exploit the possibilities
Showing 1 - 25 of 25 RSS Feed

Files Date: 2009-08-23

CMS Aspect Web Design SQL Injection
Posted Aug 23, 2009
Authored by R3VAN_BASTARD | Site sux0r.net

CMS Aspect Web Design suffers from a remote SQL injection vulnerability in product_details.php.

tags | exploit, remote, web, php, sql injection
SHA-256 | 464d9d52f524f408573339caba9f680ce9f20e8b80ed6c603312852b880b03b6
ProShow Gold 4 Buffer Overflow
Posted Aug 23, 2009
Authored by corelanc0d3r

Photodex ProShow Gold version 4 universal buffer overflow exploit for XP SP3.

tags | exploit, overflow
SHA-256 | f90365be4611b3e2e19f4ebdef4091feeae51aa2855bb28233e11dff3df11805
FreeBSD 6.1 kqueue() NULL Pointer Dereference
Posted Aug 23, 2009
Authored by Przemyslaw Frasunek

FreeBSD versions 6.1 and below kqueue() NULL pointer dereference race condition local root exploit.

tags | exploit, local, root
systems | freebsd
SHA-256 | 1954132bfa966f8b2f00fbd93282630ff392c376db14de7c34bfa84008a1c31b
BSD setusercontext Vulnerabilities
Posted Aug 23, 2009
Authored by Kingcope

Various BSD derived operating systems suffer from various vulnerabilities due to the setusercontext() function.

tags | exploit, vulnerability
systems | bsd
SHA-256 | 2c3e7e83b2f80025efe09e3bbad5c78624d782ab98b8cb97ba294434a3188293
VMware Security Advisory 2009-0010
Posted Aug 23, 2009
Authored by VMware | Site vmware.com

VMware Security Advisory - Several flaws were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application. The new version of ACE updates the Apache HTTP Server on Windows hosts to version 2.0.63 which addresses multiple security issues that existed in the previous versions of this server.

tags | advisory, web, arbitrary
systems | windows
advisories | CVE-2009-0040, CVE-2007-3847, CVE-2007-1863, CVE-2006-5752, CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005
SHA-256 | fa25255a1fe8dc51e8b60d69060b437dd5c2bb2ea3ba80fcabeb503621483800
Adobe Flex 3.3 Cross Site Scripting
Posted Aug 23, 2009
Authored by Adam Bixby | Site gdssecurity.com

Adobe Flex versions 3.3 SDK suffers from a DOM-based cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 19e76a5fdee8f5a3cec432ecfb64d9d3567085717670c7c1135650fe4d2e853b
Ubuntu Security Notice 802-2
Posted Aug 23, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-802-2 - USN-802-1 fixed vulnerabilities in Apache. The upstream fix for CVE-2009-1891 introduced a regression that would cause Apache children to occasionally segfault when mod_deflate is used. This update fixes the problem. It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. It was discovered that mod_deflate did not abort compressing large files when the connection was closed. A remote attacker could exploit this and cause a denial of service via CPU resource consumption.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-1891
SHA-256 | 82e1048c58f6bb0269a91f5ef596b82cd31b537d10588dce4ebd63d94ab1528e
DUgallery 3.0 Authentication Bypass
Posted Aug 23, 2009
Authored by Spymeta

DUgallery version 3.0 suffers from a direct access administrative bypass vulnerability.

tags | exploit, bypass
SHA-256 | f229be20cbb39ab7cf30175f8cca2387d6355236e7ce81c4b0eaff50fd2829a3
Debian Linux Security Advisory 1869-1
Posted Aug 23, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1869-1 - It was discovered that curl, a client and library to get files from servers using HTTP, HTTPS or FTP, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field.

tags | advisory, web
systems | linux, debian
advisories | CVE-2009-2417
SHA-256 | c45c48146168e478adfa63db5c46235df689797cd68f3563a28b197ba2668b26
Openwall Linux Kernel Patch
Posted Aug 23, 2009
Authored by Solar Designer | Site openwall.com

The Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.

Changes: Besides being an update to the 2.4.37.5 kernel release, this revision of the patch adds a fix for the sigaltstack local information leak affecting 64-bit kernel builds.)
tags | overflow, kernel
systems | linux
advisories | CVE-2009-2847
SHA-256 | b7b6877b1d7e4631f1bd26baae92087f511563b1a0c96034f9ac6c168a3ad3dd
Subdreamer SQL Injection
Posted Aug 23, 2009
Authored by Tero Kilkanen

Subdreamer version 2.5.3.2 hotfix#5 suffers from SQL injection vulnerabilities due to the embedding of vulnerable Invision Power Board 2 and phpBB3 modules.

tags | advisory, vulnerability, sql injection
SHA-256 | 7b4bec39033aaebc234421eca70130735ece872362a0900ffd11de68eabd92f9
Mandriva Linux Security Advisory 2009-208
Posted Aug 23, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-208 - libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read. This update provides a solution to this vulnerability.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2008-4776
SHA-256 | 83a5ca9356239d87e4ee7b67aae57b4f6ad8215675c0a25f01e285653678684e
Cuteflow 2.10.3 Security Bypass
Posted Aug 23, 2009
Authored by Hever Costa Rocha

Cuteflow version 2.10.3 suffers from a remote security bypass vulnerability in edituser.php.

tags | exploit, remote, php, bypass
SHA-256 | 213ac3be579adf6f91dc31e93fe9376ce5dcec4b96c1143c20529091e85969b6
Firefox / Explorer / Chrome Denial Of Service
Posted Aug 23, 2009
Authored by MustLive

A priorly discovered denial of service vulnerability discovered in Mozilla Firefox also appears to affect Microsoft Internet Explorer and Google Chrome.

tags | advisory, denial of service
SHA-256 | 7277b13091eb3553c7da2530db4737b3d0b5253256270e22c23d401ccea3d267
Kaspersky AV/IS 2010 Denial Of Service
Posted Aug 23, 2009
Authored by Maksymilian Arciemowicz | Site securityreason.com

Kaspersky AV/IS 2010 suffers from a denial of service vulnerability in avp.exe.

tags | exploit, denial of service
SHA-256 | 9d63e4708659427d237e63fca4e3def2b651fefaefc21800b2fd8d9caf8dcb21
CA HIPS kmxids.sys Remote Kernel Vulnerability
Posted Aug 23, 2009
Site ivizsecurity.com

CA HIPS is a Host Based Intrusion Prevention System in which managed agents are deployed on individual hosts to be protected by the HIPS and controlled by the centralized console. It is possible to trigger faults in the kernel driver (kmxids.sys) used by the protection agent by sending certain malformed IP packets.

tags | advisory, kernel
advisories | CVE-2009-2740
SHA-256 | 23841421c5001f9dc9ee18df624a55e0b47662b59340b4152f572bc4ada45613
Cisco Security Advisory 20090819-fwsm
Posted Aug 23, 2009
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability exists in the Cisco Firewall Services Module (FWSM) for the Catalyst 6500 Series Switches and Cisco 7600 Series Routers. The vulnerability may cause the FWSM to stop forwarding traffic and may be triggered while processing multiple, crafted ICMP messages.

tags | advisory
systems | cisco
advisories | CVE-2009-0638
SHA-256 | 713281e09eed7d4b3cb6bce52be62e03b55db7f8b28a6b682d83aee938aef8b6
Facebook Cross Site Request Forgery
Posted Aug 23, 2009
Authored by Ronen Zilberman | Site quaji.com

Facebook suffered from a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | 7f02ac72318135f6300fd96d932348f416039da38ac4c866eded589974d11a20
Geeklog 1.6.0sr1 File Upload
Posted Aug 23, 2009
Authored by JaL0h

Geeklog version 1.6.0sr1 suffers from an arbitrary remote file upload vulnerability.

tags | exploit, remote, arbitrary, file upload
SHA-256 | be09299269e9a6813b6077f704fb7219ab0d41bc960a28310262b58be41b7be2
OWASP ESAPI XSS Bypass
Posted Aug 23, 2009
Authored by Inferno from Secure Thoughts

A bypass vulnerability exists against the cross site scripting protection in the OWASP ESAPI.

tags | exploit, xss, bypass
SHA-256 | cb7596702d627eb416c2300a8cad6361171854a2fa24054ae30b467069eb6cbb
iDEFENSE Security Advisory 2009-08-11.2
Posted Aug 23, 2009
Authored by iDefense Labs, Ryan Smith | Site idefense.com

iDefense Security Advisory 08.11.09 - Remote exploitation of a type confusion vulnerability in Microsoft Corp.'s ATL/MFC ActiveX code as included in various vendors' ActiveX controls, could allow an attacker to execute arbitrary code within Internet Explorer (IE). iDefense has confirmed the existence of this vulnerability inside Microsoft' ATL and MFC. This vulnerability appears to be limited to MFC version 3.0. Any source code compiled with these libraries may also be vulnerable.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2009-2494
SHA-256 | edf512cb6aeb0c9390b72abd37b17a7b330c0d5d4e8ffa3daeb55ff3ca91c23d
ProShow Gold Code Execution
Posted Aug 23, 2009
Authored by SVRT | Site security.bkis.vn

ProShow Gold suffers from buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
SHA-256 | 381b7ca0a44ec4a671e376d4889f03cd447c48907b253b99e786aa461d1a5789
iDEFENSE Security Advisory 2009-07-28.3
Posted Aug 23, 2009
Authored by iDefense Labs, Ryan Smith | Site idefense.com

iDefense Security Advisory 07.28.09 - Remote exploitation of an information disclosure vulnerability in Microsoft's ATL/MFC ActiveX template, as included in various vendor's ActiveX controls, allows attackers to read memory contents within Internet Explorer. iDefense has confirmed the existence of this vulnerability inside Microsoft's ATL version 9.0. Any source code compiled with these libraries may also be vulnerable. Previous versions may also be affected.

tags | advisory, remote, activex, info disclosure
advisories | CVE-2009-2495
SHA-256 | c267c222d9c34b1a2d7d1db54912e2fbbb444fafe882d61044c1ce0bd64bd46f
iDEFENSE Security Advisory 2009-07-28.2
Posted Aug 23, 2009
Authored by iDefense Labs, Ryan Smith | Site idefense.com

iDefense Security Advisory 07.28.09 - Remote exploitation of a logic flaw vulnerability in Microsoft Corp.'s ATL/MFC ActiveX code, as included in various vendors' ActiveX controls, could allow attackers to bypass ActiveX security mechanisms. iDefense has confirmed the existence of this vulnerability inside Microsoft's ATL and MFC. Although later versions of the ATL/MFC are less vulnerable, certain conditions can trigger the same exploit pattern.

tags | advisory, remote, activex
advisories | CVE-2009-2493
SHA-256 | d87248b69d8604013d1f30ba472eab8230eac08a11208461df8766f80fcdfc2e
iDEFENSE Security Advisory 2009-08-11.1
Posted Aug 23, 2009
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 08.11.09 - Remote exploitation of a stack based buffer overflow vulnerability in Microsoft Corp.'s Office Web Components 2000 could allow an attacker to execute arbitrary code with the privileges of the logged on user. When instantiating a Spreadsheet object, it is possible to pass the object a parameter that refers to an Excel file that will be retrieved and then loaded. By using a long string for the parameter, it is possible to case a stack based buffer overflow. iDefense has confirmed the existence of this vulnerability in Microsoft Office XP Service Pack 3.

tags | advisory, remote, web, overflow, arbitrary
advisories | CVE-2009-1534
SHA-256 | 7e86dfe50c26093d7d93ca00213f5b882ccab246101ee1b9ba9aba393a3b05fa
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close