exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files Date: 2009-10-02

FreeBSD Security Advisory - Devfs / VFS
Posted Oct 2, 2009
Site security.freebsd.org

FreeBSD Security Advisory - Due to the interaction between devfs and VFS, a race condition exists where the kernel might dereference a NULL pointer.

tags | advisory, kernel
systems | freebsd
SHA-256 | 4b21def402ce048506cd636e20e57f215a29c797ecd2817b7359d5b1e52ab3ef
FreeBSD Security Advisory - kqueue pipe
Posted Oct 2, 2009
Site security.freebsd.org

FreeBSD Security Advisory - When named(8) receives a specially crafted dynamic update message an internal assertion check is triggered which causes named(8) to exit. To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set (RRset) for this fully qualified domain name (FQDN) must exist on the server.

tags | advisory
systems | freebsd
SHA-256 | 6794c843e62bd2ba63abb24337495791f839e4e7e47cd54d93099e0868941ba7
Mandriva Linux Security Advisory 2009-255
Posted Oct 2, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-255 - Heap-based buffer overflow in the DBD::Pg module for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. This update provides a fix for this vulnerability.

tags | advisory, overflow, arbitrary, perl
systems | linux, mandriva
advisories | CVE-2009-0663
SHA-256 | f3f9e8ee12049b47c2e5e12b2f4b377f180710935b4271a52f7fbdd3d5117d7c
Debian Linux Security Advisory 1900-1
Posted Oct 2, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1900-1 - Several vulnerabilities have been discovered in PostgreSQL, an SQL database system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-3229, CVE-2009-3230, CVE-2009-3231
SHA-256 | 7cf95a5b4b5379495365a7d9c2e99fb8b82f1358d4735f28b563993b1b2f99fd
Debian Linux Security Advisory 1899-1
Posted Oct 2, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1899-1 - Several remote vulnerabilities have been discovered in strongswan, an implementation of the IPSEC and IKE protocols.

tags | advisory, remote, vulnerability, protocol
systems | linux, debian
advisories | CVE-2009-1957, CVE-2009-1958, CVE-2009-2185, CVE-2009-2661
SHA-256 | 5a16cf35f56ccf5c3f540c745131cfd5b654a1639247c08323a854f9603d3373
Debian Linux Security Advisory 1898-1
Posted Oct 2, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1898-1 - It was discovered that the pluto daemon in the openswan, an implementation of IPSEC and IKE, could crash when processing a crafted X.509 certificate.

tags | advisory
systems | linux, debian
advisories | CVE-2009-2185
SHA-256 | dcfced34b0416aa67a4b67e9662316ba344fcbd2048ab0da9180035dc94c6f8e
XM Easy Personal FTP Server 5.8 Denial Of Service
Posted Oct 2, 2009
Authored by PLATEN

XM Easy Personal FTP server version 5.8 remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 67c0b6e81b5e9af5bf0eb198ee9807507eac1955336c4e62a9d5cbb1757dc416
libc:fts_*() Denial Of Service
Posted Oct 2, 2009
Authored by Maksymilian Arciemowicz | Site securityreason.com

libc:fts_*() suffers from multiple denial of service vulnerabilities. This affects multiple vendors.

tags | exploit, denial of service, vulnerability
SHA-256 | 60fdb0c5abb5e3ce9c4855e6377fd45eb308fb523b2c8e1b8e6eaf4ed9349437
VMware Security Advisory 2009-0013
Posted Oct 2, 2009
Authored by VMware | Site vmware.com

VMware Security Advisory - VMware Fusion 2.0.6 addresses a denial of service and code execution vulnerability.

tags | advisory, denial of service, code execution
advisories | CVE-2009-3281, CVE-2009-3282
SHA-256 | e42d079c45012fa881f28c5390bdad571e98c1894d430ba2e284b282a444a287
VMware Fusion 2.0.5 vmx86 kext Local Root
Posted Oct 2, 2009
Authored by mu-b | Site digit-labs.org

VMware Fusion versions 2.0.5 and below vmx86 kext local kernel root exploit.

tags | exploit, kernel, local, root
advisories | CVE-2009-3281
SHA-256 | e7f5e9e8c798c64fb10b90de146aed0b833f16823573eae15d700951ec501d04
VMware Fusion 2.0.5 vmx86 kext Denial Of Service
Posted Oct 2, 2009
Authored by mu-b | Site digit-labs.org

VMware Fusion versions 2.0.5 and below vmx86 kext local denial of service proof of concept exploit.

tags | exploit, denial of service, local, proof of concept
advisories | CVE-2009-3282
SHA-256 | 2f0f75217ef642a0341c092f97d1dd8e4a5dc186f4d5553eb2c9cd2a09f8f5a7
Secunia Security Advisory 36910
Posted Oct 2, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for elinks. This fixes a weakness and a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges, and by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.

tags | advisory, denial of service, local
systems | linux, redhat
SHA-256 | 873a516a66e9940d788e385f2c132788d1e653faeec43c15961a38446db10bd4
Secunia Security Advisory 36917
Posted Oct 2, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | 19eb471a5ce82e70f1b44b3ad627abdb22570880368b2d97358edf2648322b15
Secunia Security Advisory 36942
Posted Oct 2, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in SugarCRM, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 35f6b17494d505a592933690fa59f64f1f6be74f7bf8cd56b550cfc97b1535f4
Secunia Security Advisory 36919
Posted Oct 2, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - trotzkista has discovered a vulnerability in the AOL SuperBuddy ActiveX control, which can be exploited by malicious people to compromise a user's system.

tags | advisory, activex
SHA-256 | 5228feb829d22d73bc5075589d41b31a405c9636899540b32e1d25bfb230b0dc
Secunia Security Advisory 36873
Posted Oct 2, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Serv-U, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 973e6b53cd1219c72446aad8c14f38c401a878a87509219d3119025e0dacb855
Secunia Security Advisory 36931
Posted Oct 2, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Francis Provencher has discovered a vulnerability in Cerberus FTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | b16c2141a0c4bbec38d48134308c4a897160a1752948874584e4b99e1fc17b78
Hyenae Packet Generator 0.35-1
Posted Oct 2, 2009
Authored by Robin Richter | Site sourceforge.net

Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.

Changes: Bugs and build warnings were fixed and the documentation was updated. Cisco HSRP-Hello, HSRP-Coup, and HSRP-Resign support was added. The attack blocking handler, attack parameter structure, and default value assignment were refactored. Opcode (code) arguments were made optional. A DNS patch was applied and DNS query URL format validation was removed. Cisco HSRP active router hijacking was added to the attack assistant. The daemon now binds to every capable network interface by default.
tags | tool, remote, scanner, vulnerability
systems | unix
SHA-256 | 36250f88b0f0698ce2d7b3675799c4f33449f1a9b5fd3d21cb6ba7a07a716149
Packet Storm New Exploits For September, 2009
Posted Oct 2, 2009
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 313 exploits added to Packet Storm in September, 2009.

tags | exploit
SHA-256 | d46cb5916f9a629366d398eba398dea47d410840fdb5a1676ec174e7090055e7
MAPDAV - More Accurate Password Dictionary Attack Vector 1.0p5
Posted Oct 2, 2009
Authored by Marshall Whittaker | Site mapdav.sourceforge.net

MAPDAV, or the More Accurate Password Dictionary Attack Vector, is designed to use what is known about a user or users (ex, username, first name, middle name, last name, etc) on a unix/linux system from a /etc/passwd file and tries to come up with probable combinations that could be the user's password. An administrator could run the output through a cracker and see if their user's passwords are anything easy to guess.

Changes: Now has THC-Hydra colon separated value support.
tags | cracker
systems | linux, unix
SHA-256 | a85f23646d4ee39319a904f5d91fc16bc707b6e3e334c7029bd440f3a9c4ca69
AOL 9.1 SuperBuddy SetSuperBuddy() Code Execution
Posted Oct 2, 2009
Authored by Nine:Situations:Group::Trotzkista | Site retrogod.altervista.org

AOL version 9.1 SuperBuddy Active-X control SetSuperBuddy() remote code execution exploit.

tags | exploit, remote, code execution, activex
SHA-256 | 3592f47118efc0a17c4a423fe28643dd4341b4e3aa4bccaae4c5bbd159a299fb
Google Apps googleapps.url.mailto:// URI Handler Command Execution
Posted Oct 2, 2009
Authored by Nine:Situations:Group::pyrokinesis | Site retrogod.altervista.org

Google Apps googleapps.url.mailto:// URI handler cross-browser remote command execution exploit.

tags | exploit, remote
SHA-256 | 0c678e6cf7fc660120636d96067744edfdfd49cbd4c321b556f33790b0924c47
Ubuntu Security Notice 840-1
Posted Oct 2, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 840-1 - Dyon Balding discovered flaws in the way OpenOffice.org handled tables. If a user were tricked into opening a specially crafted Word document, a remote attacker might be able to execute arbitrary code with user privileges. A memory overflow flaw was discovered in OpenOffice.org's handling of EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges.

tags | advisory, remote, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0200, CVE-2009-0201, CVE-2009-2139
SHA-256 | 8293f41fe661ea4e468fef9ffc48fc7fddd5debb4623133345eba02eed0cbd99
Ubuntu Security Notice 839-1
Posted Oct 2, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 839-1 - J. David Hester discovered that Samba incorrectly handled users that lack home directories when the automated [homes] share is enabled. An authenticated user could connect to that share name and gain access to the whole filesystem. Tim Prouty discovered that the smbd daemon in Samba incorrectly handled certain unexpected network replies. A remote attacker could send malicious replies to the server and cause smbd to use all available CPU, leading to a denial of service. Ronald Volgers discovered that the mount.cifs utility, when installed as a setuid program, would not verify user permissions before opening a credentials file. A local user could exploit this to use or read the contents of unauthorized credential files. Reinhard discovered that the smbclient utility contained format string vulnerabilities in its file name handling. Because of security features in Ubuntu, exploitation of this vulnerability is limited. If a user or automated system were tricked into processing a specially crafted file name, smbclient could be made to crash, possibly leading to a denial of service. This only affected Ubuntu 8.10. Jeremy Allison discovered that the smbd daemon in Samba incorrectly handled permissions to modify access control lists when dos filemode is enabled. A remote attacker could exploit this to modify access control lists. This only affected Ubuntu 8.10 and Ubuntu 9.04.

tags | advisory, remote, denial of service, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-1886, CVE-2009-1888, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948
SHA-256 | 4f0c9ac114c1548958e5f616590708327ff29bbee5a4e6d2370a6e40f4bbd33e
Rooted CON 2010 Call For Papers
Posted Oct 2, 2009
Site rootedcon.es

Rooted CON 2010 Call For Papers. Rooted will be held in Madrid, Spain in March, 2010.

tags | paper, root, conference
SHA-256 | 4c641bff2daacc3d712fb9f265bdc1f3a15264a59686925df787707cedb8adc7
Page 1 of 2
Back12Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close