exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 39 RSS Feed

Files Date: 2009-06-11

iDEFENSE Security Advisory 2009-06-09.3
Posted Jun 11, 2009
Authored by iDefense Labs, Ryan Smith, Jun Mao | Site idefense.com

iDefense Security Advisory 06.09.09 - Remote exploitation of an integer overflow vulnerability in multiple versions of Adobe Systems Inc's Reader and Acrobat PDF reader and processor could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a FlateDecode filter inside a PDF file. FlateDecode is a filter for data compressed with zlib deflate compression method. Several parameters can be specified for the FlateDecode filter. Those values are used in an arithmetic operation that calculates the number of bytes to allocate for a heap buffer. This calculation can overflow, which results in an undersized heap buffer being allocated. This buffer is then overflowed with data decompressed from the FlateDecode stream. This leads to a heap-based buffer overflow that can result in arbitrary code execution. Acrobat Reader and Acrobat Professional versions 7.1.0, 8.1.3, 9.0.0 and prior versions are vulnerable.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2009-1856
SHA-256 | 48b4c5eb3ef997087bc4e824ebc4d6c72a992fb1b8e45a08db98b531d00f3505
iDEFENSE Security Advisory 2009-06-09.2
Posted Jun 11, 2009
Authored by iDefense Labs, Jun Mao | Site idefense.com

iDefense Security Advisory 06.09.09 - Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s Windows 2000 operating system could allow an unauthenticated attacker to execute arbitrary code with system-level privileges. This vulnerability exists in the EnumeratePrintShares function in win32spl.dll. The vulnerable function does not correctly validate the length of the printer server's response. When a malformed response is received from the printer server, the stack buffer can be overflowed, resulting in an exploitable condition. iDefense has confirmed the existence of this vulnerability in win32spl.dll version 5.00.2195.7054, as included in Windows 2000 Service Pack 4, with all available patches as of September 2008. All previous versions are suspected vulnerable. Windows XP SP2 and later versions of Windows are not affected.

tags | advisory, remote, overflow, arbitrary
systems | windows
advisories | CVE-2009-0228
SHA-256 | 694378c665ee66b058d66c03ea71426d961d982f2df2e76eda8ce2592ff49302
iDEFENSE Security Advisory 2009-06-09.1
Posted Jun 11, 2009
Authored by iDefense Labs, Sean Larsson, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 06.09.09 - Remote exploitation of an integer overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a Shared String Table (SST) record inside of an Excel file. This record is used to hold a table of strings that are used inside of the document. One of the fields in this record is a 32-bit integer that represents the number of unique strings in the table. This value is used to allocate an array of pointers to the strings contained inside of the table. When allocating this array, an integer overflow occurs in the calculation of its size. This leads to a heap based buffer overflow when the array is filled with pointers to strings from the file.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2009-0561
SHA-256 | 10b25a2ead8344835636ecbd2f58b22d735b49d76b8351d055defe853529e1ff
iDEFENSE Security Advisory 2009-06-11.1
Posted Jun 11, 2009
Authored by iDefense Labs, Joshua J. Drake | Site idefense.com

iDefense Security Advisory 06.11.09 - Remote exploitation of an invalid free vulnerability in Microsoft Corp.'s Active Directory Server allows attackers to exhaust all virtual memory. According to section 2.4 of the IETF Request For Comments (rfc) 4514, LDAP requests can contain strings that have been encoded using hexadecimal encoding. When Active Directory on Windows 2000 encounters such a request, it fails to release the memory associated with the hexadecimal encoded portion of the request. By continually making such requests, an attacker can exhaust virtual memory on the targeted system. iDefense confirmed the existence of this vulnerability using a Windows 2000 SP4 domain controller with all patches available as of January 2008 applied. All versions of Active Directory installed on Windows 2000 are suspected to be vulnerable.

tags | advisory, remote
systems | windows
advisories | CVE-2009-1138
SHA-256 | fe2fe4b965ee27267925f430684c17c2c3e67fa18af4c891cfe1f4cb5bfb694f
iDEFENSE Security Advisory 2009-06-08.1
Posted Jun 11, 2009
Authored by iDefense Labs, wushi, ling | Site idefense.com

iDefense Security Advisory 06.08.09 - Remote exploitation of a memory corruption vulnerability in multiple vendors' WebKit browser engine could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when JavaScript code is used to set a certain property of an HTML tag within a web page. When JavaScript code sets this property, child elements of the tag are freed. However, when an error in the remaining HTML is encountered, these previously freed tag values are referenced. The freed memory is then treated as a C++ object, which can lead to attacker controlled values being used as function pointers. iDefense has confirmed the existence of this vulnerability in WebKit-r42162. Previous versions may also be affected.

tags | advisory, remote, web, arbitrary, javascript
advisories | CVE-2009-1690
SHA-256 | 2435fec72e75174b6080e9ba92c5e1f2ac6084a0c73ee3e6e95f87039ff1207f
Adobe Acrobat / Reader Memory Corruption
Posted Jun 11, 2009
Authored by Haifei Li | Site fortinet.com

A memory corruption vulnerability has been discovered in Adobe Reader and Acrobat during the processing of a TrueType font within the document.

tags | advisory
advisories | CVE-2009-1857
SHA-256 | ce2c488cf702358779198214f9b93449d1d62798959298dceb3f9ce2bbf74e7f
Bypassing Web Application Firewalls
Posted Jun 11, 2009
Authored by Lavakumar Kuppan

Split and Join - Bypassing Web Application Firewalls with HTTP Parameter Pollution.

tags | paper, web
SHA-256 | d9138d2ef5c70f66085e0ebe9e8fb002a06deccb890f2c809ff765e25b48d86f
ModSecurity 2.5.9 Filter Bypass
Posted Jun 11, 2009
Authored by Lavakumar Kuppan

ModSecurity versions 2.5.9 and below using ModSecurity Core Rules versions 2.5-1.6.1 and below suffer from a HPP filter bypass vulnerability.

tags | exploit, bypass
SHA-256 | 2f61c414417e494073857e6cf0e2a2326c2b1a0f0799ba9d2d5afabe77938145
Sniggabo CMS SQL Injection
Posted Jun 11, 2009
Authored by Lidloses_Auge

Sniggabo CMS remote SQL injection exploit that leverages article.php.

tags | exploit, remote, php, sql injection
SHA-256 | 77886f32cc1a96f86a970129a2269ba05eeb2e750d2090f69d8d232d6c090dbb
Yogurt 0.3 SQL Injection / XSS
Posted Jun 11, 2009
Authored by Br0ly

Yogurt version 0.3 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | a8edd731d660a2d9144063143463a2f0a96f764f3b46d591509aa5e2e3dc5738
TorrentVolve 1.4 File Deletion
Posted Jun 11, 2009
Authored by Br0ly

TorrentVolve version 1.4 suffers from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
SHA-256 | 669624fda8d98361ab647d071d3ab13e5bb6c07000717bb5f7f1d45b87e8d58b
phpWebThings 1.5.2 Remote File Inclusion
Posted Jun 11, 2009
Authored by Br0ly

phpWebThings versions 1.5.2 and below suffer from a local file inclusion vulnerability in help.php.

tags | exploit, local, php, file inclusion
SHA-256 | 19c35f0137389e093b2fff76aaf861a4e31c72b62b13edbb88550c090e610a0d
Bypassing Hardware Based DEP
Posted Jun 11, 2009
Authored by David Kennedy | Site securestate.com

Whitepaper called Bypassing Hardware Based Data Execution Prevention (DEP) on Windows 2003 SP2.

tags | paper
systems | windows
SHA-256 | d184381c4ad889006627d8570ca692515a97b3b6be034ad73a212421887c84aa
Evading Network-Level Emulation
Posted Jun 11, 2009
Authored by Piotr Bania | Site piotrbania.com

Whitepaper called Evading network-level emulation.

tags | paper
SHA-256 | d489c38435ff90e51abe56d25eade253c749f37d9416b3fe83c932c3e141b042
F5 FirePass Cross Site Scripting
Posted Jun 11, 2009
Authored by Sjoerd Resink

The F5 Networks FirePass SSL VPN controller suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | a99fc64227c1de861c79d79fa7b5ad11f7594d5049c4d2c67fa06de529ac3423
Splog 1.2 Beta SQL Injection
Posted Jun 11, 2009
Authored by YEnH4ckEr

Splog versions 1.2 Beta and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 74a5150617cbfaf933a0730596cf9220acfc6b2681d1408f13bb161e77cf8fbe
Multiple Browser Vulnerabilities
Posted Jun 11, 2009
Authored by Michal Zalewski

Michal Zalewski has released some details with links to proof of concept code for a MSIE same-origin bypass race condition, MSIE memory corruption on page transitions, CANVAS implementation crashes, and Safari page transition tailgating.

tags | advisory, proof of concept
advisories | CVE-2007-3091, CVE-2008-2321, CVE-2009-1684
SHA-256 | aada75a86af557c06b7ae5af9b0eebe4b1e6812bafa534a00cb5dd004ecdf459
Ubuntu Security Notice 786-1
Posted Jun 11, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-786-1 - Matthew Palmer discovered an underflow flaw in apr-util. An attacker could cause a denial of service via application crash in Apache using a crafted SVNMasterURI directive, .htaccess file, or when using mod_apreq2. Applications using libapreq2 are also affected. It was discovered that the XML parser did not properly handle entity expansion. A remote attacker could cause a denial of service via memory resource consumption by sending a crafted request to an Apache server configured to use mod_dav or mod_dav_svn. C. Michael Pilato discovered an off-by-one buffer overflow in apr-util when formatting certain strings. For big-endian machines (powerpc, hppa and sparc in Ubuntu), a remote attacker could cause a denial of service or information disclosure leak. All other architectures for Ubuntu are not considered to be at risk.

tags | advisory, remote, denial of service, overflow, info disclosure
systems | linux, ubuntu
advisories | CVE-2009-0023, CVE-2009-1955, CVE-2009-1956
SHA-256 | 6fdf404d3e87c32b88b8a588aac734977d1001553fd859a031a0c8e9b929ead9
HP Security Bulletin HPSBUX02435 SSRT090059
Posted Jun 11, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and bypass security restrictions.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2009-0590, CVE-2009-0591, CVE-2009-0789
SHA-256 | 264e65a664b0389ec6e7d20ae2d5d4e971920f81b26d09e75eaf4a99078d5169
FreeBSD Security Advisory - Pipe Information Disclosure
Posted Jun 11, 2009
Site security.freebsd.org

FreeBSD Security Advisory - An integer overflow in computing the set of pages containing data to be copied can result in virtual-to-physical address lookups not being performed.

tags | advisory, overflow
systems | freebsd
SHA-256 | 8655e2660ef04de220a65ec6f8631ef7f52a3e801d6816f4535bd98a398662fc
FreeBSD Security Advisory - IPv6 Permission Check
Posted Jun 11, 2009
Site security.freebsd.org

FreeBSD Security Advisory - The SIOCSIFINFO_IN6 ioctl is missing a necessary permissions check. Local users, including non-root users and users inside jails, can set some IPv6 interface properties. These include changing the link MTU and disabling interfaces entirely.

tags | advisory, local, root
systems | freebsd
SHA-256 | ac68c0baaefa4bfdc7df1c0fa45bed659499c7dbaf9c342aee6ff1990c40e4a0
FreeBSD Security Advisory - ntpd Buffer Overflow
Posted Jun 11, 2009
Site security.freebsd.org

FreeBSD Security Advisory - The ntpd(8) daemon is prone to a stack-based buffer-overflow when it is configured to use the 'autokey' security model.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2009-1252
SHA-256 | ec6c782f4a0e120ad1feee4a35e1fb30428529ec48d4b15ba1b394a88c31d3bd
Adobe Reader JBIG2 Text Region Segment Buffer Overflow
Posted Jun 11, 2009
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the processing of Huffman encoded JBIG2 text region segments. This can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file. Successful exploitation may allow execution of arbitrary code. Adobe Reader version 9.1.0 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-0198
SHA-256 | 8628a799db013887f6f7638ae105c3171c982627797e972918ff84f183df7579
Microsoft PowerPoint Freelance Layout Parsing Vulnerability
Posted Jun 11, 2009
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft PowerPoint, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an array-indexing error in the Microsoft PowerPoint Freelance Windows 2.1 Translator (FL21WIN.DLL) when parsing layout information and can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code. PowerPoint versions 2000 and 2002 are affected.

tags | advisory, overflow, arbitrary
systems | windows
advisories | CVE-2009-0202
SHA-256 | 22e975308c0ce027d9e39e4535bd0a9f2d93941d6c5b6b5aca2bf4ccf6d78cb0
Yahoo! 360 Cross Site Request Forgery
Posted Jun 11, 2009
Authored by Nam Nguyen | Site bluemoon.com.vn

Yahoo! 360 suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | c561b2f59db19b25e668508edc921b0cbd9477da5ea8253e3c76382200ab8f43
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close