what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2009-06-09

S-CMS 2.0 Beta3 Local File Inclusion
Posted Jun 9, 2009
Authored by YEnH4ckEr

S-CMS versions 2.0 Beta3 and below suffer from multiple local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | 4969b9cff3ba4eed139bd55ef52527be04fd89b448a0bc9c9766b207c078bc84
Ubuntu Security Notice 785-1
Posted Jun 9, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-785-1 - It was discovered that ipsec-tools did not properly handle certain fragmented packets. A remote attacker could send specially crafted packets to the server and cause a denial of service. It was discovered that ipsec-tools did not properly handle memory usage when verifying certificate signatures or processing nat-traversal keep-alive messages. A remote attacker could send specially crafted packets to the server and exhaust available memory, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2009-1574, CVE-2009-1632
SHA-256 | 208e147ce29e65f7d8f96691927f0fe32948bb42223fd69447cd79efea688f99
HP Security Bulletin HPSBMA02430 SSRT080094
Posted Jun 9, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) running SNMP and MIB. The vulnerability could be exploited remotely to execute arbitrary code or to create a Denial of Service (DoS).

tags | advisory, denial of service, arbitrary
advisories | CVE-2009-1420
SHA-256 | adbe17937a74e321a838c48aab551631bfb8a84d025587aae81221952cb427a1
Apple Safari XXE Local File Theft
Posted Jun 9, 2009
Authored by Chris Evans

Apple Safari versions prior to 4 may permit an evil web page to steal files from the local system by mounting an XXE attack against the parsing of the XSL XML.

tags | exploit, web, local, xxe
systems | apple
SHA-256 | e9629230c391f216896d6065eb1e80b55c3825799e35430b12dbef7a474701b8
Zero Day Initiative Advisory 09-034
Posted Jun 9, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-034 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbage collection of JavaScript set elements in WebCore. When an SVG set object is appended to an SVG marker element that is dereferenced, calls to the targetElement attribute will fail to reference count the marker element. When the set element is appended to another object, subsequent calls to the targetElement attribute will result in a heap corruption which can be leveraged to execute arbitrary code under the context of the current user.

tags | advisory, remote, arbitrary, javascript
systems | apple
advisories | CVE-2009-1709
SHA-256 | cf8604ce72d5c9bd4c727ff12fc63e69f99f8bff0eb3dc75009bbb2e8b48db76
Zero Day Initiative Advisory 09-033
Posted Jun 9, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-033 - This vulnerability allows attackers to execute arbitrary code on vulnerable software utilizing the Apple WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when the document.body element contains a specific XML container containing various elements supporting the 'dir' attribute. During the destruction of this element, if the rendering object responsible for the element is being removed, the application will then make a call to a method for an object that doesn't exist which can lead to code execution under the context of the current user.

tags | advisory, arbitrary, code execution
systems | apple
advisories | CVE-2009-1701
SHA-256 | 6e80b5824ae34097d5c28a72f0440e425c552a71e38a28f6b15dbd85405346f4
Zero Day Initiative Advisory 09-032
Posted Jun 9, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-032 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of attr() functions in a CSS content object. When a large numerical value is passed as the argument to the attr() function, a memory corruption will occur which can be leveraged to execute arbitrary coder under the context of the current user.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2009-1698
SHA-256 | 3406b151f54e4e829c0123b2413427f1c5cbe6bc5c6796e106f73a28b01c6c9e
Zero Day Initiative Advisory 09-031
Posted Jun 9, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-031 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability. The specific flaw exists in the implementation of the MSN protocol, specifically the handling of SLP messages. The function msn_slplink_process_msg() fails to properly validate an offset value specified in the SLP packet. By providing a specific value, an attacker can overflow a heap buffer resulting in arbitrary code execution.

tags | advisory, remote, overflow, arbitrary, code execution, protocol
advisories | CVE-2009-1376
SHA-256 | 286f5573fcf8c6351e406eab363184ebc1f7e8a3742b6d01a9ca6c90a0e3992d
Apache Tomcat Information Disclosure
Posted Jun 9, 2009
Authored by Mark Thomas | Site tomcat.apache.org

When using a RequestDispatcher obtained from the Request in Apache Tomcat, the target path was normalized before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory. Versions affected include Tomcat 6.0.0 to 6.0.18, Tomcat 5.5.0 to 5.5.27, and Tomcat 4.1.0 to 4.1.39.

tags | exploit, web
advisories | CVE-2008-5515
SHA-256 | c0a0a2a9804149cddfa6d775c7f68367d06311ea65f71bbd9aad52799158a793
Windows XP SP1 Generate Portbind Shellode
Posted Jun 9, 2009
Authored by Jonathan Salwan | Site shell-storm.org

This is a utility to generate portbinding shellcode payload for Windows XP/SP1.

tags | shellcode
systems | windows
SHA-256 | bf0f481e32cb257a862904bc89cf4a124df303ab40cc597e1410ca33a91a327b
Linux/x86 Generate Portbind Shellcode
Posted Jun 9, 2009
Authored by Jonathan Salwan | Site shell-storm.org

This is a utility to generate portbinding shellcode payload for Linux/x86.

tags | x86, shellcode
systems | linux
SHA-256 | 6c2fc2e2b424d795c8196a3aa502fcb488595071f7752a8e8da3bcb311373a1c
Joomla Akobook 2.3 SQL Injection
Posted Jun 9, 2009
Authored by Abli

The Joomla Akobook component version 2.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d8809fb50ce5c5880bad0069971393eb3e77b949f9b0ae1957feecad59477858
Joomla Media Library 1.5.3 Remote File Inclusion
Posted Jun 9, 2009
Authored by XORON

The Joomla Media Library component version 1.5.3 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | c4639003c79b29970b9a28af1f88540ea0be51c61f65410069b6b23fb79a7fd6
Joomla BookLibrary 1.5.2.4 Remote File Inclusion
Posted Jun 9, 2009
Authored by XORON

The Joomla BookLibrary component version 1.5.2.4 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 04c4367d1180c9b08d4ee3c368cb234c53cdc21efa25ee1a14bd406d42ea7027
Secunia Security Advisory 35334
Posted Jun 9, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Online Armor Personal Firewall and Online Armor Personal Firewall AV+, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
SHA-256 | 025e45e3bc9fb89e52e97d5d634f12808cf23fd830875dcb606091399382cd25
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close