what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 46 RSS Feed

Files Date: 2009-04-07

MIT krb5 Security Advisory 2009-002
Posted Apr 7, 2009
Site web.mit.edu

MIT krb5 Security Advisory 2009-002 - An ASN.1 decoder can free an uninitialized pointer when decoding an invalid encoding. This can cause a Kerberos application to crash, or, under theoretically possible but unlikely circumstances, execute arbitrary malicious code.

tags | advisory, arbitrary
advisories | CVE-2009-0846
SHA-256 | d26cdb51c70ac0de19c2b9607694e8b48c583d10e58fa642b3788316fae5852e
MIT krb5 Security Advisory 2009-001
Posted Apr 7, 2009
Site web.mit.edu

MIT krb5 Security Advisory 2009-001 - The MIT krb5 implementation of the SPNEGO GSS-API mechanism can read beyond the end of a network input buffer. This can cause a GSS-API application to crash by reading from invalid address space. The MIT krb5 implementation of the SPNEGO GSS-API mechanism can dereference a null pointer under error conditions. This can cause a GSS-API application to crash. MIT krb5 can perform an incorrect length check inside an ASN.1 decoder. This only presents a problem in the PK-INIT code paths. In the MIT krb5 KDC or kinit program, this could lead to spurious malloc() failures or, under some conditions, program crash.

tags | advisory
advisories | CVE-2009-0844, CVE-2009-0845, CVE-2009-0847
SHA-256 | 583a1d16957cdf1f031324b91889dc97c740b74cc3658c16852a8bfb19d26197
HP Security Bulletin HPSBUX02415 SSRT090023
Posted Apr 7, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running PAM Kerberos. The vulnerability could be exploited locally to create a privilege escalation or to allow an unauthorized access.

tags | advisory
systems | hpux
advisories | CVE-2009-0360, CVE-2009-0361
SHA-256 | d2e72c5731e1088cb46a6434e12e16fbdecaa351b638d3d0782b41f668a43dfc
Xplode CMS XSS / SQL Injection
Posted Apr 7, 2009
Authored by PLATEN

Xplode CMS suffers from cross site scripting and SQL injection vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | 9948da7447b4357732d6ebea4862e6a123b17deabe3a413f0d8545ea5097d17f
Family Connections CMS 1.8.2 SQL Injection
Posted Apr 7, 2009
Authored by Salvatore Fresta

Family Connections CMS versions 1.8.2 blind SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | 8c79610da03cdb38c175e1a2a725f660ece6cfad408b7fbcc9bd1c48396d2174
Secunia - IrfanView Formats Integer Overflow
Posted Apr 7, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in IrfanView's Formats plug-in version 4.22, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow when processing XPM files with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted XPM file.

tags | advisory, overflow
advisories | CVE-2009-0197
SHA-256 | 6353310b973c85424bb98e6be658d9995c4aa4e06a23fd615418d3a85048220e
Lanius CMS 0.5.2 File Upload
Posted Apr 7, 2009
Authored by EgiX

Lanius CMS versions 0.5.2 and below remote arbitrary file upload exploit.

tags | exploit, remote, arbitrary, file upload
SHA-256 | 8edd6d540a687cd3d9dbe4a2527849d76a1695d98b17c7b71b43b73635966f35
XBMC 8.10 HEAD Buffer Overflow
Posted Apr 7, 2009
Authored by His0k4

XBMC version 8.10 HEAD remote buffer overflow exploit that spawns calc.exe.

tags | exploit, remote, overflow
SHA-256 | d192a2f54c17323ec8324179d54635632984ecded762c57475bfe90ca2ec4e0c
Debian Linux Security Advisory 1764-1
Posted Apr 7, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1764-1 - Several vulnerabilities have been discovered in Tunapie, a GUI frontend to video and radio streams.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-1253, CVE-2009-1254
SHA-256 | 785a172aecf8a98d952d5105f41dd6945dc324a2833fe1fc9a2652129e5cfefd
Creating Shellcode For Linux x86 32-bit
Posted Apr 7, 2009
Authored by Jonathan Salwan | Site shell-storm.org

Whitepaper called Creating Shellcode for the Linux x86 32-bit architecture. Written in French.

tags | paper, x86, shellcode
systems | linux
SHA-256 | f7abea32722ccf3a4a3e7cf6faade5775a23fe7071cdde7fe5c3930d10523c4e
Opening Intranets To Attacks By Using Internet Explorer
Posted Apr 7, 2009
Authored by Cesar Cerrudo | Site argeniss.com

Whitepaper called Opening Intranets to attacks by using Internet Explorer. This document covers the topic of hacking Intranet websites through various unconventional means. Technical details shed light on the impact of default security configuration settings within Internet Explorer that can be leveraged to attack internal Intranet websites remotely (from the Internet as well as remote users on the same LAN segment).

tags | paper, remote
SHA-256 | 66045593d07f37903e7829c8dda101ab6b67ff339f8df92f4176b09b3a79d14e
Apache Tomcat mod_jk Information Disclosure
Posted Apr 7, 2009
Site tomcat.apache.org

Apache Tomcat mod_jk versions 1.2.0 through 1.2.26 suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2008-5519
SHA-256 | 82a8f73ad304a3a139da882c821b3194c48cbad8270a4c890591b51a66f9f916
.NET Framework Rootkits
Posted Apr 7, 2009
Authored by Erez Metula | Site applicationsecurity.co.il

This whitepaper, .NET Framework rootkits - backdoors inside your framework, covers various ways to develop rootkits for the .NET framework, so that every EXE/DLL that runs on a modified Framework will behave differently than what it is supposed to do. Code reviews will not detect backdoors installed inside the Framework since the payload is not in the code itself, but rather it is inside the Framework implementation. Writing Framework rootkits will enable the attacker to install a reverse shell inside the framework, to steal valuable information, to fixate encryption keys, disable security checks and to perform other nasty things as described in this paper.

tags | paper, shell
SHA-256 | fe69d68e467a449463286910210e3ad0f8fe2ca3f1b34554ba9d9c33e2b62793
Ubuntu Security Notice 754-1
Posted Apr 7, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-754-1 - It was discovered that ClamAV did not properly verify its input when processing TAR archives. A remote attacker could send a specially crafted TAR file and cause a denial of service via infinite loop. It was discovered that ClamAV did not properly validate Portable Executable (PE) files. A remote attacker could send a crafted PE file and cause a denial of service (divide by zero).

tags | advisory, remote, denial of service
systems | linux, ubuntu
SHA-256 | 8ba357462bb8043efaa3772f68bf8a4b486dd97d34fa899ba47c682452476ff1
Ubuntu Security Notice 753-1
Posted Apr 7, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-753-1 - It was discovered that PostgreSQL did not properly handle encoding conversion failures. An attacker could exploit this by sending specially crafted requests to PostgreSQL, leading to a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2009-0922
SHA-256 | 1ef9a696bcf17328ea9c8b18ba61cc01ba7d9f1bde4fc6d8e5a33f204e0eaf98
Ubuntu Security Notice 752-1
Posted Apr 7, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-752-1 - A large amount of vulnerabilities in the Linux 2.6 kernel have been addressed. These include findings in NFS, the SCTP stack, the ext4 filesystem, and more.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-4307, CVE-2008-6107, CVE-2009-0028, CVE-2009-0029, CVE-2009-0065, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0834, CVE-2009-0835, CVE-2009-0859
SHA-256 | 59946ebf6b04cee3e89cbe9cf8781673de1bc826ae5bd0b420da1e7ca5bbefd2
Ubuntu Security Notice 751-1
Posted Apr 7, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-751-1 - A large amount of vulnerabilities in the Linux 2.6 kernel have been addressed. These include findings in NFS, the SCTP stack, the ext4 filesystem, and more.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-4307, CVE-2008-6107, CVE-2009-0028, CVE-2009-0031, CVE-2009-0065, CVE-2009-0269, CVE-2009-0322, CVE-2009-0605, CVE-2009-0675, CVE-2009-0676, CVE-2009-0745, CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, CVE-2009-0834, CVE-2009-0835, CVE-2009-0859, CVE-2009-1046
SHA-256 | ba905511168c7c47255354c84039d9cc09525121fb4f4ef3dd461d6e738e37b0
Secunia Security Advisory 34603
Posted Apr 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for mapserver. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially to compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | linux, fedora
SHA-256 | f7f00bf7e40f7af4c64774790ec5cdb7aa98906e7f9cb9124e7d8167c70ba16c
Sun Java Users Enumeration
Posted Apr 7, 2009
Authored by Marco Mella | Site aboutsecurity.net

Both the Sun Java System Access Manager and Identity Manager suffer from a user enumeration vulnerability. Identity Manager versions 7.0, 7.1, 7.1.1, and 8.0 are affected. Access Manager versions 6 2005Q1 (6.3), 7 2005Q4 (7.0), and 7.1 are affected.

tags | advisory, java
SHA-256 | 7bfe0910609a493bb10b037157ebbf012af2872cf1f1865fe4f2e024c4a3928d
Gentoo Linux Security Advisory 200904-8
Posted Apr 7, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200904-08 - An error in OpenSSL might allow for a Denial of Service when printing certificate details. The ASN1_STRING_print_ex() function does not properly check the provided length of a BMPString or UniversalString, leading to an invalid memory access. Versions less than 0.9.8k are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2009-0590
SHA-256 | 9ed9657ace3e1e72cbc3a95437f4f977d41dae3ccb172347392a85fb48b19805
Gentoo Linux Security Advisory 200904-7
Posted Apr 7, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200904-07 - A vulnerability in Xpdf might allow local attackers to execute arbitrary code. Erik Wallin reported that Gentoo's Xpdf attempts to read the xpdfrc file from the current working directory if it cannot find a .xpdfrc file in the user's home directory. This is caused by a missing definition of the SYSTEM_XPDFRC macro when compiling a repackaged version of Xpdf. Versions less than 3.02-r2 are affected.

tags | advisory, arbitrary, local
systems | linux, gentoo
advisories | CVE-2009-1144
SHA-256 | b6fb95750bcb58c15a716325e49d9d28c0e91e0bfae62d02eb4b916c25fb471a
Secunia Security Advisory 34582
Posted Apr 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for eog. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, gentoo
SHA-256 | c548ade974c949b595ee194134f3c1667d7cef4c85c912751e3ddee5c2726df8
Secunia Security Advisory 34599
Posted Apr 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for php.This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, denial of service, php, vulnerability
systems | linux, redhat
SHA-256 | a0da48b3f2cd15ef2227e78eb490fbc11e2f6b6a9828f9e40fa728c1935c15c4
Secunia Security Advisory 34602
Posted Apr 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for gstreamer-plugins-base. This fixes a vulnerability, which can potentially by exploited by malicious people to compromise an application using the library.

tags | advisory
systems | linux, redhat
SHA-256 | 08328581e5c1927cb5bda083e32e33844c02b3a156450160b760f5b53ec17a59
Secunia Security Advisory 34616
Posted Apr 7, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for php.This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, denial of service, php, vulnerability
systems | linux, redhat
SHA-256 | 4e5d582ddc88334983cde3d188902538f9e9ce9a3a3f4e4a751b0b519136d01f
Page 1 of 2
Back12Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close