what you don't know can hurt you
Showing 1 - 25 of 46 RSS Feed

Files Date: 2009-04-07

MIT krb5 Security Advisory 2009-002
Posted Apr 7, 2009
Site web.mit.edu

MIT krb5 Security Advisory 2009-002 - An ASN.1 decoder can free an uninitialized pointer when decoding an invalid encoding. This can cause a Kerberos application to crash, or, under theoretically possible but unlikely circumstances, execute arbitrary malicious code.

tags | advisory, arbitrary
advisories | CVE-2009-0846
MD5 | 3c7bc4541e399ae9955dd1f613929bf7
MIT krb5 Security Advisory 2009-001
Posted Apr 7, 2009
Site web.mit.edu

MIT krb5 Security Advisory 2009-001 - The MIT krb5 implementation of the SPNEGO GSS-API mechanism can read beyond the end of a network input buffer. This can cause a GSS-API application to crash by reading from invalid address space. The MIT krb5 implementation of the SPNEGO GSS-API mechanism can dereference a null pointer under error conditions. This can cause a GSS-API application to crash. MIT krb5 can perform an incorrect length check inside an ASN.1 decoder. This only presents a problem in the PK-INIT code paths. In the MIT krb5 KDC or kinit program, this could lead to spurious malloc() failures or, under some conditions, program crash.

tags | advisory
advisories | CVE-2009-0844, CVE-2009-0845, CVE-2009-0847
MD5 | ac63a0de02f68562667db69a506c5820
HP Security Bulletin HPSBUX02415 SSRT090023
Posted Apr 7, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running PAM Kerberos. The vulnerability could be exploited locally to create a privilege escalation or to allow an unauthorized access.

tags | advisory
systems | hpux
advisories | CVE-2009-0360, CVE-2009-0361
MD5 | 899132631767954649aec02f6eab71ab
Xplode CMS XSS / SQL Injection
Posted Apr 7, 2009
Authored by PLATEN

Xplode CMS suffers from cross site scripting and SQL injection vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
MD5 | c641f30284d84c61d9aeb2dc970c7498
Family Connections CMS 1.8.2 SQL Injection
Posted Apr 7, 2009
Authored by Salvatore Fresta

Family Connections CMS versions 1.8.2 blind SQL injection vulnerability.

tags | exploit, sql injection
MD5 | 3a29f04d3e0bc744ffda805c4fc9d018
Secunia - IrfanView Formats Integer Overflow
Posted Apr 7, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in IrfanView's Formats plug-in version 4.22, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow when processing XPM files with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted XPM file.

tags | advisory, overflow
advisories | CVE-2009-0197
MD5 | 176a384654d3a2af79e25045ad3ab1b2
Lanius CMS 0.5.2 File Upload
Posted Apr 7, 2009
Authored by EgiX

Lanius CMS versions 0.5.2 and below remote arbitrary file upload exploit.

tags | exploit, remote, arbitrary, file upload
MD5 | ee254c5d9eaad45978ec8420dfd4ab8c
XBMC 8.10 HEAD Buffer Overflow
Posted Apr 7, 2009
Authored by His0k4

XBMC version 8.10 HEAD remote buffer overflow exploit that spawns calc.exe.

tags | exploit, remote, overflow
MD5 | 20dee24fbc6629babb991c3905be5026
Debian Linux Security Advisory 1764-1
Posted Apr 7, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1764-1 - Several vulnerabilities have been discovered in Tunapie, a GUI frontend to video and radio streams.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-1253, CVE-2009-1254
MD5 | 8c40e55ce09b6145d4139ca8fd9709b1
Creating Shellcode For Linux x86 32-bit
Posted Apr 7, 2009
Authored by Jonathan Salwan | Site shell-storm.org

Whitepaper called Creating Shellcode for the Linux x86 32-bit architecture. Written in French.

tags | paper, x86, shellcode
systems | linux
MD5 | e9038ecd0cd06ee026514261c87906bd
Opening Intranets To Attacks By Using Internet Explorer
Posted Apr 7, 2009
Authored by Cesar Cerrudo | Site argeniss.com

Whitepaper called Opening Intranets to attacks by using Internet Explorer. This document covers the topic of hacking Intranet websites through various unconventional means. Technical details shed light on the impact of default security configuration settings within Internet Explorer that can be leveraged to attack internal Intranet websites remotely (from the Internet as well as remote users on the same LAN segment).

tags | paper, remote
MD5 | 98b92d80a44cb14ddf0e4fdde94bde10
Apache Tomcat mod_jk Information Disclosure
Posted Apr 7, 2009
Site tomcat.apache.org

Apache Tomcat mod_jk versions 1.2.0 through 1.2.26 suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2008-5519
MD5 | 7b5fa8ff1f5c76753b7e1f0728a21a32
.NET Framework Rootkits
Posted Apr 7, 2009
Authored by Erez Metula | Site applicationsecurity.co.il

This whitepaper, .NET Framework rootkits - backdoors inside your framework, covers various ways to develop rootkits for the .NET framework, so that every EXE/DLL that runs on a modified Framework will behave differently than what it is supposed to do. Code reviews will not detect backdoors installed inside the Framework since the payload is not in the code itself, but rather it is inside the Framework implementation. Writing Framework rootkits will enable the attacker to install a reverse shell inside the framework, to steal valuable information, to fixate encryption keys, disable security checks and to perform other nasty things as described in this paper.

tags | paper, shell
MD5 | 48c455e09098bed5b6fa3a1276fab042
Ubuntu Security Notice 754-1
Posted Apr 7, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-754-1 - It was discovered that ClamAV did not properly verify its input when processing TAR archives. A remote attacker could send a specially crafted TAR file and cause a denial of service via infinite loop. It was discovered that ClamAV did not properly validate Portable Executable (PE) files. A remote attacker could send a crafted PE file and cause a denial of service (divide by zero).

tags | advisory, remote, denial of service
systems | linux, ubuntu
MD5 | f12cd6680c84c5d819d63cd3c1ba3b58
Ubuntu Security Notice 753-1
Posted Apr 7, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-753-1 - It was discovered that PostgreSQL did not properly handle encoding conversion failures. An attacker could exploit this by sending specially crafted requests to PostgreSQL, leading to a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2009-0922
MD5 | c5be284fa139d502e1c0ef42cc5a9acf
Ubuntu Security Notice 752-1
Posted Apr 7, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-752-1 - A large amount of vulnerabilities in the Linux 2.6 kernel have been addressed. These include findings in NFS, the SCTP stack, the ext4 filesystem, and more.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-4307, CVE-2008-6107, CVE-2009-0028, CVE-2009-0029, CVE-2009-0065, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0834, CVE-2009-0835, CVE-2009-0859
MD5 | bd1a36da8fd7180ef7a86f64270ab0c6
Ubuntu Security Notice 751-1
Posted Apr 7, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-751-1 - A large amount of vulnerabilities in the Linux 2.6 kernel have been addressed. These include findings in NFS, the SCTP stack, the ext4 filesystem, and more.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-4307, CVE-2008-6107, CVE-2009-0028, CVE-2009-0031, CVE-2009-0065, CVE-2009-0269, CVE-2009-0322, CVE-2009-0605, CVE-2009-0675, CVE-2009-0676, CVE-2009-0745, CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, CVE-2009-0834, CVE-2009-0835, CVE-2009-0859, CVE-2009-1046
MD5 | 3b3911c7d828fcd2536154cce04b057f
Secunia Security Advisory 34603
Posted Apr 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for mapserver. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially to compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | linux, fedora
MD5 | 7df652015f29eb1f637fa38b7ad19c65
Sun Java Users Enumeration
Posted Apr 7, 2009
Authored by Marco Mella | Site aboutsecurity.net

Both the Sun Java System Access Manager and Identity Manager suffer from a user enumeration vulnerability. Identity Manager versions 7.0, 7.1, 7.1.1, and 8.0 are affected. Access Manager versions 6 2005Q1 (6.3), 7 2005Q4 (7.0), and 7.1 are affected.

tags | advisory, java
MD5 | b8aa363731e9ebf01f14efe6d98595de
Gentoo Linux Security Advisory 200904-8
Posted Apr 7, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200904-08 - An error in OpenSSL might allow for a Denial of Service when printing certificate details. The ASN1_STRING_print_ex() function does not properly check the provided length of a BMPString or UniversalString, leading to an invalid memory access. Versions less than 0.9.8k are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2009-0590
MD5 | 20655fdd6154756aab4a68471a6e62f8
Gentoo Linux Security Advisory 200904-7
Posted Apr 7, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200904-07 - A vulnerability in Xpdf might allow local attackers to execute arbitrary code. Erik Wallin reported that Gentoo's Xpdf attempts to read the xpdfrc file from the current working directory if it cannot find a .xpdfrc file in the user's home directory. This is caused by a missing definition of the SYSTEM_XPDFRC macro when compiling a repackaged version of Xpdf. Versions less than 3.02-r2 are affected.

tags | advisory, arbitrary, local
systems | linux, gentoo
advisories | CVE-2009-1144
MD5 | 621049b0073b863e523ad54a0dc45ee5
Secunia Security Advisory 34582
Posted Apr 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for eog. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, gentoo
MD5 | a5a06068c7c9b124a48f5f489861ec54
Secunia Security Advisory 34599
Posted Apr 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for php.This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, denial of service, php, vulnerability
systems | linux, redhat
MD5 | f0c0c4ad99d07164a712725756c957ff
Secunia Security Advisory 34602
Posted Apr 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for gstreamer-plugins-base. This fixes a vulnerability, which can potentially by exploited by malicious people to compromise an application using the library.

tags | advisory
systems | linux, redhat
MD5 | 977da74cba922d5dd55200e06883a1e6
Secunia Security Advisory 34616
Posted Apr 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for php.This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, denial of service, php, vulnerability
systems | linux, redhat
MD5 | c969bd329c908ec996aaef737051551d
Page 1 of 2
Back12Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    9 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close