exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 52 RSS Feed

Files Date: 2009-03-27

Novell Netstorage XSS / Denial Of Service
Posted Mar 27, 2009
Authored by BugsNotHugs

Novell Netstorage suffers from cross site scripting and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
SHA-256 | 9eed18c6c8f4bc12af41a5a4f256eeb71124d7de5d24e27afebf1272d05f0e09
Aurora Nutritive Analysis XSS
Posted Mar 27, 2009
Authored by BugsNotHugs

The Aurora Nutritive Analysis module suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 64b55d35b08b32a03568ea6913df10a7d91b73e73ff7ddbc58f09bcad03effe7
iDEFENSE Security Advisory 2009-03-25.5
Posted Mar 27, 2009
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 03.25.09 - Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java Runtime Environment (JRE) could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs during decompression when, to calculate the size of a heap buffer, the code manipulates several integers in the file. The bounds of these values are not checked, and the arithmetic operations can overflow. This results in an undersized buffer being allocated, which leads to a heap-based buffer overflow. iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s JRE version 1.6.0_11 for Windows and Linux.

tags | advisory, java, remote, overflow, arbitrary
systems | linux, windows
SHA-256 | 45f6f1ff008d7faa9a03ca57e555cc3f216424f6906bc9343bc797edf47efefa
iDEFENSE Security Advisory 2009-03-25.4
Posted Mar 27, 2009
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 03.25.09 - Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with privileges of the current user. When JWS starts up, it displays a splash screen. By default, the image displayed on this splash screen is a GIF file provided by Sun, but it is possible for a JNLP file to provide its own splash logo. This allows an attacker to pass an arbitrary PNG file to the splash logo parsing code. The vulnerability occurs when parsing a PNG file used as part of the splash screen. When parsing the image, several values are taken from the file and used in an arithmetic operation that calculates the size of a heap buffer. This calculation can overflow, which results in an undersized buffer being allocated. This buffer is later overflowed with data from the file. iDefense has confirmed the existence of this vulnerability in Java Web Start version 1.6_11 on Windows and Linux. Previous versions may also be affected.

tags | advisory, java, remote, web, overflow, arbitrary
systems | linux, windows
SHA-256 | 2d38f70208475eab25a81127c23c1ab5bfa6f7b2fc50a6fd2c025f1f200bc126
iDEFENSE Security Advisory 2009-03-25.3
Posted Mar 27, 2009
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 03.25.09 - Remote exploitation of a heap corruption vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. Values from the GIF file are used to calculate an offset to store data in a dynamic heap buffer. These values are not validated before use, which allows an attacker to store controlled data outside of the bounds of the allocated buffer. This leads to corruption of object pointers, which can be leveraged to execute arbitrary code. iDefense has confirmed the existence of this vulnerability in Java JRE version 1.6_11. Previous versions may also be affected.

tags | advisory, java, remote, arbitrary
SHA-256 | 9d4ab7a3c8a6bb2829e143ebc1d41ab732008cbd002ad7dc56ddee22724c937f
iDEFENSE Security Advisory 2009-03-25.2
Posted Mar 27, 2009
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 03.25.09 - Remote exploitation of a heap corruption vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with privileges of the current user. When JWS starts up, it displays a splash screen. By default, the image displayed on this splash screen is a GIF file provided by Sun, but it is possible for a JNLP file to provide its own splash logo. This allows an attacker to pass an arbitrary GIF file to the splash logo parsing code to trigger the vulnerability. iDefense has confirmed the existence of this vulnerability in Java Web Start version 1.6_11 on Windows and Linux. Previous versions may also be affected.

tags | advisory, java, remote, web, arbitrary
systems | linux, windows
SHA-256 | 787894ddedba68df8734507477667b37055d76f5f44660bb4cc572517e2626dd
Ubuntu Security Notice 748-1
Posted Mar 27, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-748-1 - It was discovered that font creation could leak temporary files. If a user were tricked into loading a malicious program or applet, a remote attacker could consume disk space, leading to a denial of service. It was discovered that the lightweight HttpServer did not correctly close files on dataless connections. A remote attacker could send specially crafted requests, leading to a denial of service. Certain 64bit Java actions would crash an application. A local attacker might be able to cause a denial of service. It was discovered that LDAP connections did not close correctly. A remote attacker could send specially crafted requests, leading to a denial of service. Java LDAP routines did not unserialize certain data correctly. A remote attacker could send specially crafted requests that could lead to arbitrary code execution. Java did not correctly check certain JAR headers. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. It was discovered that PNG and GIF decoding in Java could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service.

tags | advisory, java, remote, denial of service, arbitrary, local, code execution
systems | linux, ubuntu
advisories | CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102
SHA-256 | a02bfd44068b80cf235a81d4010c10c19e16ccc39c1f3402459054a13c80dcdd
Ubuntu Security Notice 747-1
Posted Mar 27, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-747-1 - It was discovered that libicu did not correctly handle certain invalid encoded data. If a user or automated system were tricked into processing specially crafted data with applications linked against libicu, certain content filters could be bypassed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2008-1036
SHA-256 | 96301c92b55eb1251fa787ea679ae430a34cc3f9220925097b70d0647b24e62c
PowerCHM 5.7 Stack Overflow
Posted Mar 27, 2009
Authored by Encrypt3d.M!nd

PowerCHM version 5.7 stack overflow proof of concept exploit that creates a malicious .http file.

tags | exploit, web, overflow, proof of concept
SHA-256 | 4cd34d4935a7daecc61e65d90c9a55e20a4cf26857563d6bf7269eff524be479
XM Easy Personal FTP Server DoS
Posted Mar 27, 2009
Authored by Jonathan Salwan | Site shell-storm.org

XM Easy Personal FTP Server versions 5.7.0 and below NLST remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 21c2263d354ebbb7a28f2272d019ee4063f9333a45537cdb40a7c46b2b590569
RatProxy Security Audit Tool
Posted Mar 27, 2009
Authored by Michal Zalewski | Site code.google.com

ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.

Changes: A minor change was made to always output HTTP/1.1 headers to avoid the activation of certain Web server heuristics.
tags | tool, web, sniffer
SHA-256 | 2db436645d5c4fd4aa3e24d589a455b9080aa44753040e6cd39990256867c094
Mandriva Linux Security Advisory 2009-081
Posted Mar 27, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-081 - An integer overflow in libsoup Base64 encoding and decoding functions enables attackers either to cause denial of service and to execute arbitrary code. This update provides the fix for that security issue.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-0585
SHA-256 | 0218a675d4af22d7953ff8facbadd56fc42d0d245c1acf552ca37aaa99c6e354
Mandriva Linux Security Advisory 2009-080
Posted Mar 27, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-080 - Multiple integer overflows in GLib's Base64 encoding and decoding functions enable attackers (possibly remote ones, depending on the applications glib2 is linked against with - mostly GNOME ones) either to cause denial of service and to execute arbitrary code via an untrusted input. This update provide the fix for that security issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2008-4316
SHA-256 | 8546c2803b7d9dd0a567710d603756b33cde91e984e1d57910ee82daf034c3dc
My Simple Forum 7.1 Command Execution
Posted Mar 27, 2009
Authored by Osirys | Site y-osirys.com

My Simple Forum version 7.1 remote command execution exploit that leverages a local file inclusion vulnerability.

tags | exploit, remote, local, file inclusion
SHA-256 | aecd9473523f12342ec2c7e647e527582de5aa5dbf9dda8a2f7df9a97002f58b
Moodle File Disclosure
Posted Mar 27, 2009
Authored by Christian J. Eibl

Moodle versions below 1.6.9, 1.7.7, 1.8.9, and 1.9.5 suffer from a file disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | aa552553b545331fbe147555eb8e8e040f5ae385f870451942ee81c4f820d063
Lynis Auditing Tool 1.2.5
Posted Mar 27, 2009
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds 40+ new tests for services like Dovecot, BIND, PowerDNS, SSH, Exim, and nginx. It has support for the Solaris auditing framework and several improvements to existing tests. Many small bugfixes and output and logging improvements have been made.
tags | tool, scanner
systems | unix
SHA-256 | 8ba51a7b6deb1d0097246edab6e9b6e4f76cc8b6ad720faa23866ca5550bc528
Arcadwy Arcade Script Static XSS
Posted Mar 27, 2009
Authored by Anarchy Angel | Site hha.zapto.org

Arcadwy Arcade Script suffers from a static cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 15be6e01188e229110696aaa1f0177ee492df12302d1569348683a29832d3261
Free PHP Petition Signing Script SQL Injection
Posted Mar 27, 2009
Authored by Qabandi

Free PHP Petition Signing Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
SHA-256 | 9457c6cb0afe5c174c57bbfe49ce480ad55585093fe9b464e9402cf45b4e7bb8
Simply Classified 0.2 SQL Injection
Posted Mar 27, 2009
Authored by G4N0K

Simply Classified version 0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2b8ec0fc4ff6b5fa10d154fa922bd32d12440a9707277c4e0602d5e97daeb02c
Abee Chm Maker 1.9.5 Stack Overflow
Posted Mar 27, 2009
Authored by Encrypt3d.M!nd

Abee Chm Maker version 1.9.5 stack overflow exploit that creates a malicious .cmp file.

tags | exploit, overflow
SHA-256 | d602e21593c366d9cf7ae0532f9a79344cf3231f2cbb2479f0f40c43d6400290
FreeSSHd 1.2.1 Remote Buffer Overflow Exploit
Posted Mar 27, 2009
Authored by r0ut3r

FreeSSHd version 1.2.1 remote buffer overflow exploit.

tags | exploit, remote, overflow
SHA-256 | d44ad769be01e8c55430cfb1a0787b3a63957bf90a2c037802a725af589a04bd
Ubuntu Security Notice 746-1
Posted Mar 27, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-746-1 - It was discovered that the 4xm demuxer in xine-lib did not correctly handle a large current_track value in a 4xm file, resulting in an integer overflow. If a user or automated system were tricked into opening a specially crafted 4xm movie file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0698
SHA-256 | 8d1051702aa774b804b81fff953e92c7efc53d64eb481fcd593d409c1b1c14c9
Secunia Security Advisory 34491
Posted Mar 27, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for xine-lib. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, ubuntu
SHA-256 | 2d36eedfcbdd369336ddd4cea77591f50716bacec90e7a87a9be265be08cb4eb
Secunia Security Advisory 34492
Posted Mar 27, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for icu. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | linux, ubuntu
SHA-256 | b93a00d2b4c879393bb05c7f452e14b8cc5443f6feeee81cf4319b05b33a9fff
Secunia Security Advisory 34489
Posted Mar 27, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for openjdk-6. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or potentially compromise a user's system.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
SHA-256 | 3c5fa8c55c72a07491c89ee7d08bfc66a7393e842fe80261c6914ce748471590
Page 1 of 3
Back123Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close