what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 72 RSS Feed

Files Date: 2009-07-14

Novell eDirectory iMonitor "Accept-Language" Buffer Overflow
Posted Jul 14, 2009
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Novell eDirectory, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an off-by-one error in the iMonitor component when processing HTTP requests. This can be exploited to cause a stack-based buffer overflow via an HTTP request having a specially crafted "Accept-Language" header. Novell eDirectory versions 8.8 SP3 and 8.8 SP3 FTF3 are affected.

tags | advisory, web, denial of service, overflow
advisories | CVE-2009-0192
SHA-256 | 2f34e3feeeb38ee0c8b506220a1dac0bcaac3fe09cc192f9547318c22c6bcbcd
Microsoft DirectShow QuickTime Atom Parsing Memory Corruption
Posted Jul 14, 2009
Authored by Aaron Portnoy | Site tippingpoint.com

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a target must visit a malicious page or open a malicious video file. The specific flaw exists within Microsoft's DirectShow module quartz.dll. While parsing QuickTime atoms the NumberOfEntries field is trusted and if modified can control the location of several pointers meant to track stream positions. Specifying values that are larger than the number of bytes left to process in the input file will cause corruption that can be leveraged to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | windows
advisories | CVE-2009-1539
SHA-256 | 63699f10ded4baea05b6d22025aff16e90a70009c6170c57200531cecbb94d0f
Zero Day Initiative Advisory 09-045
Posted Jul 14, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-045 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a target must visit a malicious page or open a malicious video file. The specific flaw exists within the parsing of the length records of certain QuickTime atoms. The application implicitly trusts the length during a transformation which will lead to memory corruption and can be leveraged to execute arbitrary code under the context of the current user.

tags | advisory, remote, arbitrary
systems | windows
advisories | CVE-2009-1539
SHA-256 | c8582abe146e73598d0bd4cc44231bcc13e2c6ccd8d257248f49b9fdf3bf832b
Ultimate Poll Cross SIte Scripting
Posted Jul 14, 2009
Authored by Moudi

Ultimate Poll suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3c1f19cafeb270c5cae67867adc91517449ad19aa65574d8a78ff126243c7047
Good/Bad Vote XSS / Local File Inclusion
Posted Jul 14, 2009
Authored by Moudi

The Good/Bad Vote polling tool suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
SHA-256 | c9a96d0c60f5b4898554f7bbf86c709a74b6a4d2b75b73d201a40a020cdfa1bd
FormXP 2007 Survey Cross Site Scripting
Posted Jul 14, 2009
Authored by Moudi

FormXP 2007 Survey suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 083dac6f35a42a9041cb5f4d7a80681f0263f890d2acf9e34dfc53a8efd9778c
eCardMAX 2008 Cross Site Scripting
Posted Jul 14, 2009
Authored by Moudi

eCardMAX 2008 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 080e9f90d9bb9d461b59573eca2621d688c9aef2f4e8808ca5e10657c0b05656
eCardMAX 2006 Cross Site Scripting
Posted Jul 14, 2009
Authored by Moudi

eCardMAX 2006 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 3ca796e7e2517010c636973a5723a40c796a0f17befb5159dce59c13baa62b3a
Easy Image Downloader Cross Site Scripting
Posted Jul 14, 2009
Authored by Moudi

Easy Image Downloader suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1f708c08c2283611882c44699231db98e96924f8041ac0e69518dec4bc7444cf
ClassicOracles Daily Horoscopes SQL Injection
Posted Jul 14, 2009
Authored by Moudi

ClassicOracles Daily Horoscopes suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1ca118f7f9308b77e4d6ac77207659232e50b955cae04bd3a31cb4f1f531fcb2
Ubuntu Security Notice 803-1
Posted Jul 14, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-803-1 - It was discovered that the DHCP client as included in dhcp3 did not verify the length of certain option fields when processing a response from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a malicious dhcp server, a remote attacker could cause a denial of service or execute arbitrary code as the user invoking the program, typically the 'dhcp' user. For users running Ubuntu 8.10 or 9.04, a remote attacker should only be able to cause a denial of service in the DHCP client. In Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3 profile.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0692
SHA-256 | 6a76b57fee039a37e6e55107383d34b3fd926c97e5f9f3613a05cc642474dc84
Debian Linux Security Advisory 1833-1
Posted Jul 14, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1833-1 - Several remote vulnerabilities have been discovered in ISC's DHCP implementation.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2009-0692, CVE-2009-1892
SHA-256 | a5bf6269df32f7ce41c04a238c745c002b29ad7962e67156d2b36075df03f363
Whitepaper Called Security Of The Web
Posted Jul 14, 2009
Authored by kuze

Whitepaper called Security of the Web. This papers discusses how vulnerabilities have evolved over the years and how web applications have become a primary vector of attack. Written in German.

tags | paper, web, vulnerability
SHA-256 | b01009c26f448edb9d51f062cd833a792d4922e65d04bd11789adce0232206a4
MixVibes Pro 7.043 Stack Overflow
Posted Jul 14, 2009
Authored by hack4love

MixVibes Pro version 7.043 stack overflow proof of concept exploit that creates a malicious .vib file.

tags | exploit, overflow, proof of concept
SHA-256 | fe825f8e2c040b9149b0518064c4aa8b823cf67481aa02a3188a6dedf11b7551
XML Security Library
Posted Jul 14, 2009
Site aleksey.com

XML Security Library is a C library based on LibXML2. It provides an implementation for major XML security standards: XML Digital Signature and XML Encryption.

Changes: This release fixes an HMAC vulnerability with small values of HMAC length (CERT VU #466161), adds support for the GOST implemented by Russian Crypto Pro CSP, adds an option to return the replaced node, adds a new function for encoding special chars in the node content, adds support for configurable base64 line length, and includes numerous bugfixes.
tags | library
SHA-256 | 1d80e9706c4ce27c603fa905c7bad2535b2f74c7f211eec754cd04ce60b33a0f
Gentoo Linux Security Advisory 200907-12
Posted Jul 14, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200907-12 - A buffer overflow in dhclient as included in the ISC DHCP implementation allows for the remote execution of arbitrary code with root privileges. The Mandriva Linux Engineering Team has reported a stack-based buffer overflow in the subnet-mask handling of dhclient. Versions less than 3.1.1-r1 are affected.

tags | advisory, remote, overflow, arbitrary, root
systems | linux, gentoo, mandriva
advisories | CVE-2009-0692
SHA-256 | 6127c32fca4a29d6fa853d498b0364b4464edc5467524bf7481a893c7ba9b69d
Haraldscan Bluetooth Discovery Scanner
Posted Jul 14, 2009
Authored by Terence Stenvold | Site code.google.com

Harald Scan is a Bluetooth discovery scanner. It determines Major and Minor device classes according to the Bluetooth SIG specification and attempts to resolve a device's MAC address to the largest known vendor/MAC address list. Written in Python.

Changes: Bigger MACLIST, only writes to file when there are new devices found, fixed a bug that crashed on non-ascii names.
tags | tool, python, wireless
SHA-256 | 7ee60c6b8724f4bc2c67b39466602f9442fbcf634e07b0eb3aa8baa1d68f3144
Live For Speed 2 Buffer Overflow
Posted Jul 14, 2009
Authored by n00b

Live For Speed 2 version Z local buffer overflow exploit that creates a malicious .mpr file.

tags | exploit, overflow, local
SHA-256 | 37708474f244fd39bb1cb81a3f36feb08e09f73476694efb54a7aeddbabcf5fc
UDPSZ UDP Spoofing Tool
Posted Jul 14, 2009
Authored by Luigi Auriemma | Site aluigi.org

UDPSZ is a simple proof of concept exploit/tool for spoofing UDP.

tags | exploit, udp, spoof, proof of concept
SHA-256 | e8042b84d8869853e556af1e563425d40d6be10c6bc20ebe6ae535458a135f23
America's Army 3 Packet Loop
Posted Jul 14, 2009
Authored by Luigi Auriemma | Site aluigi.org

America's Army 3 versions 3.0.5 and below suffer from an endless packet looping vulnerability.

tags | advisory
SHA-256 | cc12aed70ab266df042298956c3516806327ca54a06e4cd885e9b01d6b5f7a43
America's Army 3 Crash
Posted Jul 14, 2009
Authored by Luigi Auriemma | Site aluigi.org

America's Army 3 versions 3.0.5 and below suffer from resource consumption and crash vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 436dc7355cb5fcab14d683b579c77e9406c373195bab6416c1280d2890f812ad
America's Army 3 Null Pointer
Posted Jul 14, 2009
Authored by Luigi Auriemma | Site aluigi.org

America's Army 3 versions 3.0.4 and below suffer from a null pointer vulnerability.

tags | exploit
SHA-256 | 3acfb90412f07f7f8f0f99747a102e8c481be969db2fe902334f360e2dba9822
AutoPartsWarehouse SQL Injection
Posted Jul 14, 2009
Authored by Gm0

The site at www.autopartswarehouse.com suffers from a remote SQL injection vulnerability. The owner of the site was notified and ignored the person reporting the vulnerability to them.

tags | exploit, remote, sql injection
SHA-256 | 29803409c0aac21040eeeba265375e2500c4809d52ab1c232d1fd9231ea3869e
Virtualmin Symlink / XSS / More
Posted Jul 14, 2009
Authored by Filip Palian

Virtualmin versions prior to 3.703 suffer from symlink, cross site scripting, anonymous proxy, and various other vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | e2ec5ef0262064584f5fe32a3a03e415f58f630f9cbec3e0bab5ae8bedad7dde
Debian Linux Security Advisory 1829-2
Posted Jul 14, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1829-2 - The previous update introduced a regression in main.php, causing the module to fail. This update corrects the flaw. It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack via the backend parameter.

tags | advisory, php, xss
systems | linux, debian
advisories | CVE-2009-2360
SHA-256 | 4db741a124f0f2c14c6e01fbde4e36e7b46397be8c4fb7233436428847579f18
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close