what you don't know can hurt you
Showing 1 - 25 of 52 RSS Feed

Files Date: 2009-03-27

Novell Netstorage XSS / Denial Of Service
Posted Mar 27, 2009
Authored by BugsNotHugs

Novell Netstorage suffers from cross site scripting and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
MD5 | d785303b172d64685d56617cde4a9102
Aurora Nutritive Analysis XSS
Posted Mar 27, 2009
Authored by BugsNotHugs

The Aurora Nutritive Analysis module suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 7ee00006fa0764a520238e09c4790c2a
iDEFENSE Security Advisory 2009-03-25.5
Posted Mar 27, 2009
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 03.25.09 - Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java Runtime Environment (JRE) could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs during decompression when, to calculate the size of a heap buffer, the code manipulates several integers in the file. The bounds of these values are not checked, and the arithmetic operations can overflow. This results in an undersized buffer being allocated, which leads to a heap-based buffer overflow. iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s JRE version 1.6.0_11 for Windows and Linux.

tags | advisory, java, remote, overflow, arbitrary
systems | linux, windows
MD5 | 745655f99192eab0cfcaad45f2db5a40
iDEFENSE Security Advisory 2009-03-25.4
Posted Mar 27, 2009
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 03.25.09 - Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with privileges of the current user. When JWS starts up, it displays a splash screen. By default, the image displayed on this splash screen is a GIF file provided by Sun, but it is possible for a JNLP file to provide its own splash logo. This allows an attacker to pass an arbitrary PNG file to the splash logo parsing code. The vulnerability occurs when parsing a PNG file used as part of the splash screen. When parsing the image, several values are taken from the file and used in an arithmetic operation that calculates the size of a heap buffer. This calculation can overflow, which results in an undersized buffer being allocated. This buffer is later overflowed with data from the file. iDefense has confirmed the existence of this vulnerability in Java Web Start version 1.6_11 on Windows and Linux. Previous versions may also be affected.

tags | advisory, java, remote, web, overflow, arbitrary
systems | linux, windows
MD5 | a7c03e14bec9efc4a560b352713741e2
iDEFENSE Security Advisory 2009-03-25.3
Posted Mar 27, 2009
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 03.25.09 - Remote exploitation of a heap corruption vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. Values from the GIF file are used to calculate an offset to store data in a dynamic heap buffer. These values are not validated before use, which allows an attacker to store controlled data outside of the bounds of the allocated buffer. This leads to corruption of object pointers, which can be leveraged to execute arbitrary code. iDefense has confirmed the existence of this vulnerability in Java JRE version 1.6_11. Previous versions may also be affected.

tags | advisory, java, remote, arbitrary
MD5 | 88e5ed50eb496fcad942a6f8a27321cc
iDEFENSE Security Advisory 2009-03-25.2
Posted Mar 27, 2009
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 03.25.09 - Remote exploitation of a heap corruption vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with privileges of the current user. When JWS starts up, it displays a splash screen. By default, the image displayed on this splash screen is a GIF file provided by Sun, but it is possible for a JNLP file to provide its own splash logo. This allows an attacker to pass an arbitrary GIF file to the splash logo parsing code to trigger the vulnerability. iDefense has confirmed the existence of this vulnerability in Java Web Start version 1.6_11 on Windows and Linux. Previous versions may also be affected.

tags | advisory, java, remote, web, arbitrary
systems | linux, windows
MD5 | f4970366dc2949bf014b5f17a84b519e
Ubuntu Security Notice 748-1
Posted Mar 27, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-748-1 - It was discovered that font creation could leak temporary files. If a user were tricked into loading a malicious program or applet, a remote attacker could consume disk space, leading to a denial of service. It was discovered that the lightweight HttpServer did not correctly close files on dataless connections. A remote attacker could send specially crafted requests, leading to a denial of service. Certain 64bit Java actions would crash an application. A local attacker might be able to cause a denial of service. It was discovered that LDAP connections did not close correctly. A remote attacker could send specially crafted requests, leading to a denial of service. Java LDAP routines did not unserialize certain data correctly. A remote attacker could send specially crafted requests that could lead to arbitrary code execution. Java did not correctly check certain JAR headers. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. It was discovered that PNG and GIF decoding in Java could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service.

tags | advisory, java, remote, denial of service, arbitrary, local, code execution
systems | linux, ubuntu
advisories | CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102
MD5 | cd2a3942e3f8ac5ec3fcbefb30899379
Ubuntu Security Notice 747-1
Posted Mar 27, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-747-1 - It was discovered that libicu did not correctly handle certain invalid encoded data. If a user or automated system were tricked into processing specially crafted data with applications linked against libicu, certain content filters could be bypassed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2008-1036
MD5 | 9a41e0bea98106721b94589bad72cb20
PowerCHM 5.7 Stack Overflow
Posted Mar 27, 2009
Authored by Encrypt3d.M!nd

PowerCHM version 5.7 stack overflow proof of concept exploit that creates a malicious .http file.

tags | exploit, web, overflow, proof of concept
MD5 | c4b3b3dbbfff94698bf452eb23d8cb66
XM Easy Personal FTP Server DoS
Posted Mar 27, 2009
Authored by Jonathan Salwan | Site shell-storm.org

XM Easy Personal FTP Server versions 5.7.0 and below NLST remote denial of service exploit.

tags | exploit, remote, denial of service
MD5 | 79ed41d4aeddaed2bb8e4a2116347359
RatProxy Security Audit Tool
Posted Mar 27, 2009
Authored by Michal Zalewski | Site code.google.com

ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.

Changes: A minor change was made to always output HTTP/1.1 headers to avoid the activation of certain Web server heuristics.
tags | tool, web, sniffer
MD5 | f52e278f94f611045335176387c8d880
Mandriva Linux Security Advisory 2009-081
Posted Mar 27, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-081 - An integer overflow in libsoup Base64 encoding and decoding functions enables attackers either to cause denial of service and to execute arbitrary code. This update provides the fix for that security issue.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-0585
MD5 | 8ed64314eba648ac3906452acc5064e7
Mandriva Linux Security Advisory 2009-080
Posted Mar 27, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-080 - Multiple integer overflows in GLib's Base64 encoding and decoding functions enable attackers (possibly remote ones, depending on the applications glib2 is linked against with - mostly GNOME ones) either to cause denial of service and to execute arbitrary code via an untrusted input. This update provide the fix for that security issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2008-4316
MD5 | 77f8bf77c41ac9352761906b685650a5
My Simple Forum 7.1 Command Execution
Posted Mar 27, 2009
Authored by Osirys | Site y-osirys.com

My Simple Forum version 7.1 remote command execution exploit that leverages a local file inclusion vulnerability.

tags | exploit, remote, local, file inclusion
MD5 | f66ffbb5717e082d4cc97f00382c7cdf
Moodle File Disclosure
Posted Mar 27, 2009
Authored by Christian J. Eibl

Moodle versions below 1.6.9, 1.7.7, 1.8.9, and 1.9.5 suffer from a file disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 520c89bf934549d60ae6faf1d0175f33
Lynis Auditing Tool 1.2.5
Posted Mar 27, 2009
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds 40+ new tests for services like Dovecot, BIND, PowerDNS, SSH, Exim, and nginx. It has support for the Solaris auditing framework and several improvements to existing tests. Many small bugfixes and output and logging improvements have been made.
tags | tool, scanner
systems | unix
MD5 | 9eea99624a615310c0fb714d3a7c5cf6
Arcadwy Arcade Script Static XSS
Posted Mar 27, 2009
Authored by Anarchy Angel | Site hha.zapto.org

Arcadwy Arcade Script suffers from a static cross site scripting vulnerability.

tags | exploit, xss
MD5 | c7ad48bc27791c28a3f1baab70f378b7
Free PHP Petition Signing Script SQL Injection
Posted Mar 27, 2009
Authored by Qabandi

Free PHP Petition Signing Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
MD5 | 3a186e6cba8f5f0a0541fd54537934d5
Simply Classified 0.2 SQL Injection
Posted Mar 27, 2009
Authored by G4N0K

Simply Classified version 0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 748d16c2447ea88544fa508f9a6bb6dd
Abee Chm Maker 1.9.5 Stack Overflow
Posted Mar 27, 2009
Authored by Encrypt3d.M!nd

Abee Chm Maker version 1.9.5 stack overflow exploit that creates a malicious .cmp file.

tags | exploit, overflow
MD5 | cab9155812689b23b3780cec363309d3
FreeSSHd 1.2.1 Remote Buffer Overflow Exploit
Posted Mar 27, 2009
Authored by r0ut3r

FreeSSHd version 1.2.1 remote buffer overflow exploit.

tags | exploit, remote, overflow
MD5 | 334563694a7ebfce774781e2920676fc
Ubuntu Security Notice 746-1
Posted Mar 27, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-746-1 - It was discovered that the 4xm demuxer in xine-lib did not correctly handle a large current_track value in a 4xm file, resulting in an integer overflow. If a user or automated system were tricked into opening a specially crafted 4xm movie file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0698
MD5 | d078eb282b6c5c74286f0a437c4eb9f9
Secunia Security Advisory 34491
Posted Mar 27, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for xine-lib. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, ubuntu
MD5 | a0506090e51f427d6f1e48ea7137e308
Secunia Security Advisory 34492
Posted Mar 27, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for icu. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | linux, ubuntu
MD5 | c81c840c7dd70ffc017baa42bc685e4d
Secunia Security Advisory 34489
Posted Mar 27, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for openjdk-6. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or potentially compromise a user's system.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
MD5 | ec9b514dd06c51047c1591419b9fa2f6
Page 1 of 3
Back123Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close