Twenty Year Anniversary
Showing 1 - 25 of 112 RSS Feed

Files Date: 2009-07-28

Technical Cyber Security Alert 2009-209A
Posted Jul 28, 2009
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA09-209A - Microsoft has released out-of-band updates to address critical vulnerabilities in Microsoft Internet Explorer running on most supported versions of Windows. The updates also help mitigate attacks against ActiveX controls developed with vulnerable versions of the Microsoft Active Template Library (ATL).

tags | advisory, vulnerability, activex
systems | windows
advisories | CVE-2008-0015
MD5 | 2cdf46239baa999ca58293c7a5088ee4
Mandriva Linux Security Advisory 2009-172
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-172 - ISC DHCP Server is vulnerable to a denial of service, caused by the improper handling of DHCP requests. If the host definitions are mixed using dhcp-client-identifier and hardware ethernet, a remote attacker could send specially-crafted DHCP requests to cause the server to stop responding. This update provides fixes for this vulnerability.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2009-1892
MD5 | f052e1c27d6646cf0329feb92bc14c18
Mandriva Linux Security Advisory 2009-171
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-171 - Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that pulseaudio, when installed setuid root, does not drop privileges before re-executing itself to achieve immediate bindings. This can be exploited by a user who has write access to any directory on the file system containing /usr/bin to gain local root access. The user needs to exploit a race condition related to creating a hard link. This update provides fixes for this vulnerability.

tags | advisory, local, root
systems | linux, mandriva
advisories | CVE-2009-1894
MD5 | 0b61a7c6861b3ee91af9457d093c1858
Mandriva Linux Security Advisory 2009-170
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-170 - Mandriva Security team has identified and fixed a vulnerability in initscripts which could lead to partial wireless password disclosure for WPA/WPA2 passwords of certain length which contained spaces. This update fixes the vulnerability.

tags | advisory
systems | linux, mandriva
MD5 | ad672243f670f1d3d65e40956703c55e
Tukanas EasyClassifieds 1.0 Blind SQL Injection
Posted Jul 28, 2009
Authored by Moudi

Tukanas EasyClassifieds version 1.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d33aefe2aa9052eca9ef65ca69d12eba
Matterdaddy Market 1.2 SQL Injection / XSS
Posted Jul 28, 2009
Authored by Moudi

Matterdaddy Market version 1.2 suffers from blind SQL injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
MD5 | 795660b8b4a1a12088387ec454082fda
Open Classifieds Cross Site Scripting
Posted Jul 28, 2009
Authored by Moudi

Open Classifieds suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | e9eea71325c4cf420987162905f5d7d7
Mandriva Linux Security Advisory 2009-169
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-169 - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes. This update provides fixes for these vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2285, CVE-2009-2347
MD5 | c2cb1be5bdb1f6cc552b4d556874cbf8
Mandriva Linux Security Advisory 2009-168
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-168 - The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests. Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects. This update provides fixes for these vulnerabilities.

tags | advisory, remote, web, denial of service, vulnerability
systems | linux, mandriva
advisories | CVE-2009-1890, CVE-2009-1891
MD5 | 6d6499c14215613631080568c9f03680
Mandriva Linux Security Advisory 2009-167
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-167 - A vulnerability has been found and corrected in PHP.

tags | advisory, php
systems | linux, mandriva
MD5 | f935689d0c6e0d2d36d64638a63da657
Mandriva Linux Security Advisory 2009-166
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-166 - Security vulnerabilities have been identified and fixed in University of Washington IMAP Toolkit.

tags | advisory, vulnerability, imap
systems | linux, mandriva
advisories | CVE-2008-5005, CVE-2008-5006, CVE-2008-5514
MD5 | 7eccadeef85f7bd31b92100d9f5da743
Mandriva Linux Security Advisory 2009-165
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-165 - Multiple security vulnerabilities have been identified and fixed in ghostscript.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-3520, CVE-2008-3522
MD5 | b60c27880c8340236c8d494c2c6a4586
Mandriva Linux Security Advisory 2009-164
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-164 - Multiple security vulnerabilities have been identified and fixed in jasper. The updated packages have been patched to prevent this.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-2721, CVE-2008-3520, CVE-2008-3521, CVE-2008-3522
MD5 | de06f1106951ea69ba23b93cd52852b3
HP Security Bulletin HPSBMA02438 SSRT090092
Posted Jul 28, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential vulnerability has been identified with certain HP ProLiant DL/ML 100 Series G5/G6 Servers with ProLiant Onboard Administrator Powered by LO100i. The vulnerability could be exploited remotely to create a Denial of Service (DoS). The HP ProLiant Onboard Administrator Powered by LO100i was formerly known as HP Lights Out 100.

tags | advisory, denial of service
advisories | CVE-2009-1426
MD5 | a95cfb22321ab8d6b9e771c87429dcb8
Linux eCryptfs parse_tag_3_packet Encrypted Key Overflow
Posted Jul 28, 2009
Authored by Ramon de C Valle | Site risesecurity.org

There exists a vulnerability within a function of Linux eCryptfs (Enterprise Cryptographic Filesystem), which when properly exploited can lead to compromise of the vulnerable system. This vulnerability was confirmed in the Linux kernel version 2.6.30.3. Linux kernel versions 2.6.19 and later have eCryptfs support and may be also affected.

tags | advisory, kernel
systems | linux
MD5 | 4264bc14bc62583865240a418b894751
Linux eCryptfs parse_tag_11_packet Literal Data Overflow
Posted Jul 28, 2009
Authored by Ramon de C Valle | Site risesecurity.org

There exists a vulnerability within a function of Linux eCryptfs (Enterprise Cryptographic Filesystem), which when properly exploited can lead to compromise of the vulnerable system. This vulnerability was confirmed in the Linux kernel version 2.6.30.3. Linux kernel versions 2.6.19 and later have eCryptfs support and may be also affected.

tags | advisory, kernel
systems | linux
MD5 | 64aafba24cc62576d7aa592e5f3f57b8
WINMOD 1.4 Stack Overflow
Posted Jul 28, 2009
Authored by corelanc0d3r

WINMOD version 1.4 local stack overflow exploit that creates a malicious .lst file. Written for XP SP3.

tags | exploit, overflow, local
MD5 | c54f1d08e5076897ea820f0942492c2d
Millenium MP3 Studio 1.0 Stack Overflow
Posted Jul 28, 2009
Authored by corelanc0d3r

Millenium MP3 Studio version 1.0 local stack overflow exploit that creates a malicious .mpf file.

tags | exploit, overflow, local
MD5 | cc9b7648f0a3b5d1fb13c8d20e687900
Ultrize TimeSheet 1.2.2 Remote File Inclusion
Posted Jul 28, 2009
Authored by NoGe

Ultrize TimeSheet version 1.2.2 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 3ac4d8b73d05d5968f04f1af58a3e6d8
TinyBrowser 1.41.6 XSS / XSRF / Creation
Posted Jul 28, 2009
Authored by Aung Khant | Site yehg.net

TinyBrowser version 1.41.6 suffers from cross site scripting, cross site request forgery, arbitrary directory creation, and arbitrary file hosting vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, csrf
MD5 | 8c9757532b038b50fe953d294d1d2c85
Core Security Technologies Advisory 2009.0707
Posted Jul 28, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - A remote denial of service vulnerability has been found in Firebird SQL, which can be exploited by a remote attacker to force the server to close the socket where it is listening for incoming connections and to enter an infinite loop, by sending an unexpected 'op_connect_request' message with invalid data to the server. Proof of concept code included.

tags | exploit, remote, denial of service, proof of concept
advisories | CVE-2009-2620
MD5 | a3a1b73706a9f3a5051b67b289be9ea2
Cisco Security Advisory 20090728-activex
Posted Jul 28, 2009
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Certain Cisco products that use Microsoft Active Template Libraries (ATL) and headers may be vulnerable to remote code execution. In some instances, the vulnerability may be exploited against Microsoft Internet Explorer to perform kill bit bypass. In order to exploit this vulnerability, an attacker must convince a user to visit a malicious web site. Cisco will release free software updates for products that are affected by this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, remote, web, code execution
systems | cisco
MD5 | a68fb5ecbbb4f3801a241a33b4c0e7a7
PaoLiber 1.1 Authentication Bypass
Posted Jul 28, 2009
Authored by SirGod | Site insecurity.ro

PaoLiber version 1.1 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 2c10783aa41b7354243b744637262bf2
PaoBacheca Guestbook 2.1 Authentication Bypass
Posted Jul 28, 2009
Authored by SirGod | Site insecurity.ro

PaoBacheca Guestbook version 2.1 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 6e546e884c86e4f7283e6aac417b4467
PaoLink 1.0 Authentication Bypass
Posted Jul 28, 2009
Authored by SirGod | Site insecurity.ro

PaoLink version 1.0 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 284eb413a1260e5ff0afe6eac40dffe9
Page 1 of 5
Back12345Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    10 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close