exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 36 RSS Feed

Files Date: 2009-05-21

Mandriva Linux Security Advisory 2009-121
Posted May 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-121 - Multiple security vulnerabilities has been identified and fixed in Little CMS. A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel. A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file. This update provides fixes for these issues.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability, memory leak
systems | linux, mandriva
advisories | CVE-2009-0581, CVE-2009-0723, CVE-2009-0733, CVE-2009-0793
SHA-256 | 128b2e6b39bb8559db988ef3a065a0a1f8e056209cbe8d7fa77bda7e09b9db5f
Mandriva Linux Security Advisory 2009-120
Posted May 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-120 - Multiple security vulnerabilities has been identified and fixed in OpenSSL. The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. The updated packages have been patched to prevent this.

tags | advisory, remote, denial of service, vulnerability, memory leak
systems | linux, mandriva
advisories | CVE-2009-1377, CVE-2009-1378
SHA-256 | 7e8ebc6722e9cb207f931607e5f931703c3b62ea75e530755e6a4508a4f1894b
Article Directory SQL Injection
Posted May 21, 2009
Authored by Hakxer

Article Directory suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | cd562bd34d50c22fc6585792167d2e494db2a31d0aab4f1a261c3926e6fc293d
Job Script 2.0 Shell Upload
Posted May 21, 2009
Authored by Hakxer

Job Script version 2.0 suffers from an arbitrary shell upload vulnerability.

tags | exploit, arbitrary, shell, file upload
SHA-256 | 4a3482a6491e17866d11c3c73d3a2d293984b5b60e7887976bf342e7d961d1b2
Bypassing Authentication With Reverse Engineering
Posted May 21, 2009
Authored by Jonathan Salwan | Site shell-storm.org

Whitepaper called Bypassing Authentication with Reverse Engineering in Linux x86. Written in French.

tags | paper, x86
systems | linux
SHA-256 | d0f828ad7777b98f34730768e4f138dc040ce4035f096350e941119c38796d30
ASP Inline Corporate Calendar XSS / SQL Injection
Posted May 21, 2009
Authored by Bl@ckbe@rd

ASP Inline Corporate Calendar suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, asp
SHA-256 | 874fb7cd2dee89e1198278d1d6a572db318eb99f9ed90552faa192cfc0479421
Vicidial Call Center SQL Injection
Posted May 21, 2009
Authored by Striker7

Vicidial Call Center Suite suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | dd153347a6ae4a60a5a94749845e3e641552b7fe325cdb21ac04462eb905cdd7
Digital Defense VRT Advisory 2009.25
Posted May 21, 2009
Authored by Digital Defense, r@b13$, David Marshall | Site digitaldefense.net

The web interface on tcp port 8090 of IPsession suffers from a SQL injection vulnerability.

tags | advisory, web, tcp, sql injection
SHA-256 | 8ebe731ee60d54089c1f0889cc235ec865a4cae70469a62ae157e32a3770d034
ChinaGames Code Execution
Posted May 21, 2009
Authored by etirah

ChinaGames Active-X related remote code execution exploit.

tags | exploit, remote, code execution, activex
SHA-256 | 37dd8a9d4a61db3b728b4d92c86d9ca46d1f69d5ef11c2895ff243cc6c5004db
BaoFeng Code Execution
Posted May 21, 2009
Authored by etirah

BaoFeng Active-X related remote code execution exploit.

tags | exploit, remote, code execution, activex
SHA-256 | b95ec3df242df9aabe408e8cec14958c83ec0b8017ddfaf5f347b49cbc3bfdda
Microsoft IIS 6.0 WebDAV Bypass
Posted May 21, 2009
Authored by Andrew Orr, Ron Bowes | Site skullsecurity.org

Remote authentication bypass exploit for the WebDAV vulnerability in Microsoft IIS 6.0.

tags | exploit, remote, bypass
SHA-256 | 58794bad254c95a52a4aff02ec52eb753d9e24ebc75be5de3d39aa371b956db2
Secunia Security Advisory 35118
Posted May 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Mac OS X, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | apple, osx
SHA-256 | 3a7f59d44228e5fe13c27d22d330b7dae3664c1f1ffaba9e45c6330881a90e88
Secunia Security Advisory 35153
Posted May 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for ipsec-tools. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, debian
SHA-256 | 801f34c99b85cb3b8f9f36d94030fabfa057bc5f04b4beee7489317376b0a349
Secunia Security Advisory 35119
Posted May 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
SHA-256 | 7f38974c45dc6edffd5a388f61ad4233b1a3d3ebd88ce203535e643f0d5ded51
Secunia Security Advisory 35152
Posted May 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for acroread. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, suse
SHA-256 | f606aebd43584f5ced45a26bb172b2ce24cfb74e5a5c39907bcdca4a6fe146e9
Secunia Security Advisory 35183
Posted May 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for nsd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

tags | advisory, denial of service
systems | linux, debian
SHA-256 | a7f99296ecad42835d4c43720edbe647efcdcf17932835f51554fd6e8be6e566
Secunia Security Advisory 35179
Posted May 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to disclose sensitive information or compromise a vulnerable system.

tags | advisory
systems | cisco
SHA-256 | 21485763816abefeb0768cdab4cd7bbdaea39afe598e1ee3d6c08e7b7605cb17
Secunia Security Advisory 35185
Posted May 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), disclose potentially sensitive information and by malicious people to potentially compromise a vulnerable system.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, suse
SHA-256 | af17c6a25dbc86e006a1e68537baeee075a86e4d2aba5dfe45470875745f6a7e
Secunia Security Advisory 32474
Posted May 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Sun Java System Communications Express, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, java, vulnerability, xss
SHA-256 | ddf1c73dd897efd125e321509ba1f1c89d5293e47435b008087b54792d7edce5
Secunia Security Advisory 35170
Posted May 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - ThE g0bL!N has discovered some vulnerabilities in NC GBook, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | 942567e55cd2735cf171a601206883266d8030a3686416d4e8124b339953b305
Secunia Security Advisory 35172
Posted May 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - ByALBAYX has reported a vulnerability in exJune Office Message System, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | dc33a97a2dbb25d0a8a266dccbf36d7dd1d38ef124edf05c1d937bd3b86a1a32
Secunia Security Advisory 35139
Posted May 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Snakespc has reported a vulnerability in bSpeak, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 4e34a7a18a5ce26ee2690d190dfaf883eea9c9a25c7582965f00725b97af4e51
iDEFENSE Security Advisory 2009-05-19.1
Posted May 21, 2009
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 05.19.09 - Local exploitation of a file overwrite vulnerability in IBM Corp.'s Advanced Interactive eXecutive (AIX) could allow an attacker to overwrite arbitrary files and execute arbitrary code. The AIX libc implementation of malloc includes a debugging mechanism that is initiated by setting the MALLOCTYPE and MALLOCDEBUG environment variables. This debugging feature writes to a user-specified log file under certain conditions. There is a gap in time between the checks to see if the file is a symbolic link and the process of opening the file. If an attacker can change the file to be a symbolic link to another file within this time frame, it is possible to cause a set-uid binary to write to files owned by privileged users. iDefense confirmed the existence of this vulnerability in IBM Corp.'s AIX version 5.3. Other versions may also be affected.

tags | advisory, arbitrary, local
systems | aix
SHA-256 | 5eb925589dbd4a9070539b783c3c683162ba40bd5d486b533a392ac2f3129ecd
Core Security Technologies Advisory 2009.0109
Posted May 21, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Several cross site scripting vulnerabilities were found in the following files/urls of the Sun Java System Communications Express system.

tags | exploit, java, vulnerability, xss
advisories | CVE-2009-1729
SHA-256 | 09a4000ae9c2640418f24e0ae0384e933c5f4874aabf5133cace4e36ed81dd0a
Cisco Security Advisory 20090520-cw
Posted May 21, 2009
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - CiscoWorks Common Services contains a vulnerability that could allow an unauthenticated remote attacker to access application and host operating system files.

tags | advisory, remote
systems | cisco
advisories | CVE-2009-1161
SHA-256 | 119622f09a71ed35e8f24167bc3571f5a1b87a4edf4789bc38a752adc1de5f93
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close