Twenty Year Anniversary
Showing 1 - 25 of 57 RSS Feed

Files Date: 2009-04-15

Technical Cyber Security Alert 2009-105A
Posted Apr 15, 2009
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA09-105A - Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.

tags | advisory, remote, denial of service, arbitrary, vulnerability, info disclosure
MD5 | 008ce6579291495114820f9ffa1b6f1a
Debian Linux Security Advisory 1771-1
Posted Apr 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1771-1 - Several vulnerabilities have been discovered in the ClamAV anti-virus toolkit. Attackers can cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error. Attackers can cause a denial of service (infinite loop) via a crafted tar file that causes (1) clamd and (2) clamscan to hang. Attackers can cause a denial of service (crash) via a crafted EXE file that crashes the UPack unpacker.

tags | advisory, denial of service, vulnerability, virus
systems | linux, debian
advisories | CVE-2008-6680, CVE-2009-1270
MD5 | 21893a41f09404b9b9f5de59de388698
iDEFENSE Security Advisory 2009-04-15.1
Posted Apr 15, 2009
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 04.15.09 - Local exploitation of a buffer overflow vulnerability in IBM Corp.'s Advanced Interactive eXecutive (AIX) could allow an attacker to gain root privileges. The set-uid root binary "muxatmd" concatenates the calling program name with the static string ".pid". The destination buffer passed to the function call used for concatenation is a static-sized stack buffer. Since no bounds checking is performed, a stack-based buffer overflow can occur when a long program name is given. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s AIX version 5.3 (5300-09-02-0849). Other versions may also be affected.

tags | advisory, overflow, local, root
systems | aix
MD5 | 87d46ac1f03c9524d880b907aa6e443f
iDEFENSE Security Advisory 2009-04-14.2
Posted Apr 15, 2009
Authored by iDefense Labs, Sean Larsson, Jun Mao | Site idefense.com

iDefense Security Advisory 04.14.09 - Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s WordPad could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing the content of a Word97 format file. When reading in the data, the code uses a 32-bit integer from the file to check a buffer length while using the lower 16-bit value to do the actual copy. This results in a stack buffer overflow. This stack buffer is overwritten with data from the file. iDefense has confirmed the existence of this vulnerability in Wordpad on Windows 2000 SP4. Windows XP SP3 is not affected. Vista and Server 2008 are not affected as they no longer contain the Word97 converter.

tags | advisory, remote, overflow, arbitrary
systems | windows, 2k, xp
advisories | CVE-2009-0235
MD5 | 6d1e854873fc0efe59cf75d35001e497
SKPD Running Process Dumping Tool
Posted Apr 15, 2009
Authored by Albert Sellares | Site wekk.net

SKPD is a tool that will dump a running process to an executable ELF file. Written to work on various flavors of Linux.

systems | linux
MD5 | 5ab793154fbbd478a3c7b0142eb8cd13
Nortel Application Gateway 2000 Password
Posted Apr 15, 2009
Authored by D. Matscheko | Site sec-consult.com

SEC Consult Security Advisory 20090415-1 - The Nortel Application Gateway 2000 versions 6.3.1 and below suffer from a password disclosure vulnerability.

tags | exploit
MD5 | 7dd231e19e1815bcf1bb9b2002a47681
Novell Teaming Enumeration / XSS
Posted Apr 15, 2009
Authored by Michael Kirchner | Site sec-consult.com

SEC Consult Security Advisory 20090415-0 - Multiple vulnerabilities have been identified in Novell Teaming. These include enumeration of usernames, information disclosure, and cross site scripting flaws. Version 1.0.3 is vulnerable.

tags | exploit, vulnerability, xss, info disclosure
MD5 | d863b12a8d5f312bb96fd10137813df7
Mod-Perl Perl-Status Cross Site Scripting
Posted Apr 15, 2009
Authored by Richard Brain | Site procheckup.com

The perl-status utility as included with Mod_perl suffers from a cross site scripting vulnerability.

tags | exploit, perl, xss
advisories | CVE-2009-0796
MD5 | 84e5fd895e5ab4684a212527d6eede11
Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow
Posted Apr 15, 2009
Authored by Dyon Balding | Site secunia.com

Secunia Research has discovered a vulnerability in the Oracle BEA WebLogic Server plug-ins for web servers, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error when parsing certificates and can be exploited to cause a stack-based buffer overflow by supplying a specially crafted certificate. Successful exploitation may allow execution of arbitrary code. Oracle BEA WebLogic Server Plug-ins version 1.0.1166189 is affected.

tags | advisory, web, overflow, arbitrary
advisories | CVE-2009-0190
MD5 | 45af3efbb9aac556cf7a69224074a3ae
Oracle BEA WebLogic Server Plug-ins Integer Overflow
Posted Apr 15, 2009
Authored by Dyon Balding | Site secunia.com

Secunia Research has discovered a vulnerability in the Oracle BEA WebLogic Server plug-ins for web servers, which can be exploited by malicious people to compromise a vulnerable system. The Oracle BEA WebLogic Server can be configured to receive requests via an Apache, Sun, or IIS web server. In this case, a plug-in is installed in the Internet-facing web server that passes the request to a WebLogic server. An integer overflow when parsing HTTP requests can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Oracle BEA WebLogic Server Plug-ins version 1.0.1166189 is affected.

tags | advisory, web, overflow, arbitrary
advisories | CVE-2009-0189
MD5 | bb87a15a00ddc95f0f5227a7895d8cb9
SAP GUI KWEdit ActiveX Control "SaveDocumentAs()" Insecure Method
Posted Apr 15, 2009
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a security issue in SAP GUI, which can be exploited by malicious people to gain knowledge of sensitive information, corrupt files, or compromise a user's system. The problem is that the bundled KWEdit ActiveX control (KWEDIT.DLL) provides the insecure method "SaveDocumentAs()", which saves an HTML document to a specified location. This can be exploited in combination with e.g. the "OpenDocument()" method to disclose the contents of files or to execute arbitrary code on a user's system. SAP GUI versions 6.40 Patch 29 and 7.10 Patch 5 are affected.

tags | advisory, arbitrary, activex
advisories | CVE-2008-4830
MD5 | 6d09063dc75e842d99198dea69260766
DivX Web Player Stream Format Chunk Buffer Overflow
Posted Apr 15, 2009
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in DivX Web Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a signedness error in the processing of "STRF" (Stream Format) chunks. This can be exploited to cause a heap-based buffer overflow via a specially crafted DivX file. Successful exploitation may allow execution of arbitrary code by tricking a user into visiting a malicious website. Version 1.4.2.7 is affected.

tags | advisory, web, overflow, arbitrary
advisories | CVE-2008-5259
MD5 | b9dd1c8afd5d3c20e6a1c361c9725a8f
SniffJoke IDS Evasion Tool
Posted Apr 15, 2009
Authored by s0ftpj, vecna | Site delirandom.net

SniffJoke is middleware software for Linux that is managed by a web interface and enables connection scrambling technology, also known as sniffer evasion techniques.

tags | web
systems | linux
MD5 | cb7fa9ad394dba7ddee008a3cbeb06fe
HITB Security Conference 2009 Call For Papers
Posted Apr 15, 2009
Site conference.hackinthebox.org

The Call for Papers (CFP) for Hack In The Box 2009 Malaysia is now open.

tags | paper, conference
MD5 | a2ce8ec2bb196bc3e4b182cc29823f1a
Mozilla Firefox 3.0.8 Zero Buffer Check Memory Exhaustion / Leaking
Posted Apr 15, 2009
Authored by Aditya K Sood | Site secniche.org

Mozilla Firefox version 3.0.8 zero buffer check memory exhaustion and leaking proof of concept exploit.

tags | exploit, proof of concept
MD5 | 3f2baa2f8b24cf6cb339b7d828a85135
FreeWebShop.org 2.2.9 RC2 Local File Inclusion
Posted Apr 15, 2009
Authored by ahmadbady

FreeWebShop.org version 2.2.29 RC2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 8b2cf077d66cd3a4371da42ac9bca6b3
Job2C 4.2 Local File Inclusion
Posted Apr 15, 2009
Authored by ZoRLu

Job2C version 4.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 4a3ae6df17c99c896bd411be1ceebf16
Ubuntu Security Notice 758-1
Posted Apr 15, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-758-1 - Sebastian Krahmer discovered that udev did not correctly validate netlink message senders. A local attacker could send specially crafted messages to udev in order to gain root privileges. Sebastian Krahmer discovered a buffer overflow in the path encoding routines in udev. A local attacker could exploit this to crash udev, leading to a denial of service.

tags | advisory, denial of service, overflow, local, root
systems | linux, ubuntu
advisories | CVE-2009-1185, CVE-2009-1186
MD5 | 53c50d2e0cb61ad533630de31729ba2e
Ubuntu Security Notice 757-1
Posted Apr 15, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-757-1 - Multiple vulnerabilities have been discovered in Ghostscript including a buffer underflow, denial of service, and code execution issues.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, ubuntu
advisories | CVE-2007-6725, CVE-2008-6679, CVE-2009-0196, CVE-2009-0583, CVE-2009-0584, CVE-2009-0792
MD5 | 6ed2c62bf17c1a2fdc42393559e0eb27
Aria News XSS / SQL Injection
Posted Apr 15, 2009
Authored by Securitylab Security Research | Site securitylab.ir

Aria News suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 509c717f93febefe59df1a76353b9b5a
Microsoft Office Excel Remote Memory Corruption
Posted Apr 15, 2009
Authored by Haifei Li | Site fortinet.com

A memory corruption vulnerability exists in Microsoft Office Excel which allows a remote attacker to compromise a system through a malicious document.

tags | advisory, remote
advisories | CVE-2009-0100
MD5 | df69bb950c1ed748e89104a510c47f67
Zervit 0.02 Buffer Overflow
Posted Apr 15, 2009
Authored by e.wiZz!

Zervit webserver version 0.02 suffers from a remote buffer overflow vulnerability.

tags | exploit, remote, overflow
MD5 | 8f16456e4ecfb2e1f4ff1bec48035eb4
Microsoft Windows Media Player Overflow
Posted Apr 15, 2009
Authored by HuoFu

Microsoft Windows Media Player integer overflow proof of concept exploit that creates a malicious .mid file.

tags | exploit, overflow, proof of concept
systems | windows
MD5 | 1d7feda73f2022177d55214fa0610f77
OpenSCAP Libraries
Posted Apr 15, 2009
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, and CVSS.

Changes: This release adds support for Python binding for all libraries.
tags | protocol, library
MD5 | 07ab0017b0497963113c539a40969af1
Star Downloader Free 1.45 Overwrite
Posted Apr 15, 2009
Authored by dun

Star Downloader Free versions 1.45 and below universal SEH overwrite exploit.

tags | exploit
MD5 | 52a2c7b50a848bce55d5c871d4b64095
Page 1 of 3
Back123Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close