Exploit the possiblities
Showing 1 - 25 of 39 RSS Feed

Files Date: 2009-06-11

iDEFENSE Security Advisory 2009-06-09.3
Posted Jun 11, 2009
Authored by iDefense Labs, Ryan Smith, Jun Mao | Site idefense.com

iDefense Security Advisory 06.09.09 - Remote exploitation of an integer overflow vulnerability in multiple versions of Adobe Systems Inc's Reader and Acrobat PDF reader and processor could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a FlateDecode filter inside a PDF file. FlateDecode is a filter for data compressed with zlib deflate compression method. Several parameters can be specified for the FlateDecode filter. Those values are used in an arithmetic operation that calculates the number of bytes to allocate for a heap buffer. This calculation can overflow, which results in an undersized heap buffer being allocated. This buffer is then overflowed with data decompressed from the FlateDecode stream. This leads to a heap-based buffer overflow that can result in arbitrary code execution. Acrobat Reader and Acrobat Professional versions 7.1.0, 8.1.3, 9.0.0 and prior versions are vulnerable.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2009-1856
MD5 | c2e94e2a0427402219837fdd656cefa2
iDEFENSE Security Advisory 2009-06-09.2
Posted Jun 11, 2009
Authored by iDefense Labs, Jun Mao | Site idefense.com

iDefense Security Advisory 06.09.09 - Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s Windows 2000 operating system could allow an unauthenticated attacker to execute arbitrary code with system-level privileges. This vulnerability exists in the EnumeratePrintShares function in win32spl.dll. The vulnerable function does not correctly validate the length of the printer server's response. When a malformed response is received from the printer server, the stack buffer can be overflowed, resulting in an exploitable condition. iDefense has confirmed the existence of this vulnerability in win32spl.dll version 5.00.2195.7054, as included in Windows 2000 Service Pack 4, with all available patches as of September 2008. All previous versions are suspected vulnerable. Windows XP SP2 and later versions of Windows are not affected.

tags | advisory, remote, overflow, arbitrary
systems | windows, 2k, xp
advisories | CVE-2009-0228
MD5 | 84dfab800df1a2f61408093d471034c2
iDEFENSE Security Advisory 2009-06-09.1
Posted Jun 11, 2009
Authored by iDefense Labs, Sean Larsson, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 06.09.09 - Remote exploitation of an integer overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a Shared String Table (SST) record inside of an Excel file. This record is used to hold a table of strings that are used inside of the document. One of the fields in this record is a 32-bit integer that represents the number of unique strings in the table. This value is used to allocate an array of pointers to the strings contained inside of the table. When allocating this array, an integer overflow occurs in the calculation of its size. This leads to a heap based buffer overflow when the array is filled with pointers to strings from the file.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2009-0561
MD5 | e37fd1b16f08252d9bb8460f80138468
iDEFENSE Security Advisory 2009-06-11.1
Posted Jun 11, 2009
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 06.11.09 - Remote exploitation of an invalid free vulnerability in Microsoft Corp.'s Active Directory Server allows attackers to exhaust all virtual memory. According to section 2.4 of the IETF Request For Comments (rfc) 4514, LDAP requests can contain strings that have been encoded using hexadecimal encoding. When Active Directory on Windows 2000 encounters such a request, it fails to release the memory associated with the hexadecimal encoded portion of the request. By continually making such requests, an attacker can exhaust virtual memory on the targeted system. iDefense confirmed the existence of this vulnerability using a Windows 2000 SP4 domain controller with all patches available as of January 2008 applied. All versions of Active Directory installed on Windows 2000 are suspected to be vulnerable.

tags | advisory, remote
systems | windows, 2k
advisories | CVE-2009-1138
MD5 | 037d09bcff56732afc2ce408b4f638d1
iDEFENSE Security Advisory 2009-06-08.1
Posted Jun 11, 2009
Authored by iDefense Labs, wushi, ling | Site idefense.com

iDefense Security Advisory 06.08.09 - Remote exploitation of a memory corruption vulnerability in multiple vendors' WebKit browser engine could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when JavaScript code is used to set a certain property of an HTML tag within a web page. When JavaScript code sets this property, child elements of the tag are freed. However, when an error in the remaining HTML is encountered, these previously freed tag values are referenced. The freed memory is then treated as a C++ object, which can lead to attacker controlled values being used as function pointers. iDefense has confirmed the existence of this vulnerability in WebKit-r42162. Previous versions may also be affected.

tags | advisory, remote, web, arbitrary, javascript
advisories | CVE-2009-1690
MD5 | 6f9f6cb2c99b9edac1e2377d8bc5b6a1
Adobe Acrobat / Reader Memory Corruption
Posted Jun 11, 2009
Authored by Haifei Li | Site fortinet.com

A memory corruption vulnerability has been discovered in Adobe Reader and Acrobat during the processing of a TrueType font within the document.

tags | advisory
advisories | CVE-2009-1857
MD5 | 5c0ab6794e36d475d9302e0df9567306
Bypassing Web Application Firewalls
Posted Jun 11, 2009
Authored by Lavakumar Kuppan

Split and Join - Bypassing Web Application Firewalls with HTTP Parameter Pollution.

tags | paper, web
MD5 | 89adcb37c36354146abb3fb3257e1035
ModSecurity 2.5.9 Filter Bypass
Posted Jun 11, 2009
Authored by Lavakumar Kuppan

ModSecurity versions 2.5.9 and below using ModSecurity Core Rules versions 2.5-1.6.1 and below suffer from a HPP filter bypass vulnerability.

tags | exploit, bypass
MD5 | b5a27ad15579c0a3d205f693d558d173
Sniggabo CMS SQL Injection
Posted Jun 11, 2009
Authored by Lidloses_Auge

Sniggabo CMS remote SQL injection exploit that leverages article.php.

tags | exploit, remote, php, sql injection
MD5 | 5958fcb2a6495565e63baf3c4c3f7a6c
Yogurt 0.3 SQL Injection / XSS
Posted Jun 11, 2009
Authored by Br0ly

Yogurt version 0.3 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | a6e4fd83e7d4b2e79391c2f4e0d0ab3b
TorrentVolve 1.4 File Deletion
Posted Jun 11, 2009
Authored by Br0ly

TorrentVolve version 1.4 suffers from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
MD5 | 7a385059dafc78259b0ce5acd3e02af3
phpWebThings 1.5.2 Remote File Inclusion
Posted Jun 11, 2009
Authored by Br0ly

phpWebThings versions 1.5.2 and below suffer from a local file inclusion vulnerability in help.php.

tags | exploit, local, php, file inclusion
MD5 | 580eb94b559b57a45c440c5b33349917
Bypassing Hardware Based DEP
Posted Jun 11, 2009
Authored by David Kennedy | Site securestate.com

Whitepaper called Bypassing Hardware Based Data Execution Prevention (DEP) on Windows 2003 SP2.

tags | paper
systems | windows
MD5 | 88722c8393820193c531964be64b5bb8
Evading Network-Level Emulation
Posted Jun 11, 2009
Authored by Piotr Bania | Site piotrbania.com

Whitepaper called Evading network-level emulation.

tags | paper
MD5 | bb07c56d03bfe2de76398463853fc273
F5 FirePass Cross Site Scripting
Posted Jun 11, 2009
Authored by Sjoerd Resink

The F5 Networks FirePass SSL VPN controller suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | fe688f2e6edbd283dd5daeedbf1594c6
Splog 1.2 Beta SQL Injection
Posted Jun 11, 2009
Authored by YEnH4ckEr

Splog versions 1.2 Beta and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | cdd79d023e6a6aed8039def8a1a68212
Multiple Browser Vulnerabilities
Posted Jun 11, 2009
Authored by Michal Zalewski

Michal Zalewski has released some details with links to proof of concept code for a MSIE same-origin bypass race condition, MSIE memory corruption on page transitions, CANVAS implementation crashes, and Safari page transition tailgating.

tags | advisory, proof of concept
advisories | CVE-2007-3091, CVE-2008-2321, CVE-2009-1684
MD5 | 49789c0f64615f53186232d0ed0c3379
Ubuntu Security Notice 786-1
Posted Jun 11, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-786-1 - Matthew Palmer discovered an underflow flaw in apr-util. An attacker could cause a denial of service via application crash in Apache using a crafted SVNMasterURI directive, .htaccess file, or when using mod_apreq2. Applications using libapreq2 are also affected. It was discovered that the XML parser did not properly handle entity expansion. A remote attacker could cause a denial of service via memory resource consumption by sending a crafted request to an Apache server configured to use mod_dav or mod_dav_svn. C. Michael Pilato discovered an off-by-one buffer overflow in apr-util when formatting certain strings. For big-endian machines (powerpc, hppa and sparc in Ubuntu), a remote attacker could cause a denial of service or information disclosure leak. All other architectures for Ubuntu are not considered to be at risk.

tags | advisory, remote, denial of service, overflow, info disclosure
systems | linux, ubuntu
advisories | CVE-2009-0023, CVE-2009-1955, CVE-2009-1956
MD5 | f59dc6250b81e749143228aa2dcd20d1
HP Security Bulletin HPSBUX02435 SSRT090059
Posted Jun 11, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and bypass security restrictions.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2009-0590, CVE-2009-0591, CVE-2009-0789
MD5 | e63ec8ee2f58d8bc94333dc6f8b82168
FreeBSD Security Advisory - Pipe Information Disclosure
Posted Jun 11, 2009
Site security.freebsd.org

FreeBSD Security Advisory - An integer overflow in computing the set of pages containing data to be copied can result in virtual-to-physical address lookups not being performed.

tags | advisory, overflow
systems | freebsd
MD5 | 233e29c4c88c129e2b97d30d4d8de9f8
FreeBSD Security Advisory - IPv6 Permission Check
Posted Jun 11, 2009
Site security.freebsd.org

FreeBSD Security Advisory - The SIOCSIFINFO_IN6 ioctl is missing a necessary permissions check. Local users, including non-root users and users inside jails, can set some IPv6 interface properties. These include changing the link MTU and disabling interfaces entirely.

tags | advisory, local, root
systems | freebsd
MD5 | e805c40d2049e4d2ca5bc612c2103ddc
FreeBSD Security Advisory - ntpd Buffer Overflow
Posted Jun 11, 2009
Site security.freebsd.org

FreeBSD Security Advisory - The ntpd(8) daemon is prone to a stack-based buffer-overflow when it is configured to use the 'autokey' security model.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2009-1252
MD5 | 57632ee67957470eca8e3f992002c6c3
Adobe Reader JBIG2 Text Region Segment Buffer Overflow
Posted Jun 11, 2009
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the processing of Huffman encoded JBIG2 text region segments. This can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file. Successful exploitation may allow execution of arbitrary code. Adobe Reader version 9.1.0 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-0198
MD5 | 2df93232ed06ea203880ac98c1100cdd
Microsoft PowerPoint Freelance Layout Parsing Vulnerability
Posted Jun 11, 2009
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft PowerPoint, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an array-indexing error in the Microsoft PowerPoint Freelance Windows 2.1 Translator (FL21WIN.DLL) when parsing layout information and can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code. PowerPoint versions 2000 and 2002 are affected.

tags | advisory, overflow, arbitrary
systems | windows
advisories | CVE-2009-0202
MD5 | 5089a34d96af6297be5f17cb456365a6
Yahoo! 360 Cross Site Request Forgery
Posted Jun 11, 2009
Authored by Nam Nguyen | Site bluemoon.com.vn

Yahoo! 360 suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
MD5 | 1bffda36fb188dd3b0cb72fd4cedf1e2
Page 1 of 2
Back12Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close