Twenty Year Anniversary
Showing 1 - 25 of 72 RSS Feed

Files Date: 2009-07-14

Novell eDirectory iMonitor "Accept-Language" Buffer Overflow
Posted Jul 14, 2009
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Novell eDirectory, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an off-by-one error in the iMonitor component when processing HTTP requests. This can be exploited to cause a stack-based buffer overflow via an HTTP request having a specially crafted "Accept-Language" header. Novell eDirectory versions 8.8 SP3 and 8.8 SP3 FTF3 are affected.

tags | advisory, web, denial of service, overflow
advisories | CVE-2009-0192
MD5 | 3fae99f773de4e9a28542bd1541ad22f
Microsoft DirectShow QuickTime Atom Parsing Memory Corruption
Posted Jul 14, 2009
Authored by Aaron Portnoy | Site tippingpoint.com

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a target must visit a malicious page or open a malicious video file. The specific flaw exists within Microsoft's DirectShow module quartz.dll. While parsing QuickTime atoms the NumberOfEntries field is trusted and if modified can control the location of several pointers meant to track stream positions. Specifying values that are larger than the number of bytes left to process in the input file will cause corruption that can be leveraged to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | windows
advisories | CVE-2009-1539
MD5 | e16bfcbae52be9ce88926b9310a928f4
Zero Day Initiative Advisory 09-045
Posted Jul 14, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-045 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a target must visit a malicious page or open a malicious video file. The specific flaw exists within the parsing of the length records of certain QuickTime atoms. The application implicitly trusts the length during a transformation which will lead to memory corruption and can be leveraged to execute arbitrary code under the context of the current user.

tags | advisory, remote, arbitrary
systems | windows
advisories | CVE-2009-1539
MD5 | 880ec874756b2f62a365bb8d8f4e4a5a
Ultimate Poll Cross SIte Scripting
Posted Jul 14, 2009
Authored by Moudi

Ultimate Poll suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4541daf0db1b628a24929e7591001073
Good/Bad Vote XSS / Local File Inclusion
Posted Jul 14, 2009
Authored by Moudi

The Good/Bad Vote polling tool suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
MD5 | a6ac02a972949417232a6c91ec598192
FormXP 2007 Survey Cross Site Scripting
Posted Jul 14, 2009
Authored by Moudi

FormXP 2007 Survey suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2d4dff2a8b16646564c53121165ce3f5
eCardMAX 2008 Cross Site Scripting
Posted Jul 14, 2009
Authored by Moudi

eCardMAX 2008 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f2db821ea3c519d8058a4c89234358d6
eCardMAX 2006 Cross Site Scripting
Posted Jul 14, 2009
Authored by Moudi

eCardMAX 2006 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | fbcc4287dc49fce2a29216b8d4ce2bc5
Easy Image Downloader Cross Site Scripting
Posted Jul 14, 2009
Authored by Moudi

Easy Image Downloader suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b178f558c07aa629595e4ee60f3dc72e
ClassicOracles Daily Horoscopes SQL Injection
Posted Jul 14, 2009
Authored by Moudi

ClassicOracles Daily Horoscopes suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 22d8d24f3575a1fb9bd080d8c7e3f88c
Ubuntu Security Notice 803-1
Posted Jul 14, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-803-1 - It was discovered that the DHCP client as included in dhcp3 did not verify the length of certain option fields when processing a response from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a malicious dhcp server, a remote attacker could cause a denial of service or execute arbitrary code as the user invoking the program, typically the 'dhcp' user. For users running Ubuntu 8.10 or 9.04, a remote attacker should only be able to cause a denial of service in the DHCP client. In Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3 profile.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0692
MD5 | 13c59926aecfb14856f64bee352d4038
Debian Linux Security Advisory 1833-1
Posted Jul 14, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1833-1 - Several remote vulnerabilities have been discovered in ISC's DHCP implementation.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2009-0692, CVE-2009-1892
MD5 | 205dd59b0393cc93e1df591be387e8bf
Whitepaper Called Security Of The Web
Posted Jul 14, 2009
Authored by kuze

Whitepaper called Security of the Web. This papers discusses how vulnerabilities have evolved over the years and how web applications have become a primary vector of attack. Written in German.

tags | paper, web, vulnerability
MD5 | 2aaf20a12012c628ded7d80ceb29084e
MixVibes Pro 7.043 Stack Overflow
Posted Jul 14, 2009
Authored by hack4love

MixVibes Pro version 7.043 stack overflow proof of concept exploit that creates a malicious .vib file.

tags | exploit, overflow, proof of concept
MD5 | 72ef7e35ba0c982b80fba4a188eeeefa
XML Security Library
Posted Jul 14, 2009
Site aleksey.com

XML Security Library is a C library based on LibXML2. It provides an implementation for major XML security standards: XML Digital Signature and XML Encryption.

Changes: This release fixes an HMAC vulnerability with small values of HMAC length (CERT VU #466161), adds support for the GOST implemented by Russian Crypto Pro CSP, adds an option to return the replaced node, adds a new function for encoding special chars in the node content, adds support for configurable base64 line length, and includes numerous bugfixes.
tags | library
MD5 | 195d042623bcc2e1668ab8370de6dc2a
Gentoo Linux Security Advisory 200907-12
Posted Jul 14, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200907-12 - A buffer overflow in dhclient as included in the ISC DHCP implementation allows for the remote execution of arbitrary code with root privileges. The Mandriva Linux Engineering Team has reported a stack-based buffer overflow in the subnet-mask handling of dhclient. Versions less than 3.1.1-r1 are affected.

tags | advisory, remote, overflow, arbitrary, root
systems | linux, gentoo, mandriva
advisories | CVE-2009-0692
MD5 | 0203d7b18f819cf7a6ee13296903ea32
Haraldscan Bluetooth Discovery Scanner
Posted Jul 14, 2009
Authored by Terence Stenvold | Site code.google.com

Harald Scan is a Bluetooth discovery scanner. It determines Major and Minor device classes according to the Bluetooth SIG specification and attempts to resolve a device's MAC address to the largest known vendor/MAC address list. Written in Python.

Changes: Bigger MACLIST, only writes to file when there are new devices found, fixed a bug that crashed on non-ascii names.
tags | tool, python, wireless
MD5 | 1322c56e0050415bc388733fffa87b5e
Live For Speed 2 Buffer Overflow
Posted Jul 14, 2009
Authored by n00b

Live For Speed 2 version Z local buffer overflow exploit that creates a malicious .mpr file.

tags | exploit, overflow, local
MD5 | e0051adb2f19a2d3410ba132eac3ed0a
UDPSZ UDP Spoofing Tool
Posted Jul 14, 2009
Authored by Luigi Auriemma | Site aluigi.org

UDPSZ is a simple proof of concept exploit/tool for spoofing UDP.

tags | exploit, udp, spoof, proof of concept
MD5 | 3a22e09210130c0f33926413da661ec7
America's Army 3 Packet Loop
Posted Jul 14, 2009
Authored by Luigi Auriemma | Site aluigi.org

America's Army 3 versions 3.0.5 and below suffer from an endless packet looping vulnerability.

tags | advisory
MD5 | f4b24aaf06b3ffa6553e8a4b95d60f18
America's Army 3 Crash
Posted Jul 14, 2009
Authored by Luigi Auriemma | Site aluigi.org

America's Army 3 versions 3.0.5 and below suffer from resource consumption and crash vulnerabilities.

tags | advisory, vulnerability
MD5 | dc3df12014c753fd337774cc89bf793d
America's Army 3 Null Pointer
Posted Jul 14, 2009
Authored by Luigi Auriemma | Site aluigi.org

America's Army 3 versions 3.0.4 and below suffer from a null pointer vulnerability.

tags | exploit
MD5 | fc6e21a0119e425588213f8a1fcbd2a4
AutoPartsWarehouse SQL Injection
Posted Jul 14, 2009
Authored by Gm0

The site at www.autopartswarehouse.com suffers from a remote SQL injection vulnerability. The owner of the site was notified and ignored the person reporting the vulnerability to them.

tags | exploit, remote, sql injection
MD5 | 60af14449b42fe988378142d66e1bb0a
Virtualmin Symlink / XSS / More
Posted Jul 14, 2009
Authored by Filip Palian

Virtualmin versions prior to 3.703 suffer from symlink, cross site scripting, anonymous proxy, and various other vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 1b747e67ba885c049bd864f8f08c6d6d
Debian Linux Security Advisory 1829-2
Posted Jul 14, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1829-2 - The previous update introduced a regression in main.php, causing the module to fail. This update corrects the flaw. It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack via the backend parameter.

tags | advisory, php, xss
systems | linux, debian
advisories | CVE-2009-2360
MD5 | b881031aea974e2a0b897e090b1376e7
Page 1 of 3
Back123Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

May 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    17 Files
  • 3
    May 3rd
    30 Files
  • 4
    May 4th
    29 Files
  • 5
    May 5th
    2 Files
  • 6
    May 6th
    3 Files
  • 7
    May 7th
    13 Files
  • 8
    May 8th
    27 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    15 Files
  • 11
    May 11th
    8 Files
  • 12
    May 12th
    2 Files
  • 13
    May 13th
    8 Files
  • 14
    May 14th
    7 Files
  • 15
    May 15th
    43 Files
  • 16
    May 16th
    19 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    3 Files
  • 20
    May 20th
    6 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    54 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close