exploit the possibilities
Showing 1 - 25 of 55 RSS Feed

Files Date: 2009-04-22

SUSE Security Announcement - Code Execution
Posted Apr 22, 2009
Site suse.com

SUSE Security Announcement - Multiple vulnerabilities were resolved in the CUPS system. These range from various integer and buffer overflows.

tags | advisory, overflow, vulnerability
systems | linux, suse
advisories | CVE-2009-0146, CVE-2009-0147, CVE-2009-0163, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183
MD5 | 8cc8a37c5c4448805a9d21d0a67848d6
FreeBSD Security Advisory - db Issue
Posted Apr 22, 2009
Site security.freebsd.org

FreeBSD Security Advisory - Some data structures used by the database interface code are not properly initialized when allocated. Programs using the db(3) interface to create Berkeley database files may "leak" sensitive information into database files. If those files can be read by other users, this may result in the disclosure of sensitive information such as login credentials.

tags | advisory
systems | freebsd
MD5 | 3497531a58e5bed9d2ae60fe4bd553d3
FreeBSD Security Advisory - OpenSSL
Posted Apr 22, 2009
Site security.freebsd.org

FreeBSD Security Advisory - The function ASN1_STRING_print_ex does not properly validate the lengths of BMPString or UniversalString objects before attempting to print them. An application which attempts to print a BMPString or UniversalString which has an invalid length will crash as a result of OpenSSL accessing invalid memory locations. This could be used by an attacker to crash a remote application.

tags | advisory, remote
systems | freebsd
advisories | CVE-2009-0590
MD5 | e6bd0ea3c6d179e78026ab0043d0058d
SQLMAP - Automatic SQL Injection Tool
Posted Apr 22, 2009
Authored by Bernardo Damele | Site sqlmap.sourceforge.net

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: New features as described at the presentation given at Black Hat Europe.
tags | web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | e29f0ce962ca55cf04fb2f730ab39d56
Joomla rsmonials Cross Site Scripting
Posted Apr 22, 2009
Authored by jdc

The Joomla RSMonials component suffers cross site scripting and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, xss, file upload
MD5 | 94b5c7357ff7902a2293dd5a6a730706
WebPortal CMS 0.8beta Remote/Local File Inclusion
Posted Apr 22, 2009
Authored by ahmadbady

WebPortal CMS version 0.8 beta suffers from multiple local and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
MD5 | e81abb52dd42c67b5f32b0c2f1495f84
Sun Java Remote Code Execution
Posted Apr 22, 2009
Authored by Thierry Zoller

Sun Java VM versions 6 update 1 and 6 update 2 are susceptible to a remote code execution vulnerability.

tags | advisory, java, remote, code execution
MD5 | 27eb1540fa8a42e087085f26787ef357
Dokeos LMS 1.8.5 Code Execution
Posted Apr 22, 2009
Authored by StAkeR

Dokeos LMS versions 1.8.5 and below remote code execution exploit.

tags | exploit, remote, code execution
MD5 | c361d027a88ce13b0e635eac9ccb02b7
Counter Strike Source ManiAdminPlugin Remote Crash
Posted Apr 22, 2009
Authored by M4rt1n

Counter Strike Source Mani Admin Plugin version 2 remote crash exploit.

tags | exploit, remote
MD5 | 0b963e676a9dff795bd073bff0186a26
DirectAdmin Local File Overwrite
Posted Apr 22, 2009
Authored by anonymous

DirectAdmin versions below 1.33.4 suffer from a local file overwrite and local root escalation vulnerabilities.

tags | exploit, local, root, vulnerability
MD5 | 0fdab3b9458253098248dea88959b50f
Debian Linux Security Advisory 1778-1
Posted Apr 22, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1778-1 - It was discovered that mahara, an electronic portfolio, weblog, and resume builder, is prone to cross-site scripting (XSS) attacks because of missing input sanitization of the introduction text field in user profiles and any text field in a user view.

tags | advisory, xss
systems | linux, debian
advisories | CVE-2009-0664
MD5 | ec0430d3afa4d8411aa8927f7fbea900
Mandriva Linux Security Advisory 2009-094
Posted Apr 22, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-094 - Multiple vulnerabilities ranging from cross site scripting to denial of service have been fixed in MySQL.

tags | advisory, denial of service, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2008-3963, CVE-2008-4097, CVE-2008-4098, CVE-2008-4456
MD5 | 14d3e63de420516e3c6942c9a23576fc
Mandriva Linux Security Advisory 2009-093
Posted Apr 22, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-093 - Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute some of these details are obtained from third party information. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2009-1301
MD5 | 86d637c5af4c68d202a0f763a98b18b8
Flat Calendar Bypass / Cross Site Scripting
Posted Apr 22, 2009
Authored by ZoRLu

Flat Calendar suffers from authentication bypass and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, bypass
MD5 | 1a886e2dc0e53e19732817e5ddf8fe72
Xitami Web Server 5.0 Denial Of Service
Posted Apr 22, 2009
Authored by Jonathan Salwan | Site shell-storm.org

Xitami HTTP Server versions 5.0 and below remote denial of service exploit.

tags | exploit, remote, web, denial of service
MD5 | d12d20ca73fa934d9f0447197d96715c
OpenNHRP NBMA Next Hop Resolution 0.10.1
Posted Apr 22, 2009
Authored by Timo Teras | Site sourceforge.net

OpenNHRP implements the NBMA Next Hop Resolution Protocol (as defined in RFC 2332). It makes it possible to create a dynamic multipoint VPN Linux router using NHRP, GRE, and IPsec. It aims to be Cisco DMVPN compatible.

Changes: This release fixes (most of) the embarrassing bugs in 0.10 that were introduced from the build system rewrite and c-ares integration.
tags | encryption, protocol
systems | cisco, linux
MD5 | dce528b452c1da17b9328e7c69b5a927
Complemento Penetration Tools
Posted Apr 22, 2009
Authored by crossbower | Site complemento.sourceforge.net

Complemento is a collection of tools for penetration testing. LetDown is a TCP flooder written after reading the Fyodor article "TCP Resource Exhaustion and Botched Disclosure". Reverse raider is a domain scanner that uses brute force wordlist scanning for finding a target's subdomains or reverse resolution for a range of IPs. Httsquash is an HTTP server scanner, banner grabber, and data retriever. It can be used for scanning large ranges of IPs for finding devices or HTTP servers.

Changes: Major improvements were made in all tools. LetDown now supports Python scripting for multistage protocols. ReverseRaider has many new DNS features. HttSquash has been rewritten.
tags | tool, web, tcp, rootkit
systems | unix
MD5 | 2302c0b24ae319e20ca162a2c4c856c1
Femitter FTP Server 1.03 File Disclosure
Posted Apr 22, 2009
Authored by Stack | Site v4-team.com

Femitter FTP server version 1.03 arbitrary file disclosure exploit.

tags | exploit, arbitrary, info disclosure
MD5 | 3925e30e07cd8b26ffd73ccdca42b629
elkagroup Image Gallery 1.0 File Upload
Posted Apr 22, 2009
Authored by Securitylab Security Research | Site securitylab.ir

elkagroup Image Gallery version 1.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 3e6fb49691dcf225b0680b5efc07ab35
5Star Rating 1.0 SQL Injection
Posted Apr 22, 2009
Authored by zer0day

5 Star Rating version 1.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 7bd81442b50b29d7d4f28df651511520
010 Editor Buffer Overflows
Posted Apr 22, 2009
Authored by Le Duc Anh | Site security.bkis.vn

The 010 Editor suffers from multiple buffer overflow vulnerabilities. Proof of concept code included. Versions 3.0.4 and below are affected.

tags | exploit, overflow, vulnerability, proof of concept
MD5 | 78116dc0500fd8800bdf1a29e18346c9
Secunia Security Advisory 34841
Posted Apr 22, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for xpdf. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory, vulnerability
systems | linux, fedora
MD5 | c06da5b039e31fefd848d667e743902d
Secunia Security Advisory 34760
Posted Apr 22, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Sun Java System Delegated Administrator, which can be exploited by malicious people to conduct HTTP response splitting attacks.

tags | advisory, java, web
MD5 | bc25505131c7159bbb84d816aacf3f96
Secunia Security Advisory 34843
Posted Apr 22, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, conduct cross-site scripting and cross-site request forgery attacks, and potentially compromise a user's system.

tags | advisory, spoof, vulnerability, xss, csrf
systems | linux, redhat
MD5 | b966c584701b4733f9c7d125dff214b4
Secunia Security Advisory 34737
Posted Apr 22, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Juan Pablo Lopez Yacubian has discovered a security issue in Trend Micro OfficeScan Client, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
MD5 | 73b4c8426580154f7a511cbe56649c5d
Page 1 of 3
Back123Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    8 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    4 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close