-256 | b8172605df4b145cf245c69432ea57caeca02389a3ee55d556b10e5072a6bf6d
Bloginator 1a SQL Injection
Posted Mar 20, 2009
Authored by Fireshot

Bloginator version 1a suffers from cookie bypass and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, bypass
SHA-256 | 50ac04563af974eeb6d2bfb31a70f72e9331ebf13c78dbb148fe7c76fb80ecd4
SW-HTTPD Denial Of Service
Posted Mar 20, 2009
Authored by Jonathan Salwan | Site shell-storm.org

SW-HTTPD server version 0.x remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 6d206225ff5add8206c22ae2a426a16c591e3ff1aeff00e404894858c80e4475
Chasys Media Player Buffer Overflow
Posted Mar 20, 2009
Authored by zAx

Chasys Media Player local buffer overflow exploit that creates a malicious .lst file.

tags | exploit, overflow, local
SHA-256 | 4e8702efbcae9346ad68f9d61412c5d07863fd42a85b371a534a4045e6ff1a91
Chasys Media Player 1.1 .CUE Stack Overflow
Posted Mar 20, 2009
Authored by Stack | Site v4-team.com

Chasys Media Player version 1.1 stack overflow exploit that creates a malicious .cue file that adds a user.

tags | exploit, overflow
SHA-256 | bf96b8cd02ed49d8484802fff7a8892d0e424145613aa091804cca7a9a89f291
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close